On Tue, 6 Jan 2009 15:58:19 -0800 (PST) Linus Torvalds <[email protected]> wrote:
> > > On Tue, 6 Jan 2009, [email protected] wrote: > > > > Add the ability to 'resize' the loop device on the fly. > > Hell no. > > There is apparently no security checking here. No way can we allow this > for any random user that can open the loopback device read-only and then > just change its size. > > It needs to use all the same security checks as "loop_set_status()" and > friends, afaik. > oops, didn't think of that. There's a bug, too: > +static int loop_set_capacity(struct loop_device *lo, struct block_device > *bdev) > +{ > + int err; > + sector_t sec; > + loff_t sz; > + > + err = -ENXIO; > + if (unlikely(lo->lo_state != Lo_bound)) > + goto out; > + err = figure_loop_size(lo); > + if (unlikely(err)) > + goto out; > + sec = get_capacity(lo->lo_disk); > + sz = sec << 9; This can overflow if sector_t is 32-bit. Fix with: sz = (loff_t)sec << 9; > + mutex_lock(&bdev->bd_mutex); > + bd_set_size(bdev, sz); > + mutex_unlock(&bdev->bd_mutex); > + > + out: > + return err; > +} -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
