Patch "exfat: fix the infinite loop in __exfat_free_cluster()" has been added to the 6.6-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Thu, 9 Jan 2025 08:54:28 -0500

This is a note to let you know that I've just added the patch titled

    exfat: fix the infinite loop in __exfat_free_cluster()

to the 6.6-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     exfat-fix-the-infinite-loop-in-__exfat_free_cluster.patch
and it can be found in the queue-6.6 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit f39f87c00803740c0a351c034cebff14d6a2e2ec
Author: Yuezhang Mo <Yuezhang.Mo@xxxxxxxx>
Date:   Mon Dec 16 13:39:42 2024 +0800

    exfat: fix the infinite loop in __exfat_free_cluster()
    
    [ Upstream commit a5324b3a488d883aa2d42f72260054e87d0940a0 ]
    
    In __exfat_free_cluster(), the cluster chain is traversed until the
    EOF cluster. If the cluster chain includes a loop due to file system
    corruption, the EOF cluster cannot be traversed, resulting in an
    infinite loop.
    
    This commit uses the total number of clusters to prevent this infinite
    loop.
    
    Reported-by: syzbot+1de5a37cb85a2d536330@xxxxxxxxxxxxxxxxxxxxxxxxx
    Closes: https://syzkaller.appspot.com/bug?extid=1de5a37cb85a2d536330
    Tested-by: syzbot+1de5a37cb85a2d536330@xxxxxxxxxxxxxxxxxxxxxxxxx
    Fixes: 31023864e67a ("exfat: add fat entry operations")
    Signed-off-by: Yuezhang Mo <Yuezhang.Mo@xxxxxxxx>
    Reviewed-by: Sungjong Seo <sj1557.seo@xxxxxxxxxxx>
    Signed-off-by: Namjae Jeon <linkinjeon@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/fs/exfat/fatent.c b/fs/exfat/fatent.c
index 56b870d9cc0d..428d862a1d2b 100644
--- a/fs/exfat/fatent.c
+++ b/fs/exfat/fatent.c
@@ -216,6 +216,16 @@ static int __exfat_free_cluster(struct inode *inode, struct exfat_chain *p_chain
 
 			if (err)
 				goto dec_used_clus;
+
+			if (num_clusters >= sbi->num_clusters - EXFAT_FIRST_CLUSTER) {
+				/*
+				 * The cluster chain includes a loop, scan the
+				 * bitmap to get the number of used clusters.
+				 */
+				exfat_count_used_clusters(sb, &sbi->used_clusters);
+
+				return 0;
+			}
 		} while (clu != EXFAT_EOF_CLUSTER);
 	}
 







