• Theodore Ts'o's avatar
    loop: add recursion validation to LOOP_CHANGE_FD · d2ac838e
    Theodore Ts'o authored
    Refactor the validation code used in LOOP_SET_FD so it is also used in
    LOOP_CHANGE_FD.  Otherwise it is possible to construct a set of loop
    devices that all refer to each other.  This can lead to a infinite
    loop in starting with "while (is_loop_device(f)) .." in loop_set_fd().
    
    Fix this by refactoring out the validation code and using it for
    LOOP_CHANGE_FD as well as LOOP_SET_FD.
    
    Reported-by: syzbot+4349872271ece473a7c91190b68b4bac7c5dbc87@syzkaller.appspotmail.com
    Reported-by: syzbot+40bd32c4d9a3cc12a339@syzkaller.appspotmail.com
    Reported-by: syzbot+769c54e66f994b041be7@syzkaller.appspotmail.com
    Reported-by: syzbot+0a89a9ce473936c57065@syzkaller.appspotmail.com
    Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
    Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
    d2ac838e
loop.c 52.8 KB