[PATCH] ext2: fix directory handling bug

Patch from Dave Miller.  Fixes a very long-standing bug.

If a process has an fd open against a now-removed directory, lookups on that
fd will end up calling ext2_find_entry() against a zero-length directory.

When this happens ext2_find_entry() will, on the first pass through the loop,
set `kaddr' to page_address(page) - 20.  Things get confused and the "zero
length directory entry" warning triggers.

This only happens on 64-bit machines, because ext2_last_byte() is returning
an unsigned (32-bit) value, and the arithmetic works out OK for 32-bit
machines.

So we change ext2_find_entry() to bale out immediately if the directory is
zero-length.  All other directory-walking functions do this, but
ext2_find_entry() forgot to, due to the search-from-the-last-place
optimisation.

diff --git a/fs/ext2/dir.c b/fs/ext2/dir.c
index 18eaaed6c0fd51355a1d99758daf0e82f9d5d96f..15aa696f60a660c19a71382714ce605ecd580c10 100644 (file)
--- a/fs/ext2/dir.c
+++ b/fs/ext2/dir.c
@@ -337,6 +337,9 @@ struct ext2_dir_entry_2 * ext2_find_entry (struct inode * dir,
        struct ext2_inode_info *ei = EXT2_I(dir);
        ext2_dirent * de;
 
+       if (npages == 0)
+               goto out;
+
        /* OFFSET_CACHE */
        *res_page = NULL;