From patchwork Wed Oct 30 07:47:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yuezhang.Mo@sony.com" X-Patchwork-Id: 13856090 Received: from mx08-001d1705.pphosted.com (mx08-001d1705.pphosted.com [185.183.30.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1E0B433E1 for ; Wed, 30 Oct 2024 07:47:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=185.183.30.70 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730274451; cv=fail; b=QE49j1Hv28bAnJbq7vc0zsrolnfd++Z7h9kMPM8zGwtghQzvK04yBG/4sRc9Jsr6gMUkrYECKZfuHvfjjrpZr87KKAZ1kEDpFc7D46pjOfuun8+0efetc/98I6qpuGKiuCMXLRmcFU1WE0FrxDJpVXhFItfF74fGqffVzFA4zs0= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730274451; c=relaxed/simple; bh=iNKhIhXEWDnCBbbzVO0gz3AwNH5uIqTmB0NfOx8oQH4=; h=From:To:CC:Subject:Date:Message-ID:Content-Type:MIME-Version; b=uAqAU2a+xU4ivWETHJpEUnJikHxkaK5DsoUY5xYAax9R0zKs9q4nXnwHS003Rk7FWVHH03zVwF/asAgQFvXFiakSAUuugVS7+XAzFhXoAS/yGE81TUJwSGF2DTSd3E+xfMMgnXgxfNMwxCnRet2nu+foVdHqDXoNJpQShzKr2Qs= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=sony.com; spf=pass smtp.mailfrom=sony.com; dkim=pass (2048-bit key) header.d=sony.com header.i=@sony.com header.b=fKkw2k+y; arc=fail smtp.client-ip=185.183.30.70 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=sony.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=sony.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=sony.com header.i=@sony.com header.b="fKkw2k+y" Received: from pps.filterd (m0209322.ppops.net [127.0.0.1]) by mx08-001d1705.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 49U6P3QF018401; Wed, 30 Oct 2024 07:47:18 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sony.com; h=cc :content-transfer-encoding:content-type:date:from:message-id :mime-version:subject:to; s=S1; bh=iNKhIhXEWDnCBbbzVO0gz3AwNH5uI qTmB0NfOx8oQH4=; b=fKkw2k+y2qas9MZdn7q47LmbhS0u2om/5b3rP+jRHpxQZ V0q22H/DdLvKMNCGm7zGZsCBKUvhvOHZtkl1ECU7Zj3qsshrNiFGAJL/BR89Q+ZT ZetJbY6E9Ajv0GDV+9vlS1GD4vIcqe3Fg2GxejYMd/0FnuM8j0urZXPVpUyhKVQU MbtDFytruqgp7c/OgY42xXlOx28Dpd4tKaz+fhHGIkcnkuOltcnS3BYU+4P7TPs3 qXotz1yVOaiTXBAL0hF9BZ3iiaXfH/9eNFrXRV6BIDD1dWc1urCSpGbWQubRz9Db eEZ847N93hG0PGszsceC1bE8Bmv1LogRZQ7iSXMtg== Received: from apc01-tyz-obe.outbound.protection.outlook.com (mail-tyzapc01lp2044.outbound.protection.outlook.com [104.47.110.44]) by mx08-001d1705.pphosted.com (PPS) with ESMTPS id 42k2yprm69-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 30 Oct 2024 07:47:18 +0000 (GMT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=V3mxkD+xhiq3Sa3WVyHeOVJWPgxeqzCbHpYtD0gzqbRRhXH8fRponjZkYjyiGHpbYCfDWXur4uLnrcNE5og6mwdjDtNKXd91YICC9JdgjLsKSSz9aeQeW49l4NAwVAGVI37I3X0H0cxVxQsqH9/iPh0xNpiAZUOzpXfYZ39U0mW+CykgQB0MGpbb0eJ3csMHFD1CSrIQV7opE8Sv4IuNfqP7UQQmcFL/SOFYqM7YNqejYIn4qjLHcJRj31FDiQ2RZVsE2J4ZboQKkNWsC2sEOw637GkLpugPkymZKWhwB4k7x8EmEiKtQJNwjwHZUKdpiRj+5UWOelGoO/rWFWk5HQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=iNKhIhXEWDnCBbbzVO0gz3AwNH5uIqTmB0NfOx8oQH4=; b=m0xF5ZUpOuZzVZL4VRf2R4TuF1mGKkuM50buAeFVI+R81gtheo2V6Jw+mVd+UnGeCsydjCXy9Dt5T0lOdSeuknXuVbj8T8U4B7NFdc/hG66KntQ84OSq73OI3lr+zWqtU+AMstAVqWmtd/WGIPw25e5evU+ecHGYyI+3455Zo5Xe/p7u8eOvwOmr6WSqNPy2/QYbxldl2d5+5Qok0RH55UQgviEToYwwrmNVTXGaHbLHqTuJQ7UzOPFHXzqvnob/MBiA0qkJJ1K+ROPXjK8f7ra1TagwTynsSkzk+cEdP7fhE4OMI7zu3FBhR4W0Q8w6oB22Flt+MnqFK36TqfEOdQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=sony.com; dmarc=pass action=none header.from=sony.com; dkim=pass header.d=sony.com; arc=none Received: from PUZPR04MB6316.apcprd04.prod.outlook.com (2603:1096:301:fc::7) by KL1PR04MB7707.apcprd04.prod.outlook.com (2603:1096:820:118::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8093.25; Wed, 30 Oct 2024 07:47:08 +0000 Received: from PUZPR04MB6316.apcprd04.prod.outlook.com ([fe80::409e:64d3:cee0:7b06]) by PUZPR04MB6316.apcprd04.prod.outlook.com ([fe80::409e:64d3:cee0:7b06%4]) with mapi id 15.20.8093.024; Wed, 30 Oct 2024 07:47:08 +0000 From: "Yuezhang.Mo@sony.com" To: "linkinjeon@kernel.org" , "sj1557.seo@samsung.com" CC: "linux-fsdevel@vger.kernel.org" Subject: [PATCH v1 1/2] exfat: fix out-of-bounds access of directory entries Thread-Topic: [PATCH v1 1/2] exfat: fix out-of-bounds access of directory entries Thread-Index: Adso6MYudKFLPgEhSt2gIu9iyL//KQBtkhbw Date: Wed, 30 Oct 2024 07:47:08 +0000 Message-ID: Accept-Language: en-US, zh-CN Content-Language: zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: PUZPR04MB6316:EE_|KL1PR04MB7707:EE_ x-ms-office365-filtering-correlation-id: f9a52bce-40cd-4420-d723-08dcf8b70e76 x-proofpoint-id: d8690225-876f-412f-87c6-a7cb45557a4c x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|366016|376014|1800799024|38070700018; x-microsoft-antispam-message-info: =?utf-8?q?wNzfMy+0PA+SMH7EPsmYaV/mYz4W4nk?= =?utf-8?q?teEmk/1YIyFuX4r6dcDWUv4xevaf/bWFR+P/cN784ZkQRLmmMK16Iay/tHWOjFe5M?= =?utf-8?q?0cxKM9elh6qRVJqHFpYkbZtuXG3xd7p3RScIcTk53MQGo57SxHXFVvk3j2MppvCp3?= =?utf-8?q?lhGpKfzs4MXOUHnuJ89uMrT3f11Osu9Nddt7BOsdTyip83gqJdMKi++v+qxUN9dpW?= =?utf-8?q?ikNiZ9WRH5mcJwFf3rAwsXiUt60dVYrzZJyICbljRvsM289Q5zrW6YkeERyTeLLtC?= =?utf-8?q?YtzWWZt93jU2wz0DS/Ot7v6b8RNSDUlGTIKCy2DxfLG20PlxKUasNcO/haPJVbeQf?= =?utf-8?q?3FUjQk4fgbNAEBjXi7vSZCDPnEHcsiOFZvGXtONkO0JPLUHNCV46adt8V/I9SMUe0?= =?utf-8?q?2FQ0Df4eXSAVsi8igXc+F+QWFUj/2Jpp+tsQG4NdFXHp2fY3imgVwiq+wEylIELZU?= =?utf-8?q?HY3AWAAoNnJD38/fFDev5o93LEM9Cri6UEYWvrGd43l5jI0okGIHqH3MID1HK7bcT?= =?utf-8?q?goyzihRmJvHOvFVbH6Hvdpb7sgOMYpNxE1kebkncx9uj646uhh7bLIK6EGeAA33ZX?= =?utf-8?q?yYe3XW4dUlC6GVbTNC5BMcMDxlm/NSjGNa0QAOc0RaSMKn1xO8sUyvALiNHn9mqHA?= =?utf-8?q?OhpbbbUS1yJS8WXf+fSD0tMscaDIMDLDldeMQ+QZRQflWUdaRmungCdSNPtFUsBAm?= =?utf-8?q?gsO+PQN5KwbCbvrwS2qXD0mBIAs8PVa8YoddEV7z5fr7QmXMhyjBowjJg7ZT+JhJu?= =?utf-8?q?S+CzEFguRpMZfIFxbXr+J2Bw7+9eVyyOJCw/ziQFTBkmd62vQ8C5QcoPXWBvdTB0B?= =?utf-8?q?zs1X2xxluP4uPOAW5xnrelyKFcP80AOkI4ndTAL/7ewo4Ih9NAaAQp8bMsgbYHsMd?= =?utf-8?q?Wo+TuQ5zzIe4iT2r4G3vTvzyuVPGS/y+94GR7SOylE6/VfOY00kseRrpOvn3vtphs?= =?utf-8?q?II8qI53DIdl00+ZlRYJvg/QC1qK9+o5UTamZl6wpJUws4k9B5aSD96Gi1sQWPdvmi?= =?utf-8?q?kSGgjn5PhZegBDRFXlb0Zts8f7avVrDd2lMhnOqvAjz9bHPw9XX1QJwZFXKVfxc8t?= =?utf-8?q?tfu98aPjxByj6Rm3jsoYA4unXed1XiId+ylEkMMHBKywpGAMaI4qhRhgbnmOyKwri?= =?utf-8?q?A6VAqHBip2IVOCVmsDG4WNAlIQRdDSxDxK9DW4H2b86fd7JsSW5fm10g0qMDMDo3u?= =?utf-8?q?MopRY/DcQVrq84fRasBi+MVvClkBfA171Z2jgWZxBGrwOLtxfJwzGaE/rDNo+BRRM?= =?utf-8?q?DtAY8PtJCMCS/j2GBXAVM07o+9nlNSKtEGNoh7f7QKF9RpmLrQ/OffS8=3D?= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:zh-cn;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PUZPR04MB6316.apcprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024)(38070700018);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?utf-8?q?BKoUFEpF+8xE6dJ1RKT7P3TXNmSN?= =?utf-8?q?8k6T2ifqRXgTcKTYEyCTH5fW9pWrzsptPAdjEPz4DDiuaj7KU1dP6DWK6+aQB96Ci?= =?utf-8?q?TOe9hsbKk6pNTB/D4x+QXu4C7pV5XK+2YFIvuzGQmH45qNxrM/Y6+zHKnyrEDUdXO?= =?utf-8?q?BKLkiB2nivM626Ec3tpYSgmzNFJqmmtbtYeq27XvdH96emJxLH7r8Y69zQJ7wjvqW?= =?utf-8?q?oj2VM/rCYbzS5aWObn0Te8TP6PtKUpb6S4o0fFoJ7RlchD1/ZQwoxtTrmMCNUs3OJ?= =?utf-8?q?wOznaRjoA1mnlII7nToHqkYo8ZGZH3ckMLYr1jx7LZiQpU4Dbt/9yqnedrIhsVHPu?= =?utf-8?q?3+BhiQElKUoBtOAnxgaiSnvOvR5cG5GxFp++5WIAgmHdclUBkh8STyjnGgVxUWYpm?= =?utf-8?q?Grp/wtpoToC0MHID8bZv5aQMTgPF07jUxi/LJ8YE1gK5f1wXLwxH9OiyfYpVXFAmD?= =?utf-8?q?KyTiBD7L4mXHJV2l6uye0LcJmFpEuSvfYpegHYKyaJReqs09UNrEgYbX72lPBA9OH?= =?utf-8?q?Qgiu+W5XmCK1QWa4c+QEa/P8o2iEzwZQD/9Wmgp+Wc1nTPa0Xp/vaeP+3YrLNuO9c?= =?utf-8?q?PGRsYOHfqPXHxcKJXx4phqC67FrEka/VQr6HoQK6WFPxFFiLYFuDqN4s7f+EttQdo?= =?utf-8?q?whnHVJkJHleCsMieAvsr+qL74MdG56grVpBksGdLt4Ekfq0a3v203YWNfy9/Rw8AW?= =?utf-8?q?1PK4tXyVXYSflWxLIqMTEYqso8Y7sXIEew0h0V65JqCgPHZc+HWc9UPIjq9gx+iC8?= =?utf-8?q?s1iRyeyPeGTlX9yjLsmR+X+vYspkNLAaH24GlYh5MldkYh5uiQOGNj74LyZDeCvkZ?= =?utf-8?q?RzFbp8VMTg82PWZXJQNStw2NN2Di/RfVJkTWWACnfZqtg1g+0UZrWkdBYJhWJjd+i?= =?utf-8?q?FIFgGIc2loHXns71BTUgI6HhwYg+1ZNL/MuPTQiFU5SV39IfJWqPTlpQX9nxdM/Mq?= =?utf-8?q?IM/oQ+YTOplvKnMVVw5HYtFvC/wJ+F9KfbfnS3lADKgF3wwSLj4nRpX3auh0+4z+f?= =?utf-8?q?6/DimgJIv2+sXDGpfHUczxEdi62YKTbPz6ZxeFX2cLNui5ctolHeDYqZuXweuTKkd?= =?utf-8?q?DzOikj//N3Y3kctMiqTXdN+5HjSujQqRbjeHIoUenfY0b6RCbtg7LQMHrmos6iqo/?= =?utf-8?q?awpWHRcQUdAg1li9hVzn4MwNvU402pKWvYSYVMq52XueCtiz0l3mPeEbyHV8nfR3x?= =?utf-8?q?sviPdjEcMTIz4UO1m5TkKOPQUMedEUzFI8DTHHtlKSPjbuInc6AJDh7xhjcCiKL5S?= =?utf-8?q?IDhW+CdjDBOvkytlGPCPq7d1t2IxM9B6Y4LhVrbmi4uN2dZrvGe3WNhy5NNm8/Wkh?= =?utf-8?q?5uWdW5qUSj97BIjNHgnQqe1eFBcsiJSzkmC1efWYXrqNGWIn38eFAnkmPkx4mm28C?= =?utf-8?q?i0fJHsR99SWEThd7t8tpzy2Tk3qLKNgbUUz056NGW4Ovayy3YFmiS6FX3N2DzCga6?= =?utf-8?q?eczZJScNvkcqCzvGWHw7W9Hra4zVwfZQiGSFwHkxOXqxnlK3dVY7hiAzA+kK5kqHN?= =?utf-8?q?FKaUO81bmMun?= Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: aWRWKXiMSEbPTwMAzmRAT7Ja/o8BslIG5xRXTk742IqbSnZGQAtnGkOMBhFhobpKus+ewW9/vsWxINYOD2YcfKON6dJw35W8SwXOLMPxlYG4o6ErUBhMZy1+UH1bLXCiK0M8SnxBmjayw7C9hs8MhUUqj4k2RC6yeFNu3uSPaEYVC9WY02Gn8LRFteOFEfIeuBWe8suyDVyvKOUDEs8mCRq3ZjnuBT0mDTjypFaIyu25Udhu4B24iPW/GxwZImJq7T3tqNwQlxtW7jOpmh9OQW52Ur9qd42BgQgEABO30XqBDw4Pocw12/+Kji73xQiitLj/S9hdjHV6FUwkXN5gjUhpcoO88bhaCGhSIkK+h6qyYxnBNklAePN+uOzNI/t1V1ra8/MZ2h8l4AKGZWWiwO11nui1baG1jmT3uHRFg+wWUw7SAcFoKGdy8twrQWtMiBhvJzyA9dr84AduXlf0AAY091UbLPBJCuM2ljRyNh65CSjvsDysoUHRqfVSmmu1EkROB/CMgAmtVZlB4DvM1/FagZf8PWP0sS6duCy7UL9GgJEPFCqCHdO/kqeS/I3gRSvjSA8Gw7vmSKToeNbJbWXM8N56K9qk9Mp+QtkLWNFRUnwEA2lfCOm9Ph5ghIUG X-OriginatorOrg: sony.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PUZPR04MB6316.apcprd04.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: f9a52bce-40cd-4420-d723-08dcf8b70e76 X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Oct 2024 07:47:08.4905 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 66c65d8a-9158-4521-a2d8-664963db48e4 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: nOAIi9vOH912EYHEZTBEHWYbpooCL/YphAfrf3xa7XSgjG48tfw5ZkiJY0gVXkHZ9T0x2yIp2owigXkq4b723w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: KL1PR04MB7707 X-Proofpoint-ORIG-GUID: exYZ2MMG2ym94K4pdSBFYSb8eWpgWi2s X-Proofpoint-GUID: exYZ2MMG2ym94K4pdSBFYSb8eWpgWi2s X-Sony-Outbound-GUID: exYZ2MMG2ym94K4pdSBFYSb8eWpgWi2s X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.62.30 definitions=2024-10-30_06,2024-10-30_01,2024-09-30_01 In the case of the directory size is greater than or equal to the cluster size, if start_clu becomes an EOF cluster(an invalid cluster) due to file system corruption, then the directory entry where ei->hint_femp.eidx hint is outside the directory, resulting in an out-of-bounds access, which may cause further file system corruption. This commit adds a check for start_clu, if it is an invalid cluster, the file or directory will be treated as empty. Signed-off-by: Yuezhang Mo Co-developed-by: Namjae Jeon Signed-off-by: Namjae Jeon --- fs/exfat/namei.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/fs/exfat/namei.c b/fs/exfat/namei.c index 2c4c44229352..98f67e632ad1 100644 --- a/fs/exfat/namei.c +++ b/fs/exfat/namei.c @@ -637,14 +637,26 @@ static int exfat_find(struct inode *dir, struct qstr *qname, info->size = le64_to_cpu(ep2->dentry.stream.valid_size); info->valid_size = le64_to_cpu(ep2->dentry.stream.valid_size); info->size = le64_to_cpu(ep2->dentry.stream.size); + + info->start_clu = le32_to_cpu(ep2->dentry.stream.start_clu); + if (!is_valid_cluster(sbi, info->start_clu) && info->size) { + exfat_warn(sb, "start_clu is invalid cluster(0x%x)", + info->start_clu); + info->size = 0; + info->valid_size = 0; + } + + if (info->valid_size > info->size) { + exfat_warn(sb, "valid_size(%lld) is greater than size(%lld)", + info->valid_size, info->size); + info->valid_size = info->size; + } + if (info->size == 0) { info->flags = ALLOC_NO_FAT_CHAIN; info->start_clu = EXFAT_EOF_CLUSTER; - } else { + } else info->flags = ep2->dentry.stream.flags; - info->start_clu = - le32_to_cpu(ep2->dentry.stream.start_clu); - } exfat_get_entry_time(sbi, &info->crtime, ep->dentry.file.create_tz, From patchwork Wed Oct 30 07:47:16 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yuezhang.Mo@sony.com" X-Patchwork-Id: 13856091 Received: from mx08-001d1705.pphosted.com (mx08-001d1705.pphosted.com [185.183.30.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 793B51B86E9 for ; Wed, 30 Oct 2024 07:47:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=185.183.30.70 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730274451; cv=fail; b=gV5e/nM5zdtg8gew3ydNpCVGX79rkyJBT7FzlqpfNa1Kmx9BJU9RBABZOjk3xXn6GKIZTvMgmLwxEzS4JvMc9yYKLdZm2zSPcVUCaE5JKxYOK0YswcDGmyEN5uEOuDWgD1YoTbsnDBdlb4W64lzNesrmleLdy9yd7XZBeE+MmRk= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730274451; c=relaxed/simple; bh=nEcjN4PtFE1022k4jxmuK8zxoFM7Xd661+jmu4qJtRg=; h=From:To:CC:Subject:Date:Message-ID:Content-Type:MIME-Version; b=dQomOaNL7pQQOmxq3EO5CteoaKubhGrAr+vjL35GovRuFU03UlRhcrBI+/aAMlWIXRvUvDCRaM+B2Qt3vSCihgBYM0agAZUOkYX4e+ZXG2ZprqapWZf54UutFg+oDDznAQaKDRWsqDlUU7p7s94BT27aYCLZLu/Y3/y5vRiHyvQ= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=sony.com; spf=pass smtp.mailfrom=sony.com; dkim=pass (2048-bit key) header.d=sony.com header.i=@sony.com header.b=YjG+JEJH; arc=fail smtp.client-ip=185.183.30.70 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=sony.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=sony.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=sony.com header.i=@sony.com header.b="YjG+JEJH" Received: from pps.filterd (m0209322.ppops.net [127.0.0.1]) by mx08-001d1705.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 49U6P3QG018401; Wed, 30 Oct 2024 07:47:19 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sony.com; h=cc :content-transfer-encoding:content-type:date:from:message-id :mime-version:subject:to; s=S1; bh=nEcjN4PtFE1022k4jxmuK8zxoFM7X d661+jmu4qJtRg=; b=YjG+JEJHXnWBWhD3G7bNf3dGOPdIxhBelaaIVwGHKDNPj ShMuufGBOuyEvpY/YrwMeSQ7pc6PrBomOfyuCq4OAWDzDy1F9Xn16Pie5OXxV8bI pNgnRtOXfAMr58peauQUk96m2Q/5RDejjOgdxYAsSjUpSuX9sINBoD5RqjgZPc2o seOw0AhBkE9nHiK51hUvd97x8vfPT0OKHixWf5dqE/aJStIiVRb8Bf6wgZsbw0uk BBmxn6/IWwE4fN1Lb5IbNjbVtiA1iVs/LGhTcGiqFFqTGmSrLHcntBS/TQVS/HZ6 zc2OZcu4td9JfqMpGcDsQX/LNvTviduusXJ1Gr0VQ== Received: from apc01-tyz-obe.outbound.protection.outlook.com (mail-tyzapc01lp2044.outbound.protection.outlook.com [104.47.110.44]) by mx08-001d1705.pphosted.com (PPS) with ESMTPS id 42k2yprm69-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 30 Oct 2024 07:47:19 +0000 (GMT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=vVex5R8xY2YXIHoHyuk5nWCwa8Vw+432AHbE+4Xua1aUcnqpFAsuRHnZRgrix6s5gt2tMVEchDXPuFvSu+yeKatwyn7kA6RGiOgYRA0L+9TaKoUELQMuLBVwVuBknHO/Mm44YCzTwdWh4Cr+NOOuFL4eLIPSjZ9F2Cnnt2/k1asTmZ16U7ngh+zldm9nhUSwMgKFwjZ3ZXk7RDpycrJciIAghHEGizQpNe1REYKw0lGcAnisS8lnRQFKpgNWHNJWrZjbDdaOHi4Fu/v+PRjJEJ98xaoHwZUf/NObUzb9Fx6CYNzlfNtzPE9CDqhxDs8Z91M495u5Vsevrwso3LR/NQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=nEcjN4PtFE1022k4jxmuK8zxoFM7Xd661+jmu4qJtRg=; b=rUFvP8FCRGh6wn9ADNBtmDUy/cg4p5Zlgpqctl+nL+tSAI5MkhTLBW/EnDeK8JR/kQo7SFWWv+Gvpgf+nbvmCaHrBQ3khvGENZ3/H+A2mHjwXpA9Qy0Ka5Tc+Jsxak+5bda+ppa0/Uda4mDnapViiSSeaOkh9h5rn2bRmEfnRz5T9zLViqfVKPdkILGLgwiVJiLflLYA9JkcjVrdk9BwMHjFoNJAntx58W/Hm8QQPbADDLh2EMDZ8K0v5y2fsSrIJn3/frhSHFpcRrygSKbzO1tdDtWIW1ClqJnJ4jXs4f3bCfBWbaw4Pe59Cxp2jfGex9nrb2W0LOKFiihLc4TBqg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=sony.com; dmarc=pass action=none header.from=sony.com; dkim=pass header.d=sony.com; arc=none Received: from PUZPR04MB6316.apcprd04.prod.outlook.com (2603:1096:301:fc::7) by KL1PR04MB7707.apcprd04.prod.outlook.com (2603:1096:820:118::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8093.25; Wed, 30 Oct 2024 07:47:16 +0000 Received: from PUZPR04MB6316.apcprd04.prod.outlook.com ([fe80::409e:64d3:cee0:7b06]) by PUZPR04MB6316.apcprd04.prod.outlook.com ([fe80::409e:64d3:cee0:7b06%4]) with mapi id 15.20.8093.024; Wed, 30 Oct 2024 07:47:16 +0000 From: "Yuezhang.Mo@sony.com" To: "linkinjeon@kernel.org" , "sj1557.seo@samsung.com" CC: "linux-fsdevel@vger.kernel.org" Subject: [PATCH v1 2/2] exfat: fix uninit-value in __exfat_get_dentry_set Thread-Topic: [PATCH v1 2/2] exfat: fix uninit-value in __exfat_get_dentry_set Thread-Index: AdsnXGajBcSuozFiT2qdfBwuR/bzEgDQsVMw Date: Wed, 30 Oct 2024 07:47:16 +0000 Message-ID: Accept-Language: en-US, zh-CN Content-Language: zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: PUZPR04MB6316:EE_|KL1PR04MB7707:EE_ x-ms-office365-filtering-correlation-id: bffd7121-3619-49f4-49cb-08dcf8b71302 x-proofpoint-id: d8690225-876f-412f-87c6-a7cb45557a4c x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|366016|376014|1800799024|38070700018; x-microsoft-antispam-message-info: =?utf-8?q?USudRFB83zAAiuNXVb14xi9BRZ80jIi?= =?utf-8?q?mdctXhlZwelgqp0HWvPbJ6b0SrTvOTP2YjsbWq94aw2k2UgutmfogpF7M5IK4YTwv?= =?utf-8?q?gbNFAEnhNUz86zHUwJqr2HJyQ8p9/3/8jMQ6EQc2RZLZTj12ndm+qG3R6j8D7BWzx?= =?utf-8?q?KUXuH8O3xEZdWFb+8FSidGPcgOH+9J6QrGe2CDWshk9NUp1qLYgvkxdDiZCeQx8Xb?= =?utf-8?q?iZU7dwGiQcXYewh2GQIsJhk+w9L13WNzuT8szJu+VesjS6mI93M5s29TU5ZYEHTKI?= =?utf-8?q?sV21qBPIuE4OiSwD4Jh0rK28qK68v62IOzEOK+oUePTr3esBGpqx8aLc5XWA2G5tc?= =?utf-8?q?I385PYKuV7mJl9BbPbafe6WAbeQvmU4Jgh9jTPW0AgBVcBDuUat6ltUK1M4P4LzUn?= =?utf-8?q?C9grAIiooAn4FtQZgdTgvqt3ehhsEdE39HUWMhrWUIy7cyk5wUJAxnjz8FWlRtBL2?= =?utf-8?q?ECtNtDTs3soc0Q3im7Wh4YeGxSWWy2XkG4XbE/u+F/8xrAz31aInvzOxibvztfHzP?= =?utf-8?q?GSE9ezzFNWI05h1Rw56W0xt+zfHuuNoqqMuWi53K9qyoQNY7BtoRsPGRfmeKbebca?= =?utf-8?q?P4htwdOfzvgz0gFGrvQ8KIqoQmauxxgw7qOpzIitEucXGvea+S9p3cKWmV8GnC4qk?= =?utf-8?q?fqhq0XbWU0s47WTK9oYVtHUHXh8paQvOBheNYNTqDDVhv1lkgYVaxuqeqtVS8fzNW?= =?utf-8?q?BmqkzuDtBX7dIC8B0z24ii4eDSSG380fNirymEAn7/zpD0PChAjE/6v+fsC7D8sLC?= =?utf-8?q?hcB+IPEXf6H/1eOB6AYfDwIrnhOLoVOd3PUtpSa7YzfLljSp4rgzLoaJ3f+Do7RCJ?= =?utf-8?q?qISIQ0GJlYEnn7gvtXSZ6OZAhr0fyQ1lwbPVO1BDXBzFU+fDTfxi/1gcDhQl/U65T?= =?utf-8?q?ZH5jb/eAUHYp8objRgieknxEVmc2AJZlx+JgJECEJMP1I0iBgHPgsU2NYVdzBGQSF?= =?utf-8?q?mCSxhflDQ27JNF3y/68Xvoem9OREOo3BnSjVmCDnuOscfwR3IWIb2dF5E/sry8G+h?= =?utf-8?q?UGROfLDubZ8V0oAmoQebKKrrSolkn9PO2IDKNLTc7tj1YtWbPu45Tt4pwFyp92HOY?= =?utf-8?q?alXSM01KwNiLJd7hxvmZDQ/Y0CWoTnMMuixO4HnYnGU2AuN9Olb6sFWn3eK/9atGx?= =?utf-8?q?MdB4CZM4ASLzpydoLfkyRR1V6lzYJ4Y9M6WfwhjPs1pbYOvJ+c+8PlPIeXA09EZ1+?= =?utf-8?q?XNUgq0vSinG/acms8gNk7KrX/k65bfZG6Vzit1RxpnMcAGlJ31WiZdaUnWdKCeBNw?= =?utf-8?q?Xwnw0PDRL0/49GLIVzo2RwoYVyBXfSFdaIT4c6j4WT0tOOwhwFTBwh+Q=3D?= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:zh-cn;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PUZPR04MB6316.apcprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024)(38070700018);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?utf-8?q?4Foqlb0gLmvQxV555LuuMMI2UdNN?= =?utf-8?q?DUCjH5/qsy/+zhEvc7Q+oNEKQgeMimzczfnMBLNUl/n35pmuy4su08BcXk2EpQllB?= =?utf-8?q?itLVvVJ8fisI1duaKyzvoc1eyLIjOShHyK1rXTYC3GSfpo+4UxtbPTOEEdGpT+DqM?= =?utf-8?q?+kDJlVmXGwKyHlR94SUfRutwhVQ5iK92kQeUcULvpRXg95+1649Gf0DCaWklRIARb?= =?utf-8?q?iuC9ZCi55BIyqPZaX33AEh5bhcSlOK7e8eMzb1DhPdUMHVW0b3WJI65POyatkdXz2?= =?utf-8?q?vQy3wFj4kSSsrnkrowiyWOlANVpGkMLWUVjOpb+Za89iH22YAfuN9bWJUgVyIv8Pb?= =?utf-8?q?+iS9zlbE4rV6tRcojrG8saVzvqKUZnmfoblzEWSogE1TtJQPr4Q19ssUPHUJgB2Hb?= =?utf-8?q?4qksjyKmIXVf7mZotc/fyEf2O/3JoBi5VdTI3rp9yCQ2MglEv826b5LZyfyYvKClI?= =?utf-8?q?0Y8CT2+kGcXKRdXVHgQOnMsDy+9btUZjrLZdsM6CWNRk2Pn3ER+p7kw5iYbe4IMWx?= =?utf-8?q?CXeVgF5AKP3jhkMArwV90oYil/o8xSnqzM3cMiXm85wNYFgcy9V4HoEKweimAjxH8?= =?utf-8?q?T8pTNyo54oWDks6dK29JWnjDRjngPnW9qDkFDYNRv1c7g7moEqyjBhUxHtvrnuWRu?= =?utf-8?q?RQ0g87ko1P9cgX6GYZFg5ej6OBpoWv76zGoyWQat6xgH/S0swccl2aQlmpqnwbzpW?= =?utf-8?q?FV4WPHxAi4J5LMlFBtl6r9e8V+n6N8SmawTig+AkzNDaiEFXSa9RLC5whWO70paOQ?= =?utf-8?q?SjONyzIJXmgv/8HAbUugiGmu4o9hvUxZea9g1dAcPnNRVKPrecSA3smXL7wmYI5T8?= =?utf-8?q?8j6m88cB5MGIg21OauFL7BTDwfVqtfDD6kIUiIsVzUVXRHZjxG4oLiXHc+gS0jEH2?= =?utf-8?q?nxF91IrkwIOcmjmqgTcMjfqXd3uufaPlVovv5nZqtnBHJ/auo+TlIzfhEglh4APQh?= =?utf-8?q?dLS+MlP+QqxaM0dphAVrfCwDnFhKICp5rEz4vL0BCSNvxnvhdCJoy1jz+FZNB6fH6?= =?utf-8?q?fqw2F6ymjTYMMtUPjeM7ii3WF7d4j7/2oQ9QmuuaxOp8rdcFN/emJGvCjzHaAxIhp?= =?utf-8?q?XxoqAP5tqhq3Us+Xe9Is/zJi+U3iU31dDqTikYb0dEEPK2Pc458ncqrbqpzAg+UwP?= =?utf-8?q?Yoeuw1rRQpMDytNHBBEFcoGk6nsIyrVKXo/mPX08Aw8q1+NduhvkFgxmmo7CbphwF?= =?utf-8?q?jAbBYxmgWGUxawANWg6HiyEhzfW4zUlSC2SZ+QI+SbaplAl+CBMRbviaceYz0OR2z?= =?utf-8?q?bRMatxGkEgrAFf1GRv4iN5phrsJ/D+rZhJ5qlXN4mg6ONQ/oYqD3b2y9/D5tZS7eP?= =?utf-8?q?WjhKNFuj6nh+nUlIcDQFcmg2IRJEfX50xmIOOgDbNJTgJOBpMZkwwuIOQjpjk8RD7?= =?utf-8?q?h0xQpAniEz5YhX/YxXdJrL9vQwe5YyUe7DpsmPxkZrnZ6EZyzuv2FgYYBPg2npuAd?= =?utf-8?q?1XGesKMqSYypgVJRuf0cNbM9/culk6bQK7kPEFj+xSjPrZ0Ik0pcpxCm6kkTl/oHV?= =?utf-8?q?Ng5XZG79aC11?= Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: VjXDc6K8Xw21IbQaK/5S7p8XC522CRFAUU8SzmyQ1TzHWZkGnUMt+l+8IHoOnUo7hcfQaM8qiCVvwL9gwErh2PkD+gB79xgsdXtLTpCW0IHzZMePx3vVjWlEsTvGo+G+bb+7nJAodHQpGPmy4L160zxc9h/DsOflIy77dod3AQCg0zQvRMx1XEmri9bqV0GmWr6R0ZyXbVt2RTOzkBuN6OBQ3z5s5x4IY+7P2VZyFAc/biBCE333BA+2MB6lZPuGfResPM3pSBqNHHDTpndcf4ilNWa0X4kivLa5CSEzhxy4zPJGJBXZ+WsHBkGb3P9IMr3yQ9279DX+Z75egl0V0VgHrERsubUDWEuOnR+2ZBUfgpfiU3/Hobh/k6iDPXDEVfW/mn0FqcD2rYrjmNJAkuGc2G9Rk03zFQn2//pJuaQsFgxOb2iTs8Q4rttSD2YHdL2OW4RjrjuAZe+o6PC/Tt5urxzS9vO9+r5goJGIrejWfCifMxPK92P+oyo3ZPqhiHyDp55c3/kQ1RW65Hvs1YvVPKgVfGwLUFwFwqW0VPPvLHdUxHw26d4x53ebarAdw5HHlN9NxGamuDh+KoQheLk/KlnVTEfqTIO3U3rm5pGQPXu37FveOeN3BbkSyyqD X-OriginatorOrg: sony.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PUZPR04MB6316.apcprd04.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: bffd7121-3619-49f4-49cb-08dcf8b71302 X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Oct 2024 07:47:16.0853 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 66c65d8a-9158-4521-a2d8-664963db48e4 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: hXa6sCLvrw8kIKrhD/fuCuLX5BWAYz84fBEyYNMb1yjPWBSbk+Ewuw9swVsNc683rgp7LUZq5mX2sT3Irq39VA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: KL1PR04MB7707 X-Proofpoint-ORIG-GUID: 6JaPx5CBxRtib82KJo0jsxoEBf7NxEkB X-Proofpoint-GUID: 6JaPx5CBxRtib82KJo0jsxoEBf7NxEkB X-Sony-Outbound-GUID: 6JaPx5CBxRtib82KJo0jsxoEBf7NxEkB X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.62.30 definitions=2024-10-30_06,2024-10-30_01,2024-09-30_01 There is no check if stream size and start_clu are invalid. If start_clu is EOF cluster and stream size is 4096, It will cause uninit value access. because ei->hint_femp.eidx could be 128(if cluster size is 4K) and wrong hint will allocate next cluster. and this cluster will be same with the cluster that is allocated by exfat_extend_valid_size(). The previous patch will check invalid start_clu, but for clarity, initialize hint_femp.eidx to zero. Reported-by: syzbot+01218003be74b5e1213a@syzkaller.appspotmail.com Tested-by: syzbot+01218003be74b5e1213a@syzkaller.appspotmail.com Signed-off-by: Namjae Jeon Reviewed-by: Yuezhang Mo --- fs/exfat/namei.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/exfat/namei.c b/fs/exfat/namei.c index 98f67e632ad1..337197ece599 100644 --- a/fs/exfat/namei.c +++ b/fs/exfat/namei.c @@ -345,6 +345,7 @@ static int exfat_find_empty_entry(struct inode *inode, if (ei->start_clu == EXFAT_EOF_CLUSTER) { ei->start_clu = clu.dir; p_dir->dir = clu.dir; + hint_femp.eidx = 0; } /* append to the FAT chain */