From da5dadb4f11660ca67580cd4a7420161266d6254 Mon Sep 17 00:00:00 2001
From: Mike Snitzer <snitzer@redhat.com>
Date: Thu, 29 Mar 2018 23:31:32 -0400
Subject: [PATCH] dm: fix dropped return code from dm_get_bdev_for_ioctl
Git-commit: da5dadb4f11660ca67580cd4a7420161266d6254
References: bsc#1111974
Patch-mainline: v4.16

dm_get_bdev_for_ioctl()'s return of 0 or 1 must be the result from
prepare_ioctl (1 means the ioctl was issued to a partition, 0 means it
wasn't).  Unfortunately commit 519049afea ("dm: use blkdev_get rather
than bdgrab when issuing pass-through ioctl") reused the variable 'r'
to store the return from blkdev_get() that follows prepare_ioctl()
-- whereby dropping prepare_ioctl()'s result on the floor.

This can lead to an ioctl or persistent reservation being issued to a
partition going unnoticed, which implies the extra permission check for
CAP_SYS_RAWIO is skipped.

Fix this by using a different variable to store blkdev_get()'s return.

Fixes: 519049afea ("dm: use blkdev_get rather than bdgrab when issuing pass-through ioctl")
Reported-by: Alasdair G Kergon <agk@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Coly Li <colyli@suse.de>

---
 drivers/md/dm.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/drivers/md/dm.c b/drivers/md/dm.c
index 45328d8b2859..353ea0ede091 100644
--- a/drivers/md/dm.c
+++ b/drivers/md/dm.c
@@ -466,7 +466,7 @@ static int dm_get_bdev_for_ioctl(struct mapped_device *md,
 {
 	struct dm_target *tgt;
 	struct dm_table *map;
-	int srcu_idx, r;
+	int srcu_idx, r, r2;
 
 retry:
 	r = -ENOTTY;
@@ -492,9 +492,11 @@ static int dm_get_bdev_for_ioctl(struct mapped_device *md,
 		goto out;
 
 	bdgrab(*bdev);
-	r = blkdev_get(*bdev, *mode, _dm_claim_ptr);
-	if (r < 0)
+	r2 = blkdev_get(*bdev, *mode, _dm_claim_ptr);
+	if (r2 < 0) {
+		r = r2;
 		goto out;
+	}
 
 	dm_put_live_table(md, srcu_idx);
 	return r;
-- 
2.19.0