From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5861AC43334 for ; Mon, 13 Jun 2022 14:26:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1383472AbiFMO0W (ORCPT ); Mon, 13 Jun 2022 10:26:22 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49926 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1383681AbiFMOXq (ORCPT ); Mon, 13 Jun 2022 10:23:46 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B73DA2E6A0; Mon, 13 Jun 2022 04:44:50 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 540DA612A8; Mon, 13 Jun 2022 11:44:50 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5E27DC34114; Mon, 13 Jun 2022 11:44:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1655120689; bh=E3eQsWqo+oeKPDTgSdbGSmsVmraEOtwmrlowGmSCaqs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=aPol168qGCz8d89CwZQFMXdH7uzpUHshV6w7z/liETWrkNTlV7hg4405szknWkS6u AkU3bkVpM3M2HoA6+E2dukom4VNoj9dsnpO2TBqm8w9UXpL0hjtRIBEabHRwtvpUTK GzdGkwqkaQGJhhGVML8ZDFLW7VO8JwZUBiSadOLc= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, David Howells , Marc Dionne , linux-afs@lists.infradead.org, Linus Torvalds , Sasha Levin Subject: [PATCH 5.17 122/298] afs: Fix infinite loop found by xfstest generic/676 Date: Mon, 13 Jun 2022 12:10:16 +0200 Message-Id: <20220613094928.642942854@linuxfoundation.org> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220613094924.913340374@linuxfoundation.org> References: <20220613094924.913340374@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: David Howells [ Upstream commit 17eabd42560f4636648ad65ba5b20228071e2363 ] In AFS, a directory is handled as a file that the client downloads and parses locally for the purposes of performing lookup and getdents operations. The in-kernel afs filesystem has a number of functions that do this. A directory file is arranged as a series of 2K blocks divided into 32-byte slots, where a directory entry occupies one or more slots, plus each block starts with one or more metadata blocks. When parsing a block, if the last slots are occupied by a dirent that occupies more than a single slot and the file position points at a slot that's not the initial one, the logic in afs_dir_iterate_block() that skips over it won't advance the file pointer to the end of it. This will cause an infinite loop in getdents() as it will keep retrying that block and failing to advance beyond the final entry. Fix this by advancing the file pointer if the next entry will be beyond it when we skip a block. This was found by the generic/676 xfstest but can also be triggered with something like: ~/xfstests-dev/src/t_readdir_3 /xfstest.test/z 4000 1 Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: David Howells Reviewed-by: Marc Dionne Tested-by: Marc Dionne cc: linux-afs@lists.infradead.org Link: http://lore.kernel.org/r/165391973497.110268.2939296942213894166.stgit@warthog.procyon.org.uk/ Signed-off-by: Linus Torvalds Signed-off-by: Sasha Levin --- fs/afs/dir.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/fs/afs/dir.c b/fs/afs/dir.c index da9b4f8577a1..7f1cb3b73874 100644 --- a/fs/afs/dir.c +++ b/fs/afs/dir.c @@ -462,8 +462,11 @@ static int afs_dir_iterate_block(struct afs_vnode *dvnode, } /* skip if starts before the current position */ - if (offset < curr) + if (offset < curr) { + if (next > curr) + ctx->pos = blkoff + next * sizeof(union afs_xdr_dirent); continue; + } /* found the next entry */ if (!dir_emit(ctx, dire->u.name, nlen, -- 2.35.1