[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20250801084145.501276-1-liuhuan01@kylinos.cn>
Date: Fri, 1 Aug 2025 16:41:46 +0800
From: liuhuan01@...inos.cn
To: cem@...nel.org
Cc: djwong@...nel.org,
linux-xfs@...r.kernel.org,
linux-kernel@...r.kernel.org,
liuh <liuhuan01@...inos.cn>
Subject: [PATCH v1] xfs: prevent readdir infinite loop with billions subdirs
From: liuh <liuhuan01@...inos.cn>
When a directory contains billions subdirs, readdir() repeatedly
got same data and goes to infinate loop.
The root cause is that the pos gets truncated during assignment.
Fix it.
Signed-off-by: liuh <liuhuan01@...inos.cn>
---
fs/xfs/xfs_dir2_readdir.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/fs/xfs/xfs_dir2_readdir.c b/fs/xfs/xfs_dir2_readdir.c
index 06ac5a7de60a..a7ec0d0c8070 100644
--- a/fs/xfs/xfs_dir2_readdir.c
+++ b/fs/xfs/xfs_dir2_readdir.c
@@ -465,7 +465,7 @@ xfs_dir2_leaf_getdents(
length = xfs_dir2_data_entsize(mp, dep->namelen);
filetype = xfs_dir2_data_get_ftype(mp, dep);
- ctx->pos = xfs_dir2_byte_to_dataptr(curoff) & 0x7fffffff;
+ ctx->pos = xfs_dir2_byte_to_dataptr(curoff) & XFS_DIR2_MAX_DATAPTR;
if (XFS_IS_CORRUPT(dp->i_mount,
!xfs_dir2_namecheck(dep->name,
dep->namelen))) {
@@ -491,9 +491,9 @@ xfs_dir2_leaf_getdents(
* All done. Set output offset value to current offset.
*/
if (curoff > xfs_dir2_dataptr_to_byte(XFS_DIR2_MAX_DATAPTR))
- ctx->pos = XFS_DIR2_MAX_DATAPTR & 0x7fffffff;
+ ctx->pos = XFS_DIR2_MAX_DATAPTR;
else
- ctx->pos = xfs_dir2_byte_to_dataptr(curoff) & 0x7fffffff;
+ ctx->pos = xfs_dir2_byte_to_dataptr(curoff) & XFS_DIR2_MAX_DATAPTR;
if (bp)
xfs_trans_brelse(args->trans, bp);
return error;
--
2.25.1
Powered by blists - more mailing lists