summaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorJan Kara <jack@suse.cz>2019-05-16 16:01:27 +0200
committerJens Axboe <axboe@kernel.dk>2019-05-27 15:34:04 +0200
commit33ec3e53e7b1869d7851e59e126bdb0fe0bd1982 (patch)
treec6f6599a2a13a0bf456854d291a942cc5297e090 /fs
parentio_uring: Fix __io_uring_register() false success (diff)
downloadlinux-33ec3e53e7b1869d7851e59e126bdb0fe0bd1982.tar.xz
linux-33ec3e53e7b1869d7851e59e126bdb0fe0bd1982.zip
loop: Don't change loop device under exclusive opener
Loop module allows calling LOOP_SET_FD while there are other openers of the loop device. Even exclusive ones. This can lead to weird consequences such as kernel deadlocks like: mount_bdev() lo_ioctl() udf_fill_super() udf_load_vrs() sb_set_blocksize() - sets desired block size B udf_tread() sb_bread() __bread_gfp(bdev, block, B) loop_set_fd() set_blocksize() - now __getblk_slow() indefinitely loops because B != bdev block size Fix the problem by disallowing LOOP_SET_FD ioctl when there are exclusive openers of a loop device. [Deliberately chosen not to CC stable as a user with priviledges to trigger this race has other means of taking the system down and this has a potential of breaking some weird userspace setup] Reported-and-tested-by: syzbot+10007d66ca02b08f0e60@syzkaller.appspotmail.com Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Jens Axboe <axboe@kernel.dk>
Diffstat (limited to 'fs')
0 files changed, 0 insertions, 0 deletions