rbd: prevent kernel stack blow up on rbd map
authorIlya Dryomov <idryomov@gmail.com>
Sun, 11 Oct 2015 17:38:00 +0000 (19:38 +0200)
committerIlya Dryomov <idryomov@gmail.com>
Fri, 23 Oct 2015 16:37:24 +0000 (18:37 +0200)
commit6d69bb536bac0d403d83db1ca841444981b280cd
tree1821420a26561ecad40a7d01b10d02a2993ce065
parent1f2c6651f69c14d0d3a9cfbda44ea101b02160ba
rbd: prevent kernel stack blow up on rbd map

Mapping an image with a long parent chain (e.g. image foo, whose parent
is bar, whose parent is baz, etc) currently leads to a kernel stack
overflow, due to the following recursion in the reply path:

  rbd_osd_req_callback()
    rbd_obj_request_complete()
      rbd_img_obj_callback()
        rbd_img_parent_read_callback()
          rbd_obj_request_complete()
            ...

Limit the parent chain to 16 images, which is ~5K worth of stack.  When
the above recursion is eliminated, this limit can be lifted.

Fixes: http://tracker.ceph.com/issues/12538
Cc: stable@vger.kernel.org # 3.10+, needs backporting for < 4.2
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Josh Durgin <jdurgin@redhat.com>
drivers/block/rbd.c