Piteball
/
android_kernel_samsung_msm8976
mirror of https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git
1
1
Fork 0
Code Issues Projects Releases Wiki Activity
android_kernel_samsung_msm8976/drivers
History
Tetsuo Handa 9c5789d455 block/loop: Use global lock for ioctl() operation. 
commit 310ca162d779efee8a2dc3731439680f3e9c1e86 upstream.

syzbot is reporting NULL pointer dereference [1] which is caused by
race condition between ioctl(loop_fd, LOOP_CLR_FD, 0) versus
ioctl(other_loop_fd, LOOP_SET_FD, loop_fd) due to traversing other
loop devices at loop_validate_file() without holding corresponding
lo->lo_ctl_mutex locks.

Since ioctl() request on loop devices is not frequent operation, we don't
need fine grained locking. Let's use global lock in order to allow safe
traversal at loop_validate_file().

Note that syzbot is also reporting circular locking dependency between
bdev->bd_mutex and lo->lo_ctl_mutex [2] which is caused by calling
blkdev_reread_part() with lock held. This patch does not address it.

[1] https://syzkaller.appspot.com/bug?id=f3cfe26e785d85f9ee259f385515291d21bd80a3
[2] https://syzkaller.appspot.com/bug?id=bf154052f0eea4bc7712499e4569505907d15889

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Reported-by: syzbot <syzbot+bf89c128e05dd6c62523@syzkaller.appspotmail.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2019-07-27 21:53:37 +02:00
..
accessibility
acpi ACPI: APEI / ERST: Fix missing error handling in erst_reader() 2019-07-27 21:46:19 +02:00
amba
android binder: check for binder_thread allocation failure in binder_poll() 2019-07-27 21:52:07 +02:00
ata libata: array underflow in ata_find_dev() 2019-07-27 21:44:15 +02:00
atm
auxdisplay
base PM / wakeup: Only update last time for active wakeup sources 2019-07-27 21:52:47 +02:00
battery Import T813XXS2BRC2 kernel source changes 2018-05-26 00:39:42 +02:00
battery_v2
bcma
bif
block block/loop: Use global lock for ioctl() operation. 2019-07-27 21:53:37 +02:00
bluetooth Merge tag 'LA.BR.1.3.6-05410-8976.0' of https://source.codeaurora.org/quic/la/kernel/msm-3.10 into HEAD 2018-02-06 13:11:45 +01:00
bus
cdrom
char random: mix rdrand with entropy sent in from userspace 2019-07-27 21:52:57 +02:00
clk clk: qcom: mdss: initialise spread freq variable before usage 2019-07-27 21:51:05 +02:00
clocksource Merge tag 'LA.BR.1.3.6-05410-8976.0' of https://source.codeaurora.org/quic/la/kernel/msm-3.10 into HEAD 2018-02-06 13:11:45 +01:00
connector
coresight
cpufreq cpufreq: interactive governor drops bits in time calculation 2019-07-27 21:50:42 +02:00
cpuidle cpuidle: Remove unnecessary WARN for calculate_residency 2019-07-27 21:45:56 +02:00
crypto crypto: hash - annotate algorithms taking optional key 2019-07-27 21:49:17 +02:00
dca
debug
debug_32
devfreq dev_freq: devfreq_spdm: add null terminator to prevent OOB access 2019-07-27 21:50:47 +02:00
dio
dma
edac
eisa
esoc
extcon
fingerprint
firewire
firmware
gpio gpio: Handle EPROBE_DEFER while probing 2019-07-27 21:45:55 +02:00
gpu drm: set FMODE_UNSIGNED_OFFSET for drm files 2019-07-27 21:52:11 +02:00
hid HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges 2019-07-27 21:53:06 +02:00
hsi
hv
hwmon
hwspinlock
i2c i2c: dev: prevent adapter retries and timeout being set as minus value 2019-07-27 21:53:34 +02:00
ide UPSTREAM: block: disable entropy contributions for nonrot devices 2019-07-27 21:47:56 +02:00
idle
iio iio:kfifo_buf: check for uint overflow 2019-07-27 21:52:28 +02:00
infiniband
input BACKPORT: Input: xpad - fix oops when attaching an unknown Xbox One gamepad 2019-07-27 21:50:43 +02:00
iommu iommu/amd: Finish TLB flush in amd_iommu_unmap() 2019-07-27 21:44:19 +02:00
ipack
irqchip
isdn
leds
lguest
macintosh
mailbox
md dm kcopyd: avoid softlockup in run_complete_job 2019-07-27 21:51:38 +02:00
media msm: camera: Fix out-of-bounds read in string class name. 2019-07-27 21:53:07 +02:00
memory
memstick
message
mfd mfd: omap-usb-tll: Fix inverted bit use for USB TLL mode 2019-07-27 21:44:34 +02:00
misc qseecom: Fix typo in format specifier 2019-07-27 21:44:44 +02:00
mmc mmc: core: Reset HPI enabled state during re-init and in case of errors 2019-07-27 21:53:32 +02:00
motor
mtd UPSTREAM: block: disable entropy contributions for nonrot devices 2019-07-27 21:47:56 +02:00
muic Import T813XXS2BRC2 kernel source changes 2018-05-26 00:39:42 +02:00
net qcacld-2.0: Skip DRSC channels during SAP ACS 2019-07-27 21:53:33 +02:00
nfc
ntb
nubus
of of: fdt: add missing allocation-failure check 2019-07-27 21:44:47 +02:00
oprofile
parisc
parport
pci PCI / PM: Force devices to D0 in pci_pm_thaw_noirq() 2019-07-27 21:46:19 +02:00
pcmcia
phy
pinctrl pinctrl: Really force states during suspend/resume 2019-07-27 21:49:40 +02:00
platform msm: sps: Suppress bind/unbind attributes 2019-07-27 21:53:07 +02:00
pnp
power drivers: qcom: lpm-stats: Fix undefined access error 2019-07-27 21:50:48 +02:00
pps
ps3
ptp
pwm
rapidio
regulator
remoteproc
reset
rpmsg
rtc rtc: set the alarm to the next expiring timer 2019-07-27 21:46:00 +02:00
s390 UPSTREAM: block: disable entropy contributions for nonrot devices 2019-07-27 21:47:56 +02:00
sbus
scsi scsi: sg: allocate with __GFP_ZERO in sg_build_indirect() 2019-07-27 21:51:41 +02:00
sensorhub
sensors
sfi
sh
slimbus
sn
soc voice_svc: Avoid double free in voice_svc driver 2019-07-27 21:51:22 +02:00
soundwire
spi
spmi
ssb
ssbi
staging ion: invalidate the pool pointers after free 2019-07-27 21:53:28 +02:00
switch
target scsi: target: fix __transport_register_session locking 2019-07-27 21:51:38 +02:00
tc
thermal msm_thermal: Handle defer while probing 2019-07-27 21:45:58 +02:00
tty tty: make n_tty_read() always abort if hangup is in progress 2019-07-27 21:49:23 +02:00
uio uio: potential double frees if __uio_register_device() fails 2019-07-27 21:51:39 +02:00
usb xhci: xhci-mem: off by one in xhci_stream_id_to_ring() 2019-07-27 21:52:55 +02:00
uwb
vfio
vhost
video BACKPORT: msm: mdss: Fix invalid dma attachment during fb shutdown 2019-07-27 21:51:53 +02:00
virt
virtio
vlynq
vme
w1
watchdog
xen
zorro
Kconfig msm: gud: Remove gud driver 2017-09-08 18:49:12 +00:00
Makefile msm: gud: Remove gud driver 2017-09-08 18:49:12 +00:00