On Mon, Apr 01, 2013 at 10:58:55PM -0700, Anatol Pomozov wrote:
> >>
> >> loop_set_fd/loop_clr_fd (and any other loop ioctl) is called under
> >> loop_device->lo_ctl_mutex.
> >
> > Ok, good enough for me, I applied it, and it's commit
> > c1681bf8a7b1b98edee8b862a42c19c4e53205fd in my tree.
> >
> >
Hi
On Mon, Apr 1, 2013 at 3:53 PM, Linus Torvalds
wrote:
> On Mon, Apr 1, 2013 at 10:00 AM, Anatol Pomozov
> wrote:
>> Hi
>>
>> On Mon, Apr 1, 2013 at 8:16 AM, Linus Torvalds
>> wrote:
>>> On Mon, Apr 1, 2013 at 4:58 AM, Anatol Pomozov
>>> wrote:
To prevent use-after-free we need to
On Mon, Apr 1, 2013 at 10:00 AM, Anatol Pomozov
wrote:
> Hi
>
> On Mon, Apr 1, 2013 at 8:16 AM, Linus Torvalds
> wrote:
>> On Mon, Apr 1, 2013 at 4:58 AM, Anatol Pomozov
>> wrote:
>>>
>>> To prevent use-after-free we need to hold device inode in loop_set_fd()
>>> and put it later in loop_clr_fd
Hi
On Mon, Apr 1, 2013 at 8:16 AM, Linus Torvalds
wrote:
> On Mon, Apr 1, 2013 at 4:58 AM, Anatol Pomozov
> wrote:
>>
>> To prevent use-after-free we need to hold device inode in loop_set_fd()
>> and put it later in loop_clr_fd().
>
> Is there something that guarantees that there's only one loo
struct block_device lifecycle is defined by its inode (see fs/block_dev.c) -
block_device allocated first time we access /dev/loopXX and deallocated on
bdev_destroy_inode. When we create the device "losetup /dev/loopXX afile"
we want that block_device stay alive until we destroy the loop device
wit
Hi
On Mon, Apr 1, 2013 at 9:28 AM, Al Viro wrote:
> On Mon, Apr 01, 2013 at 04:58:05AM -0700, Anatol Pomozov wrote:
>> lo->lo_flags |= LO_FLAGS_PARTSCAN;
>> if (lo->lo_flags & LO_FLAGS_PARTSCAN)
>> ioctl_by_bdev(bdev, BLKRRPART, 0);
>> +
>> + /* bdev lifecycl
On Mon, Apr 01, 2013 at 04:58:05AM -0700, Anatol Pomozov wrote:
> lo->lo_flags |= LO_FLAGS_PARTSCAN;
> if (lo->lo_flags & LO_FLAGS_PARTSCAN)
> ioctl_by_bdev(bdev, BLKRRPART, 0);
> +
> + /* bdev lifecycle is defined by its bd_inode (see
> + * struct bdev_in
On Mon, Apr 1, 2013 at 4:58 AM, Anatol Pomozov wrote:
>
> To prevent use-after-free we need to hold device inode in loop_set_fd()
> and put it later in loop_clr_fd().
Is there something that guarantees that there's only one loop_set_fd()
and one paired loop_clr_fd()?
IOW, what protects us from s
struct block_device lifecycle is defined by its inode (see fs/block_dev.c) -
block_device allocated first time we access /dev/loopXX and deallocated on
bdev_destroy_inode. When we create the device "losetup /dev/loopXX afile"
we want that block_device stay alive until we destroy the loop device
wit
9 matches
Mail list logo
