Patch "exfat: fix the infinite loop in exfat_readdir()" has been added to the 6.1-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Thu, 9 Jan 2025 08:54:53 -0500

This is a note to let you know that I've just added the patch titled

    exfat: fix the infinite loop in exfat_readdir()

to the 6.1-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     exfat-fix-the-infinite-loop-in-exfat_readdir.patch
and it can be found in the queue-6.1 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 15334402127bd8b63d7ae801a5d95f3e031478c2
Author: Yuezhang Mo <Yuezhang.Mo@xxxxxxxx>
Date:   Fri Dec 13 13:08:37 2024 +0800

    exfat: fix the infinite loop in exfat_readdir()
    
    [ Upstream commit fee873761bd978d077d8c55334b4966ac4cb7b59 ]
    
    If the file system is corrupted so that a cluster is linked to
    itself in the cluster chain, and there is an unused directory
    entry in the cluster, 'dentry' will not be incremented, causing
    condition 'dentry < max_dentries' unable to prevent an infinite
    loop.
    
    This infinite loop causes s_lock not to be released, and other
    tasks will hang, such as exfat_sync_fs().
    
    This commit stops traversing the cluster chain when there is unused
    directory entry in the cluster to avoid this infinite loop.
    
    Reported-by: syzbot+205c2644abdff9d3f9fc@xxxxxxxxxxxxxxxxxxxxxxxxx
    Closes: https://syzkaller.appspot.com/bug?extid=205c2644abdff9d3f9fc
    Tested-by: syzbot+205c2644abdff9d3f9fc@xxxxxxxxxxxxxxxxxxxxxxxxx
    Fixes: ca06197382bd ("exfat: add directory operations")
    Signed-off-by: Yuezhang Mo <Yuezhang.Mo@xxxxxxxx>
    Reviewed-by: Sungjong Seo <sj1557.seo@xxxxxxxxxxx>
    Signed-off-by: Namjae Jeon <linkinjeon@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/fs/exfat/dir.c b/fs/exfat/dir.c
index d58c69018051..e651ffb06a43 100644
--- a/fs/exfat/dir.c
+++ b/fs/exfat/dir.c
@@ -125,7 +125,7 @@ static int exfat_readdir(struct inode *inode, loff_t *cpos, struct exfat_dir_ent
 			type = exfat_get_entry_type(ep);
 			if (type == TYPE_UNUSED) {
 				brelse(bh);
-				break;
+				goto out;
 			}
 
 			if (type != TYPE_FILE && type != TYPE_DIR) {
@@ -185,6 +185,7 @@ static int exfat_readdir(struct inode *inode, loff_t *cpos, struct exfat_dir_ent
 		}
 	}
 
+out:
 	dir_entry->namebuf.lfn[0] = '\0';
 	*cpos = EXFAT_DEN_TO_B(dentry);
 	return 0;







