From 3ff574c5e1d1d5d07763a14f22d6f9d7291550c6 Mon Sep 17 00:00:00 2001 From: Mark Johnston Date: Thu, 21 Dec 2023 13:26:13 -0500 Subject: [PATCH] ufs: Update *eofflag upon a read of an unlinked directory If the directory is unlinked, no further entries will be returned, but we return no error. At least one caller (vn_dir_next_dirent()) asserts that a VOP_READDIR call which returns no error and no entries will set *eofflag != 0, so the current behaviour of UFS can trigger an assertion failure. Simply set *eofflag in this scenario. Reviewed by: olce, kib Reported by: syzkaller MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D43089 --- sys/ufs/ufs/ufs_vnops.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sys/ufs/ufs/ufs_vnops.c b/sys/ufs/ufs/ufs_vnops.c index 3bfa2019739a..c62583afaab6 100644 --- a/sys/ufs/ufs/ufs_vnops.c +++ b/sys/ufs/ufs/ufs_vnops.c @@ -2417,8 +2417,10 @@ ufs_readdir( if (uio->uio_offset < 0) return (EINVAL); ip = VTOI(vp); - if (ip->i_effnlink == 0) + if (ip->i_effnlink == 0) { + *ap->a_eofflag = 1; return (0); + } if (ap->a_ncookies != NULL) { if (uio->uio_resid < 0) ncookies = 0;