From patchwork Wed Oct 30 07:47:16 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yuezhang.Mo@sony.com" X-Patchwork-Id: 13856091 Received: from mx08-001d1705.pphosted.com (mx08-001d1705.pphosted.com [185.183.30.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 793B51B86E9 for ; Wed, 30 Oct 2024 07:47:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=185.183.30.70 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730274451; cv=fail; b=gV5e/nM5zdtg8gew3ydNpCVGX79rkyJBT7FzlqpfNa1Kmx9BJU9RBABZOjk3xXn6GKIZTvMgmLwxEzS4JvMc9yYKLdZm2zSPcVUCaE5JKxYOK0YswcDGmyEN5uEOuDWgD1YoTbsnDBdlb4W64lzNesrmleLdy9yd7XZBeE+MmRk= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730274451; c=relaxed/simple; bh=nEcjN4PtFE1022k4jxmuK8zxoFM7Xd661+jmu4qJtRg=; h=From:To:CC:Subject:Date:Message-ID:Content-Type:MIME-Version; b=dQomOaNL7pQQOmxq3EO5CteoaKubhGrAr+vjL35GovRuFU03UlRhcrBI+/aAMlWIXRvUvDCRaM+B2Qt3vSCihgBYM0agAZUOkYX4e+ZXG2ZprqapWZf54UutFg+oDDznAQaKDRWsqDlUU7p7s94BT27aYCLZLu/Y3/y5vRiHyvQ= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=sony.com; spf=pass smtp.mailfrom=sony.com; dkim=pass (2048-bit key) header.d=sony.com header.i=@sony.com header.b=YjG+JEJH; arc=fail smtp.client-ip=185.183.30.70 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=sony.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=sony.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=sony.com header.i=@sony.com header.b="YjG+JEJH" Received: from pps.filterd (m0209322.ppops.net [127.0.0.1]) by mx08-001d1705.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 49U6P3QG018401; Wed, 30 Oct 2024 07:47:19 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sony.com; h=cc :content-transfer-encoding:content-type:date:from:message-id :mime-version:subject:to; s=S1; bh=nEcjN4PtFE1022k4jxmuK8zxoFM7X d661+jmu4qJtRg=; b=YjG+JEJHXnWBWhD3G7bNf3dGOPdIxhBelaaIVwGHKDNPj ShMuufGBOuyEvpY/YrwMeSQ7pc6PrBomOfyuCq4OAWDzDy1F9Xn16Pie5OXxV8bI pNgnRtOXfAMr58peauQUk96m2Q/5RDejjOgdxYAsSjUpSuX9sINBoD5RqjgZPc2o seOw0AhBkE9nHiK51hUvd97x8vfPT0OKHixWf5dqE/aJStIiVRb8Bf6wgZsbw0uk BBmxn6/IWwE4fN1Lb5IbNjbVtiA1iVs/LGhTcGiqFFqTGmSrLHcntBS/TQVS/HZ6 zc2OZcu4td9JfqMpGcDsQX/LNvTviduusXJ1Gr0VQ== Received: from apc01-tyz-obe.outbound.protection.outlook.com (mail-tyzapc01lp2044.outbound.protection.outlook.com [104.47.110.44]) by mx08-001d1705.pphosted.com (PPS) with ESMTPS id 42k2yprm69-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 30 Oct 2024 07:47:19 +0000 (GMT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=vVex5R8xY2YXIHoHyuk5nWCwa8Vw+432AHbE+4Xua1aUcnqpFAsuRHnZRgrix6s5gt2tMVEchDXPuFvSu+yeKatwyn7kA6RGiOgYRA0L+9TaKoUELQMuLBVwVuBknHO/Mm44YCzTwdWh4Cr+NOOuFL4eLIPSjZ9F2Cnnt2/k1asTmZ16U7ngh+zldm9nhUSwMgKFwjZ3ZXk7RDpycrJciIAghHEGizQpNe1REYKw0lGcAnisS8lnRQFKpgNWHNJWrZjbDdaOHi4Fu/v+PRjJEJ98xaoHwZUf/NObUzb9Fx6CYNzlfNtzPE9CDqhxDs8Z91M495u5Vsevrwso3LR/NQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=nEcjN4PtFE1022k4jxmuK8zxoFM7Xd661+jmu4qJtRg=; b=rUFvP8FCRGh6wn9ADNBtmDUy/cg4p5Zlgpqctl+nL+tSAI5MkhTLBW/EnDeK8JR/kQo7SFWWv+Gvpgf+nbvmCaHrBQ3khvGENZ3/H+A2mHjwXpA9Qy0Ka5Tc+Jsxak+5bda+ppa0/Uda4mDnapViiSSeaOkh9h5rn2bRmEfnRz5T9zLViqfVKPdkILGLgwiVJiLflLYA9JkcjVrdk9BwMHjFoNJAntx58W/Hm8QQPbADDLh2EMDZ8K0v5y2fsSrIJn3/frhSHFpcRrygSKbzO1tdDtWIW1ClqJnJ4jXs4f3bCfBWbaw4Pe59Cxp2jfGex9nrb2W0LOKFiihLc4TBqg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=sony.com; dmarc=pass action=none header.from=sony.com; dkim=pass header.d=sony.com; arc=none Received: from PUZPR04MB6316.apcprd04.prod.outlook.com (2603:1096:301:fc::7) by KL1PR04MB7707.apcprd04.prod.outlook.com (2603:1096:820:118::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8093.25; Wed, 30 Oct 2024 07:47:16 +0000 Received: from PUZPR04MB6316.apcprd04.prod.outlook.com ([fe80::409e:64d3:cee0:7b06]) by PUZPR04MB6316.apcprd04.prod.outlook.com ([fe80::409e:64d3:cee0:7b06%4]) with mapi id 15.20.8093.024; Wed, 30 Oct 2024 07:47:16 +0000 From: "Yuezhang.Mo@sony.com" To: "linkinjeon@kernel.org" , "sj1557.seo@samsung.com" CC: "linux-fsdevel@vger.kernel.org" Subject: [PATCH v1 2/2] exfat: fix uninit-value in __exfat_get_dentry_set Thread-Topic: [PATCH v1 2/2] exfat: fix uninit-value in __exfat_get_dentry_set Thread-Index: AdsnXGajBcSuozFiT2qdfBwuR/bzEgDQsVMw Date: Wed, 30 Oct 2024 07:47:16 +0000 Message-ID: Accept-Language: en-US, zh-CN Content-Language: zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: PUZPR04MB6316:EE_|KL1PR04MB7707:EE_ x-ms-office365-filtering-correlation-id: bffd7121-3619-49f4-49cb-08dcf8b71302 x-proofpoint-id: d8690225-876f-412f-87c6-a7cb45557a4c x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|366016|376014|1800799024|38070700018; x-microsoft-antispam-message-info: =?utf-8?q?USudRFB83zAAiuNXVb14xi9BRZ80jIi?= =?utf-8?q?mdctXhlZwelgqp0HWvPbJ6b0SrTvOTP2YjsbWq94aw2k2UgutmfogpF7M5IK4YTwv?= =?utf-8?q?gbNFAEnhNUz86zHUwJqr2HJyQ8p9/3/8jMQ6EQc2RZLZTj12ndm+qG3R6j8D7BWzx?= =?utf-8?q?KUXuH8O3xEZdWFb+8FSidGPcgOH+9J6QrGe2CDWshk9NUp1qLYgvkxdDiZCeQx8Xb?= =?utf-8?q?iZU7dwGiQcXYewh2GQIsJhk+w9L13WNzuT8szJu+VesjS6mI93M5s29TU5ZYEHTKI?= =?utf-8?q?sV21qBPIuE4OiSwD4Jh0rK28qK68v62IOzEOK+oUePTr3esBGpqx8aLc5XWA2G5tc?= =?utf-8?q?I385PYKuV7mJl9BbPbafe6WAbeQvmU4Jgh9jTPW0AgBVcBDuUat6ltUK1M4P4LzUn?= =?utf-8?q?C9grAIiooAn4FtQZgdTgvqt3ehhsEdE39HUWMhrWUIy7cyk5wUJAxnjz8FWlRtBL2?= =?utf-8?q?ECtNtDTs3soc0Q3im7Wh4YeGxSWWy2XkG4XbE/u+F/8xrAz31aInvzOxibvztfHzP?= =?utf-8?q?GSE9ezzFNWI05h1Rw56W0xt+zfHuuNoqqMuWi53K9qyoQNY7BtoRsPGRfmeKbebca?= =?utf-8?q?P4htwdOfzvgz0gFGrvQ8KIqoQmauxxgw7qOpzIitEucXGvea+S9p3cKWmV8GnC4qk?= =?utf-8?q?fqhq0XbWU0s47WTK9oYVtHUHXh8paQvOBheNYNTqDDVhv1lkgYVaxuqeqtVS8fzNW?= =?utf-8?q?BmqkzuDtBX7dIC8B0z24ii4eDSSG380fNirymEAn7/zpD0PChAjE/6v+fsC7D8sLC?= =?utf-8?q?hcB+IPEXf6H/1eOB6AYfDwIrnhOLoVOd3PUtpSa7YzfLljSp4rgzLoaJ3f+Do7RCJ?= =?utf-8?q?qISIQ0GJlYEnn7gvtXSZ6OZAhr0fyQ1lwbPVO1BDXBzFU+fDTfxi/1gcDhQl/U65T?= =?utf-8?q?ZH5jb/eAUHYp8objRgieknxEVmc2AJZlx+JgJECEJMP1I0iBgHPgsU2NYVdzBGQSF?= =?utf-8?q?mCSxhflDQ27JNF3y/68Xvoem9OREOo3BnSjVmCDnuOscfwR3IWIb2dF5E/sry8G+h?= =?utf-8?q?UGROfLDubZ8V0oAmoQebKKrrSolkn9PO2IDKNLTc7tj1YtWbPu45Tt4pwFyp92HOY?= =?utf-8?q?alXSM01KwNiLJd7hxvmZDQ/Y0CWoTnMMuixO4HnYnGU2AuN9Olb6sFWn3eK/9atGx?= =?utf-8?q?MdB4CZM4ASLzpydoLfkyRR1V6lzYJ4Y9M6WfwhjPs1pbYOvJ+c+8PlPIeXA09EZ1+?= =?utf-8?q?XNUgq0vSinG/acms8gNk7KrX/k65bfZG6Vzit1RxpnMcAGlJ31WiZdaUnWdKCeBNw?= =?utf-8?q?Xwnw0PDRL0/49GLIVzo2RwoYVyBXfSFdaIT4c6j4WT0tOOwhwFTBwh+Q=3D?= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:zh-cn;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PUZPR04MB6316.apcprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024)(38070700018);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?utf-8?q?4Foqlb0gLmvQxV555LuuMMI2UdNN?= =?utf-8?q?DUCjH5/qsy/+zhEvc7Q+oNEKQgeMimzczfnMBLNUl/n35pmuy4su08BcXk2EpQllB?= =?utf-8?q?itLVvVJ8fisI1duaKyzvoc1eyLIjOShHyK1rXTYC3GSfpo+4UxtbPTOEEdGpT+DqM?= =?utf-8?q?+kDJlVmXGwKyHlR94SUfRutwhVQ5iK92kQeUcULvpRXg95+1649Gf0DCaWklRIARb?= =?utf-8?q?iuC9ZCi55BIyqPZaX33AEh5bhcSlOK7e8eMzb1DhPdUMHVW0b3WJI65POyatkdXz2?= =?utf-8?q?vQy3wFj4kSSsrnkrowiyWOlANVpGkMLWUVjOpb+Za89iH22YAfuN9bWJUgVyIv8Pb?= =?utf-8?q?+iS9zlbE4rV6tRcojrG8saVzvqKUZnmfoblzEWSogE1TtJQPr4Q19ssUPHUJgB2Hb?= =?utf-8?q?4qksjyKmIXVf7mZotc/fyEf2O/3JoBi5VdTI3rp9yCQ2MglEv826b5LZyfyYvKClI?= =?utf-8?q?0Y8CT2+kGcXKRdXVHgQOnMsDy+9btUZjrLZdsM6CWNRk2Pn3ER+p7kw5iYbe4IMWx?= =?utf-8?q?CXeVgF5AKP3jhkMArwV90oYil/o8xSnqzM3cMiXm85wNYFgcy9V4HoEKweimAjxH8?= =?utf-8?q?T8pTNyo54oWDks6dK29JWnjDRjngPnW9qDkFDYNRv1c7g7moEqyjBhUxHtvrnuWRu?= =?utf-8?q?RQ0g87ko1P9cgX6GYZFg5ej6OBpoWv76zGoyWQat6xgH/S0swccl2aQlmpqnwbzpW?= =?utf-8?q?FV4WPHxAi4J5LMlFBtl6r9e8V+n6N8SmawTig+AkzNDaiEFXSa9RLC5whWO70paOQ?= =?utf-8?q?SjONyzIJXmgv/8HAbUugiGmu4o9hvUxZea9g1dAcPnNRVKPrecSA3smXL7wmYI5T8?= =?utf-8?q?8j6m88cB5MGIg21OauFL7BTDwfVqtfDD6kIUiIsVzUVXRHZjxG4oLiXHc+gS0jEH2?= =?utf-8?q?nxF91IrkwIOcmjmqgTcMjfqXd3uufaPlVovv5nZqtnBHJ/auo+TlIzfhEglh4APQh?= =?utf-8?q?dLS+MlP+QqxaM0dphAVrfCwDnFhKICp5rEz4vL0BCSNvxnvhdCJoy1jz+FZNB6fH6?= =?utf-8?q?fqw2F6ymjTYMMtUPjeM7ii3WF7d4j7/2oQ9QmuuaxOp8rdcFN/emJGvCjzHaAxIhp?= =?utf-8?q?XxoqAP5tqhq3Us+Xe9Is/zJi+U3iU31dDqTikYb0dEEPK2Pc458ncqrbqpzAg+UwP?= =?utf-8?q?Yoeuw1rRQpMDytNHBBEFcoGk6nsIyrVKXo/mPX08Aw8q1+NduhvkFgxmmo7CbphwF?= =?utf-8?q?jAbBYxmgWGUxawANWg6HiyEhzfW4zUlSC2SZ+QI+SbaplAl+CBMRbviaceYz0OR2z?= =?utf-8?q?bRMatxGkEgrAFf1GRv4iN5phrsJ/D+rZhJ5qlXN4mg6ONQ/oYqD3b2y9/D5tZS7eP?= =?utf-8?q?WjhKNFuj6nh+nUlIcDQFcmg2IRJEfX50xmIOOgDbNJTgJOBpMZkwwuIOQjpjk8RD7?= =?utf-8?q?h0xQpAniEz5YhX/YxXdJrL9vQwe5YyUe7DpsmPxkZrnZ6EZyzuv2FgYYBPg2npuAd?= =?utf-8?q?1XGesKMqSYypgVJRuf0cNbM9/culk6bQK7kPEFj+xSjPrZ0Ik0pcpxCm6kkTl/oHV?= =?utf-8?q?Ng5XZG79aC11?= Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: VjXDc6K8Xw21IbQaK/5S7p8XC522CRFAUU8SzmyQ1TzHWZkGnUMt+l+8IHoOnUo7hcfQaM8qiCVvwL9gwErh2PkD+gB79xgsdXtLTpCW0IHzZMePx3vVjWlEsTvGo+G+bb+7nJAodHQpGPmy4L160zxc9h/DsOflIy77dod3AQCg0zQvRMx1XEmri9bqV0GmWr6R0ZyXbVt2RTOzkBuN6OBQ3z5s5x4IY+7P2VZyFAc/biBCE333BA+2MB6lZPuGfResPM3pSBqNHHDTpndcf4ilNWa0X4kivLa5CSEzhxy4zPJGJBXZ+WsHBkGb3P9IMr3yQ9279DX+Z75egl0V0VgHrERsubUDWEuOnR+2ZBUfgpfiU3/Hobh/k6iDPXDEVfW/mn0FqcD2rYrjmNJAkuGc2G9Rk03zFQn2//pJuaQsFgxOb2iTs8Q4rttSD2YHdL2OW4RjrjuAZe+o6PC/Tt5urxzS9vO9+r5goJGIrejWfCifMxPK92P+oyo3ZPqhiHyDp55c3/kQ1RW65Hvs1YvVPKgVfGwLUFwFwqW0VPPvLHdUxHw26d4x53ebarAdw5HHlN9NxGamuDh+KoQheLk/KlnVTEfqTIO3U3rm5pGQPXu37FveOeN3BbkSyyqD X-OriginatorOrg: sony.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PUZPR04MB6316.apcprd04.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: bffd7121-3619-49f4-49cb-08dcf8b71302 X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Oct 2024 07:47:16.0853 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 66c65d8a-9158-4521-a2d8-664963db48e4 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: hXa6sCLvrw8kIKrhD/fuCuLX5BWAYz84fBEyYNMb1yjPWBSbk+Ewuw9swVsNc683rgp7LUZq5mX2sT3Irq39VA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: KL1PR04MB7707 X-Proofpoint-ORIG-GUID: 6JaPx5CBxRtib82KJo0jsxoEBf7NxEkB X-Proofpoint-GUID: 6JaPx5CBxRtib82KJo0jsxoEBf7NxEkB X-Sony-Outbound-GUID: 6JaPx5CBxRtib82KJo0jsxoEBf7NxEkB X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.62.30 definitions=2024-10-30_06,2024-10-30_01,2024-09-30_01 There is no check if stream size and start_clu are invalid. If start_clu is EOF cluster and stream size is 4096, It will cause uninit value access. because ei->hint_femp.eidx could be 128(if cluster size is 4K) and wrong hint will allocate next cluster. and this cluster will be same with the cluster that is allocated by exfat_extend_valid_size(). The previous patch will check invalid start_clu, but for clarity, initialize hint_femp.eidx to zero. Reported-by: syzbot+01218003be74b5e1213a@syzkaller.appspotmail.com Tested-by: syzbot+01218003be74b5e1213a@syzkaller.appspotmail.com Signed-off-by: Namjae Jeon Reviewed-by: Yuezhang Mo --- fs/exfat/namei.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/exfat/namei.c b/fs/exfat/namei.c index 98f67e632ad1..337197ece599 100644 --- a/fs/exfat/namei.c +++ b/fs/exfat/namei.c @@ -345,6 +345,7 @@ static int exfat_find_empty_entry(struct inode *inode, if (ei->start_clu == EXFAT_EOF_CLUSTER) { ei->start_clu = clu.dir; p_dir->dir = clu.dir; + hint_femp.eidx = 0; } /* append to the FAT chain */