From nobody Thu Apr 9 17:58:07 2026 Received: from mail-pl1-f181.google.com (mail-pl1-f181.google.com [209.85.214.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EAB593A2564 for ; Wed, 4 Mar 2026 10:27:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.181 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772620065; cv=none; b=adwqrkqFoIbX/1UWRUDY+gwFxqgiJWc6OIffL5UAaYQMEVa0ochXwB/SB8BKMaZywX+jDggPeamaRtLovgb8k2q01OBLx0e5KPfdSxhQHQq8IRYh/r2YARyjk8xFInDDVdMb4zfmu3fAjkFlFi7KTMRMiUebO9SO1Ws1nFLDxuQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772620065; c=relaxed/simple; bh=E100ka1dL4bibW3CFmfapEd76zJ5jr+xC7IyF30CAHQ=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=WJlQDWKG2pzNLpyD5yeryeOqy7hPnGhfeo8nE70cSQw2vt8WRP10qHHLvDfJGMzhPZPf+BF3DuYamsTaLvH/MKWWhVyZbhck2Qd+Mzu9YoY87rqN8SKSJMa9FlWUciRa4jDSJB3LsJSRAmZPxL0EzJEY0HJ1IkNimysI6VAl1sU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=GI7h/3MW; arc=none smtp.client-ip=209.85.214.181 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="GI7h/3MW" Received: by mail-pl1-f181.google.com with SMTP id d9443c01a7336-2ae3a2f6007so29030455ad.2 for ; Wed, 04 Mar 2026 02:27:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1772620063; x=1773224863; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=BlvRFcaaKrlIcfTaPcJpKe4F/scRPAHs6ZtzwYHkQv0=; b=GI7h/3MW7j8dUW6bl+bBc8qjMACjPLUkmIFa8bhQCR6xBBZ5SzBcByP0RNk06NGiqz UTh2dv9Bs9MtPcXTBcQY92F+CBv5gSHDYx/DupmUlvAXMJIUY2hoAMd/6NYs3kt7Akic 7/uGNrbRAJ1EBqeUQVR2xQcx9M0m9CO75Xi48ueDahY60/jvlx9U22xeQaJQoVuQKfrW 1KbEJIC3MvLv+f2PbCk+CsA8Q/Vyn1b8dqElOU2srv/sXdsK1fMiYENqJwXqhmmHmkGY Ybem8PpAgOA5DGfzr2rkFObsZt9iWVM6MnHqd8K5wweKmqF9DVGar2hNiR5BDcMOwdz9 BhVQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1772620063; x=1773224863; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=BlvRFcaaKrlIcfTaPcJpKe4F/scRPAHs6ZtzwYHkQv0=; b=fFnImLVkkgUrJ0BTJWQxK7zRjvI9yu/TslFPnzOw1v2krDVUbp5tpkpFY31Hal04cv cp0mNC0dtwEVWCO9y6AwR+0HiR8V1vK+d8sE+lvmcBh7IBIt1QTwcA118lVWHZLn76v4 KGDNt4nlZIQwbhEk+gNQ5uchHjGw06NXJ7CHux4jmqreMmAUKL+QIFwG/qkBK5jpZ4/3 iDAShJNTt+rBFjUGMog8Ure6N85YTLIu1IqgP7cgq0sKs3jFBqX06BYNAWKhRIIhDAlP eltzgFdPUL/Sunn6FMEw8zGmrWhgp1jwCdrrif++yMEkkKak8NX2kQgdjvHUPOFqEnGd paBw== X-Forwarded-Encrypted: i=1; AJvYcCV/DDMC/VbMvBgjMn4IlVnrjU8DEx1EhONiZrqQ50ptUpePrB66Nze+TI5QcZwbnutxAe8hXzRo3H9FgWs=@vger.kernel.org X-Gm-Message-State: AOJu0YzDqHLduLs2sN2ZWT8mhMWCWn5ZYFJy/+ofjiQobHt7uJ9HK8TI nn5tRR1Y3u6lC62OzvEYPp7757AsDxr0MqdMQ/nhTkvKNIYRT0De4kWM X-Gm-Gg: ATEYQzxoVTMb3p9yDZ2bmvaM2XgWF3B5BNFzNAWlh+KJyg2NZ1e6rIShdNYArcNl8k1 +Y1V4NWumHVWB/Pd9mWfPvxEtRgj+Gl9N9ReHcKlQYM07MYaCT5yDOsR0jhBXdrc44TbPBTirH0 7DyOQPUwJDbCuQ7xKPEUbC4EYvTx+s76xoQKzQidlMTK7w+O3Tp6g77vQXs8kaJ3tQal+aqO9RR Xt/PgETpFmIhSqEO6ZAVhF2Q7PY6iT+ch7usNwWHSJUCKHQrNHmRz/M5SLdrFgGAhEdyvWGgYjz BbwNFO5DzLO7VliTXSp+PitNTdiriI3iHXWstUTDLFC+miIKEAP6B+N+p1nfIE1QAMzs+hQsM3G NUM3SceJ0cxzV6OSZ2CMJGwm/hkT4LPk9kotE67W7A5u0NzuuJPDStMa+SPyItNG/Xztm0QmumY z10bo/JSC05mqwzsjB4IKJAB9e/rI0f3NoZA== X-Received: by 2002:a17:902:db0f:b0:2ad:6e26:abbb with SMTP id d9443c01a7336-2ae6ab9ecd3mr14619845ad.54.1772620063275; Wed, 04 Mar 2026 02:27:43 -0800 (PST) Received: from yangwen.localdomain ([121.225.53.117]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2adfb5c3b01sm202391855ad.31.2026.03.04.02.27.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 04 Mar 2026 02:27:42 -0800 (PST) From: Yang Wen To: linkinjeon@kernel.org, sj1557.seo@samsung.com Cc: yuezhang.mo@sony.com, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, Yang Wen Subject: [PATCH v3] exfat: initialize caching fields during inode allocation Date: Wed, 4 Mar 2026 18:27:32 +0800 Message-ID: <20260304102732.3928-1-anmuxixixi@gmail.com> X-Mailer: git-send-email 2.43.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" exfat_alloc_inode() does not initialize the cache_lru list head of struct exfat_inode_info. If an inode is evicted before its cache structures are properly initialized (e.g., during a forced unmount), the cleanup path in __exfat_cache_inval_inode() may observe an uninitialized list head. The check: while (!list_empty(&ei->cache_lru)) may incorrectly succeed when stale pointers remain from a reused slab object. Subsequent list traversal can then operate on invalid entries, potentially leading to a NULL pointer dereference or memory corruption. Initialize cache_lru, cache_lru_lock, nr_caches, and cache_valid_id in exfat_alloc_inode() to ensure a well-defined state at allocation time. Signed-off-by: Yang Wen --- fs/exfat/super.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/fs/exfat/super.c b/fs/exfat/super.c index 83396fd265cd..4f99986f390a 100644 --- a/fs/exfat/super.c +++ b/fs/exfat/super.c @@ -195,6 +195,12 @@ static struct inode *exfat_alloc_inode(struct super_bl= ock *sb) if (!ei) return NULL; =20 + spin_lock_init(&ei->cache_lru_lock); + ei->nr_caches =3D 0; + ei->cache_valid_id =3D EXFAT_CACHE_VALID + 1; + INIT_LIST_HEAD(&ei->cache_lru); + INIT_HLIST_NODE(&ei->i_hash_fat); + init_rwsem(&ei->truncate_lock); return &ei->vfs_inode; } @@ -879,11 +885,6 @@ static void exfat_inode_init_once(void *foo) { struct exfat_inode_info *ei =3D (struct exfat_inode_info *)foo; =20 - spin_lock_init(&ei->cache_lru_lock); - ei->nr_caches =3D 0; - ei->cache_valid_id =3D EXFAT_CACHE_VALID + 1; - INIT_LIST_HEAD(&ei->cache_lru); - INIT_HLIST_NODE(&ei->i_hash_fat); inode_init_once(&ei->vfs_inode); } =20 --=20 2.43.0