summaryrefslogtreecommitdiff
path: root/fs
diff options
context:
space:
mode:
authorJiri Kosina <jkosina@suse.cz>2016-02-01 13:19:17 +0300
committerJiri Kosina <jkosina@suse.cz>2016-02-01 13:19:17 +0300
commita0c80efe5956ccce9fe7ae5c78542578c07bc20a (patch)
treea712e934052d1d0d017f95c8ac249756284100a8 /fs
parentaa0818c6ee8d8e4772725a43550823347bc1ad30 (diff)
downloadlinux-a0c80efe5956ccce9fe7ae5c78542578c07bc20a.tar.xz
floppy: fix lock_fdc() signal handling
floppy_revalidate() doesn't perform any error handling on lock_fdc() result. lock_fdc() might actually be interrupted by a signal (it waits for fdc becoming non-busy interruptibly). In such case, floppy_revalidate() proceeds as if it had claimed the lock, but it fact it doesn't. In case of multiple threads trying to open("/dev/fdX"), this leads to serious corruptions all over the place, because all of a sudden there is no critical section protection (that'd otherwise be guaranteed by locked fd) whatsoever. While at this, fix the fact that the 'interruptible' parameter to lock_fdc() doesn't make any sense whatsoever, because we always wait interruptibly anyway. Most of the lock_fdc() callsites do properly handle error (and propagate EINTR), but floppy_revalidate() and floppy_check_events() don't. Fix this. Spotted by 'syzkaller' tool. Reported-by: Dmitry Vyukov <dvyukov@google.com> Tested-by: Dmitry Vyukov <dvyukov@google.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Diffstat (limited to 'fs')
0 files changed, 0 insertions, 0 deletions