leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1c500ad706
linux/drivers
History
Tetsuo Handa 1c500ad706 loop: reduce the loop_ctl_mutex scope 
syzbot is reporting circular locking problem at __loop_clr_fd() [1], for
commit a160c6159d ("block: add an optional probe callback to
major_names") is calling the module's probe function with major_names_lock
held.

Fortunately, since commit 990e78116d ("block: loop: fix deadlock
between open and remove") stopped holding loop_ctl_mutex in lo_open(),
current role of loop_ctl_mutex is to serialize access to loop_index_idr
and loop_add()/loop_remove(); in other words, management of id for IDR.
To avoid holding loop_ctl_mutex during whole add/remove operation, use
a bool flag to indicate whether the loop device is ready for use.

loop_unregister_transfer() which is called from cleanup_cryptoloop()
currently has possibility of use-after-free problem due to lack of
serialization between kfree() from loop_remove() from loop_control_remove()
and mutex_lock() from unregister_transfer_cb(). But since lo->lo_encryption
should be already NULL when this function is called due to module unload,
and commit 222013f9ac ("cryptoloop: add a deprecation warning")
indicates that we will remove this function shortly, this patch updates
this function to emit warning instead of checking lo->lo_encryption.

Holding loop_ctl_mutex in loop_exit() is pointless, for all users must
close /dev/loop-control and /dev/loop$num (in order to drop module's
refcount to 0) before loop_exit() starts, and nobody can open
/dev/loop-control or /dev/loop$num afterwards.

Link: https://syzkaller.appspot.com/bug?id=7bb10e8b62f83e4d445cdf4c13d69e407e629558 [1]
Reported-by: syzbot <syzbot+f61766d5763f9e7a118f@syzkaller.appspotmail.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/adb1e792-fc0e-ee81-7ea0-0906fc36419d@i-love.sakura.ne.jp
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2021-09-03 22:14:40 -06:00
..
accessibility speakup: replace sprintf() by scnprintf() 2021-07-21 13:46:03 +02:00
acpi Driver core update for 5.15-rc1 2021-09-01 08:44:42 -07:00
amba bus: Make remove callback return void 2021-07-21 11:53:42 +02:00
android binder: Add invalid handle info in user error log 2021-08-03 16:29:25 +02:00
ata ARM: SoC drivers for 5.15 2021-09-01 15:25:28 -07:00
atm atm: horizon: Fix spelling mistakes in TX comment 2021-08-08 12:58:42 +01:00
auxdisplay
base printk changes for 5.15 2021-09-01 18:41:13 -07:00
bcma Driver core update for 5.15-rc1 2021-09-01 08:44:42 -07:00
block loop: reduce the loop_ctl_mutex scope 2021-09-03 22:14:40 -06:00
bluetooth Bluetooth: btusb: Remove WAKEUP_DISABLE and add WAKEUP_AUTOSUSPEND for Realtek devices 2021-08-19 17:08:31 +02:00
bus ARM: SoC drivers for 5.15 2021-09-01 15:25:28 -07:00
cdrom
char TTY / Serial patches for 5.15-rc1 2021-09-01 09:51:16 -07:00
clk One hot fix for a NULL pointer deref in the Renesas usb clk driver 2021-08-29 12:52:17 -07:00
clocksource hyperv-next for 5.15 2021-09-01 18:25:20 -07:00
comedi
connector
counter counter: 104-quad-8: Describe member 'lock' in 'quad8' 2021-08-09 20:24:38 +01:00
cpufreq cpufreq: intel_pstate: Process HWP Guaranteed change notification 2021-08-25 20:09:37 +02:00
cpuidle cpuidle: teo: Rename two local variables in teo_select() 2021-08-03 15:18:57 +02:00
crypto crypto: ccp - Add support for new CCP/PSP device ID 2021-08-27 16:30:18 +08:00
cxl bus: Make remove callback return void 2021-07-21 11:53:42 +02:00
dax Driver core update for 5.15-rc1 2021-09-01 08:44:42 -07:00
dca
devfreq
dio dio: return -ENOMEM when kzalloc() fails 2021-07-21 15:53:24 +02:00
dma ARM: SoC drivers for 5.15 2021-09-01 15:25:28 -07:00
dma-buf udmabuf: fix general protection fault in udmabuf_create 2021-08-12 09:27:22 +02:00
edac Updates to the interrupt core and driver subsystems: 2021-08-30 14:38:37 -07:00
eisa
extcon
firewire bus: Make remove callback return void 2021-07-21 11:53:42 +02:00
firmware ARM: SoC drivers for 5.15 2021-09-01 15:25:28 -07:00
fpga Driver core update for 5.15-rc1 2021-09-01 08:44:42 -07:00
fsi
gnss
gpio irqchip updates for Linux 5.15 2021-08-29 21:19:50 +02:00
gpu drm for v5.15-rc1 2021-09-01 11:26:46 -07:00
greybus
hid Merge 5.14-rc5 into driver-core-next 2021-08-09 09:03:47 +02:00
hsi
hv hyperv-next for 5.15 2021-09-01 18:25:20 -07:00
hwmon hwmon: add driver for Aquacomputer D5 Next 2021-08-28 08:53:30 -07:00
hwspinlock
hwtracing Driver core update for 5.15-rc1 2021-09-01 08:44:42 -07:00
i2c Driver core update for 5.15-rc1 2021-09-01 08:44:42 -07:00
i3c bus: Make remove callback return void 2021-07-21 11:53:42 +02:00
idle
iio IIO / Staging driver update for 5.15-rc1 2021-09-01 09:45:57 -07:00
infiniband Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-08-26 17:57:57 -07:00
input bus: Make remove callback return void 2021-07-21 11:53:42 +02:00
interconnect interconnect changes for 5.15 2021-08-24 15:33:04 +02:00
iommu ARM: SoC drivers for 5.15 2021-09-01 15:25:28 -07:00
ipack TTY / Serial patches for 5.15-rc1 2021-09-01 09:51:16 -07:00
irqchip Merge branch irq/qcom-pdc-nowake-cleanup into irq/irqchip-next 2021-08-23 09:50:46 +01:00
isdn tty: drop put_tty_driver 2021-07-27 12:17:21 +02:00
leds leds: pca955x: Switch to i2c probe_new 2021-08-20 11:00:08 +02:00
macintosh bus: Make remove callback return void 2021-07-21 11:53:42 +02:00
mailbox
mcb bus: Make remove callback return void 2021-07-21 11:53:42 +02:00
md - Add DM infrastructure for IMA-based remote attestion. These changes 2021-08-31 14:55:09 -07:00
media media updates for v5.15-rc1 2021-09-01 10:34:52 -07:00
memory Merge branch 'for-v5.15/omap-gpmc' into for-next 2021-07-29 09:03:32 +02:00
memstick Driver core update for 5.15-rc1 2021-09-01 08:44:42 -07:00
message
mfd IIO / Staging driver update for 5.15-rc1 2021-09-01 09:45:57 -07:00
misc TTY / Serial patches for 5.15-rc1 2021-09-01 09:51:16 -07:00
mmc TTY / Serial patches for 5.15-rc1 2021-09-01 09:51:16 -07:00
most MOST: cdev: rename 'mod_init' & 'mod_exit' functions to be module-specific 2021-07-21 15:46:22 +02:00
mtd MTD core fixes: 2021-08-16 06:36:01 -10:00
mux
net ARM: SoC drivers for 5.15 2021-09-01 15:25:28 -07:00
nfc nfc: st95hf: remove unused header includes 2021-08-26 09:13:36 +01:00
ntb bus: Make remove callback return void 2021-07-21 11:53:42 +02:00
nubus nubus: Simplify check in remove callback 2021-08-05 14:37:03 +02:00
nvdimm Driver core update for 5.15-rc1 2021-09-01 08:44:42 -07:00
nvme for-5.15/drivers-2021-08-30 2021-08-30 19:01:46 -07:00
nvmem nvmem: nintendo-otp: Add new driver for the Wii and Wii U OTP 2021-08-13 10:27:20 +02:00
of Devicetree updates for v5.15: 2021-09-01 18:34:51 -07:00
opp Merge branches 'pm-pci', 'pm-sleep', 'pm-domains' and 'powercap' 2021-08-30 19:25:42 +02:00
parisc
parport parport: remove non-zero check on count 2021-08-27 16:18:42 +02:00
pci Driver core update for 5.15-rc1 2021-09-01 08:44:42 -07:00
pcmcia Merge 5.14-rc5 into driver-core-next 2021-08-09 09:03:47 +02:00
perf
phy Char / Misc driver changes for 5.15-rc1 2021-09-01 08:35:06 -07:00
pinctrl Updates to the interrupt core and driver subsystems: 2021-08-30 14:38:37 -07:00
platform TTY / Serial patches for 5.15-rc1 2021-09-01 09:51:16 -07:00
pnp bus: Make remove callback return void 2021-07-21 11:53:42 +02:00
power power supply and reset changes for the v5.15 series 2021-08-30 11:47:32 -07:00
powercap powercap: Add Power Limit4 support for Alder Lake SoC 2021-08-25 20:12:16 +02:00
pps pps: clients: parport: Switch to use module_parport_driver() 2021-07-29 17:29:14 +02:00
ps3
ptp ptp: ocp: Simplify Kconfig. 2021-08-26 12:06:42 +01:00
pwm
rapidio bus: Make remove callback return void 2021-07-21 11:53:42 +02:00
ras
regulator Merge remote-tracking branch 'regulator/for-5.14' into regulator-linus 2021-08-25 16:05:24 +01:00
remoteproc
reset ARM: SoC drivers for 5.15 2021-09-01 15:25:28 -07:00
rpmsg bus: Make remove callback return void 2021-07-21 11:53:42 +02:00
rtc
s390 TTY / Serial patches for 5.15-rc1 2021-09-01 09:51:16 -07:00
sbus
scsi Driver core update for 5.15-rc1 2021-09-01 08:44:42 -07:00
sh sh: superhyway: Simplify check in remove callback 2021-08-05 14:37:03 +02:00
siox bus: Make remove callback return void 2021-07-21 11:53:42 +02:00
slimbus Driver core update for 5.15-rc1 2021-09-01 08:44:42 -07:00
soc ARM: SoC drivers for 5.15 2021-09-01 15:25:28 -07:00
soundwire sound updates for 5.15-rc1 2021-09-01 10:29:29 -07:00
spi ARM: SoC drivers for 5.15 2021-09-01 15:25:28 -07:00
spmi bus: Make remove callback return void 2021-07-21 11:53:42 +02:00
ssb bus: Make remove callback return void 2021-07-21 11:53:42 +02:00
staging media updates for v5.15-rc1 2021-09-01 10:34:52 -07:00
target Bus: Make remove callback return void tag 2021-08-11 08:47:08 +10:00
tc
tee tee: Correct inappropriate usage of TEE_SHM_DMA_BUF flag 2021-07-21 07:55:50 +02:00
thermal thermal: intel: Allow processing of HWP interrupt 2021-08-25 20:09:37 +02:00
thunderbolt USB/Thunderbolt patches for 5.15-rc1 2021-09-01 09:59:34 -07:00
tty TTY / Serial patches for 5.15-rc1 2021-09-01 09:51:16 -07:00
uio
usb USB/Thunderbolt patches for 5.15-rc1 2021-09-01 09:59:34 -07:00
vdpa Driver core update for 5.15-rc1 2021-09-01 08:44:42 -07:00
vfio Bus: Make remove callback return void tag 2021-08-11 08:47:08 +10:00
vhost sock: remove one redundant SKB_FRAG_PAGE_ORDER macro 2021-08-26 10:46:20 +01:00
video video: fbdev: ssd1307fb: Cache address ranges 2021-07-27 17:18:26 +02:00
virt virt: acrn: Do hcall_destroy_vm() before resource release 2021-07-27 16:48:45 +02:00
virtio Driver core update for 5.15-rc1 2021-09-01 08:44:42 -07:00
visorbus
vlynq bus: Make remove callback return void 2021-07-21 11:53:42 +02:00
vme bus: Make remove callback return void 2021-07-21 11:53:42 +02:00
w1
watchdog watchdog: ixp4xx: Rewrite driver to use core 2021-08-04 12:20:13 +02:00
xen Driver core update for 5.15-rc1 2021-09-01 08:44:42 -07:00
zorro zorro: Drop useless (and hardly used) .driver member in struct zorro_dev 2021-08-05 14:37:04 +02:00
Kconfig remove the lightnvm subsystem 2021-08-14 15:54:09 -06:00
Makefile remove the lightnvm subsystem 2021-08-14 15:54:09 -06:00