From: Chuck Lever <chuck.lever@xxxxxxxxxx> This series attempts to narrow some gaps in the current tmpfs directory offset mechanism that relate to misbehaviors reported by Yu Kuai <yukuai3@xxxxxxxxxx> and Yang Erkun <yangerkun@xxxxxxxxxx>. This series replaces the v1 mechanism I posted last week. It reverts offset_readdir() to use the directory's d_children list, instead of its mtree, for finding the next entry, as readdir did before v6.6. Directory offset values continue to be allocated via an mtree. The purpose of this change is to enable readdir results to continue to appear after a directory offset/cookie value wrap, while not regressing generic/736. That should enable this fix to be backported (manually) to v6.6 to address CVE-2024-46701. These are still a little unpolished. I expect review to find opportunities for further code reuse. These patches pass xfstests except for generic/013, generic/637, and generic/650. There appears to be a problem with WHITEOUT renames which I am still looking into. The series has been pushed to: https://git.kernel.org/pub/scm/linux/kernel/git/cel/linux.git/log/?h=tmpfs-fixes Chuck Lever (5): libfs: Return ENOSPC when the directory offset range is exhausted libfs: Check dentry before locking in simple_offset_empty() Revert "libfs: fix infinite directory reads for offset dir" libfs: Refactor end-of-directory detection for simple_offset directories libfs: Refactor offset_iterate_dir() fs/libfs.c | 145 ++++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 109 insertions(+), 36 deletions(-) -- 2.47.0
