nbd: add sanity check for first_minor

hulk inclusion
category: bugfix
bugzilla: 182920 https://gitee.com/openeuler/kernel/issues/I4DDEL

---------------------------

When user pass 0x100000 as index, nbd will end up create sysfs dir
"/sys/block/43:0":

nbd_dev_add
 disk->first_minor = index << part_shift
 -> default part_shift is 5, 0x100000 << 5 = 0x2000000
  device_add_disk
   blk_alloc_devt
    MKDEV(disk->major, disk->first_minor + part->partno)
    -> (0x2b << 20) | (0x2000000) = 0x2b00000
   register_disk
    device_add
     device_create_sys_dev_entry
      format_dev_t
       MAJOR(devt) -> 0x2b00000 >> 20 = 0x2b
       MINOR(devt) -> 0x2b00000 & 0xfffff = 0
      sysfs_create_link -> /sys/block/43:0

If nbd created device with index 0 aready, then sysfs will compalin
about dumplicated creation.

On the other hand, the similar dumplicated creation will happen if
"index << part_shift" over flow to a value that is less than MINORMASK.

Thus fix the problem by adding sanity check for first_minor.

Fixes: b0d9111a ("nbd: use an idr to keep track of nbd devices")
Signed-off-by: NYu Kuai <yukuai3@huawei.com>
Reviewed-by: NJason Yan <yanaijie@huawei.com>
Signed-off-by: NChen Jun <chenjun102@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

drivers/block/nbd.c

@@ -1821,7 +1821,18 @@ static int nbd_dev_add(int index)
 	refcount_set(&nbd->refs, 1);
 	INIT_LIST_HEAD(&nbd->list);
 	disk->major = NBD_MAJOR;
+
+	/*
+	 * Too big index can cause duplicate creation of sysfs files/links,
+	 * because MKDEV() expect that the max first minor is MINORMASK, or
+	 * index << part_shift can overflow.
+	 */
 	disk->first_minor = index << part_shift;
+	if (disk->first_minor < index || disk->first_minor > MINORMASK) {
+		err = -EINVAL;
+		goto out_free_tags;
+	}
+
 	disk->fops = &nbd_fops;
 	disk->private_data = nbd;
 	sprintf(disk->disk_name, "nbd%d", index);