Commit 0991abed authored by Yuezhang Mo's avatar Yuezhang Mo Committed by Namjae Jeon
Browse files

exfat: fix zero the unwritten part for dio read 



For dio read, bio will be leave in flight when a successful partial
aio read have been setup, blockdev_direct_IO() will return
-EIOCBQUEUED. In the case, iter->iov_offset will be not advanced,
the oops reported by syzbot will occur if revert iter->iov_offset
with iov_iter_revert(). The unwritten part had been zeroed by aio
read, so there is no need to zero it in dio read.

Reported-by: default avatar <syzbot+fd404f6b03a58e8bc403@syzkaller.appspotmail.com>
Closes: https://syzkaller.appspot.com/bug?extid=fd404f6b03a58e8bc403


Fixes: 11a347fb ("exfat: change to get file size from DataLength")
Signed-off-by: default avatarYuezhang Mo <Yuezhang.Mo@sony.com>
Signed-off-by: default avatarNamjae Jeon <linkinjeon@kernel.org>
parent 296455ad

fs/exfat/inode.c

+3 −4
Original line number Diff line number Diff line
@@ -501,7 +501,7 @@ static ssize_t exfat_direct_IO(struct kiocb *iocb, struct iov_iter *iter) 
	struct inode *inode = mapping->host;

	struct exfat_inode_info *ei = EXFAT_I(inode);

	loff_t pos = iocb->ki_pos;

	loff_t size = iocb->ki_pos + iov_iter_count(iter);

	loff_t size = pos + iov_iter_count(iter);

	int rw = iov_iter_rw(iter);

	ssize_t ret;
@@ -525,10 +525,9 @@ static ssize_t exfat_direct_IO(struct kiocb *iocb, struct iov_iter *iter) 
	 */

	ret = blockdev_direct_IO(iocb, inode, iter, exfat_get_block);

	if (ret < 0) {

		if (rw == WRITE)

		if (rw == WRITE && ret != -EIOCBQUEUED)

			exfat_write_failed(mapping, size);



		if (ret != -EIOCBQUEUED)

		return ret;

	} else

		size = pos + ret;