diff options
| author | Tetsuo Handa <[email protected]> | 2018-11-08 14:01:02 +0100 |
|---|---|---|
| committer | Jens Axboe <[email protected]> | 2018-11-08 06:30:11 -0700 |
| commit | 310ca162d779efee8a2dc3731439680f3e9c1e86 (patch) | |
| tree | 699d061cc7e6c9ab321ec556ee7adede3c4d6df9 /tools/perf/scripts/python/net_dropmonitor.py | |
| parent | b1ab5fa309e6c49e4e06270ec67dd7b3e9971d04 (diff) | |
block/loop: Use global lock for ioctl() operation.
syzbot is reporting NULL pointer dereference [1] which is caused by
race condition between ioctl(loop_fd, LOOP_CLR_FD, 0) versus
ioctl(other_loop_fd, LOOP_SET_FD, loop_fd) due to traversing other
loop devices at loop_validate_file() without holding corresponding
lo->lo_ctl_mutex locks.
Since ioctl() request on loop devices is not frequent operation, we don't
need fine grained locking. Let's use global lock in order to allow safe
traversal at loop_validate_file().
Note that syzbot is also reporting circular locking dependency between
bdev->bd_mutex and lo->lo_ctl_mutex [2] which is caused by calling
blkdev_reread_part() with lock held. This patch does not address it.
[1] https://syzkaller.appspot.com/bug?id=f3cfe26e785d85f9ee259f385515291d21bd80a3
[2] https://syzkaller.appspot.com/bug?id=bf154052f0eea4bc7712499e4569505907d15889
Signed-off-by: Tetsuo Handa <[email protected]>
Reported-by: syzbot <[email protected]>
Reviewed-by: Jan Kara <[email protected]>
Signed-off-by: Jan Kara <[email protected]>
Signed-off-by: Jens Axboe <[email protected]>
Diffstat (limited to 'tools/perf/scripts/python/net_dropmonitor.py')
0 files changed, 0 insertions, 0 deletions