Commit 8e76741c authored by Corey Minyard's avatar Corey Minyard
Browse files

ipmi: Add a limit on the number of users that may use IPMI 



Each user uses memory, we need limits to avoid a rogue program from
running the system out of memory.

Based on work by Chen Guanqiao <chen.chenchacha@foxmail.com>

Cc: Chen Guanqiao <chen.chenchacha@foxmail.com>
Signed-off-by: default avatarCorey Minyard <cminyard@mvista.com>
parent a7391ad3

drivers/char/ipmi/ipmi_msghandler.c

+15 −0
Original line number Original line Diff line number Diff line
@@ -145,6 +145,12 @@ module_param(default_max_retries, uint, 0644); 
MODULE_PARM_DESC(default_max_retries,

MODULE_PARM_DESC(default_max_retries,

		 "The time (milliseconds) between retry sends in maintenance mode");

		 "The time (milliseconds) between retry sends in maintenance mode");





/* The default maximum number of users that may register. */

static unsigned int max_users = 30;

module_param(max_users, uint, 0644);

MODULE_PARM_DESC(max_users,

		 "The most users that may use the IPMI stack at one time.");



/* Call every ~1000 ms. */

/* Call every ~1000 ms. */

#define IPMI_TIMEOUT_TIME	1000

#define IPMI_TIMEOUT_TIME	1000
@@ -442,6 +448,7 @@ struct ipmi_smi { 
	 */

	 */

	struct list_head users;

	struct list_head users;

	struct srcu_struct users_srcu;

	struct srcu_struct users_srcu;

	atomic_t nr_users;





	/* Used for wake ups at startup. */

	/* Used for wake ups at startup. */

	wait_queue_head_t waitq;

	wait_queue_head_t waitq;
@@ -1230,6 +1237,11 @@ int ipmi_create_user(unsigned int if_num, 
	goto out_kfree;

	goto out_kfree;





 found:

 found:

	if (atomic_add_return(1, &intf->nr_users) > max_users) {

		rv = -EBUSY;

		goto out_kfree;

	}



	INIT_WORK(&new_user->remove_work, free_user_work);

	INIT_WORK(&new_user->remove_work, free_user_work);





	rv = init_srcu_struct(&new_user->release_barrier);

	rv = init_srcu_struct(&new_user->release_barrier);
@@ -1262,6 +1274,7 @@ int ipmi_create_user(unsigned int if_num, 
	return 0;

	return 0;





out_kfree:

out_kfree:

	atomic_dec(&intf->nr_users);

	srcu_read_unlock(&ipmi_interfaces_srcu, index);

	srcu_read_unlock(&ipmi_interfaces_srcu, index);

	vfree(new_user);

	vfree(new_user);

	return rv;

	return rv;
@@ -1336,6 +1349,7 @@ static void _ipmi_destroy_user(struct ipmi_user *user) 
	/* Remove the user from the interface's sequence table. */

	/* Remove the user from the interface's sequence table. */

	spin_lock_irqsave(&intf->seq_lock, flags);

	spin_lock_irqsave(&intf->seq_lock, flags);

	list_del_rcu(&user->link);

	list_del_rcu(&user->link);

	atomic_dec(&intf->nr_users);





	for (i = 0; i < IPMI_IPMB_NUM_SEQ; i++) {

	for (i = 0; i < IPMI_IPMB_NUM_SEQ; i++) {

		if (intf->seq_table[i].inuse

		if (intf->seq_table[i].inuse
@@ -3529,6 +3543,7 @@ int ipmi_add_smi(struct module *owner, 
	if (slave_addr != 0)

	if (slave_addr != 0)

		intf->addrinfo[0].address = slave_addr;

		intf->addrinfo[0].address = slave_addr;

	INIT_LIST_HEAD(&intf->users);

	INIT_LIST_HEAD(&intf->users);

	atomic_set(&intf->nr_users, 0);

	intf->handlers = handlers;

	intf->handlers = handlers;

	intf->send_info = send_info;

	intf->send_info = send_info;

	spin_lock_init(&intf->seq_lock);

	spin_lock_init(&intf->seq_lock);