Re: Endless getdents() in vfat filesystem

[Vegard Nossum]

On 11/14/2015 11:32 AM, Richard Weinberger wrote:
> On Sat, Nov 14, 2015 at 2:19 AM, Vegard Nossum <vegard.nossum@xxxxxxxxxx> wrote:
> > Hi,
> >
> > Using the attached disk image I observe that getdents() never returns
> > the end of the directory, i.e. mounting the disk image on a loopback
> > device and running 'ls' under strace shows an endless stream of:
> >
> > getdents(3, /* 2 entries */, 32768)     = 48
> > getdents(3, /* 2 entries */, 32768)     = 48
> > getdents(3, /* 2 entries */, 32768)     = 48
> > ...
>
> Please more details. Is this image hand crafted?
> If not, how has it been created? Is is supposed to work?

It was created by fuzzing, it is not supposed to work per se.

>  From a quick look it seems as the root directory is bad but we report
> progress in ->iterate.
> ctx->pos is 2, we set it back to 0, because of the faked dot entries.
> but fat_get_entry() did not make any progress and we report 0 back to VFS.
> So, VFS sees progress and the game continues.
>
> Does the attached patch help?

Yes, it does fixes the problem here, but I can't really comment on the
correctness of the patch.

Thanks for the quick reponse,


Vegard
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/