Patchwork [3.8.y.z,extended,stable] Patch "reiserfs: fix spurious multiple-fill in reiserfs_readdir_dentry" has been added to staging queue

login
register
mail settings
Submitter Kamal Mostafa
Date June 25, 2013, 10:19 p.m.
Message ID <1372198796-17438-1-git-send-email-kamal@canonical.com>
Download mbox | patch
Permalink /patch/254509/
State New
Headers show

Comments

Kamal Mostafa - June 25, 2013, 10:19 p.m.
This is a note to let you know that I have just added a patch titled

    reiserfs: fix spurious multiple-fill in reiserfs_readdir_dentry

to the linux-3.8.y-queue branch of the 3.8.y.z extended stable tree 
which can be found at:

 http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.8.y-queue

This patch is scheduled to be released in version 3.8.13.4.

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.8.y.z tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Kamal

------

From e2839dc7dd05529036c5c6b8c59e2a5b268d1351 Mon Sep 17 00:00:00 2001
From: Jeff Mahoney <jeffm@jeffreymahoney.com>
Date: Fri, 31 May 2013 15:07:52 -0400
Subject: reiserfs: fix spurious multiple-fill in reiserfs_readdir_dentry

commit 0bdc7acba56a7ca4232f15f37b16f7ec079385ab upstream.

After sleeping for filldir(), we check to see if the file system has
changed and research. The next_pos pointer is updated but its value
isn't pushed into the key used for the search itself. As a result,
the search returns the same item that the last cycle of the loop did
and filldir() is called multiple times with the same data.

The end result is that the buffer can contain the same name multiple
times. This can be returned to userspace or used internally in the
xattr code where it can manifest with the following warning:

jdm-20004 reiserfs_delete_xattrs: Couldn't delete all xattrs (-2)

reiserfs_for_each_xattr uses reiserfs_readdir_dentry to iterate over
the xattr names and ends up trying to unlink the same name twice. The
second attempt fails with -ENOENT and the error is returned. At some
point I'll need to add support into reiserfsck to remove the orphaned
directories left behind when this occurs.

The fix is to push the value into the key before researching.

Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
 fs/reiserfs/dir.c | 2 ++
 1 file changed, 2 insertions(+)

--
1.8.1.2

Patch

diff --git a/fs/reiserfs/dir.c b/fs/reiserfs/dir.c
index 66c53b6..6c2d136 100644
--- a/fs/reiserfs/dir.c
+++ b/fs/reiserfs/dir.c
@@ -204,6 +204,8 @@  int reiserfs_readdir_dentry(struct dentry *dentry, void *dirent,
 				next_pos = deh_offset(deh) + 1;

 				if (item_moved(&tmp_ih, &path_to_entry)) {
+					set_cpu_key_k_offset(&pos_key,
+							     next_pos);
 					goto research;
 				}
 			}	/* for */