git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Namjae Jeon <linkinjeon@kernel.org>
	Wed, 12 Nov 2025 00:42:25 +0000 (09:42 +0900)
committer	Namjae Jeon <linkinjeon@kernel.org>
	Wed, 3 Dec 2025 01:00:16 +0000 (10:00 +0900)
commit	866cba3675416c6cf446acb25d7c700eead1420e
tree	b0888e6df12e2cd68144d13c8c0d8c606c7b72b7	tree \| snapshot
parent	4e163c39dd4e70fcdce948b8774d96e0482b4a11	commit \| diff

exfat: validate the cluster bitmap bits of directory

Syzbot created this issue by testing an image that did not have the root
cluster bitmap bit marked. After accessing a file through the root
directory via exfat_lookup, when creating a file again with mkdir,
the root cluster bit can be allocated for direcotry, which can cause
the root cluster to be zeroed out and the same entry can be allocated
in the same cluster. This patch improved this issue by adding
exfat_test_bitmap to validate the cluster bits of the root directory
and directory. And the first cluster bit of the root directory should
never be unset except when storage is corrupted. This bit is set to
allow operations after mount.

Reported-by: syzbot+5216036fc59c43d1ee02@syzkaller.appspotmail.com
Tested-by: syzbot+5216036fc59c43d1ee02@syzkaller.appspotmail.com
Reviewed-by: Sungjong Seo <sj1557.seo@samsung.com>
Reviewed-by: Yuezhang Mo <Yuezhang.Mo@sony.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>

fs/exfat/balloc.c		diff \| blob \| blame \| history
fs/exfat/dir.c		diff \| blob \| blame \| history
fs/exfat/exfat_fs.h		diff \| blob \| blame \| history
fs/exfat/fatent.c		diff \| blob \| blame \| history
fs/exfat/super.c		diff \| blob \| blame \| history