From: Chuck Lever <chuck.lever@xxxxxxxxxx> The purpose of this series is to construct a set of upstream fixes that can be backported to v6.6 to address CVE-2024-46701. In response to a reported failure of libhugetlbfs-test.32bit.gethugepagesizes: https://lore.kernel.org/linux-fsdevel/f996eec0-30e1-4fbf-a936-49f3bedc09e9@xxxxxxxxxx/T/#t I've narrowed the range of directory offset values returned by simple_offset_add() to 3 .. (S32_MAX - 1) on all platforms. This means the allocation behavior is identical on 32-bit systems, 64-bit systems, and 32-bit user space on 64-bit kernels. The new range still permits over 2 billion concurrent entries per directory. Changes since v6: - Restrict the directory offset value range to S32_MAX on all platforms This series (against v6.13-rc4) has been pushed to: https://git.kernel.org/pub/scm/linux/kernel/git/cel/linux.git/log/?h=tmpfs-fixes Chuck Lever (5): libfs: Return ENOSPC when the directory offset range is exhausted Revert "libfs: Add simple_offset_empty()" Revert "libfs: fix infinite directory reads for offset dir" libfs: Replace simple_offset end-of-directory detection libfs: Use d_children list to iterate simple_offset directories fs/libfs.c | 162 +++++++++++++++++++++------------------------ include/linux/fs.h | 1 - mm/shmem.c | 4 +- 3 files changed, 79 insertions(+), 88 deletions(-) -- 2.47.0
