Infinite recursion when creating devices

All of lore.kernel.org
 help / color / mirror / Atom feed

* Infinite recursion when creating devices
@ 2012-02-29 14:23 Hannes Reinecke
  2012-02-29 14:50 ` Alasdair G Kergon
  0 siblings, 1 reply; 2+ messages in thread
From: Hannes Reinecke @ 2012-02-29 14:23 UTC (permalink / raw)
  To: device-mapper development; +Cc: Alasdair G Kergon

Hi all,

I found a nice way of crashing the kernel:

dd if=/dev/zero of=/tmp/testdisk bs=512 count=4096
losetup /dev/loop1 /tmp/testdisk
echo '0 4096 linear /dev/loop1 0' | dmsetup create test1
echo '0 4096 linear /dev/dm-0 0' | dmsetup reload test1
dmsetup resume test1
-> Watch the system go up in flames.

The above case can be trivially fixed by eg:

diff --git a/fs/block_dev.c b/fs/block_dev.c
index 0e575d1..da46690 100644
--- a/fs/block_dev.c
+++ b/fs/block_dev.c
@@ -896,6 +896,12 @@ int bd_link_disk_holder(struct block_device
*bdev, struct g
endisk *disk)
        if (WARN_ON(!disk->slave_dir || !bdev->bd_part->holder_dir))
                goto out_unlock;

+       /* Prevent infinite loops */
+       if (bdev->bd_disk == disk) {
+               ret = -ELOOP;
+               goto out_unlock;
+       }
+
        holder = bd_find_holder_disk(bdev, disk);
        if (holder) {
                holder->refcnt++;

but obviously that doesn't cover the more 'interesting' cases
involving several devices, like

dd if=/dev/zero of=/tmp/testdisk bs=512 count=4096
losetup /dev/loop1 /tmp/testdisk
echo '0 4096 linear /dev/loop1 0' | dmsetup create test1
echo '0 4096 linear /dev/dm-0 0' | dmsetup create test2
echo '0 4096 linear /dev/dm-1 0' | dmsetup create test3
echo '0 4096 linear /dev/dm-2 0' | dmsetup reload test1
dmsetup resume test1

For these cases we probably don't have any better chance
then fixing things ex-post, eg proper loop detection in each and
every interaction.

Anyone a better idea?

Cheers,

Hannes
-- 
Dr. Hannes Reinecke		      zSeries & Storage
hare@suse.de			      +49 911 74053 688
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg
GF: J. Hawn, J. Guild, F. Imendörffer, HRB 16746 (AG Nürnberg)

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: Infinite recursion when creating devices
  2012-02-29 14:23 Infinite recursion when creating devices Hannes Reinecke
@ 2012-02-29 14:50 ` Alasdair G Kergon
  0 siblings, 0 replies; 2+ messages in thread
From: Alasdair G Kergon @ 2012-02-29 14:50 UTC (permalink / raw)
  To: Hannes Reinecke; +Cc: device-mapper development

You need sysadmin privileges to do this and I reckon that offers many
other ways of causing crashes too:)

It didn't seem worth attempting to prevent all device loops as it's not
a cheap thing to detect and not something likely to occur in practice. 

Nevertheless, some userspace tools do contain some checks to avoid some
cases like this already.

Alasdair

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2012-02-29 14:50 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-02-29 14:23 Infinite recursion when creating devices Hannes Reinecke
2012-02-29 14:50 ` Alasdair G Kergon

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.