This is a note to let you know that I've just added the patch titled exfat: fix reporting fs error when reading dir beyond EOF to the 6.2-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: exfat-fix-reporting-fs-error-when-reading-dir-beyond-eof.patch and it can be found in the queue-6.2 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From 706fdcac002316893434d753be8cfb549fe1d40d Mon Sep 17 00:00:00 2001 From: Yuezhang Mo <Yuezhang.Mo@xxxxxxxx> Date: Thu, 20 Oct 2022 14:27:37 +0800 Subject: exfat: fix reporting fs error when reading dir beyond EOF From: Yuezhang Mo <Yuezhang.Mo@xxxxxxxx> commit 706fdcac002316893434d753be8cfb549fe1d40d upstream. Since seekdir() does not check whether the position is valid, the position may exceed the size of the directory. We found that for a directory with discontinuous clusters, if the position exceeds the size of the directory and the excess size is greater than or equal to the cluster size, exfat_readdir() will return -EIO, causing a file system error and making the file system unavailable. Reproduce this bug by: seekdir(dir, dir_size + cluster_size); dirent = readdir(dir); The following log will be printed if mount with 'errors=remount-ro'. [11166.712896] exFAT-fs (sdb1): error, invalid access to FAT (entry 0xffffffff) [11166.712905] exFAT-fs (sdb1): Filesystem has been set read-only Fixes: 1e5654de0f51 ("exfat: handle wrong stream entry size in exfat_readdir()") Cc: stable@xxxxxxxxxxxxxxx # v5.7+ Signed-off-by: Yuezhang Mo <Yuezhang.Mo@xxxxxxxx> Reviewed-by: Andy Wu <Andy.Wu@xxxxxxxx> Reviewed-by: Aoyama Wataru <wataru.aoyama@xxxxxxxx> Reviewed-by: Sungjong Seo <sj1557.seo@xxxxxxxxxxx> Signed-off-by: Namjae Jeon <linkinjeon@xxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- fs/exfat/dir.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/fs/exfat/dir.c +++ b/fs/exfat/dir.c @@ -100,7 +100,7 @@ static int exfat_readdir(struct inode *i clu.dir = ei->hint_bmap.clu; } - while (clu_offset > 0) { + while (clu_offset > 0 && clu.dir != EXFAT_EOF_CLUSTER) { if (exfat_get_next_cluster(sb, &(clu.dir))) return -EIO; Patches currently in stable-queue which might be from Yuezhang.Mo@xxxxxxxx are queue-6.2/exfat-fix-reporting-fs-error-when-reading-dir-beyond-eof.patch queue-6.2/exfat-fix-inode-i_blocks-for-non-512-byte-sector-size-device.patch queue-6.2/exfat-fix-unexpected-eof-while-reading-dir.patch queue-6.2/exfat-redefine-dir_deleted-as-the-bad-cluster-number.patch