[PATCH 026/150] loopdev: remove an user triggerable oops

Luis Henriques luis.henriques at canonical.com
Tue Mar 26 15:18:45 UTC 2013 

3.5.7.9 -stable review patch.  If anyone has any objections, please let me know.

------------------

From: Guo Chao <yan at linux.vnet.ibm.com>

commit b1a6650406875b9097a032eed89af50682fe1160 upstream.

When loopdev is built as module and we pass an invalid parameter,
loop_init() will return directly without deregister misc device, which
will cause an oops when insert loop module next time because we left some
garbage in the misc device list.

Test case:
sudo modprobe loop max_part=1024
(failed due to invalid parameter)
sudo modprobe loop
(oops)

Clean up nicely to avoid such oops.

Signed-off-by: Guo Chao <yan at linux.vnet.ibm.com>
Cc: Alexander Viro <viro at zeniv.linux.org.uk>
Cc: Guo Chao <yan at linux.vnet.ibm.com>
Cc: M. Hindess <hindessm at uk.ibm.com>
Cc: Nikanth Karthikesan <knikanth at suse.de>
Cc: Jens Axboe <axboe at kernel.dk>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Jens Axboe <axboe at kernel.dk>
Signed-off-by: Luis Henriques <luis.henriques at canonical.com>
---
 drivers/block/loop.c | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/drivers/block/loop.c b/drivers/block/loop.c
index 11e702c..a77d9a5 100644
--- a/drivers/block/loop.c
+++ b/drivers/block/loop.c
@@ -1833,11 +1833,15 @@ static int __init loop_init(void)
 		max_part = (1UL << part_shift) - 1;
 	}
 
-	if ((1UL << part_shift) > DISK_MAX_PARTS)
-		return -EINVAL;
+	if ((1UL << part_shift) > DISK_MAX_PARTS) {
+		err = -EINVAL;
+		goto misc_out;
+	}
 
-	if (max_loop > 1UL << (MINORBITS - part_shift))
-		return -EINVAL;
+	if (max_loop > 1UL << (MINORBITS - part_shift)) {
+		err = -EINVAL;
+		goto misc_out;
+	}
 
 	/*
 	 * If max_loop is specified, create that many devices upfront.
@@ -1855,8 +1859,10 @@ static int __init loop_init(void)
 		range = 1UL << MINORBITS;
 	}
 
-	if (register_blkdev(LOOP_MAJOR, "loop"))
-		return -EIO;
+	if (register_blkdev(LOOP_MAJOR, "loop")) {
+		err = -EIO;
+		goto misc_out;
+	}
 
 	blk_register_region(MKDEV(LOOP_MAJOR, 0), range,
 				  THIS_MODULE, loop_probe, NULL, NULL);
@@ -1869,6 +1875,10 @@ static int __init loop_init(void)
 
 	printk(KERN_INFO "loop: module loaded\n");
 	return 0;
+
+misc_out:
+	misc_deregister(&loop_misc);
+	return err;
 }
 
 static int loop_exit_cb(int id, void *ptr, void *data)
-- 
1.8.1.2

More information about the kernel-team mailing list