Commit a8fb4204 authored Mar 24, 2025 by Chuck Lever Committed by Yongjian Sun Mar 24, 2025

libfs: Return ENOSPC when the directory offset range is exhausted

mainline inclusion
from mainline-v6.12-rc3
commit 903dc9c43a155e0893280c7472d4a9a3a83d75a6
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBLWT7
CVE: CVE-2024-57952

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=903dc9c43a155e0893280c7472d4a9a3a83d75a6



--------------------------------

Testing shows that the EBUSY error return from mtree_alloc_cyclic()
leaks into user space. The ERRORS section of "man creat(2)" says:

>	EBUSY	O_EXCL was specified in flags and pathname refers
>		to a block device that is in use by the system
>		(e.g., it is mounted).

ENOSPC is closer to what applications expect in this situation.

Note that the normal range of simple directory offset values is
2..2^63, so hitting this error is going to be rare to impossible.

Fixes: 6faddda6 ("libfs: Add directory operations for stable offsets")
Cc: stable@vger.kernel.org # v6.9+
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Reviewed-by: Yang Erkun <yangerkun@huawei.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Link: https://lore.kernel.org/r/20241228175522.1854234-2-cel@kernel.org


Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Yongjian Sun <sunyongjian1@huawei.com>

parent 0278be80

fs/libfs.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -286,8 +286,8 @@ int simple_offset_add(struct offset_ctx octx, struct dentry dentry)

		ret = mtree_alloc_cyclic(&octx->mt, &offset, dentry, DIR_OFFSET_MIN,
		LONG_MAX, &octx->next_offset, GFP_KERNEL);
		if (ret < 0)
		return ret;
		if (unlikely(ret < 0))
		return ret == -EBUSY ? -ENOSPC : ret;

		offset_set(dentry, offset);
		return 0;