From: Christoph Hellwig <hch@lst.de> mainline inclusion from mainline-v5.9-rc1 commit ecbe6bc0003bfd5bf8581cb679cae0eb944432cb category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/ICWGGN CVE: CVE-2025-38709 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i... ------------------ The arcane magic in bd_start_claiming is only needed to be able to claim a block_device that hasn't been fully set up. Switch the loop driver that claims from the ioctl path with a fully set up struct block_device to just use the much simpler bd_prepare_to_claim directly. Signed-off-by: Christoph Hellwig <hch@lst.de> Acked-by: Tejun Heo <tj@kernel.org> Signed-off-by: Jens Axboe <axboe@kernel.dk> Conflicts: drivers/block/loop.c fs/block_dev.c include/linux/fs.h include/linux/blkdev.h block/blk.h [Export bd_prepare_to_claim.] Signed-off-by: Zheng Qixing <zhengqixing@huawei.com> --- block/blk.h | 4 ---- fs/block_dev.c | 1 + include/linux/fs.h | 4 ++++ 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/block/blk.h b/block/blk.h index 30146e2099e3..2730b239f158 100644 --- a/block/blk.h +++ b/block/blk.h @@ -273,10 +273,6 @@ unsigned int blk_plug_queued_count(struct request_queue *q); void blk_account_io_start(struct request *req, bool new_io); void blk_account_io_completion(struct request *req, unsigned int bytes); void blk_account_io_done(struct request *req, u64 now); -int bd_prepare_to_claim(struct block_device *bdev, - struct block_device *whole, void *holder); -void bd_abort_claiming(struct block_device *bdev, struct block_device *whole, - void *holder); /* * EH timer and IO completion will both attempt to 'grab' the request, make diff --git a/fs/block_dev.c b/fs/block_dev.c index e072d1ef16ef..6d3e4356392a 100644 --- a/fs/block_dev.c +++ b/fs/block_dev.c @@ -1100,6 +1100,7 @@ int bd_prepare_to_claim(struct block_device *bdev, spin_unlock(&bdev_lock); return 0; } +EXPORT_SYMBOL_GPL(bd_prepare_to_claim); /* only for the loop driver */ static void bd_clear_claiming(struct block_device *whole, void *holder) { diff --git a/include/linux/fs.h b/include/linux/fs.h index 1c9aac073db1..584957a75822 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -2645,6 +2645,10 @@ extern struct block_device *blkdev_get_by_path(const char *path, fmode_t mode, void *holder); extern struct block_device *blkdev_get_by_dev(dev_t dev, fmode_t mode, void *holder); +extern int bd_prepare_to_claim(struct block_device *bdev, + struct block_device *whole, void *holder); +extern void bd_abort_claiming(struct block_device *bdev, + struct block_device *whole, void *holder); extern void blkdev_put(struct block_device *bdev, fmode_t mode); extern int __blkdev_reread_part(struct block_device *bdev); extern int blkdev_reread_part(struct block_device *bdev); -- 2.39.2