From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=e0iR=6Q=redhat.com=fweimer@sourceware.org>
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	by sourceware.org (Postfix) with ESMTPS id BB6A8385B51F
	for <libc-alpha@sourceware.org>; Mon, 20 Feb 2023 13:31:20 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org BB6A8385B51F
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1676899880;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=7w9+cpY/g7FPoK1AWL5VLWiHvmiMh66WocW4RKes5qQ=;
	b=bcO1ldDQKxhXuC12k2D1LON5T7dzUlgtneH6u1Mbq0qkLs04WtQ7jIeMgAsuYNb7bnCZGp
	go2Zk1ogT9eCdsMtyoiA0j+YtUp5azBEW2ohibGoUTYr3eOR5hCzJIm35jqJC5Ay95hr/E
	FaPEXtMf3Kw57K/2ZqyxGVVTGVVDFGo=
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-417-wTILCHHePwSlrgA6TmC2FA-1; Mon, 20 Feb 2023 08:31:17 -0500
X-MC-Unique: wTILCHHePwSlrgA6TmC2FA-1
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id BBB4A185A794;
	Mon, 20 Feb 2023 13:31:16 +0000 (UTC)
Received: from oldenburg.str.redhat.com (unknown [10.2.16.38])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id F36B22166B26;
	Mon, 20 Feb 2023 13:31:15 +0000 (UTC)
From: Florian Weimer <fweimer@redhat.com>
To: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Cc: libc-alpha@sourceware.org,  "Andreas K . Huettel"
 <dilfridge@gentoo.org>,  Paul Eggert <eggert@cs.ucla.edu>
Subject: Re: [PATCH v5 1/5] linux: Use getdents64 on non-LFS readdir
References: <20230127172834.391311-1-adhemerval.zanella@linaro.org>
	<20230127172834.391311-2-adhemerval.zanella@linaro.org>
Date: Mon, 20 Feb 2023 14:31:14 +0100
In-Reply-To: <20230127172834.391311-2-adhemerval.zanella@linaro.org>
	(Adhemerval Zanella's message of "Fri, 27 Jan 2023 14:28:30 -0300")
Message-ID: <875ybwh3a5.fsf@oldenburg.str.redhat.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.6
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain
X-Spam-Status: No, score=-10.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,GIT_PATCH_0,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE,TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <libc-alpha.sourceware.org>

* Adhemerval Zanella:

> diff --git a/sysdeps/unix/sysv/linux/dirstream.h b/sysdeps/unix/sysv/linux/dirstream.h
> index 3cb313b410..adcf8234f1 100644
> --- a/sysdeps/unix/sysv/linux/dirstream.h
> +++ b/sysdeps/unix/sysv/linux/dirstream.h
> @@ -18,6 +18,7 @@
>  #ifndef	_DIRSTREAM_H
>  #define	_DIRSTREAM_H	1
>  
> +#include <dirent.h>
>  #include <sys/types.h>
>  
>  #include <libc-lock.h>
> @@ -41,6 +42,10 @@ struct __dirstream
>  
>      int errcode;		/* Delayed error code.  */
>  
> +#if !defined __OFF_T_MATCHES_OFF64_T || !defined __INO_T_MATCHES_INO64_T
> +    struct dirent tdp;
> +#endif

I don't quite see how this can work given that d_name in the struct may
not be large enough.  The new member needs a comment to explain its
purpose.

> diff --git a/sysdeps/unix/sysv/linux/readdir.c b/sysdeps/unix/sysv/linux/readdir.c
> index 4a4c00ea07..cd0ccaf33a 100644
> --- a/sysdeps/unix/sysv/linux/readdir.c
> +++ b/sysdeps/unix/sysv/linux/readdir.c
> @@ -21,42 +21,71 @@
>  #if !_DIRENT_MATCHES_DIRENT64
>  #include <dirstream.h>
>  
> +/* Translate the DP64 entry to the non-LFS one in the translation entry
> +   at dirstream DS.  Return true is the translation was possible or
> +   false if either an internal field can not be represented in the non-LFS
> +   entry or if the name is too long.  */
> +static bool
> +dirstream_entry (struct __dirstream *ds, const struct dirent64 *dp64)
> +{
> +  /* Check for overflow.  */
> +  if (!in_off_t_range (dp64->d_off) || !in_ino_t_range (dp64->d_ino))
> +    return false;
> +
> +  /* And if name is too large.  */
> +  if (dp64->d_reclen - offsetof (struct dirent64, d_name) > NAME_MAX)
> +    return false;

Sorry, I don't think this is the direction we should be going.  In
readdir_r, we at least delay the NAME_MAX error to the end of the
directory.  This just adds another rare case where 32-bit code fails and
64-bit code works.

struct dirent is always shorter than struct dirent64, right?  It should
be possible to do the translation in-place.  Or turn tdp into a pointer
and reallocate as needed.

However, I think we should fix only readdir64, not readdir.  It's simply
not possible to fix readdir fully because of d_ino, so applications
which use readdir instead of readdir64 will remain buggy even with this
change.

What do you think?

Thanks,
Florian