On Tue, Jan 28, 2025 at 03:03:22PM +0000, ciprietti@xxxxxxxxxx wrote:
> From: yangerkun <yangerkun@xxxxxxxxxx>
>
> [ Upstream commit 64a7ce76fb901bf9f9c36cf5d681328fc0fd4b5a ]
>
> After we switch tmpfs dir operations from simple_dir_operations to
> simple_offset_dir_operations, every rename happened will fill new dentry
> to dest dir's maple tree(&SHMEM_I(inode)->dir_offsets->mt) with a free
> key starting with octx->newx_offset, and then set newx_offset equals to
> free key + 1. This will lead to infinite readdir combine with rename
> happened at the same time, which fail generic/736 in xfstests(detail show
> as below).
>
> 1. create 5000 files(1 2 3...) under one dir
> 2. call readdir(man 3 readdir) once, and get one entry
> 3. rename(entry, "TEMPFILE"), then rename("TEMPFILE", entry)
> 4. loop 2~3, until readdir return nothing or we loop too many
> times(tmpfs break test with the second condition)
>
> We choose the same logic what commit 9b378f6ad48cf ("btrfs: fix infinite
> directory reads") to fix it, record the last_index when we open dir, and
> do not emit the entry which index >= last_index. The file->private_data
> now used in offset dir can use directly to do this, and we also update
> the last_index when we llseek the dir file.
>
> Fixes: a2e459555c5f ("shmem: stable directory offsets")
> Signed-off-by: yangerkun <yangerkun@xxxxxxxxxx>
> Link: https://lore.kernel.org/r/20240731043835.1828697-1-yangerkun@xxxxxxxxxx
> Reviewed-by: Chuck Lever <chuck.lever@xxxxxxxxxx>
> [brauner: only update last_index after seek when offset is zero like Jan suggested]
> Signed-off-by: Christian Brauner <brauner@xxxxxxxxxx>
> Signed-off-by: Andrea Ciprietti <ciprietti@xxxxxxxxxx>
You forgot to mention what you changed.
> ---
> fs/libfs.c | 39 ++++++++++++++++++++++++++++-----------
> 1 file changed, 28 insertions(+), 11 deletions(-)
>
> diff --git a/fs/libfs.c b/fs/libfs.c
> index dc0f7519045f..916c39e758b1 100644
> --- a/fs/libfs.c
> +++ b/fs/libfs.c
> @@ -371,6 +371,15 @@ void simple_offset_destroy(struct offset_ctx *octx)
> xa_destroy(&octx->xa);
> }
>
> +static int offset_dir_open(struct inode *inode, struct file *file)
> +{
> + struct offset_ctx *ctx = inode->i_op->get_offset_ctx(inode);
> + unsigned long next_offset = (unsigned long)ctx->next_offset;
> +
> + file->private_data = (void *)next_offset;
Why do you need 2 casts here when the original did not?
thanks,
greg k-h
