diff options
| author | Jiri Kosina <jkosina@suse.cz> | 2016-02-01 11:19:17 +0100 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2021-03-17 16:07:19 +0100 |
| commit | b93c6b400ed51e526e724b430a115293fd147466 (patch) | |
| tree | ff735a51b8f2915cee5cc0859b0dd52b92ad8d9e /lib/test_siphash.c | |
| parent | a1947c54c6d98bdacd115af05aa0f36758ceed7d (diff) | |
floppy: fix lock_fdc() signal handling
commit a0c80efe5956ccce9fe7ae5c78542578c07bc20a upstream.
floppy_revalidate() doesn't perform any error handling on lock_fdc()
result. lock_fdc() might actually be interrupted by a signal (it waits for
fdc becoming non-busy interruptibly). In such case, floppy_revalidate()
proceeds as if it had claimed the lock, but it fact it doesn't.
In case of multiple threads trying to open("/dev/fdX"), this leads to
serious corruptions all over the place, because all of a sudden there is
no critical section protection (that'd otherwise be guaranteed by locked
fd) whatsoever.
While at this, fix the fact that the 'interruptible' parameter to
lock_fdc() doesn't make any sense whatsoever, because we always wait
interruptibly anyway.
Most of the lock_fdc() callsites do properly handle error (and propagate
EINTR), but floppy_revalidate() and floppy_check_events() don't. Fix this.
Spotted by 'syzkaller' tool.
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Tested-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Cc: Wade Mealing <wmealing@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'lib/test_siphash.c')
0 files changed, 0 insertions, 0 deletions