On 10/3/23 11:07 AM, Mike Christie wrote:
> On 10/3/23 10:36 AM, Ming Lei wrote:
>> On Sun, Oct 01, 2023 at 01:54:47PM -0500, Mike Christie wrote:
>>> The dev_id/ub_number is used for the ublk dev's char device's minor
>>> number so it has to fit into MINORMASK. This patch adds checks to prevent
>>> userspace from passing a number that's too large and limits what can be
>>> allocated by the ublk_index_idr for the case where userspace has the
>>> kernel allocate the dev_id/ub_number.
>>>
>>> Signed-off-by: Mike Christie <michael.christie@xxxxxxxxxx>
>>> ---
>>> drivers/block/ublk_drv.c | 10 +++++++++-
>>> 1 file changed, 9 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/drivers/block/ublk_drv.c b/drivers/block/ublk_drv.c
>>> index 630ddfe6657b..18e352f8cd6d 100644
>>> --- a/drivers/block/ublk_drv.c
>>> +++ b/drivers/block/ublk_drv.c
>>> @@ -470,6 +470,7 @@ static DEFINE_MUTEX(ublk_ctl_mutex);
>>> * It can be extended to one per-user limit in future or even controlled
>>> * by cgroup.
>>> */
>>> +#define UBLK_MAX_UBLKS (UBLK_MINORS - 1)
>>> static unsigned int ublks_max = 64;
>>> static unsigned int ublks_added; /* protected by ublk_ctl_mutex */
>>>
>>> @@ -2026,7 +2027,8 @@ static int ublk_alloc_dev_number(struct ublk_device *ub, int idx)
>>> if (err == -ENOSPC)
>>> err = -EEXIST;
>>> } else {
>>> - err = idr_alloc(&ublk_index_idr, ub, 0, 0, GFP_NOWAIT);
>>> + err = idr_alloc(&ublk_index_idr, ub, 0, UBLK_MAX_UBLKS,
>> 'end' parameter of idr_alloc() is exclusive, so I think UBLK_MAX_UBLKS should
>> be defined as UBLK_MINORS?
> We can use UBLK_MINORS. I just used UBLK_MAX_UBLKS because it was only
> a difference of one device and I thought using UBLK_MAX_UBLKS in the
> all the checks was more consistent.
>
Ignore this. I misread your comment. Will define UBLK_MAX_UBLKS as UBLK_MINORS.
