qiurui
/
Centos-kernel-stream-9
mirror of https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Centos-kernel-stream-9/fs/exfat
History
CKI Backport Bot f16b9e7624 exfat: fix the infinite loop in exfat_readdir() 
JIRA: https://issues.redhat.com/browse/RHEL-75663
CVE: CVE-2024-57940

commit fee873761bd978d077d8c55334b4966ac4cb7b59
Author: Yuezhang Mo <Yuezhang.Mo@sony.com>
Date:   Fri Dec 13 13:08:37 2024 +0800

    exfat: fix the infinite loop in exfat_readdir()

    If the file system is corrupted so that a cluster is linked to
    itself in the cluster chain, and there is an unused directory
    entry in the cluster, 'dentry' will not be incremented, causing
    condition 'dentry < max_dentries' unable to prevent an infinite
    loop.

    This infinite loop causes s_lock not to be released, and other
    tasks will hang, such as exfat_sync_fs().

    This commit stops traversing the cluster chain when there is unused
    directory entry in the cluster to avoid this infinite loop.

    Reported-by: syzbot+205c2644abdff9d3f9fc@syzkaller.appspotmail.com
    Closes: https://syzkaller.appspot.com/bug?extid=205c2644abdff9d3f9fc
    Tested-by: syzbot+205c2644abdff9d3f9fc@syzkaller.appspotmail.com
    Fixes: ca06197382 ("exfat: add directory operations")
    Signed-off-by: Yuezhang Mo <Yuezhang.Mo@sony.com>
    Reviewed-by: Sungjong Seo <sj1557.seo@samsung.com>
    Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>

Signed-off-by: CKI Backport Bot <cki-ci-bot+cki-gitlab-backport-bot@redhat.com>
 		2025-01-21 17:23:41 +00:00
..
Kconfig fs: add CONFIG_BUFFER_HEAD 2024-04-17 10:10:20 +08:00
Makefile exfat: add Kconfig and Makefile 2020-03-05 21:00:40 -05:00
balloc.c exfat: fix memory leak in exfat_load_bitmap() 2024-10-22 11:04:09 +00:00
cache.c exfat: fix use of uninitialized spinlock on error path 2020-10-07 14:27:13 +09:00
dir.c exfat: fix the infinite loop in exfat_readdir() 2025-01-21 17:23:41 +00:00
exfat_fs.h fs: port ->getattr() to pass mnt_idmap 2024-10-16 09:37:45 +08:00
exfat_raw.h exfat: handle unreconized benign secondary entries 2023-12-04 11:52:51 +01:00
fatent.c exfat: fix the newly allocated clusters are not freed in error handling 2023-12-04 11:52:51 +01:00
file.c fs: port ->getattr() to pass mnt_idmap 2024-10-16 09:37:45 +08:00
inode.c exfat: fix inode->i_blocks for non-512 byte sector size device 2023-12-04 11:52:51 +01:00
misc.c exfat: Expand exfat_err() and co directly to pr_*() macro 2023-11-20 23:42:15 +01:00
namei.c fs: port ->rename() to pass mnt_idmap 2024-10-16 10:45:07 +08:00
nls.c exfat: Drop superfluous new line for error messages 2023-11-20 23:42:15 +01:00
super.c exfat: free the sbi and iocharset in ->kill_sb 2024-03-28 18:54:17 +01:00