diff options
author | Dmitry Monakhov <dmonakhov@openvz.org> | 2011-11-16 09:21:49 +0100 |
---|---|---|
committer | Jens Axboe <axboe@kernel.dk> | 2011-11-16 09:21:49 +0100 |
commit | 7035b5df3c071ccaf2f1694b96bd8958b0eb37ca (patch) | |
tree | 146e916bce5b11232afac2319c012b1fccba54d0 /drivers/usb/core/inode.c | |
parent | 0c614e2d3e6ee6ff13c6181f380787cea1d82d1d (diff) | |
download | op-kernel-dev-7035b5df3c071ccaf2f1694b96bd8958b0eb37ca.zip op-kernel-dev-7035b5df3c071ccaf2f1694b96bd8958b0eb37ca.tar.gz |
loop: cleanup set_status interface
1) Anyone who has read access to loopdev has permission to call set_status
and may change important parameters such as lo_offset, lo_sizelimit and
so on, which contradicts to read access pattern and definitely equals
to write access pattern.
2) Add lo_offset over i_size check to prevent blkdev_size overflow.
##Testcase_bagin
#dd if=/dev/zero of=./file bs=1k count=1
#losetup /dev/loop0 ./file
/* userspace_application */
struct loop_info64 loinf;
fd = open("/dev/loop0", O_RDONLY);
ioctl(fd, LOOP_GET_STATUS64, &loinf);
/* Set offset to any value which is bigger than i_size, and sizelimit
* to nonzero value*/
loinf.lo_offset = 4096*1024;
loinf.lo_sizelimit = 1024;
ioctl(fd, LOOP_SET_STATUS64, &loinf);
/* After this loop device will have size similar to 0x7fffffffffxxxx */
#blockdev --getsz /dev/loop0
##OUTPUT: 36028797018955968
##Testcase_end
[akpm@linux-foundation.org: coding-style fixes]
Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Diffstat (limited to 'drivers/usb/core/inode.c')
0 files changed, 0 insertions, 0 deletions