From: Namjae Jeon <linkinjeon@kernel.org>
Date: Tue, 1 Apr 2025 04:50:39 +0000 (+0900)
Subject: exfat: fix double free in delayed_free
X-Git-Tag: v6.16-rc1~142^2~1
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1f3d9724e16d62c7d42c67d6613b8512f2887c22;p=thirdparty%2Flinux.git

exfat: fix double free in delayed_free

The double free could happen in the following path.

exfat_create_upcase_table()
        exfat_create_upcase_table() : return error
        exfat_free_upcase_table() : free ->vol_utbl
        exfat_load_default_upcase_table : return error
     exfat_kill_sb()
           delayed_free()
                  exfat_free_upcase_table() <--------- double free
This patch set ->vol_util as NULL after freeing it.

Reported-by: Jianzhou Zhao <xnxc22xnxc22@qq.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
---

diff --git a/fs/exfat/nls.c b/fs/exfat/nls.c
index d47896a895965..1729bf42eb516 100644
--- a/fs/exfat/nls.c
+++ b/fs/exfat/nls.c
@@ -801,4 +801,5 @@ load_default:
 void exfat_free_upcase_table(struct exfat_sb_info *sbi)
 {
 	kvfree(sbi->vol_utbl);
+	sbi->vol_utbl = NULL;
 }