korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2025-01-23 14:24:25 +08:00
Code Issues Packages Projects Releases Wiki Activity
78f4bb367f
linux/drivers/block
History
Namhyung Kim 78f4bb367f loop: limit 'max_part' module param to DISK_MAX_PARTS 
The 'max_part' parameter controls the number of maximum partition
a loop block device can have. However if a user specifies very
large value it would exceed the limitation of device minor number
and can cause a kernel panic (or, at least, produce invalid
device nodes in some cases).

On my desktop system, following command kills the kernel. On qemu,
it triggers similar oops but the kernel was alive:

$ sudo modprobe loop max_part0000
 ------------[ cut here ]------------
 kernel BUG at /media/Linux_Data/project/linux/fs/sysfs/group.c:65!
 invalid opcode: 0000 [#1] SMP
 last sysfs file:
 CPU 0
 Modules linked in: loop(+)

 Pid: 43, comm: insmod Tainted: G        W   2.6.39-qemu+ #155 Bochs Bochs
 RIP: 0010:[<ffffffff8113ce61>]  [<ffffffff8113ce61>] internal_create_group=
+0x2a/0x170
 RSP: 0018:ffff880007b3fde8  EFLAGS: 00000246
 RAX: 00000000ffffffef RBX: ffff880007b3d878 RCX: 00000000000007b4
 RDX: ffffffff8152da50 RSI: 0000000000000000 RDI: ffff880007b3d878
 RBP: ffff880007b3fe38 R08: ffff880007b3fde8 R09: 0000000000000000
 R10: ffff88000783b4a8 R11: ffff880007b3d878 R12: ffffffff8152da50
 R13: ffff880007b3d868 R14: 0000000000000000 R15: ffff880007b3d800
 FS:  0000000002137880(0063) GS:ffff880007c00000(0000) knlGS:00000000000000=
00
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: 0000000000422680 CR3: 0000000007b50000 CR4: 00000000000006b0
 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
 DR3: 0000000000000000 DR6: 0000000000000000 DR7: 0000000000000000
 Process insmod (pid: 43, threadinfo ffff880007b3e000, task ffff880007afb9c=
0)
 Stack:
  ffff880007b3fe58 ffffffff811e66dd ffff880007b3fe58 ffffffff811e570b
  0000000000000010 ffff880007b3d800 ffff880007a7b390 ffff880007b3d868
  0000000000400920 ffff880007b3d800 ffff880007b3fe48 ffffffff8113cfc8
 Call Trace:
  [<ffffffff811e66dd>] ? device_add+0x4bc/0x5af
  [<ffffffff811e570b>] ? dev_set_name+0x3c/0x3e
  [<ffffffff8113cfc8>] sysfs_create_group+0xe/0x12
  [<ffffffff810b420e>] blk_trace_init_sysfs+0x14/0x16
  [<ffffffff8116a090>] blk_register_queue+0x47/0xf7
  [<ffffffff8116f527>] add_disk+0xdf/0x290
  [<ffffffffa00060eb>] loop_init+0xeb/0x1b8 [loop]
  [<ffffffffa0006000>] ? 0xffffffffa0005fff
  [<ffffffff8100020a>] do_one_initcall+0x7a/0x12e
  [<ffffffff81096804>] sys_init_module+0x9c/0x1e0
  [<ffffffff813329bb>] system_call_fastpath+0x16/0x1b
 Code: c3 55 48 89 e5 41 57 41 56 41 89 f6 41 55 41 54 49 89 d4 53 48 89 fb=
 48 83 ec 28 48 85 ff 74 0b 85 f6 75 0b 48 83 7f 30 00 75 14 <0f> 0b eb fe =
48 83 7f 30 00 b9 ea ff ff ff 0f 84 18 01 00 00 49
 RIP  [<ffffffff8113ce61>] internal_create_group+0x2a/0x170
  RSP <ffff880007b3fde8>
 ---[ end trace a123eb592043acad ]---

Signed-off-by: Namhyung Kim <namhyung@gmail.com>
Cc: Laurent Vivier <Laurent.Vivier@bull.net>
Cc: stable@kernel.org
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
2011-05-24 16:48:54 +02:00
..
aoe drivers/block/aoe/Makefile: replace the use of <module>-objs with <module>-y 2011-01-19 08:25:02 -07:00
drbd drbd: fix warning 2011-05-24 10:38:33 +02:00
paride block: don't block events on excl write for non-optical devices 2011-04-21 20:54:46 +02:00
xen-blkback xen/blkback: don't fail empty barrier requests 2011-05-18 11:28:16 -04:00
amiflop.c Merge branch 'for-2.6.39/core' of git://git.kernel.dk/linux-2.6-block 2011-03-24 10:16:26 -07:00
ataflop.c floppy,{ami|ata}flop: Convert to bdops->check_events() 2011-03-09 19:54:27 +01:00
brd.c Merge branch 'for-2.6.37/barrier' of git://git.kernel.dk/linux-2.6-block 2010-10-22 17:07:18 -07:00
cciss_cmd.h cciss: use new doorbell-bit-5 reset method 2011-05-06 08:23:55 -06:00
cciss_scsi.c cciss: add cciss_tape_cmds module paramter 2011-05-06 08:23:59 -06:00
cciss_scsi.h cciss: add cciss_tape_cmds module paramter 2011-05-06 08:23:59 -06:00
cciss.c cciss: fix compile issue 2011-05-06 08:27:00 -06:00
cciss.h cciss: increase timeouts for post-reset no-ops 2011-05-06 08:23:54 -06:00
cpqarray.c block: remove per-queue plugging 2011-03-10 08:52:07 +01:00
cpqarray.h
cryptoloop.c drivers: Remove unnecessary inclusions of asm/semaphore.h 2008-04-18 22:16:32 -04:00
DAC960.c Fix common misspellings 2011-03-31 11:26:23 -03:00
DAC960.h Fix DAC960 driver on machines which don't support 64-bit DMA 2007-09-11 17:21:19 -07:00
floppy.c Merge branch 'for-2.6.39/stack-plug' into for-2.6.39/core 2011-03-10 08:58:35 +01:00
hd.c Fix common misspellings 2011-03-31 11:26:23 -03:00
ida_cmd.h
ida_ioctl.h
Kconfig xen/blkback: Flesh out the description in the Kconfig. 2011-05-12 17:55:40 -04:00
loop.c loop: limit 'max_part' module param to DISK_MAX_PARTS 2011-05-24 16:48:54 +02:00
Makefile xen/blkback: Move it from drivers/xen to drivers/block 2011-04-18 14:30:26 -04:00
mg_disk.c block: switch s390 tape_block and mg_disk to elevator_change() 2010-08-23 14:02:44 +02:00
nbd.c nbd: remove module-level ioctl mutex 2011-02-11 16:12:20 -08:00
osdblk.c block: remove spurious uses of REQ_HARDBARRIER 2010-09-10 12:35:36 +02:00
pktcdvd.c Merge branch 'for-2.6.39/stack-plug' into for-2.6.39/core 2011-03-10 08:58:35 +01:00
ps3disk.c Merge branch 'for-2.6.37/barrier' of git://git.kernel.dk/linux-2.6-block 2010-10-22 17:07:18 -07:00
ps3vram.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
rbd_types.h rbd: introduce rados block device (rbd), based on libceph 2010-10-20 15:38:13 -07:00
rbd.c rbd: use watch/notify for changes in rbd header 2011-03-22 11:33:56 -07:00
smart1,2.h fix typos 'comamnd' -> 'command' in comments 2011-02-02 11:31:21 +01:00
sunvdc.c block: Consolidate phys_segment and hw_segment limits 2010-02-26 13:58:08 +01:00
swim3.c swim[3]: Convert to bdops->check_events() 2011-03-09 19:54:28 +01:00
swim_asm.S m68k: mac - Add SWIM floppy support 2009-03-26 21:15:27 +01:00
swim.c swim[3]: Convert to bdops->check_events() 2011-03-09 19:54:28 +01:00
sx8.c block: Consolidate phys_segment and hw_segment limits 2010-02-26 13:58:08 +01:00
ub.c ub: Convert to bdops->check_events() 2011-03-09 19:54:28 +01:00
umem.c Merge branch 'for-2.6.39/stack-plug' into for-2.6.39/core 2011-03-10 08:58:35 +01:00
umem.h drivers/block/umem: trim trailing whitespace 2007-10-10 09:25:59 +02:00
viodasd.c Fix common misspellings 2011-03-31 11:26:23 -03:00
virtio_blk.c Merge branch 'for-2.6.37/barrier' of git://git.kernel.dk/linux-2.6-block 2010-10-22 17:07:18 -07:00
xd.c block: autoconvert trivial BKL users to private mutex 2010-10-05 15:01:10 +02:00
xd.h [PATCH] switch xd 2008-10-21 07:48:11 -04:00
xen-blkfront.c xen-blkfront: Introduce BLKIF_OP_FLUSH_DISKCACHE support. 2011-05-12 08:56:03 -04:00
xsysace.c Fix common misspellings 2011-03-31 11:26:23 -03:00
z2ram.c drivers/block/z2ram.c: correct printing of sector_t 2010-10-28 06:15:26 -06:00