Change the test for num_fats from != 0 to a check for specifically 1.
Although it's theoretically possible that num_fats == 2 for a TexFAT volume (or
an implementation that doesn't do the full TexFAT but does support 2 FAT
tables), the rest of the code doesn't currently DTRT if it's 2 (in particular,
not handling the case of ActiveFat pointing at the second FAT area), so we'll
disallow that as well, as well as dealing with corrupted images that have a
trash non-zero value.
Signed-off-by: Valdis Kletnieks <[email protected]>
--- a/fs/exfat/super.c 2020-02-14 17:45:02.262274632 -0500
+++ b/fs/exfat/super.c 2020-02-14 17:46:37.200343723 -0500
@@ -450,7 +450,7 @@ static int __exfat_fill_super(struct sup
}
p_bpb = (struct pbr64 *)p_pbr;
- if (!p_bpb->bsx.num_fats) {
+ if (p_bpb->bsx.num_fats != 1) {
exfat_msg(sb, KERN_ERR, "bogus number of FAT structure");
ret = -EINVAL;
goto free_bh;
> Change the test for num_fats from != 0 to a check for specifically 1.
>
> Although it's theoretically possible that num_fats == 2 for a TexFAT
> volume (or an implementation that doesn't do the full TexFAT but does
> support 2 FAT tables), the rest of the code doesn't currently DTRT if it's
> 2 (in particular, not handling the case of ActiveFat pointing at the
> second FAT area), so we'll disallow that as well, as well as dealing with
> corrupted images that have a trash non-zero value.
>
> Signed-off-by: Valdis Kletnieks <[email protected]>
>
> --- a/fs/exfat/super.c 2020-02-14 17:45:02.262274632 -0500
> +++ b/fs/exfat/super.c 2020-02-14 17:46:37.200343723 -0500
> @@ -450,7 +450,7 @@ static int __exfat_fill_super(struct sup
> }
>
> p_bpb = (struct pbr64 *)p_pbr;
> - if (!p_bpb->bsx.num_fats) {
> + if (p_bpb->bsx.num_fats != 1) {
> exfat_msg(sb, KERN_ERR, "bogus number of FAT structure");
Could you please update error message for the reason why num_fats is allowed
only 1?
> ret = -EINVAL;
> goto free_bh;
Let's remove exfat_mirror_bh(), FAT2_start_sector variable and the below
related codes together.
sbi->FAT2_start_sector = p_bpb->bsx.num_fats == 1 ?
sbi->FAT1_start_sector :
sbi->FAT1_start_sector + sbi->num_FAT_sectors;
Thanks for your patch!
>
>
>
>
On Mon, 17 Feb 2020 09:37:55 +0900, "Namjae Jeon" said:
> Could you please update error message for the reason why num_fats is allowed
> only 1?
Sure.. No problem..
> > ret = -EINVAL;
> > goto free_bh;
> Let's remove exfat_mirror_bh(), FAT2_start_sector variable and the below
> related codes together.
>
> sbi->FAT2_start_sector = p_bpb->bsx.num_fats == 1 ?
> sbi->FAT1_start_sector :
> sbi->FAT1_start_sector + sbi->num_FAT_sectors;
You might want to hold off on that part for a bit - I've asked Sasha Levin for
input on what exactly Windows does with this, and Pali has a not-obviously-wrong
suggestion on using the second FAT table. The code tracking FAT2_start_sector
looks OK - what would be missing is doing a similar versioning on the FAT
the rest of the code references.
We may end up heaving that code over the side in the end, but let's make
sure we're doing it with more information in hand....