Date: Fri, 18 Mar 2005 17:46:34 +0200 (EET) From: Andriy Gapon <avg@icyb.net.ua> To: FreeBSD-gnats-submit@FreeBSD.org Subject: kern/78987: udf fs: readdir returns error when it should not Message-ID: <200503181546.j2IFkYxg001476@oddity.topspin.kiev.ua> Resent-Message-ID: <200503181550.j2IFo2Sn070824@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 78987
>Category: kern
>Synopsis: udf fs: readdir returns error when it should not
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Mar 18 15:50:02 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Andriy Gapon
>Release: FreeBSD 5.3-RELEASE-p5 i386
>Organization:
>Environment:
System: FreeBSD 5.3-RELEASE-p5 i386
>Description:
while reading large enough directory from a udf filesystem,
when total size of directory entries is greater than size of
a userland buffer, udf readdir leaks to userland its internal
error code used to mark such condition. This happens because
the calling code neglects to distinguish between real uiomove()
errors and internal flag set in udf_uiodir() when
uio->uio_resid < de_size
In my case the error ocurred when a directory had 436 entries in it.
Kernel produced the following messages:
uiomove returned -1
>How-To-Repeat:
1a. find a UDF disk with a director(y|ies) with many files
or
1b. create a UDF filesystem with a directory with a lot of files in it,
using sysutils/udfclient for example
2. perform ls -l on the directory
3. see that ls returns only a small subset of entries and the following
messages are produced by kernel:
uiomove returned -1
>Fix:
The following code is based on the similar code in isofs/cd9660, it
keeps proper handling for error==-1, but does not let it be returned
to userland and removes a message about it.
--- bigdir.patch begins here ---
--- sys/fs/udf/udf_vnops.c.orig_orig Thu Mar 17 15:08:39 2005
+++ sys/fs/udf/udf_vnops.c Thu Mar 17 15:13:41 2005
@@ -787,7 +790,8 @@
ds->this_off);
}
if (error) {
- printf("uiomove returned %d\n", error);
+ if(error > 0)
+ printf("uiomove returned %d\n", error);
break;
}
@@ -797,6 +801,8 @@
*a->a_eofflag = uiodir.eofflag;
uio->uio_offset = ds->offset + ds->off;
+ if(error < 0)
+ error = 0;
if (!error)
error = ds->error;
--- bigdir.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200503181546.j2IFkYxg001476>