msdosfs: zero partially valid extended cluster

It contains arbitrary garbage, which is not cleared by vfs_bio_clrbuf() which only zeroes invalid portions of the pages. Reported by: Maxim Suhanov <dfirblog@gmail.com> Discussed with: so Tested by: pho Sponsored by: The FreeBSD Foundation MFC after: 1 week
freebsd · Jul 11, 2023 · 7e4c6b2 · 7e4c6b2
1 parent f367421
commit 7e4c6b2
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/sys/fs/msdosfs/msdosfs_denode.c b/sys/fs/msdosfs/msdosfs_denode.c
@@ -498,6 +498,7 @@ deextend(struct denode *dep, u_long length, struct ucred *cred)
 	struct msdosfsmount *pmp = dep->de_pmp;
 	struct vnode *vp = DETOV(dep);
 	struct buf *bp;
+	off_t eof_clusteroff;
 	u_long count;
 	int error;
 
@@ -536,13 +537,19 @@ deextend(struct denode *dep, u_long length, struct ucred *cred)
 	 * B_CACHE | B_DELWRI but with invalid pages, and cannot be
 	 * neither written out nor validated.
 	 *
-	 * Fix it by proactively clearing extended pages.
+	 * Fix it by proactively clearing extended pages.  Need to do
+	 * both vfs_bio_clrbuf() to mark pages valid, and to zero
+	 * actual buffer content which might exist in the tail of the
+	 * already valid cluster.
 	 */
 	error = bread(vp, de_cluster(pmp, dep->de_FileSize), pmp->pm_bpcluster,
 	    NOCRED, &bp);
 	if (error != 0)
 		goto rewind;
 	vfs_bio_clrbuf(bp);
+	eof_clusteroff = de_cn2off(pmp, de_cluster(pmp, dep->de_FileSize));
+	vfs_bio_bzero_buf(bp, dep->de_FileSize - eof_clusteroff,
+	    pmp->pm_bpcluster - dep->de_FileSize + eof_clusteroff);
 	if (!DOINGASYNC(vp))
 		(void)bwrite(bp);
 	else if (vm_page_count_severe() || buf_dirty_count_severe())