Patch "exfat: fix the new buffer was not zeroed before writing" has been added to the 6.12-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Thu, 9 Jan 2025 08:53:58 -0500

This is a note to let you know that I've just added the patch titled

    exfat: fix the new buffer was not zeroed before writing

to the 6.12-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     exfat-fix-the-new-buffer-was-not-zeroed-before-writi.patch
and it can be found in the queue-6.12 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 360e257e52eb050b6f78c12bbef02ff0cc89a7ea
Author: Yuezhang Mo <Yuezhang.Mo@xxxxxxxx>
Date:   Thu Dec 12 16:29:23 2024 +0800

    exfat: fix the new buffer was not zeroed before writing
    
    [ Upstream commit 98e2fb26d1a9eafe79f46d15d54e68e014d81d8c ]
    
    Before writing, if a buffer_head marked as new, its data must
    be zeroed, otherwise uninitialized data in the page cache will
    be written.
    
    So this commit uses folio_zero_new_buffers() to zero the new
    buffers before ->write_end().
    
    Fixes: 6630ea49103c ("exfat: move extend valid_size into ->page_mkwrite()")
    Reported-by: syzbot+91ae49e1c1a2634d20c0@xxxxxxxxxxxxxxxxxxxxxxxxx
    Closes: https://syzkaller.appspot.com/bug?extid=91ae49e1c1a2634d20c0
    Tested-by: syzbot+91ae49e1c1a2634d20c0@xxxxxxxxxxxxxxxxxxxxxxxxx
    Signed-off-by: Yuezhang Mo <Yuezhang.Mo@xxxxxxxx>
    Reviewed-by: Sungjong Seo <sj1557.seo@xxxxxxxxxxx>
    Signed-off-by: Namjae Jeon <linkinjeon@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/fs/exfat/file.c b/fs/exfat/file.c
index fb38769c3e39..05b51e721783 100644
--- a/fs/exfat/file.c
+++ b/fs/exfat/file.c
@@ -545,6 +545,7 @@ static int exfat_extend_valid_size(struct file *file, loff_t new_valid_size)
 	while (pos < new_valid_size) {
 		u32 len;
 		struct folio *folio;
+		unsigned long off;
 
 		len = PAGE_SIZE - (pos & (PAGE_SIZE - 1));
 		if (pos + len > new_valid_size)
@@ -554,6 +555,9 @@ static int exfat_extend_valid_size(struct file *file, loff_t new_valid_size)
 		if (err)
 			goto out;
 
+		off = offset_in_folio(folio, pos);
+		folio_zero_new_buffers(folio, off, off + len);
+
 		err = ops->write_end(file, mapping, pos, len, len, folio, NULL);
 		if (err < 0)
 			goto out;
@@ -563,6 +567,8 @@ static int exfat_extend_valid_size(struct file *file, loff_t new_valid_size)
 		cond_resched();
 	}
 
+	return 0;
+
 out:
 	return err;
 }







