diff options
| author | Yuezhang Mo <[email protected]> | 2024-12-12 08:29:23 +0000 |
|---|---|---|
| committer | Namjae Jeon <[email protected]> | 2024-12-31 08:51:16 +0000 |
| commit | 98e2fb26d1a9eafe79f46d15d54e68e014d81d8c (patch) | |
| tree | 4449ab96d75897eb150516a41f8340feff8b173a | |
| parent | exfat: fix the infinite loop in exfat_readdir() (diff) | |
| download | kernel-98e2fb26d1a9eafe79f46d15d54e68e014d81d8c.tar.gz kernel-98e2fb26d1a9eafe79f46d15d54e68e014d81d8c.zip | |
exfat: fix the new buffer was not zeroed before writing
Before writing, if a buffer_head marked as new, its data must
be zeroed, otherwise uninitialized data in the page cache will
be written.
So this commit uses folio_zero_new_buffers() to zero the new
buffers before ->write_end().
Fixes: 6630ea49103c ("exfat: move extend valid_size into ->page_mkwrite()")
Reported-by: [email protected]
Closes: https://syzkaller.appspot.com/bug?extid=91ae49e1c1a2634d20c0
Tested-by: [email protected]
Signed-off-by: Yuezhang Mo <[email protected]>
Reviewed-by: Sungjong Seo <[email protected]>
Signed-off-by: Namjae Jeon <[email protected]>
| -rw-r--r-- | fs/exfat/file.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/fs/exfat/file.c b/fs/exfat/file.c index fb38769c3e39..05b51e721783 100644 --- a/fs/exfat/file.c +++ b/fs/exfat/file.c @@ -545,6 +545,7 @@ static int exfat_extend_valid_size(struct file *file, loff_t new_valid_size) while (pos < new_valid_size) { u32 len; struct folio *folio; + unsigned long off; len = PAGE_SIZE - (pos & (PAGE_SIZE - 1)); if (pos + len > new_valid_size) @@ -554,6 +555,9 @@ static int exfat_extend_valid_size(struct file *file, loff_t new_valid_size) if (err) goto out; + off = offset_in_folio(folio, pos); + folio_zero_new_buffers(folio, off, off + len); + err = ops->write_end(file, mapping, pos, len, len, folio, NULL); if (err < 0) goto out; @@ -563,6 +567,8 @@ static int exfat_extend_valid_size(struct file *file, loff_t new_valid_size) cond_resched(); } + return 0; + out: return err; } |