| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20181214203223.7063-1-jaegeuk@kernel.org>
Date: Fri, 14 Dec 2018 12:32:23 -0800
From: Jaegeuk Kim <jaegeuk@...nel.org>
To: linux-kernel@...r.kernel.org
Cc: Jaegeuk Kim <jaegeuk@...nel.org>, Jens Axboe <axboe@...nel.dk>,
linux-block@...r.kernel.org
Subject: [PATCH] loop: drop caches if offset is changed
If we don't drop caches used in old offset, we can get old data from new
offset, which gives unexpected data to user.
Martijn found a loopback bug in the below scenario.
1) LOOP_SET_FD loads first two pages on loop file
2) LOOP_SET_STATUS64 changes the offset on the loop file
3) mount is failed due to the cached pages having wrong superblock
This patch drops caches when we change lo->offset.
Cc: Jens Axboe <axboe@...nel.dk>
Cc: linux-block@...r.kernel.org
Reported-by: Martijn Coenen <maco@...gle.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@...nel.org>
---
drivers/block/loop.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/block/loop.c b/drivers/block/loop.c
index cb0cc8685076..f073a3f1a7cd 100644
--- a/drivers/block/loop.c
+++ b/drivers/block/loop.c
@@ -1154,6 +1154,12 @@ loop_set_status(struct loop_device *lo, const struct loop_info64 *info)
if (lo->lo_offset != info->lo_offset ||
lo->lo_sizelimit != info->lo_sizelimit) {
+ struct block_device *bdev = lo->lo_device;
+
+ /* drop stale caches used in old offset */
+ sync_blockdev(bdev);
+ kill_bdev(bdev);
+
if (figure_loop_size(lo, info->lo_offset, info->lo_sizelimit)) {
err = -EFBIG;
goto exit;
--
2.19.0.605.g01d371f741-goog
Powered by blists - more mailing lists