From patchwork Fri Jan 24 19:19:44 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Chuck Lever <cel@kernel.org>
X-Patchwork-Id: 13949891
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 24E61C02181
	for <linux-mm@archiver.kernel.org>; Fri, 24 Jan 2025 19:20:24 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 6126E28009D; Fri, 24 Jan 2025 14:20:05 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 5C27D280065; Fri, 24 Jan 2025 14:20:05 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 4B28F28009D; Fri, 24 Jan 2025 14:20:05 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com
 [216.40.44.10])
	by kanga.kvack.org (Postfix) with ESMTP id 31099280065
	for <linux-mm@kvack.org>; Fri, 24 Jan 2025 14:20:05 -0500 (EST)
Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay08.hostedemail.com (Postfix) with ESMTP id A7F98141108
	for <linux-mm@kvack.org>; Fri, 24 Jan 2025 19:20:04 +0000 (UTC)
X-FDA: 83043310728.19.0A28009
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
	by imf07.hostedemail.com (Postfix) with ESMTP id 1699A4000D
	for <linux-mm@kvack.org>; Fri, 24 Jan 2025 19:20:02 +0000 (UTC)
Authentication-Results: imf07.hostedemail.com;
	dkim=pass header.d=kernel.org header.s=k20201202 header.b=IeyqBdZ1;
	dmarc=pass (policy=quarantine) header.from=kernel.org;
	spf=pass (imf07.hostedemail.com: domain of cel@kernel.org designates
 139.178.84.217 as permitted sender) smtp.mailfrom=cel@kernel.org
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1737746403; a=rsa-sha256;
	cv=none;
	b=nXUfQMygUcSEPHdpHZqo15pgx5nbgXXYQLl8PGB3QLKf+imYAsaNTIbZLdN2fgoUi22ERK
	4JJj4xPTO5gvtH6ByELB+a4eL9jJoKV5prne6fpScyD4v0A7mXQTu9ks95KVlieien3BqC
	0OsA2e02tNypwCx2L1V+/chRrOY45Y8=
ARC-Authentication-Results: i=1;
	imf07.hostedemail.com;
	dkim=pass header.d=kernel.org header.s=k20201202 header.b=IeyqBdZ1;
	dmarc=pass (policy=quarantine) header.from=kernel.org;
	spf=pass (imf07.hostedemail.com: domain of cel@kernel.org designates
 139.178.84.217 as permitted sender) smtp.mailfrom=cel@kernel.org
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=hostedemail.com;
	s=arc-20220608; t=1737746403;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=IUTAPAgL12HT6rHZCBTh/gWbIMeLALpJL0mRgXI7pmk=;
	b=vgb0I+KRQUG25T5MJ73ncowIMzbcTjtCKsVjtd7Ly7/8h4oLjunjT4arv6q0PvAOcFHsEa
	iASnc52XbOKW0oYKJjtoHwNP+VwtO3twn851JLFkxk3KfY3xaYOzpMwIshcsBnkZvXDI+D
	zqOa1QmiDca+ijHCochlPAzVAcWciFA=
Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58])
	by dfw.source.kernel.org (Postfix) with ESMTP id E44C25C6193;
	Fri, 24 Jan 2025 19:19:21 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id E97BAC4CEE6;
	Fri, 24 Jan 2025 19:20:00 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1737746402;
	bh=gDiEr1u2XuRYm0Qux04y3g9m3w7wietr1o69aqd9elQ=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=IeyqBdZ1u/OlXH/wzcuLOlGVvF6NtUyseSXU0gU7bu1wtCR98kWWfpPic68HjQu0N
	 R9/NVgfv3AYfFQFs+NDWK4cQfm3LX5fgVanT1ozNYY9ltKdlMIt5kr8EOelN++/LKh
	 Mfn5o9G6FMfVW7uwXPwYI6Ax73bna2tYyvhQ+JpPgJDx7rrOZ1dIz+doaecS1E5QVJ
	 TrbxK+U9noFDj2kwPku8Prdn6hazAkfN+E8IIfIvcr1MRYza51RDIyg5TanCOG9b2y
	 LiXpUuhVyyZNC4Kk2qYVI70rcbQ2ZjXItQSsHWrzeweJJ83UzNa8WJs3VdAwOfLr+X
	 3X9WtcPAHgFvw==
From: cel@kernel.org
To: Hugh Dickins <hughd@google.com>,
	Andrew Morten <akpm@linux-foundation.org>,
	Christian Brauner <brauner@kernel.org>,
	Al Viro <viro@zeniv.linux.org.uk>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Sasha Levin <sashal@kernel.org>
Cc: <linux-fsdevel@vger.kernel.org>,
	<stable@vger.kernel.org>,
	<linux-mm@kvack.org>,
	yukuai3@huawei.com,
	yangerkun@huawei.com,
	Chuck Lever <chuck.lever@oracle.com>
Subject: [RFC PATCH v6.6 09/10] libfs: Replace simple_offset end-of-directory
 detection
Date: Fri, 24 Jan 2025 14:19:44 -0500
Message-ID: <20250124191946.22308-10-cel@kernel.org>
X-Mailer: git-send-email 2.47.0
In-Reply-To: <20250124191946.22308-1-cel@kernel.org>
References: <20250124191946.22308-1-cel@kernel.org>
MIME-Version: 1.0
X-Rspam-User: 
X-Rspamd-Queue-Id: 1699A4000D
X-Rspamd-Server: rspam10
X-Stat-Signature: dq6b57ac8d196b9expwyy51mm1isshxf
X-HE-Tag: 1737746402-909766
X-HE-Meta: 
 U2FsdGVkX1/kLegROdThsGdK/U2Qc6oJOLi/jNPjkt9hm+sZ0g6RJsbIMsaU9ggil+oKoNDY8rxmb8E8zxr5r7CcTt88wuJ2XcWEHy1DE0xxE19RkZYB132MWkSgOJ5aKC8rrEN0XWrsDLZSJyPIDH2B1214H7vRpP7V6hhM3RTOXMZnAU+OKajUyeSUSET/w+yxDbGJ8xYnVEtBj2Lw4ZGV+Vi3fkVvoRnz+lZIFGszn0ACxkfG55NjiMmMhvN8pcp4XlRScswa56LdyAIO1/jJIv46eXHUr2vb496jCQE+EqM3R/UM6zh9KaSMNU0DhzudTf38FQ7gqvb9GzR7ppwC6WNkSJOQc4lXtDFIgptdqE8FG6iX8S/lcmJMbHlfwd8sEl2avFXBnp8aFUUtKWC2rXY1c6gJqSo8/fT/A6ms1DyOEhYYO5k+kiyTV0jL+AUDwuqYgkSP8cj2pVGjKMSaDIeKUJgFlDv36ARyLaM/CTFLwFx9dzNWZMnmOfvZluJJWCAaBU7ocR6eR9PEK2qggOiwdxuW1qTOmrZSa5IqDq6gFAFiVymBMZRYlvgBbKb48nIu043VXiUjXTfX6CwsA1/eZ0G7S1/FrcBiUEeg+rE2iwCFd65pzdFGXH6kgriYVTrV/dMbEcWEh2BUimVBnkOwAgUsxuHTpuUnoV2dhtOqE0liQkteV6YzpVKCqPmTP6n/rEQ6Buk0CxYmiHGP67h2uz/JARaTLWk6fF++mWfZNf6h0SmMJs7RU5mQb2eg6OjsRbGYmiDfaMr4bYWh7kMbiz3MjGiGJJEjuqUgtU/EFEX3e/abv0P8daRCCz6HWWV2czpwCV3q91JYhBXI2K6TvD2eBK0qIhep1gTUdYLMCRoff8mDhE53ZSTuIg2QNS/OIjSY4WYOFIGBbFPgNKIiENdB36HNBoozGMOBnEXwIpNMRcQgzvn1LD74nTEnSmVgYmkPWaa+xda
 VrmlhyWi
 v0w4jtKHY8PyQQa4FD5qvT1UuCxzOXEFKDrsCYADyHMJMaovjuSNhdwj6AMiXsE3MKPohPjEtWbARGTYZ4Xiwn9MX4xVcOS2jBf0uJe79k6Ij7cIZI8Fb0eiO+k/brleNjjmO9Rs0eDtAUQ8B6f9H9AdyzZylWhvartl/C2VDFNcZD1ZM3rKhc+05g/ySjoLht2WcG1pu0O6n87ie5FZj3CHPX1miYnyTJvgtcqffnuijtwzbjwjbuamDNwf0utw53hOVSZ/qBGMNzORPImjsxaKh3QrZwFf5wtNAlngspiOIF+/n4DOCqsL5rw==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

From: Chuck Lever <chuck.lever@oracle.com>

[ Upstream commit 68a3a65003145644efcbb651e91db249ccd96281 ]

According to getdents(3), the d_off field in each returned directory
entry points to the next entry in the directory. The d_off field in
the last returned entry in the readdir buffer must contain a valid
offset value, but if it points to an actual directory entry, then
readdir/getdents can loop.

This patch introduces a specific fixed offset value that is placed
in the d_off field of the last entry in a directory. Some user space
applications assume that the EOD offset value is larger than the
offsets of real directory entries, so the largest valid offset value
is reserved for this purpose. This new value is never allocated by
simple_offset_add().

When ->iterate_dir() returns, getdents{64} inserts the ctx->pos
value into the d_off field of the last valid entry in the readdir
buffer. When it hits EOD, offset_readdir() sets ctx->pos to the EOD
offset value so the last entry is updated to point to the EOD marker.

When trying to read the entry at the EOD offset, offset_readdir()
terminates immediately.

It is worth noting that using a Maple tree for directory offset
value allocation does not guarantee a 63-bit range of values --
on platforms where "long" is a 32-bit type, the directory offset
value range is still 0..(2^31 - 1). For broad compatibility with
32-bit user space, the largest tmpfs directory cookie value is now
S32_MAX.

Fixes: 796432efab1e ("libfs: getdents() should return 0 after reaching EOD")
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Link: https://lore.kernel.org/r/20241228175522.1854234-5-cel@kernel.org
Signed-off-by: Christian Brauner <brauner@kernel.org>
[ cel: adjusted to apply to origin/linux-6.6.y ]
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
 fs/libfs.c | 37 +++++++++++++++++++++----------------
 1 file changed, 21 insertions(+), 16 deletions(-)

diff --git a/fs/libfs.c b/fs/libfs.c
index 082bacf0b9e6..d546f3f0c036 100644
--- a/fs/libfs.c
+++ b/fs/libfs.c
@@ -239,9 +239,15 @@ const struct inode_operations simple_dir_inode_operations = {
 };
 EXPORT_SYMBOL(simple_dir_inode_operations);
 
-/* 0 is '.', 1 is '..', so always start with offset 2 or more */
+/* simple_offset_add() never assigns these to a dentry */
 enum {
-	DIR_OFFSET_MIN	= 2,
+	DIR_OFFSET_EOD		= S32_MAX,
+};
+
+/* simple_offset_add() allocation range */
+enum {
+	DIR_OFFSET_MIN		= 2,
+	DIR_OFFSET_MAX		= DIR_OFFSET_EOD - 1,
 };
 
 static void offset_set(struct dentry *dentry, u32 offset)
@@ -278,7 +284,8 @@ void simple_offset_init(struct offset_ctx *octx)
  */
 int simple_offset_add(struct offset_ctx *octx, struct dentry *dentry)
 {
-	static const struct xa_limit limit = XA_LIMIT(DIR_OFFSET_MIN, U32_MAX);
+	static const struct xa_limit limit = XA_LIMIT(DIR_OFFSET_MIN,
+						      DIR_OFFSET_MAX);
 	u32 offset;
 	int ret;
 
@@ -442,8 +449,6 @@ static loff_t offset_dir_llseek(struct file *file, loff_t offset, int whence)
 		return -EINVAL;
 	}
 
-	/* In this case, ->private_data is protected by f_pos_lock */
-	file->private_data = NULL;
 	return vfs_setpos(file, offset, U32_MAX);
 }
 
@@ -453,7 +458,7 @@ static struct dentry *offset_find_next(struct offset_ctx *octx, loff_t offset)
 	XA_STATE(xas, &octx->xa, offset);
 
 	rcu_read_lock();
-	child = xas_next_entry(&xas, U32_MAX);
+	child = xas_next_entry(&xas, DIR_OFFSET_MAX);
 	if (!child)
 		goto out;
 	spin_lock(&child->d_lock);
@@ -474,7 +479,7 @@ static bool offset_dir_emit(struct dir_context *ctx, struct dentry *dentry)
 			  inode->i_ino, fs_umode_to_dtype(inode->i_mode));
 }
 
-static void *offset_iterate_dir(struct inode *inode, struct dir_context *ctx)
+static void offset_iterate_dir(struct inode *inode, struct dir_context *ctx)
 {
 	struct offset_ctx *octx = inode->i_op->get_offset_ctx(inode);
 	struct dentry *dentry;
@@ -482,7 +487,7 @@ static void *offset_iterate_dir(struct inode *inode, struct dir_context *ctx)
 	while (true) {
 		dentry = offset_find_next(octx, ctx->pos);
 		if (!dentry)
-			return ERR_PTR(-ENOENT);
+			goto out_eod;
 
 		if (!offset_dir_emit(ctx, dentry)) {
 			dput(dentry);
@@ -492,7 +497,10 @@ static void *offset_iterate_dir(struct inode *inode, struct dir_context *ctx)
 		ctx->pos = dentry2offset(dentry) + 1;
 		dput(dentry);
 	}
-	return NULL;
+	return;
+
+out_eod:
+	ctx->pos = DIR_OFFSET_EOD;
 }
 
 /**
@@ -512,6 +520,8 @@ static void *offset_iterate_dir(struct inode *inode, struct dir_context *ctx)
  *
  * On return, @ctx->pos contains an offset that will read the next entry
  * in this directory when offset_readdir() is called again with @ctx.
+ * Caller places this value in the d_off field of the last entry in the
+ * user's buffer.
  *
  * Return values:
  *   %0 - Complete
@@ -524,13 +534,8 @@ static int offset_readdir(struct file *file, struct dir_context *ctx)
 
 	if (!dir_emit_dots(file, ctx))
 		return 0;
-
-	/* In this case, ->private_data is protected by f_pos_lock */
-	if (ctx->pos == DIR_OFFSET_MIN)
-		file->private_data = NULL;
-	else if (file->private_data == ERR_PTR(-ENOENT))
-		return 0;
-	file->private_data = offset_iterate_dir(d_inode(dir), ctx);
+	if (ctx->pos != DIR_OFFSET_EOD)
+		offset_iterate_dir(d_inode(dir), ctx);
 	return 0;
 }