diff options
author | Jiri Kosina <jkosina@suse.cz> | 2016-02-01 13:19:17 +0300 |
---|---|---|
committer | Jiri Kosina <jkosina@suse.cz> | 2016-02-01 13:19:17 +0300 |
commit | a0c80efe5956ccce9fe7ae5c78542578c07bc20a (patch) | |
tree | a712e934052d1d0d017f95c8ac249756284100a8 /fs | |
parent | aa0818c6ee8d8e4772725a43550823347bc1ad30 (diff) | |
download | linux-a0c80efe5956ccce9fe7ae5c78542578c07bc20a.tar.xz |
floppy: fix lock_fdc() signal handling
floppy_revalidate() doesn't perform any error handling on lock_fdc()
result. lock_fdc() might actually be interrupted by a signal (it waits for
fdc becoming non-busy interruptibly). In such case, floppy_revalidate()
proceeds as if it had claimed the lock, but it fact it doesn't.
In case of multiple threads trying to open("/dev/fdX"), this leads to
serious corruptions all over the place, because all of a sudden there is
no critical section protection (that'd otherwise be guaranteed by locked
fd) whatsoever.
While at this, fix the fact that the 'interruptible' parameter to
lock_fdc() doesn't make any sense whatsoever, because we always wait
interruptibly anyway.
Most of the lock_fdc() callsites do properly handle error (and propagate
EINTR), but floppy_revalidate() and floppy_check_events() don't. Fix this.
Spotted by 'syzkaller' tool.
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Tested-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Diffstat (limited to 'fs')
0 files changed, 0 insertions, 0 deletions