exfat: fix reporting fs error when reading dir beyond EOF

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Since seekdir() does not check whether the position is valid, the
position may exceed the size of the directory. We found that for
a directory with discontinuous clusters, if the position exceeds
the size of the directory and the excess size is greater than or
equal to the cluster size, exfat_readdir() will return -EIO,
causing a file system error and making the file system unavailable.

Reproduce this bug by:

seekdir(dir, dir_size + cluster_size);
dirent = readdir(dir);

The following log will be printed if mount with 'errors=remount-ro'.

[11166.712896] exFAT-fs (sdb1): error, invalid access to FAT (entry 0xffffffff)
[11166.712905] exFAT-fs (sdb1): Filesystem has been set read-only

Fixes: 1e5654de0f51 ("exfat: handle wrong stream entry size in exfat_readdir()")
Cc: stable@vger.kernel.org # v5.7+
Signed-off-by: Yuezhang Mo <Yuezhang.Mo@sony.com>
Reviewed-by: Andy Wu <Andy.Wu@sony.com>
Reviewed-by: Aoyama Wataru <wataru.aoyama@sony.com>
Reviewed-by: Sungjong Seo <sj1557.seo@samsung.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>

authored by

Yuezhang Mo and committed by

Namjae Jeon 3 years ago 706fdcac 6cb5d1a1

+1 -1

1 changed file

expand all

exfat

dir.c

+1 -1

fs/exfat/dir.c

··· 100 100 clu.dir = ei->hint_bmap.clu; 101 101 } 102 102 103 - while (clu_offset > 0) { 103 + while (clu_offset > 0 && clu.dir != EXFAT_EOF_CLUSTER) { 104 104 if (exfat_get_next_cluster(sb, &(clu.dir))) 105 105 return -EIO; 106 106