Re: [musl] getdents64 lost direntries with SMB/NFS and buffer size < unknown threshold

From: Florian Weimer
Date: Wed Dec 25 2019 - 14:39:08 EST


* Theodore Y. Ts'o:

> On Wed, Nov 20, 2019 at 03:59:13PM -0500, Rich Felker wrote:
>>
>> POSIX only allows both behaviors (showing or not showing) the entry
>> that was deleted. It does not allow deletion of one entry to cause
>> other entries not to be seen.
>
> Agreed, but POSIX requires this of *readdir*. POSIX says nothing
> about getdents64(2), which is Linux's internal implementation which is
> exposed to a libc.

Sure, but Linux better provides some reasonable foundation for a libc.

I mean, sure, we can read the entire directory into RAM on the first
readdir, and get a fully conforming implementation this way (and as
Rich noted, glibc's 32 KiB buffer tends to approximate that in
practice). But that doesn't strike me as particularly useful.

The POSIX requirement is really unfortunate because it leads to
incorrect implementations of rm -rf which would on a compliant system
and fail in practice.

> So we would need to see what is exactly going on at the interfaces
> between the VFS and libc, the nfs client code and the VFS, the nfs
> client code and the nfs server, and possibly the behavior of the nfs
> server.
>
> First of all.... you can't reproduce this on anything other than with
> NFS, correct? That is, does it show up if you are using ext4, xfs,
> btrfs, etc.?

I'm sure it shows up with certain directory contents on any Linux file
system except for those that happen to have a separate B-tree (or
equivalent) for telldir/seekdir support. And even those will have
broken corner case in case of billions of directory operations.

32 bits are simply not enough storage space for the cookie. Hashing
just masks the presence of these bugs, but does not eliminate them
completely.