mirror of
https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git
synced 2024-11-01 02:21:16 +00:00
9c5789d455
commit 310ca162d779efee8a2dc3731439680f3e9c1e86 upstream. syzbot is reporting NULL pointer dereference [1] which is caused by race condition between ioctl(loop_fd, LOOP_CLR_FD, 0) versus ioctl(other_loop_fd, LOOP_SET_FD, loop_fd) due to traversing other loop devices at loop_validate_file() without holding corresponding lo->lo_ctl_mutex locks. Since ioctl() request on loop devices is not frequent operation, we don't need fine grained locking. Let's use global lock in order to allow safe traversal at loop_validate_file(). Note that syzbot is also reporting circular locking dependency between bdev->bd_mutex and lo->lo_ctl_mutex [2] which is caused by calling blkdev_reread_part() with lock held. This patch does not address it. [1] https://syzkaller.appspot.com/bug?id=f3cfe26e785d85f9ee259f385515291d21bd80a3 [2] https://syzkaller.appspot.com/bug?id=bf154052f0eea4bc7712499e4569505907d15889 Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Reported-by: syzbot <syzbot+bf89c128e05dd6c62523@syzkaller.appspotmail.com> Reviewed-by: Jan Kara <jack@suse.cz> Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|---|---|---|
| .. | ||
| aoe | ||
| drbd | ||
| mtip32xx | ||
| paride | ||
| rsxx | ||
| xen-blkback | ||
| zram | ||
| amiflop.c | ||
| ataflop.c | ||
| brd.c | ||
| cciss.c | ||
| cciss.h | ||
| cciss_cmd.h | ||
| cciss_scsi.c | ||
| cciss_scsi.h | ||
| cpqarray.c | ||
| cpqarray.h | ||
| cryptoloop.c | ||
| DAC960.c | ||
| DAC960.h | ||
| floppy.c | ||
| hd.c | ||
| ida_cmd.h | ||
| ida_ioctl.h | ||
| Kconfig | ||
| loop.c | ||
| Makefile | ||
| mg_disk.c | ||
| nbd.c | ||
| nvme-core.c | ||
| nvme-scsi.c | ||
| osdblk.c | ||
| pktcdvd.c | ||
| ps3disk.c | ||
| ps3vram.c | ||
| rbd.c | ||
| rbd_types.h | ||
| smart1,2.h | ||
| sunvdc.c | ||
| swim.c | ||
| swim3.c | ||
| swim_asm.S | ||
| sx8.c | ||
| umem.c | ||
| umem.h | ||
| virtio_blk.c | ||
| xen-blkfront.c | ||
| xsysace.c | ||
| z2ram.c | ||