[patch 1/8] [PATCH] sys_set_mempolicy() doesnt check if mode < 0

From: Chris Wright (chrisw_at_osdl.org)
Date: 08/12/05

  • Next message: Chris Wright: "[patch 6/8] CAN-2005-2098 Error during attempt to join key management session can leave semaphore pinned" 
    Date:	Thu, 11 Aug 2005 15:54:46 -0700
To: linux-kernel@vger.kernel.org, stable@kernel.org

    -stable review patch. If anyone has any objections, please let us know.
    ------------------

    A kernel BUG() is triggered by a call to set_mempolicy() with a negative
    first argument. This is because the mode is declared as an int, and the
    validity check doesnt check < 0 values. Alternatively, mode could be
    declared as unsigned int or unsigned long.

    Signed-off-by: Eric Dumazet <dada1@cosmosbay.com>
    Cc: Andi Kleen <ak@suse.de>
    Signed-off-by: Andrew Morton <akpm@osdl.org>
    Signed-off-by: Linus Torvalds <torvalds@osdl.org>
    Signed-off-by: Chris Wright <chrisw@osdl.org> 

    ---
 mm/mempolicy.c |    2 +-
 1 files changed, 1 insertion(+), 1 deletion(-)
Index: linux-2.6.12.y/mm/mempolicy.c
===================================================================
--- linux-2.6.12.y.orig/mm/mempolicy.c
+++ linux-2.6.12.y/mm/mempolicy.c
@@ -409,7 +409,7 @@ asmlinkage long sys_set_mempolicy(int mo
 	struct mempolicy *new;
 	DECLARE_BITMAP(nodes, MAX_NUMNODES);
 
-	if (mode > MPOL_MAX)
+	if (mode < 0 || mode > MPOL_MAX)
 		return -EINVAL;
 	err = get_nodes(nodes, nmask, maxnode, mode);
 	if (err)
--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/
  • Next message: Chris Wright: "[patch 6/8] CAN-2005-2098 Error during attempt to join key management session can leave semaphore pinned"

    Relevant Pages