dm: table detect io beyond device

This patch fixes a panic on shrinking a DM device if there is
outstanding I/O to the part of the device that is being removed.
(Normally this doesn't happen - a filesystem would be resized first,
for example.)

The bug is that __clone_and_map() assumes dm_table_find_target()
always returns a valid pointer.  It may fail if a bio arrives from the
block layer but its target sector is no longer included in the DM
btree.

This patch appends an empty entry to table->targets[] which will
be returned by a lookup beyond the end of the device.

After calling dm_table_find_target(), __clone_and_map() and target_message()
check for this condition using
dm_target_is_valid().

Sample test script to trigger oops:

1 files changed, 3 insertions, 7 deletions

diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c
index 138200bf5e0b..be730fdd4830 100644
--- a/drivers/md/dm-ioctl.c
+++ b/drivers/md/dm-ioctl.c
@@ -1250,21 +1250,17 @@ static int target_message(struct dm_ioctl *param, size_t param_size)
         if (!table)
                 goto out_argv;
 
-        if (tmsg->sector >= dm_table_get_size(table)) {
+        ti = dm_table_find_target(table, tmsg->sector);
+        if (!dm_target_is_valid(ti)) {
                 DMWARN("Target message sector outside device.");
                 r = -EINVAL;
-                goto out_table;
-        }
-
-        ti = dm_table_find_target(table, tmsg->sector);
-        if (ti->type->message)
+        } else if (ti->type->message)
                 r = ti->type->message(ti, argc, argv);
         else {
                 DMWARN("Target type does not support messages");
                 r = -EINVAL;
         }
 
- out_table:
         dm_table_put(table);
  out_argv:
         kfree(argv);