exfat: fix the infinite loop in __exfat_free_cluster()

In __exfat_free_cluster(), the cluster chain is traversed until the EOF cluster. If the cluster chain includes a loop due to file system corruption, the EOF cluster cannot be traversed, resulting in an infinite loop. This commit uses the total number of clusters to prevent this infinite loop. Reported-by: syzbot+1de5a37cb85a2d536330@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=1de5a37cb85a2d536330 Tested-by: syzbot+1de5a37cb85a2d536330@syzkaller.appspotmail.com Fixes: 31023864e67a ("exfat: add fat entry operations") Signed-off-by: Yuezhang Mo <Yuezhang.Mo@sony.com> Reviewed-by: Sungjong Seo <sj1557.seo@samsung.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
author: Yuezhang Mo <Yuezhang.Mo@sony.com> 2024-12-16 13:39:42 +0800
committer: Namjae Jeon <linkinjeon@kernel.org> 2024-12-31 17:51:21 +0900
commit: a5324b3a488d883aa2d42f72260054e87d0940a0 (patch)
tree: 7ff3706a8be3ec863c9f37109fc81a53e96c51cf
parent: 98e2fb26d1a9eafe79f46d15d54e68e014d81d8c (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/fs/exfat/fatent.c b/fs/exfat/fatent.c
index 773c320d68f3..9e5492ac409b 100644
--- a/fs/exfat/fatent.c
+++ b/fs/exfat/fatent.c
@@ -216,6 +216,16 @@ static int __exfat_free_cluster(struct inode *inode, struct exfat_chain *p_chain
 
 			if (err)
 				goto dec_used_clus;
+
+			if (num_clusters >= sbi->num_clusters - EXFAT_FIRST_CLUSTER) {
+				/*
+				 * The cluster chain includes a loop, scan the
+				 * bitmap to get the number of used clusters.
+				 */
+				exfat_count_used_clusters(sb, &sbi->used_clusters);
+
+				return 0;
+			}
 		} while (clu != EXFAT_EOF_CLUSTER);
 	}
author	Yuezhang Mo <Yuezhang.Mo@sony.com>	2024-12-16 13:39:42 +0800
committer	Namjae Jeon <linkinjeon@kernel.org>	2024-12-31 17:51:21 +0900
commit	a5324b3a488d883aa2d42f72260054e87d0940a0 (patch)
tree	7ff3706a8be3ec863c9f37109fc81a53e96c51cf
parent	98e2fb26d1a9eafe79f46d15d54e68e014d81d8c (diff)