From 599269e539dbfa1e7991ecd4c3a2b5301ddf8721 Mon Sep 17 00:00:00 2001 From: Zach Brown Date: Tue, 29 Aug 2017 11:03:49 -0700 Subject: [PATCH] scoutfs: don't return uninit index entries Initially the index walking ioctl only ever output a single entry per iteration. So the number of entries to return and the next entry pointer to copy to userspace were maintained in the post-increment of the for loop. When we added locking of the index item results we made it possible to not copy any entries in a loop iteration. When that happened the nr and pointer would be incremented without initializing the entry. The ioctl caller would see a garbage entry in the results. This was visible in scoutfs/002 test results on a volume that had an interesting file population after having run through all the other scoutfs tests. The uninitialized entries would show up as garbage in the size index portion of the test. Signed-off-by: Zach Brown --- kmod/src/ioctl.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/kmod/src/ioctl.c b/kmod/src/ioctl.c index abbf3fa4..2013b31c 100644 --- a/kmod/src/ioctl.c +++ b/kmod/src/ioctl.c @@ -123,8 +123,7 @@ static long scoutfs_ioc_walk_inodes(struct file *file, unsigned long arg) if (ret < 0) goto out; - for (nr = 0; nr < walk.nr_entries; - nr++, walk.entries_ptr += sizeof(ent)) { + for (nr = 0; nr < walk.nr_entries; ) { ret = scoutfs_item_next_same(sb, &key, &last_key, NULL, lock->end); if (ret < 0 && ret != -ENOENT) @@ -178,6 +177,9 @@ static long scoutfs_ioc_walk_inodes(struct file *file, unsigned long arg) break; } + nr++; + walk.entries_ptr += sizeof(ent); + scoutfs_key_inc_cur_len(&key); }