Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9bc1f179 authored by Ben Hutchings's avatar Ben Hutchings Committed by Greg Kroah-Hartman
Browse files

Revert "loop: Remove sector_t truncation checks" 



This reverts commit f92a3b0d, which
was commit 083a6a50783ef54256eec3499e6575237e0e3d53 upstream.  In 4.19
there is still an option to use 32-bit sector_t on 32-bit
architectures, so we need to keep checking for truncation.

Since loop_set_status() was refactored by subsequent patches, this
reintroduces its truncation check in loop_set_status_from_info()
instead.

I tested that the loop ioctl operations have the expected behaviour on
x86_64, x86_32 with CONFIG_LBDAF=y, and (the special case) x86_32 with
CONFIG_LBDAF=n.

Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 21bfca82

drivers/block/loop.c

+15 −4
Original line number Diff line number Diff line
@@ -243,12 +243,16 @@ static void loop_set_size(struct loop_device *lo, loff_t size) 
	kobject_uevent(&disk_to_dev(bdev->bd_disk)->kobj, KOBJ_CHANGE);

}



static void

static int

figure_loop_size(struct loop_device *lo, loff_t offset, loff_t sizelimit)

{

	loff_t size = get_size(offset, sizelimit, lo->lo_backing_file);

	sector_t x = (sector_t)size;



	if (unlikely((loff_t)x != size))

		return -EFBIG;

	loop_set_size(lo, size);

	return 0;

}



static inline int
@@ -996,7 +1000,10 @@ static int loop_set_fd(struct loop_device *lo, fmode_t mode, 
	    !file->f_op->write_iter)

		lo_flags |= LO_FLAGS_READ_ONLY;



	error = -EFBIG;

	size = get_loop_size(lo, file);

	if ((loff_t)(sector_t)size != size)

		goto out_unlock;



	error = loop_prepare_queue(lo);

	if (error)
@@ -1246,6 +1253,7 @@ loop_set_status_from_info(struct loop_device *lo, 
	int err;

	struct loop_func_table *xfer;

	kuid_t uid = current_uid();

	loff_t new_size;



	if ((unsigned int) info->lo_encrypt_key_size > LO_KEY_SIZE)

		return -EINVAL;
@@ -1273,6 +1281,11 @@ loop_set_status_from_info(struct loop_device *lo, 
	if (info->lo_offset > LLONG_MAX || info->lo_sizelimit > LLONG_MAX)

		return -EOVERFLOW;



	new_size = get_size(info->lo_offset, info->lo_sizelimit,

			    lo->lo_backing_file);

	if ((loff_t)(sector_t)new_size != new_size)

		return -EFBIG;



	lo->lo_offset = info->lo_offset;

	lo->lo_sizelimit = info->lo_sizelimit;
@@ -1531,9 +1544,7 @@ static int loop_set_capacity(struct loop_device *lo) 
	if (unlikely(lo->lo_state != Lo_bound))

		return -ENXIO;



	figure_loop_size(lo, lo->lo_offset, lo->lo_sizelimit);



	return 0;

	return figure_loop_size(lo, lo->lo_offset, lo->lo_sizelimit);

}



static int loop_set_dio(struct loop_device *lo, unsigned long arg)