Commit e40e0235 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'exfat-for-6.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/linkinjeon/exfat 

Pull exfat updates from Namjae Jeon:

 - Fix a remount failure caused by differing process masks by inheriting
   the original mount options during the remount process

 - Fix a potential divide-by-zero error and system crash in
   exfat_allocate_bitmap that occurred when the readahead count was zero

 - Add validation for directory cluster bitmap bits to prevent directory
   and root cluster from being incorrectly zeroed out on corrupted
   images

 - Clear the post-EOF page cache when extending a file to prevent stale
   mmap data from becoming visible, addressing an generic/363 failure

 - Fix a reference count leak in exfat_find by properly releasing the
   dentry set in specific error paths

* tag 'exfat-for-6.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/linkinjeon/exfat:
  exfat: fix remount failure in different process environments
  exfat: fix divide-by-zero in exfat_allocate_bitmap
  exfat: validate the cluster bitmap bits of directory
  exfat: zero out post-EOF page cache on file extension
  exfat: fix refcount leak in exfat_find
parents 4b6b4321 51fc7b4c

fs/exfat/balloc.c

+25 −5
Original line number Diff line number Diff line
@@ -106,7 +106,7 @@ static int exfat_allocate_bitmap(struct super_block *sb, 
		(PAGE_SHIFT - sb->s_blocksize_bits);

	for (i = 0; i < sbi->map_sectors; i++) {

		/* Trigger the next readahead in advance. */

		if (0 == (i % max_ra_count)) {

		if (max_ra_count && 0 == (i % max_ra_count)) {

			blk_start_plug(&plug);

			for (j = i; j < min(max_ra_count, sbi->map_sectors - i) + i; j++)

				sb_breadahead(sb, sector + j);
@@ -183,11 +183,10 @@ void exfat_free_bitmap(struct exfat_sb_info *sbi) 
	kvfree(sbi->vol_amap);

}



int exfat_set_bitmap(struct inode *inode, unsigned int clu, bool sync)

int exfat_set_bitmap(struct super_block *sb, unsigned int clu, bool sync)

{

	int i, b;

	unsigned int ent_idx;

	struct super_block *sb = inode->i_sb;

	struct exfat_sb_info *sbi = EXFAT_SB(sb);



	if (!is_valid_cluster(sbi, clu))
@@ -202,11 +201,10 @@ int exfat_set_bitmap(struct inode *inode, unsigned int clu, bool sync) 
	return 0;

}



int exfat_clear_bitmap(struct inode *inode, unsigned int clu, bool sync)

int exfat_clear_bitmap(struct super_block *sb, unsigned int clu, bool sync)

{

	int i, b;

	unsigned int ent_idx;

	struct super_block *sb = inode->i_sb;

	struct exfat_sb_info *sbi = EXFAT_SB(sb);



	if (!is_valid_cluster(sbi, clu))
@@ -226,6 +224,28 @@ int exfat_clear_bitmap(struct inode *inode, unsigned int clu, bool sync) 
	return 0;

}



bool exfat_test_bitmap(struct super_block *sb, unsigned int clu)

{

	int i, b;

	unsigned int ent_idx;

	struct exfat_sb_info *sbi = EXFAT_SB(sb);



	if (!sbi->vol_amap)

		return true;



	if (!is_valid_cluster(sbi, clu))

		return false;



	ent_idx = CLUSTER_TO_BITMAP_ENT(clu);

	i = BITMAP_OFFSET_SECTOR_INDEX(sb, ent_idx);

	b = BITMAP_OFFSET_BIT_IN_SECTOR(sb, ent_idx);



	if (!test_bit_le(b, sbi->vol_amap[i]->b_data))

		return false;



	return true;

}



/*

 * If the value of "clu" is 0, it means cluster 2 which is the first cluster of

 * the cluster heap.

fs/exfat/dir.c

+5 −0
Original line number Diff line number Diff line
@@ -604,6 +604,11 @@ static int exfat_find_location(struct super_block *sb, struct exfat_chain *p_dir 
	if (ret)

		return ret;



	if (!exfat_test_bitmap(sb, clu)) {

		exfat_err(sb, "failed to test cluster bit(%u)", clu);

		return -EIO;

	}



	/* byte offset in cluster */

	off = EXFAT_CLU_OFFSET(off, sbi);

fs/exfat/exfat_fs.h

+3 −2
Original line number Diff line number Diff line
@@ -452,8 +452,9 @@ int exfat_count_num_clusters(struct super_block *sb, 
/* balloc.c */

int exfat_load_bitmap(struct super_block *sb);

void exfat_free_bitmap(struct exfat_sb_info *sbi);

int exfat_set_bitmap(struct inode *inode, unsigned int clu, bool sync);

int exfat_clear_bitmap(struct inode *inode, unsigned int clu, bool sync);

int exfat_set_bitmap(struct super_block *sb, unsigned int clu, bool sync);

int exfat_clear_bitmap(struct super_block *sb, unsigned int clu, bool sync);

bool exfat_test_bitmap(struct super_block *sb, unsigned int clu);

unsigned int exfat_find_free_bitmap(struct super_block *sb, unsigned int clu);

int exfat_count_used_clusters(struct super_block *sb, unsigned int *ret_count);

int exfat_trim_fs(struct inode *inode, struct fstrim_range *range);

fs/exfat/fatent.c

+3 −3
Original line number Diff line number Diff line
@@ -205,7 +205,7 @@ static int __exfat_free_cluster(struct inode *inode, struct exfat_chain *p_chain 
				cur_cmap_i = next_cmap_i;

			}



			err = exfat_clear_bitmap(inode, clu, (sync && IS_DIRSYNC(inode)));

			err = exfat_clear_bitmap(sb, clu, (sync && IS_DIRSYNC(inode)));

			if (err)

				break;

			clu++;
@@ -233,7 +233,7 @@ static int __exfat_free_cluster(struct inode *inode, struct exfat_chain *p_chain 
				cur_cmap_i = next_cmap_i;

			}



			if (exfat_clear_bitmap(inode, clu, (sync && IS_DIRSYNC(inode))))

			if (exfat_clear_bitmap(sb, clu, (sync && IS_DIRSYNC(inode))))

				break;



			if (sbi->options.discard) {
@@ -409,7 +409,7 @@ int exfat_alloc_cluster(struct inode *inode, unsigned int num_alloc, 
		}



		/* update allocation bitmap */

		if (exfat_set_bitmap(inode, new_clu, sync_bmap)) {

		if (exfat_set_bitmap(sb, new_clu, sync_bmap)) {

			ret = -EIO;

			goto free_cluster;

		}

fs/exfat/file.c

+5 −0
Original line number Diff line number Diff line
@@ -25,6 +25,8 @@ static int exfat_cont_expand(struct inode *inode, loff_t size) 
	struct exfat_sb_info *sbi = EXFAT_SB(sb);

	struct exfat_chain clu;



	truncate_pagecache(inode, i_size_read(inode));



	ret = inode_newsize_ok(inode, size);

	if (ret)

		return ret;
@@ -639,6 +641,9 @@ static ssize_t exfat_file_write_iter(struct kiocb *iocb, struct iov_iter *iter) 


	inode_lock(inode);



	if (pos > i_size_read(inode))

		truncate_pagecache(inode, i_size_read(inode));



	valid_size = ei->valid_size;



	ret = generic_write_checks(iocb, iter);