exfat: fix soft lockup in exfat_clear_bitmap

[ Upstream commit 9da33619e0ca53627641bc97d1b93ec741299111 ]

bitmap clear loop will take long time in __exfat_free_cluster()
if data size of file/dir enty is invalid.
If cluster bit in bitmap is already clear, stop clearing bitmap go to
out of loop.

Fixes: 31023864e67a ("exfat: add fat entry operations")
Reported-by: Kun Hu <huk23@m.fudan.edu.cn>, Jiaji Qin <jjtan24@m.fudan.edu.cn>
Reviewed-by: Sungjong Seo <sj1557.seo@samsung.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/fs/exfat/balloc.c b/fs/exfat/balloc.c
index ce9be95c9172f680f9c99a1379ace8bd1fec9855..9ff825f1502d5e69427ce17acecdcfcc0d3b5c3f 100644 (file)
--- a/fs/exfat/balloc.c
+++ b/fs/exfat/balloc.c
@@ -141,7 +141,7 @@ int exfat_set_bitmap(struct inode *inode, unsigned int clu, bool sync)
        return 0;
 }
 
-void exfat_clear_bitmap(struct inode *inode, unsigned int clu, bool sync)
+int exfat_clear_bitmap(struct inode *inode, unsigned int clu, bool sync)
 {
        int i, b;
        unsigned int ent_idx;
@@ -150,13 +150,17 @@ void exfat_clear_bitmap(struct inode *inode, unsigned int clu, bool sync)
        struct exfat_mount_options *opts = &sbi->options;
 
        if (!is_valid_cluster(sbi, clu))
-               return;
+               return -EIO;
 
        ent_idx = CLUSTER_TO_BITMAP_ENT(clu);
        i = BITMAP_OFFSET_SECTOR_INDEX(sb, ent_idx);
        b = BITMAP_OFFSET_BIT_IN_SECTOR(sb, ent_idx);
 
+       if (!test_bit_le(b, sbi->vol_amap[i]->b_data))
+               return -EIO;
+
        clear_bit_le(b, sbi->vol_amap[i]->b_data);
+
        exfat_update_bh(sbi->vol_amap[i], sync);
 
        if (opts->discard) {
@@ -171,6 +175,8 @@ void exfat_clear_bitmap(struct inode *inode, unsigned int clu, bool sync)
                        opts->discard = 0;
                }
        }
+
+       return 0;
 }
 
 /*

diff --git a/fs/exfat/exfat_fs.h b/fs/exfat/exfat_fs.h
index 3cdc1de362a94152f823527d0c6f2d0231c724d8..d2ba8e2d0c398a4ba651dbd71f22037296f8791b 100644 (file)
--- a/fs/exfat/exfat_fs.h
+++ b/fs/exfat/exfat_fs.h
@@ -452,7 +452,7 @@ int exfat_count_num_clusters(struct super_block *sb,
 int exfat_load_bitmap(struct super_block *sb);
 void exfat_free_bitmap(struct exfat_sb_info *sbi);
 int exfat_set_bitmap(struct inode *inode, unsigned int clu, bool sync);
-void exfat_clear_bitmap(struct inode *inode, unsigned int clu, bool sync);
+int exfat_clear_bitmap(struct inode *inode, unsigned int clu, bool sync);
 unsigned int exfat_find_free_bitmap(struct super_block *sb, unsigned int clu);
 int exfat_count_used_clusters(struct super_block *sb, unsigned int *ret_count);
 int exfat_trim_fs(struct inode *inode, struct fstrim_range *range);

diff --git a/fs/exfat/fatent.c b/fs/exfat/fatent.c
index 9e5492ac409b07485e276a99ddcd98afc2dd5639..6f3651c6ca91ef8a3f9fa34fece61241e45f6bcc 100644 (file)
--- a/fs/exfat/fatent.c
+++ b/fs/exfat/fatent.c
@@ -175,6 +175,7 @@ static int __exfat_free_cluster(struct inode *inode, struct exfat_chain *p_chain
                BITMAP_OFFSET_SECTOR_INDEX(sb, CLUSTER_TO_BITMAP_ENT(clu));
 
        if (p_chain->flags == ALLOC_NO_FAT_CHAIN) {
+               int err;
                unsigned int last_cluster = p_chain->dir + p_chain->size - 1;
                do {
                        bool sync = false;
@@ -189,7 +190,9 @@ static int __exfat_free_cluster(struct inode *inode, struct exfat_chain *p_chain
                                cur_cmap_i = next_cmap_i;
                        }
 
-                       exfat_clear_bitmap(inode, clu, (sync && IS_DIRSYNC(inode)));
+                       err = exfat_clear_bitmap(inode, clu, (sync && IS_DIRSYNC(inode)));
+                       if (err)
+                               break;
                        clu++;
                        num_clusters++;
                } while (num_clusters < p_chain->size);
@@ -210,12 +213,13 @@ static int __exfat_free_cluster(struct inode *inode, struct exfat_chain *p_chain
                                cur_cmap_i = next_cmap_i;
                        }
 
-                       exfat_clear_bitmap(inode, clu, (sync && IS_DIRSYNC(inode)));
+                       if (exfat_clear_bitmap(inode, clu, (sync && IS_DIRSYNC(inode))))
+                               break;
                        clu = n_clu;
                        num_clusters++;
 
                        if (err)
-                               goto dec_used_clus;
+                               break;
 
                        if (num_clusters >= sbi->num_clusters - EXFAT_FIRST_CLUSTER) {
                                /*
@@ -229,7 +233,6 @@ static int __exfat_free_cluster(struct inode *inode, struct exfat_chain *p_chain
                } while (clu != EXFAT_EOF_CLUSTER);
        }
 
-dec_used_clus:
        sbi->used_clusters -= num_clusters;
        return 0;
 }