RE: [PATCH] exfat: fix random stack corruption after get_block

Hi Yuezhang,

Subject: Re: [PATCH] exfat: fix random stack corruption after get_block

•                   /*
  

•                    * No buffer_head is allocated.
  

•                    * (1) bmap: It's enough to fill bh_result without
  

I/O.

•                    * (2) read: The unwritten part should be filled
  

with 0

•                    *           If a folio does not have any buffers,
  

•                    *           let's returns -EAGAIN to fallback to
  

•                    *           per-bh IO like
  

block_read_full_folio().

•                    */
  

•                   if (!folio_buffers(bh_result->b_folio)) {
  

•                           err = -EAGAIN;
  

•                           goto done;
  

•                   }
  
  

bh_result is set as mapped by map_bh(), should we need to clear it if return an error?

I looked a little deeper into do_mpage_readpage() and block_read_full_folio(), and from a security perspective, it seems that unmap is necessary in all error situations. Otherwise, unwritten areas may be exposed.

•                   BUG_ON(size > sb->s_blocksize);
  
  

This check is equivalent to the following condition and is not necessary.

            } else if (iblock == valid_blks &&
                       (ei->valid_size & (sb->s_blocksize - 1))) {

Yes, I think so, I'll remove it with v2.

Thanks