From 375e23ab3d24e67b13df536dc6f933c628f78c41 Mon Sep 17 00:00:00 2001 From: Yufen Yu Date: Wed, 9 Jun 2021 16:40:25 +0800 Subject: [PATCH] block: avoid creating invalid symlink file for patitions hulk inclusion category: bugfix bugzilla: 55097 CVE: NA ------------------------------------------------- For now, there is no mechanism that can provent ioctl to call add_partition after del_gendisk() have called delete_partition(). Then, invalid symlinks file may be created into /sys/class/block. We try to fix this problem by setting GENHD_FL_UP early in del_gendisk() and check the flag before adding partitions likely that do in mainline kernel. Since all of them are cover by bdev->bd_mutex, either add_partition success but will delete by del_gendisk(), or add_partition will fail return as GENHD_FL_UP have been cleared. Signed-off-by: Yufen Yu Reviewed-by: Jason Yan Signed-off-by: Yang Yingliang --- block/genhd.c | 2 +- block/ioctl.c | 4 ++++ block/partition-generic.c | 3 +++ 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/block/genhd.c b/block/genhd.c index 2127d2900341..f66726a4fad2 100644 --- a/block/genhd.c +++ b/block/genhd.c @@ -765,6 +765,7 @@ void del_gendisk(struct gendisk *disk) bdev = bdget_disk(disk, 0); if (bdev) mutex_lock(&bdev->bd_mutex); + disk->flags &= ~GENHD_FL_UP; /* invalidate stuff */ disk_part_iter_init(&piter, disk, DISK_PITER_INCL_EMPTY | DISK_PITER_REVERSE); @@ -780,7 +781,6 @@ void del_gendisk(struct gendisk *disk) invalidate_partition(disk, 0); bdev_unhash_inode(disk_devt(disk)); set_capacity(disk, 0); - disk->flags &= ~GENHD_FL_UP; up_write(&disk->lookup_sem); if (!(disk->flags & GENHD_FL_HIDDEN)) diff --git a/block/ioctl.c b/block/ioctl.c index 899ffd50a7c6..3bcfc8dc32fa 100644 --- a/block/ioctl.c +++ b/block/ioctl.c @@ -50,6 +50,10 @@ static int blkpg_ioctl(struct block_device *bdev, struct blkpg_ioctl_arg __user return -EINVAL; mutex_lock(&bdev->bd_mutex); + if (!(disk->flags & GENHD_FL_UP)) { + mutex_unlock(&bdev->bd_mutex); + return -ENXIO; + } /* overlap? */ disk_part_iter_init(&piter, disk, diff --git a/block/partition-generic.c b/block/partition-generic.c index 739c0cc5fd22..cc3e1bd86d25 100644 --- a/block/partition-generic.c +++ b/block/partition-generic.c @@ -525,6 +525,9 @@ int rescan_partitions(struct gendisk *disk, struct block_device *bdev) struct parsed_partitions *state = NULL; struct hd_struct *part; int p, highest, res; + + if (!(disk->flags & GENHD_FL_UP)) + return -ENXIO; rescan: if (state && !IS_ERR(state)) { free_partitions(state); -- GitLab