[PATCH v1] exfat: fix the infinite loop in exfat_find_last

linux-fsdevel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH v1] exfat: fix the infinite loop in exfat_find_last_cluster()
@ 2025-03-20  8:27 Yuezhang.Mo
  2025-03-21 12:01 ` Namjae Jeon
  0 siblings, 1 reply; 2+ messages in thread
From: Yuezhang.Mo @ 2025-03-20  8:27 UTC (permalink / raw)
  To: linkinjeon@kernel.org, sj1557.seo@samsung.com
  Cc: linux-fsdevel@vger.kernel.org

In exfat_find_last_cluster(), the cluster chain is traversed until
the EOF cluster. If the cluster chain includes a loop due to file
system corruption, the EOF cluster cannot be traversed, resulting
in an infinite loop.

If the number of clusters indicated by the file size is inconsistent
with the cluster chain length, exfat_find_last_cluster() will return
an error, so if this inconsistency is found, the traversal can be
aborted without traversing to the EOF cluster.

Reported-by: syzbot+f7d147e6db52b1e09dba@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=f7d147e6db52b1e09dba
Tested-by: syzbot+f7d147e6db52b1e09dba@syzkaller.appspotmail.com
Fixes: 31023864e67a ("exfat: add fat entry operations")
Signed-off-by: Yuezhang Mo <Yuezhang.Mo@sony.com>
---
 fs/exfat/fatent.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/exfat/fatent.c b/fs/exfat/fatent.c
index b9473a69f104..23065f948ae7 100644
--- a/fs/exfat/fatent.c
+++ b/fs/exfat/fatent.c
@@ -294,7 +294,7 @@ int exfat_find_last_cluster(struct super_block *sb, struct exfat_chain *p_chain,
 		clu = next;
 		if (exfat_ent_get(sb, clu, &next))
 			return -EIO;
-	} while (next != EXFAT_EOF_CLUSTER);
+	} while (next != EXFAT_EOF_CLUSTER && count <= p_chain->size);
 
 	if (p_chain->size != count) {
 		exfat_fs_error(sb,
-- 
2.43.0

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH v1] exfat: fix the infinite loop in exfat_find_last_cluster()
  2025-03-20  8:27 [PATCH v1] exfat: fix the infinite loop in exfat_find_last_cluster() Yuezhang.Mo
@ 2025-03-21 12:01 ` Namjae Jeon
  0 siblings, 0 replies; 2+ messages in thread
From: Namjae Jeon @ 2025-03-21 12:01 UTC (permalink / raw)
  To: Yuezhang.Mo@sony.com
  Cc: sj1557.seo@samsung.com, linux-fsdevel@vger.kernel.org

On Thu, Mar 20, 2025 at 5:28 PM Yuezhang.Mo@sony.com
<Yuezhang.Mo@sony.com> wrote:
>
> In exfat_find_last_cluster(), the cluster chain is traversed until
> the EOF cluster. If the cluster chain includes a loop due to file
> system corruption, the EOF cluster cannot be traversed, resulting
> in an infinite loop.
>
> If the number of clusters indicated by the file size is inconsistent
> with the cluster chain length, exfat_find_last_cluster() will return
> an error, so if this inconsistency is found, the traversal can be
> aborted without traversing to the EOF cluster.
>
> Reported-by: syzbot+f7d147e6db52b1e09dba@syzkaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?extid=f7d147e6db52b1e09dba
> Tested-by: syzbot+f7d147e6db52b1e09dba@syzkaller.appspotmail.com
> Fixes: 31023864e67a ("exfat: add fat entry operations")
> Signed-off-by: Yuezhang Mo <Yuezhang.Mo@sony.com>
Applied it to #dev.
Thanks!

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2025-03-21 12:01 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-03-20  8:27 [PATCH v1] exfat: fix the infinite loop in exfat_find_last_cluster() Yuezhang.Mo
2025-03-21 12:01 ` Namjae Jeon

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).