Jan Kara 33ec3e53e7 loop: Don't change loop device under exclusive opener
Loop module allows calling LOOP_SET_FD while there are other openers of
the loop device. Even exclusive ones. This can lead to weird
consequences such as kernel deadlocks like:

mount_bdev()				lo_ioctl()
  udf_fill_super()
    udf_load_vrs()
      sb_set_blocksize() - sets desired block size B
      udf_tread()
        sb_bread()
          __bread_gfp(bdev, block, B)
					  loop_set_fd()
					    set_blocksize()
            - now __getblk_slow() indefinitely loops because B != bdev
              block size

Fix the problem by disallowing LOOP_SET_FD ioctl when there are
exclusive openers of a loop device.

[Deliberately chosen not to CC stable as a user with priviledges to
trigger this race has other means of taking the system down and this
has a potential of breaking some weird userspace setup]

Reported-and-tested-by: syzbot+10007d66ca02b08f0e60@syzkaller.appspotmail.com
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2019-05-27 07:34:04 -06:00
..
2019-05-24 11:03:26 -07:00
2019-05-16 09:19:14 -07:00
2019-05-21 12:33:38 -07:00
2019-05-25 10:11:23 -07:00
2019-05-24 14:31:58 -07:00
2019-05-25 10:11:23 -07:00
2019-05-24 14:31:58 -07:00
2019-05-24 14:31:58 -07:00
2019-05-25 10:11:23 -07:00
2019-05-24 16:02:14 -07:00
2019-05-14 10:30:10 -07:00
2019-05-22 08:36:16 -07:00
2019-05-24 14:31:58 -07:00
2019-05-24 17:30:28 -07:00