On Tue, 6 Jan 2009 15:58:19 -0800 (PST)
Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote:
>
>
> On Tue, 6 Jan 2009, akpm@xxxxxxxxxxxxxxxxxxxx wrote:
> >
> > Add the ability to 'resize' the loop device on the fly.
>
> Hell no.
>
> There is apparently no security checking here. No way can we allow this
> for any random user that can open the loopback device read-only and then
> just change its size.
>
> It needs to use all the same security checks as "loop_set_status()" and
> friends, afaik.
>
oops, didn't think of that.
There's a bug, too:
> +static int loop_set_capacity(struct loop_device *lo, struct block_device *bdev)
> +{
> + int err;
> + sector_t sec;
> + loff_t sz;
> +
> + err = -ENXIO;
> + if (unlikely(lo->lo_state != Lo_bound))
> + goto out;
> + err = figure_loop_size(lo);
> + if (unlikely(err))
> + goto out;
> + sec = get_capacity(lo->lo_disk);
> + sz = sec << 9;
This can overflow if sector_t is 32-bit. Fix with:
sz = (loff_t)sec << 9;
> + mutex_lock(&bdev->bd_mutex);
> + bd_set_size(bdev, sz);
> + mutex_unlock(&bdev->bd_mutex);
> +
> + out:
> + return err;
> +}
--
To unsubscribe from this list: send the line "unsubscribe util-linux-ng" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
