From: Sasha Levin Date: Thu, 20 Jun 2019 12:42:07 +0000 (-0400) Subject: Drop unneeded loop patch X-Git-Tag: v5.1.13~13 X-Git-Url: http://git.ipfire.org/?p=thirdparty%2Fkernel%2Fstable-queue.git;a=commitdiff_plain;h=c15e07c94f7c63fbf42fb52af3c69d004ffeaa5d Drop unneeded loop patch Signed-off-by: Sasha Levin --- diff --git a/queue-4.19/loop-don-t-change-loop-device-under-exclusive-opener.patch b/queue-4.19/loop-don-t-change-loop-device-under-exclusive-opener.patch deleted file mode 100644 index 705749119e..0000000000 --- a/queue-4.19/loop-don-t-change-loop-device-under-exclusive-opener.patch +++ /dev/null @@ -1,83 +0,0 @@ -From 2d0a678f24f1debfa1de9f64648876ac41e2cd25 Mon Sep 17 00:00:00 2001 -From: Jan Kara -Date: Thu, 16 May 2019 16:01:27 +0200 -Subject: loop: Don't change loop device under exclusive opener - -[ Upstream commit 33ec3e53e7b1869d7851e59e126bdb0fe0bd1982 ] - -Loop module allows calling LOOP_SET_FD while there are other openers of -the loop device. Even exclusive ones. This can lead to weird -consequences such as kernel deadlocks like: - -mount_bdev() lo_ioctl() - udf_fill_super() - udf_load_vrs() - sb_set_blocksize() - sets desired block size B - udf_tread() - sb_bread() - __bread_gfp(bdev, block, B) - loop_set_fd() - set_blocksize() - - now __getblk_slow() indefinitely loops because B != bdev - block size - -Fix the problem by disallowing LOOP_SET_FD ioctl when there are -exclusive openers of a loop device. - -[Deliberately chosen not to CC stable as a user with priviledges to -trigger this race has other means of taking the system down and this -has a potential of breaking some weird userspace setup] - -Reported-and-tested-by: syzbot+10007d66ca02b08f0e60@syzkaller.appspotmail.com -Signed-off-by: Jan Kara -Signed-off-by: Jens Axboe -Signed-off-by: Sasha Levin ---- - drivers/block/loop.c | 18 +++++++++++++++++- - 1 file changed, 17 insertions(+), 1 deletion(-) - -diff --git a/drivers/block/loop.c b/drivers/block/loop.c -index f1e63eb7cbca..a443910f5d6f 100644 ---- a/drivers/block/loop.c -+++ b/drivers/block/loop.c -@@ -920,9 +920,20 @@ static int loop_set_fd(struct loop_device *lo, fmode_t mode, - if (!file) - goto out; - -+ /* -+ * If we don't hold exclusive handle for the device, upgrade to it -+ * here to avoid changing device under exclusive owner. -+ */ -+ if (!(mode & FMODE_EXCL)) { -+ bdgrab(bdev); -+ error = blkdev_get(bdev, mode | FMODE_EXCL, loop_set_fd); -+ if (error) -+ goto out_putf; -+ } -+ - error = mutex_lock_killable(&loop_ctl_mutex); - if (error) -- goto out_putf; -+ goto out_bdev; - - error = -EBUSY; - if (lo->lo_state != Lo_unbound) -@@ -986,10 +997,15 @@ static int loop_set_fd(struct loop_device *lo, fmode_t mode, - mutex_unlock(&loop_ctl_mutex); - if (partscan) - loop_reread_partitions(lo, bdev); -+ if (!(mode & FMODE_EXCL)) -+ blkdev_put(bdev, mode | FMODE_EXCL); - return 0; - - out_unlock: - mutex_unlock(&loop_ctl_mutex); -+out_bdev: -+ if (!(mode & FMODE_EXCL)) -+ blkdev_put(bdev, mode | FMODE_EXCL); - out_putf: - fput(file); - out: --- -2.20.1 - diff --git a/queue-4.19/series b/queue-4.19/series index 1af947816e..cdcd3d5fbd 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -32,7 +32,6 @@ gpio-fix-gpio-adp5588-build-errors.patch net-stmmac-update-rx-tail-pointer-register-to-fix-rx.patch net-tulip-de4x5-drop-redundant-module_device_table.patch acpi-pci-pm-add-missing-wakeup.flags.valid-checks.patch -loop-don-t-change-loop-device-under-exclusive-opener.patch drm-etnaviv-lock-mmu-while-dumping-core.patch net-aquantia-tx-clean-budget-logic-error.patch net-aquantia-fix-lro-with-fcs-error.patch diff --git a/queue-5.1/loop-don-t-change-loop-device-under-exclusive-opener.patch b/queue-5.1/loop-don-t-change-loop-device-under-exclusive-opener.patch deleted file mode 100644 index b2e59a2479..0000000000 --- a/queue-5.1/loop-don-t-change-loop-device-under-exclusive-opener.patch +++ /dev/null @@ -1,83 +0,0 @@ -From ed611090aed029bd95b80ba8a38db63e754924bf Mon Sep 17 00:00:00 2001 -From: Jan Kara -Date: Thu, 16 May 2019 16:01:27 +0200 -Subject: loop: Don't change loop device under exclusive opener - -[ Upstream commit 33ec3e53e7b1869d7851e59e126bdb0fe0bd1982 ] - -Loop module allows calling LOOP_SET_FD while there are other openers of -the loop device. Even exclusive ones. This can lead to weird -consequences such as kernel deadlocks like: - -mount_bdev() lo_ioctl() - udf_fill_super() - udf_load_vrs() - sb_set_blocksize() - sets desired block size B - udf_tread() - sb_bread() - __bread_gfp(bdev, block, B) - loop_set_fd() - set_blocksize() - - now __getblk_slow() indefinitely loops because B != bdev - block size - -Fix the problem by disallowing LOOP_SET_FD ioctl when there are -exclusive openers of a loop device. - -[Deliberately chosen not to CC stable as a user with priviledges to -trigger this race has other means of taking the system down and this -has a potential of breaking some weird userspace setup] - -Reported-and-tested-by: syzbot+10007d66ca02b08f0e60@syzkaller.appspotmail.com -Signed-off-by: Jan Kara -Signed-off-by: Jens Axboe -Signed-off-by: Sasha Levin ---- - drivers/block/loop.c | 18 +++++++++++++++++- - 1 file changed, 17 insertions(+), 1 deletion(-) - -diff --git a/drivers/block/loop.c b/drivers/block/loop.c -index bf1c61cab8eb..21349a17f7f5 100644 ---- a/drivers/block/loop.c -+++ b/drivers/block/loop.c -@@ -919,9 +919,20 @@ static int loop_set_fd(struct loop_device *lo, fmode_t mode, - if (!file) - goto out; - -+ /* -+ * If we don't hold exclusive handle for the device, upgrade to it -+ * here to avoid changing device under exclusive owner. -+ */ -+ if (!(mode & FMODE_EXCL)) { -+ bdgrab(bdev); -+ error = blkdev_get(bdev, mode | FMODE_EXCL, loop_set_fd); -+ if (error) -+ goto out_putf; -+ } -+ - error = mutex_lock_killable(&loop_ctl_mutex); - if (error) -- goto out_putf; -+ goto out_bdev; - - error = -EBUSY; - if (lo->lo_state != Lo_unbound) -@@ -985,10 +996,15 @@ static int loop_set_fd(struct loop_device *lo, fmode_t mode, - mutex_unlock(&loop_ctl_mutex); - if (partscan) - loop_reread_partitions(lo, bdev); -+ if (!(mode & FMODE_EXCL)) -+ blkdev_put(bdev, mode | FMODE_EXCL); - return 0; - - out_unlock: - mutex_unlock(&loop_ctl_mutex); -+out_bdev: -+ if (!(mode & FMODE_EXCL)) -+ blkdev_put(bdev, mode | FMODE_EXCL); - out_putf: - fput(file); - out: --- -2.20.1 - diff --git a/queue-5.1/series b/queue-5.1/series index 089150849a..a6a02543f3 100644 --- a/queue-5.1/series +++ b/queue-5.1/series @@ -58,7 +58,6 @@ dpaa2-eth-fix-potential-spectre-issue.patch dpaa2-eth-use-ptr_err_or_zero-where-appropriate.patch net-tulip-de4x5-drop-redundant-module_device_table.patch acpi-pci-pm-add-missing-wakeup.flags.valid-checks.patch -loop-don-t-change-loop-device-under-exclusive-opener.patch drm-etnaviv-lock-mmu-while-dumping-core.patch net-aquantia-tx-clean-budget-logic-error.patch net-aquantia-fix-lro-with-fcs-error.patch