forked from luck/tmp_suning_uos_patched
a0c80efe59
floppy_revalidate() doesn't perform any error handling on lock_fdc() result. lock_fdc() might actually be interrupted by a signal (it waits for fdc becoming non-busy interruptibly). In such case, floppy_revalidate() proceeds as if it had claimed the lock, but it fact it doesn't. In case of multiple threads trying to open("/dev/fdX"), this leads to serious corruptions all over the place, because all of a sudden there is no critical section protection (that'd otherwise be guaranteed by locked fd) whatsoever. While at this, fix the fact that the 'interruptible' parameter to lock_fdc() doesn't make any sense whatsoever, because we always wait interruptibly anyway. Most of the lock_fdc() callsites do properly handle error (and propagate EINTR), but floppy_revalidate() and floppy_check_events() don't. Fix this. Spotted by 'syzkaller' tool. Reported-by: Dmitry Vyukov <dvyukov@google.com> Tested-by: Dmitry Vyukov <dvyukov@google.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz> |
||
---|---|---|
.. | ||
aoe | ||
drbd | ||
mtip32xx | ||
paride | ||
rsxx | ||
xen-blkback | ||
zram | ||
amiflop.c | ||
ataflop.c | ||
brd.c | ||
cciss_cmd.h | ||
cciss_scsi.c | ||
cciss_scsi.h | ||
cciss.c | ||
cciss.h | ||
cpqarray.c | ||
cpqarray.h | ||
cryptoloop.c | ||
DAC960.c | ||
DAC960.h | ||
floppy.c | ||
hd.c | ||
ida_cmd.h | ||
ida_ioctl.h | ||
Kconfig | ||
loop.c | ||
loop.h | ||
Makefile | ||
mg_disk.c | ||
nbd.c | ||
null_blk.c | ||
nvme-core.c | ||
nvme-scsi.c | ||
osdblk.c | ||
pktcdvd.c | ||
ps3disk.c | ||
ps3vram.c | ||
rbd_types.h | ||
rbd.c | ||
skd_main.c | ||
skd_s1120.h | ||
smart1,2.h | ||
sunvdc.c | ||
swim3.c | ||
swim_asm.S | ||
swim.c | ||
sx8.c | ||
umem.c | ||
umem.h | ||
virtio_blk.c | ||
xen-blkfront.c | ||
xsysace.c | ||
z2ram.c |