diff options
| author | Bryan Schumaker <bjschuma@netapp.com> | 2011-03-23 15:04:31 -0400 |
|---|---|---|
| committer | Trond Myklebust <Trond.Myklebust@netapp.com> | 2011-03-23 15:14:27 -0400 |
| commit | 8ef2ce3e16d9bec6cf015207c1c82a5b864046ac (patch) | |
| tree | 35441fd695c4f5215ab0061d8df26b4cfd9a44f5 /fs/nfs/dir.c | |
| parent | 480c2006ebb44ae03165695db7b3e38c04e0d102 (diff) | |
NFS: Detect loops in a readdir due to bad cookies
Some filesystems (such as ext4) can return the same cookie value for
multiple files. If we try to start a readdir with one of these cookies,
the server will return the first file found with a cookie of the same
value. This can cause the client to enter an infinite loop.
Signed-off-by: Bryan Schumaker <bjschuma@netapp.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to 'fs/nfs/dir.c')
| -rw-r--r-- | fs/nfs/dir.c | 28 |
1 files changed, 27 insertions, 1 deletions
diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c index cda73814f666..db87a7d1109b 100644 --- a/fs/nfs/dir.c +++ b/fs/nfs/dir.c | |||
| @@ -139,7 +139,9 @@ static struct nfs_open_dir_context *alloc_nfs_open_dir_context(struct rpc_cred * | |||
| 139 | struct nfs_open_dir_context *ctx; | 139 | struct nfs_open_dir_context *ctx; |
| 140 | ctx = kmalloc(sizeof(*ctx), GFP_KERNEL); | 140 | ctx = kmalloc(sizeof(*ctx), GFP_KERNEL); |
| 141 | if (ctx != NULL) { | 141 | if (ctx != NULL) { |
| 142 | ctx->duped = 0; | ||
| 142 | ctx->dir_cookie = 0; | 143 | ctx->dir_cookie = 0; |
| 144 | ctx->dup_cookie = 0; | ||
| 143 | ctx->cred = get_rpccred(cred); | 145 | ctx->cred = get_rpccred(cred); |
| 144 | } else | 146 | } else |
| 145 | ctx = ERR_PTR(-ENOMEM); | 147 | ctx = ERR_PTR(-ENOMEM); |
| @@ -321,6 +323,7 @@ int nfs_readdir_search_for_pos(struct nfs_cache_array *array, nfs_readdir_descri | |||
| 321 | { | 323 | { |
| 322 | loff_t diff = desc->file->f_pos - desc->current_index; | 324 | loff_t diff = desc->file->f_pos - desc->current_index; |
| 323 | unsigned int index; | 325 | unsigned int index; |
| 326 | struct nfs_open_dir_context *ctx = desc->file->private_data; | ||
| 324 | 327 | ||
| 325 | if (diff < 0) | 328 | if (diff < 0) |
| 326 | goto out_eof; | 329 | goto out_eof; |
| @@ -333,6 +336,7 @@ int nfs_readdir_search_for_pos(struct nfs_cache_array *array, nfs_readdir_descri | |||
| 333 | index = (unsigned int)diff; | 336 | index = (unsigned int)diff; |
| 334 | *desc->dir_cookie = array->array[index].cookie; | 337 | *desc->dir_cookie = array->array[index].cookie; |
| 335 | desc->cache_entry_index = index; | 338 | desc->cache_entry_index = index; |
| 339 | ctx->duped = 0; | ||
| 336 | return 0; | 340 | return 0; |
| 337 | out_eof: | 341 | out_eof: |
| 338 | desc->eof = 1; | 342 | desc->eof = 1; |
| @@ -343,11 +347,18 @@ static | |||
| 343 | int nfs_readdir_search_for_cookie(struct nfs_cache_array *array, nfs_readdir_descriptor_t *desc) | 347 | int nfs_readdir_search_for_cookie(struct nfs_cache_array *array, nfs_readdir_descriptor_t *desc) |
| 344 | { | 348 | { |
| 345 | int i; | 349 | int i; |
| 350 | loff_t new_pos; | ||
| 346 | int status = -EAGAIN; | 351 | int status = -EAGAIN; |
| 352 | struct nfs_open_dir_context *ctx = desc->file->private_data; | ||
| 347 | 353 | ||
| 348 | for (i = 0; i < array->size; i++) { | 354 | for (i = 0; i < array->size; i++) { |
| 349 | if (array->array[i].cookie == *desc->dir_cookie) { | 355 | if (array->array[i].cookie == *desc->dir_cookie) { |
| 350 | desc->file->f_pos = desc->current_index + i; | 356 | new_pos = desc->current_index + i; |
| 357 | if (new_pos < desc->file->f_pos) { | ||
| 358 | ctx->dup_cookie = *desc->dir_cookie; | ||
| 359 | ctx->duped = 1; | ||
| 360 | } | ||
| 361 | desc->file->f_pos = new_pos; | ||
| 351 | desc->cache_entry_index = i; | 362 | desc->cache_entry_index = i; |
| 352 | return 0; | 363 | return 0; |
| 353 | } | 364 | } |
| @@ -732,6 +743,20 @@ int nfs_do_filldir(nfs_readdir_descriptor_t *desc, void *dirent, | |||
| 732 | int i = 0; | 743 | int i = 0; |
| 733 | int res = 0; | 744 | int res = 0; |
| 734 | struct nfs_cache_array *array = NULL; | 745 | struct nfs_cache_array *array = NULL; |
| 746 | struct nfs_open_dir_context *ctx = file->private_data; | ||
| 747 | |||
| 748 | if (ctx->duped != 0 && ctx->dup_cookie == *desc->dir_cookie) { | ||
| 749 | if (printk_ratelimit()) { | ||
| 750 | pr_notice("NFS: directory %s/%s contains a readdir loop. " | ||
| 751 | "Please contact your server vendor. " | ||
| 752 | "Offending cookie: %llu\n", | ||
| 753 | file->f_dentry->d_parent->d_name.name, | ||
| 754 | file->f_dentry->d_name.name, | ||
| 755 | *desc->dir_cookie); | ||
| 756 | } | ||
| 757 | res = -ELOOP; | ||
| 758 | goto out; | ||
| 759 | } | ||
| 735 | 760 | ||
| 736 | array = nfs_readdir_get_array(desc->page); | 761 | array = nfs_readdir_get_array(desc->page); |
| 737 | if (IS_ERR(array)) { | 762 | if (IS_ERR(array)) { |
| @@ -914,6 +939,7 @@ static loff_t nfs_llseek_dir(struct file *filp, loff_t offset, int origin) | |||
| 914 | if (offset != filp->f_pos) { | 939 | if (offset != filp->f_pos) { |
| 915 | filp->f_pos = offset; | 940 | filp->f_pos = offset; |
| 916 | dir_ctx->dir_cookie = 0; | 941 | dir_ctx->dir_cookie = 0; |
| 942 | dir_ctx->duped = 0; | ||
| 917 | } | 943 | } |
| 918 | out: | 944 | out: |
| 919 | mutex_unlock(&inode->i_mutex); | 945 | mutex_unlock(&inode->i_mutex); |