exfat: fix soft lockup in exfat_clear_bitmap

[ Upstream commit 9da33619e0ca53627641bc97d1b93ec741299111 ]

bitmap clear loop will take long time in __exfat_free_cluster()
if data size of file/dir enty is invalid.
If cluster bit in bitmap is already clear, stop clearing bitmap go to
out of loop.

Fixes: 31023864e67a ("exfat: add fat entry operations")
Reported-by: Kun Hu <huk23@m.fudan.edu.cn>, Jiaji Qin <jjtan24@m.fudan.edu.cn>
Reviewed-by: Sungjong Seo <sj1557.seo@samsung.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/fs/exfat/balloc.c b/fs/exfat/balloc.c
index 144617066a2bfa1282eb7222171a8bed5b1ed607..26808f0d3e9fff7448eeba3ac771881b4a162faa 100644 (file)
--- a/fs/exfat/balloc.c
+++ b/fs/exfat/balloc.c
@@ -160,7 +160,7 @@ int exfat_set_bitmap(struct inode *inode, unsigned int clu, bool sync)
        return 0;
 }
 
-void exfat_clear_bitmap(struct inode *inode, unsigned int clu, bool sync)
+int exfat_clear_bitmap(struct inode *inode, unsigned int clu, bool sync)
 {
        int i, b;
        unsigned int ent_idx;
@@ -169,13 +169,17 @@ void exfat_clear_bitmap(struct inode *inode, unsigned int clu, bool sync)
        struct exfat_mount_options *opts = &sbi->options;
 
        if (!is_valid_cluster(sbi, clu))
-               return;
+               return -EIO;
 
        ent_idx = CLUSTER_TO_BITMAP_ENT(clu);
        i = BITMAP_OFFSET_SECTOR_INDEX(sb, ent_idx);
        b = BITMAP_OFFSET_BIT_IN_SECTOR(sb, ent_idx);
 
+       if (!test_bit_le(b, sbi->vol_amap[i]->b_data))
+               return -EIO;
+
        clear_bit_le(b, sbi->vol_amap[i]->b_data);
+
        exfat_update_bh(sbi->vol_amap[i], sync);
 
        if (opts->discard) {
@@ -190,6 +194,8 @@ void exfat_clear_bitmap(struct inode *inode, unsigned int clu, bool sync)
                        opts->discard = 0;
                }
        }
+
+       return 0;
 }
 
 /*

diff --git a/fs/exfat/exfat_fs.h b/fs/exfat/exfat_fs.h
index 58816ee3162c4744707fe3f8b11fb0ed00ab86b9..e242d7758f782091503fa97271ecee090fbf5e77 100644 (file)
--- a/fs/exfat/exfat_fs.h
+++ b/fs/exfat/exfat_fs.h
@@ -420,7 +420,7 @@ int exfat_count_num_clusters(struct super_block *sb,
 int exfat_load_bitmap(struct super_block *sb);
 void exfat_free_bitmap(struct exfat_sb_info *sbi);
 int exfat_set_bitmap(struct inode *inode, unsigned int clu, bool sync);
-void exfat_clear_bitmap(struct inode *inode, unsigned int clu, bool sync);
+int exfat_clear_bitmap(struct inode *inode, unsigned int clu, bool sync);
 unsigned int exfat_find_free_bitmap(struct super_block *sb, unsigned int clu);
 int exfat_count_used_clusters(struct super_block *sb, unsigned int *ret_count);
 int exfat_trim_fs(struct inode *inode, struct fstrim_range *range);

diff --git a/fs/exfat/fatent.c b/fs/exfat/fatent.c
index 8f07504e53458b53be18a78fc71aa5e9415672c9..9c116a58544dabadd42261d7c1ec2e8e990f9475 100644 (file)
--- a/fs/exfat/fatent.c
+++ b/fs/exfat/fatent.c
@@ -174,6 +174,7 @@ static int __exfat_free_cluster(struct inode *inode, struct exfat_chain *p_chain
                BITMAP_OFFSET_SECTOR_INDEX(sb, CLUSTER_TO_BITMAP_ENT(clu));
 
        if (p_chain->flags == ALLOC_NO_FAT_CHAIN) {
+               int err;
                unsigned int last_cluster = p_chain->dir + p_chain->size - 1;
                do {
                        bool sync = false;
@@ -188,7 +189,9 @@ static int __exfat_free_cluster(struct inode *inode, struct exfat_chain *p_chain
                                cur_cmap_i = next_cmap_i;
                        }
 
-                       exfat_clear_bitmap(inode, clu, (sync && IS_DIRSYNC(inode)));
+                       err = exfat_clear_bitmap(inode, clu, (sync && IS_DIRSYNC(inode)));
+                       if (err)
+                               break;
                        clu++;
                        num_clusters++;
                } while (num_clusters < p_chain->size);
@@ -209,12 +212,13 @@ static int __exfat_free_cluster(struct inode *inode, struct exfat_chain *p_chain
                                cur_cmap_i = next_cmap_i;
                        }
 
-                       exfat_clear_bitmap(inode, clu, (sync && IS_DIRSYNC(inode)));
+                       if (exfat_clear_bitmap(inode, clu, (sync && IS_DIRSYNC(inode))))
+                               break;
                        clu = n_clu;
                        num_clusters++;
 
                        if (err)
-                               goto dec_used_clus;
+                               break;
 
                        if (num_clusters >= sbi->num_clusters - EXFAT_FIRST_CLUSTER) {
                                /*
@@ -228,7 +232,6 @@ static int __exfat_free_cluster(struct inode *inode, struct exfat_chain *p_chain
                } while (clu != EXFAT_EOF_CLUSTER);
        }
 
-dec_used_clus:
        sbi->used_clusters -= num_clusters;
        return 0;
 }