Skip to content

Commit fc9ce76

Browse files
sfu2gregkh
sfu2
authored and
gregkh
committed
exfat: fix refcount leak in exfat_find
[ Upstream commit 9aee8de ] Fix refcount leaks in `exfat_find` related to `exfat_get_dentry_set`. Function `exfat_get_dentry_set` would increase the reference counter of `es->bh` on success. Therefore, `exfat_put_dentry_set` must be called after `exfat_get_dentry_set` to ensure refcount consistency. This patch relocate two checks to avoid possible leaks. Fixes: 82ebecd ("exfat: fix improper check of dentry.stream.valid_size") Fixes: 13940ce ("exfat: add a check for invalid data size") Signed-off-by: Shuhao Fu <sfual@cse.ust.hk> Reviewed-by: Yuezhang Mo <Yuezhang.Mo@sony.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Li hongliang <1468888505@139.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
1 parent 437a871 commit fc9ce76

1 file changed

Lines changed: 10 additions & 10 deletions

File tree

fs/exfat/namei.c

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -638,16 +638,6 @@ static int exfat_find(struct inode *dir, struct qstr *qname,
638638
info->valid_size = le64_to_cpu(ep2->dentry.stream.valid_size);
639639
info->size = le64_to_cpu(ep2->dentry.stream.size);
640640

641-
if (info->valid_size < 0) {
642-
exfat_fs_error(sb, "data valid size is invalid(%lld)", info->valid_size);
643-
return -EIO;
644-
}
645-
646-
if (unlikely(EXFAT_B_TO_CLU_ROUND_UP(info->size, sbi) > sbi->used_clusters)) {
647-
exfat_fs_error(sb, "data size is invalid(%lld)", info->size);
648-
return -EIO;
649-
}
650-
651641
info->start_clu = le32_to_cpu(ep2->dentry.stream.start_clu);
652642
if (!is_valid_cluster(sbi, info->start_clu) && info->size) {
653643
exfat_warn(sb, "start_clu is invalid cluster(0x%x)",
@@ -685,6 +675,16 @@ static int exfat_find(struct inode *dir, struct qstr *qname,
685675
0);
686676
exfat_put_dentry_set(&es, false);
687677

678+
if (info->valid_size < 0) {
679+
exfat_fs_error(sb, "data valid size is invalid(%lld)", info->valid_size);
680+
return -EIO;
681+
}
682+
683+
if (unlikely(EXFAT_B_TO_CLU_ROUND_UP(info->size, sbi) > sbi->used_clusters)) {
684+
exfat_fs_error(sb, "data size is invalid(%lld)", info->size);
685+
return -EIO;
686+
}
687+
688688
if (ei->start_clu == EXFAT_FREE_CLUSTER) {
689689
exfat_fs_error(sb,
690690
"non-zero size file starts with zero cluster (size : %llu, p_dir : %u, entry : 0x%08x)",

0 commit comments

Comments
 (0)