summaryrefslogtreecommitdiff
path: root/kernel/notifier.c
diff options
context:
space:
mode:
authorMike Snitzer <snitzer@redhat.com>2018-04-03 15:05:12 -0400
committerMike Snitzer <snitzer@redhat.com>2018-04-04 12:12:38 -0400
commit971888c46993f871f20d02d1fe43486a924fad11 (patch)
treeb327b79b5e3915f7912dd7f48006df08b0028837 /kernel/notifier.c
parent13bc62d4a6c79b95ec299591df1bae0a505f2d07 (diff)
dm: hold DM table for duration of ioctl rather than use blkdev_get
Commit 519049afead ("dm: use blkdev_get rather than bdgrab when issuing pass-through ioctl") inadvertantly introduced a regression relative to users of device cgroups that issue ioctls (e.g. libvirt). Using blkdev_get() in DM's passthrough ioctl support implicitly introduced a cgroup permissions check that would fail unless care were taken to add all devices in the IO stack to the device cgroup. E.g. rather than just adding the top-level DM multipath device to the cgroup all the underlying devices would need to be allowed. Fix this, to no longer require allowing all underlying devices, by simply holding the live DM table (which includes the table's original blkdev_get() reference on the blockdevice that the ioctl will be issued to) for the duration of the ioctl. Also, bump the DM ioctl version so a user can know that their device cgroup allow workaround is no longer needed. Reported-by: Michal Privoznik <mprivozn@redhat.com> Suggested-by: Mikulas Patocka <mpatocka@redhat.com> Fixes: 519049afead ("dm: use blkdev_get rather than bdgrab when issuing pass-through ioctl") Cc: stable@vger.kernel.org # 4.16 Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Diffstat (limited to 'kernel/notifier.c')
0 files changed, 0 insertions, 0 deletions