linux/drivers/block
Namhyung Kim 315980c868 brd: limit 'max_part' module param to DISK_MAX_PARTS
The 'max_part' parameter controls the number of maximum partition
a brd device can have. However if a user specifies very large
value it would exceed the limitation of device minor number and
can cause a kernel panic (or, at least, produce invalid device
nodes in some cases).

On my desktop system, following command kills the kernel. On qemu,
it triggers similar oops but the kernel was alive:

$ sudo modprobe brd max_part=100000
 BUG: unable to handle kernel NULL pointer dereference at 0000000000000058
 IP: [<ffffffff81110a9a>] sysfs_create_dir+0x2d/0xae
 PGD 7af1067 PUD 7b19067 PMD 0
 Oops: 0000 [#1] SMP
 last sysfs file:
 CPU 0
 Modules linked in: brd(+)

 Pid: 44, comm: insmod Tainted: G        W   2.6.39-qemu+ #158 Bochs Bochs
 RIP: 0010:[<ffffffff81110a9a>]  [<ffffffff81110a9a>] sysfs_create_dir+0x2d/0xae
 RSP: 0018:ffff880007b15d78  EFLAGS: 00000286
 RAX: ffff880007b05478 RBX: ffff880007a52760 RCX: ffff880007b15dc8
 RDX: ffff880007a4f900 RSI: ffff880007b15e48 RDI: ffff880007a52760
 RBP: ffff880007b15da8 R08: 0000000000000002 R09: 0000000000000000
 R10: ffff880007b15e48 R11: ffff880007b05478 R12: 0000000000000000
 R13: ffff880007b05478 R14: 0000000000400920 R15: 0000000000000063
 FS:  0000000002160880(0063) GS:ffff880007c00000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: 0000000000000058 CR3: 0000000007b1c000 CR4: 00000000000006b0
 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
 DR3: 0000000000000000 DR6: 0000000000000000 DR7: 0000000000000000
 Process insmod (pid: 44, threadinfo ffff880007b14000, task ffff880007acb980)
 Stack:
  ffff880007b15dc8 ffff880007b05478 ffff880007b15da8 00000000fffffffe
  ffff880007a52760 ffff880007b05478 ffff880007b15de8 ffffffff81143c0a
  0000000000400920 ffff880007a52760 ffff880007b05478 0000000000000000
 Call Trace:
  [<ffffffff81143c0a>] kobject_add_internal+0xdf/0x1a0
  [<ffffffff81143da1>] kobject_add_varg+0x41/0x50
  [<ffffffff81143e6b>] kobject_add+0x64/0x66
  [<ffffffff8113bbe7>] blk_register_queue+0x5f/0xb8
  [<ffffffff81140f72>] add_disk+0xdf/0x289
  [<ffffffffa00040df>] brd_init+0xdf/0x1aa [brd]
  [<ffffffffa0004000>] ? 0xffffffffa0003fff
  [<ffffffffa0004000>] ? 0xffffffffa0003fff
  [<ffffffff8100020a>] do_one_initcall+0x7a/0x12e
  [<ffffffff8108516c>] sys_init_module+0x9c/0x1dc
  [<ffffffff812ff4bb>] system_call_fastpath+0x16/0x1b
 Code: 89 e5 41 55 41 54 53 48 89 fb 48 83 ec 18 48 85 ff 75 04 0f 0b eb fe 48 8b 47 18 49 c7 c4 70 1e 4d 81 48 85 c0 74 04 4c 8b 60 30
  8b 44 24 58 45 31 ed 0f b6 c4 85 c0 74 0d 48 8b 43 28 48 89
 RIP  [<ffffffff81110a9a>] sysfs_create_dir+0x2d/0xae
  RSP <ffff880007b15d78>
 CR2: 0000000000000058
 ---[ end trace aebb1175ce1f6739 ]---

Signed-off-by: Namhyung Kim <namhyung@gmail.com>
Cc: Laurent Vivier <Laurent.Vivier@bull.net>
Cc: stable@kernel.org
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
2011-05-26 21:06:50 +02:00
..
aoe drivers/block/aoe/Makefile: replace the use of <module>-objs with <module>-y 2011-01-19 08:25:02 -07:00
drbd Merge branch 'for-2.6.40/drivers' of git://git.kernel.dk/linux-2.6-block 2011-05-25 09:15:35 -07:00
paride Merge commit 'v2.6.39' into for-2.6.40/core 2011-05-20 20:33:15 +02:00
xen-blkback xen/blkback: don't fail empty barrier requests 2011-05-18 11:28:16 -04:00
amiflop.c block: unexport DISK_EVENT_MEDIA_CHANGE for legacy/fringe drivers 2011-04-21 21:33:05 +02:00
ataflop.c block: unexport DISK_EVENT_MEDIA_CHANGE for legacy/fringe drivers 2011-04-21 21:33:05 +02:00
brd.c brd: limit 'max_part' module param to DISK_MAX_PARTS 2011-05-26 21:06:50 +02:00
cciss_cmd.h cciss: use new doorbell-bit-5 reset method 2011-05-06 08:23:55 -06:00
cciss_scsi.c cciss: add cciss_tape_cmds module paramter 2011-05-06 08:23:59 -06:00
cciss_scsi.h cciss: add cciss_tape_cmds module paramter 2011-05-06 08:23:59 -06:00
cciss.c cciss: fix compile issue 2011-05-06 08:27:00 -06:00
cciss.h cciss: increase timeouts for post-reset no-ops 2011-05-06 08:23:54 -06:00
cpqarray.c block: remove per-queue plugging 2011-03-10 08:52:07 +01:00
cpqarray.h
cryptoloop.c drivers: Remove unnecessary inclusions of asm/semaphore.h 2008-04-18 22:16:32 -04:00
DAC960.c block: unexport DISK_EVENT_MEDIA_CHANGE for legacy/fringe drivers 2011-04-21 21:33:05 +02:00
DAC960.h Fix DAC960 driver on machines which don't support 64-bit DMA 2007-09-11 17:21:19 -07:00
floppy.c block: unexport DISK_EVENT_MEDIA_CHANGE for legacy/fringe drivers 2011-04-21 21:33:05 +02:00
hd.c Fix common misspellings 2011-03-31 11:26:23 -03:00
ida_cmd.h
ida_ioctl.h
Kconfig xen/blkback: Flesh out the description in the Kconfig. 2011-05-12 17:55:40 -04:00
loop.c loop: handle on-demand devices correctly 2011-05-24 16:48:55 +02:00
Makefile xen/blkback: Move it from drivers/xen to drivers/block 2011-04-18 14:30:26 -04:00
mg_disk.c block: switch s390 tape_block and mg_disk to elevator_change() 2010-08-23 14:02:44 +02:00
nbd.c nbd: remove module-level ioctl mutex 2011-02-11 16:12:20 -08:00
osdblk.c block: remove spurious uses of REQ_HARDBARRIER 2010-09-10 12:35:36 +02:00
pktcdvd.c Merge branch 'for-2.6.39/stack-plug' into for-2.6.39/core 2011-03-10 08:58:35 +01:00
ps3disk.c Merge branch 'for-2.6.37/barrier' of git://git.kernel.dk/linux-2.6-block 2010-10-22 17:07:18 -07:00
ps3vram.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
rbd_types.h rbd: introduce rados block device (rbd), based on libceph 2010-10-20 15:38:13 -07:00
rbd.c rbd: handle online resize of underlying rbd image 2011-05-24 11:52:08 -07:00
smart1,2.h fix typos 'comamnd' -> 'command' in comments 2011-02-02 11:31:21 +01:00
sunvdc.c block: Consolidate phys_segment and hw_segment limits 2010-02-26 13:58:08 +01:00
swim3.c block: unexport DISK_EVENT_MEDIA_CHANGE for legacy/fringe drivers 2011-04-21 21:33:05 +02:00
swim_asm.S m68k: mac - Add SWIM floppy support 2009-03-26 21:15:27 +01:00
swim.c block: unexport DISK_EVENT_MEDIA_CHANGE for legacy/fringe drivers 2011-04-21 21:33:05 +02:00
sx8.c block: Consolidate phys_segment and hw_segment limits 2010-02-26 13:58:08 +01:00
ub.c block: unexport DISK_EVENT_MEDIA_CHANGE for legacy/fringe drivers 2011-04-21 21:33:05 +02:00
umem.c Merge branch 'for-2.6.39/stack-plug' into for-2.6.39/core 2011-03-10 08:58:35 +01:00
umem.h drivers/block/umem: trim trailing whitespace 2007-10-10 09:25:59 +02:00
viodasd.c Fix common misspellings 2011-03-31 11:26:23 -03:00
virtio_blk.c Merge branch 'for-2.6.37/barrier' of git://git.kernel.dk/linux-2.6-block 2010-10-22 17:07:18 -07:00
xd.c block: autoconvert trivial BKL users to private mutex 2010-10-05 15:01:10 +02:00
xd.h [PATCH] switch xd 2008-10-21 07:48:11 -04:00
xen-blkfront.c xen-blkfront: Introduce BLKIF_OP_FLUSH_DISKCACHE support. 2011-05-12 08:56:03 -04:00
xsysace.c block: unexport DISK_EVENT_MEDIA_CHANGE for legacy/fringe drivers 2011-04-21 21:33:05 +02:00
z2ram.c drivers/block/z2ram.c: correct printing of sector_t 2010-10-28 06:15:26 -06:00