From: Andrew Morton <akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>
To: Linus Torvalds
<torvalds-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>
Cc: hooanon05-/E1597aS9LR3+QwDJ9on6Q@public.gmane.org,
akinobu.mita-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org,
hch-jcswGhMUV9g@public.gmane.org,
jens.axboe-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org,
kzak-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
tomas-VOkecuvH9Oc@public.gmane.org,
util-linux-ng-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org
Subject: Re: [patch 260/266] loop: add ioctl to resize a loop device
Date: Tue, 6 Jan 2009 16:04:14 -0800 [thread overview]
Message-ID: <20090106160414.b165d452.akpm@linux-foundation.org> (raw)
In-Reply-To: <alpine.LFD.2.00.0901061554140.8799-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
On Tue, 6 Jan 2009 15:58:19 -0800 (PST)
Linus Torvalds <torvalds-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org> wrote:
>
>
> On Tue, 6 Jan 2009, akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org wrote:
> >
> > Add the ability to 'resize' the loop device on the fly.
>
> Hell no.
>
> There is apparently no security checking here. No way can we allow this
> for any random user that can open the loopback device read-only and then
> just change its size.
>
> It needs to use all the same security checks as "loop_set_status()" and
> friends, afaik.
>
oops, didn't think of that.
There's a bug, too:
> +static int loop_set_capacity(struct loop_device *lo, struct block_device *bdev)
> +{
> + int err;
> + sector_t sec;
> + loff_t sz;
> +
> + err = -ENXIO;
> + if (unlikely(lo->lo_state != Lo_bound))
> + goto out;
> + err = figure_loop_size(lo);
> + if (unlikely(err))
> + goto out;
> + sec = get_capacity(lo->lo_disk);
> + sz = sec << 9;
This can overflow if sector_t is 32-bit. Fix with:
sz = (loff_t)sec << 9;
> + mutex_lock(&bdev->bd_mutex);
> + bd_set_size(bdev, sz);
> + mutex_unlock(&bdev->bd_mutex);
> +
> + out:
> + return err;
> +}
--
To unsubscribe from this list: send the line "unsubscribe linux-api" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2009-01-07 0:04 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-01-06 22:43 [patch 260/266] loop: add ioctl to resize a loop device akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b
[not found] ` <200901062243.n06Mh7HR004493-AB4EexQrvXRQetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>
2009-01-06 23:58 ` Linus Torvalds
[not found] ` <alpine.LFD.2.00.0901061554140.8799-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2009-01-07 0:04 ` Andrew Morton [this message]
[not found] ` <20090106160414.b165d452.akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>
2009-01-07 6:13 ` hooanon05-/E1597aS9LR3+QwDJ9on6Q
2009-01-07 6:14 ` [PATCH 1/2] security check for LOOP_SET_CAPACITY J. R. Okajima
2009-01-07 6:14 ` [PATCH 2/2] LOOP_SET_CAPACITY sector_t may be narrow for bit-shfit J. R. Okajima
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090106160414.b165d452.akpm@linux-foundation.org \
--to=akpm-de/tnxtf+jlsfhdxvbkv3wd2fqjk+8+b@public.gmane.org \
--cc=akinobu.mita-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=hch-jcswGhMUV9g@public.gmane.org \
--cc=hooanon05-/E1597aS9LR3+QwDJ9on6Q@public.gmane.org \
--cc=jens.axboe-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org \
--cc=kzak-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=tomas-VOkecuvH9Oc@public.gmane.org \
--cc=torvalds-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org \
--cc=util-linux-ng-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.