On Tue, Aug 02, 2005 at 12:07:23AM +0200, Eric Dumazet wrote:
> MM, NUMA : sys_set_mempolicy() doesnt check if mode < 0
>
> A kernel BUG() is triggered by a call to set_mempolicy() with a negative
> first argument.
> This is because the mode is declared as an int, and the validity check
> doesnt check < 0 values.
> Alternatively, mode could be declared as unsigned int or unsigned long.
Thanks looks good. Andrew, can you apply that one?
-Andi
>
> Thank you
> Eric
> ---------------------------------
> Test program for x86_64:
> ---------------------------------
> #include <unistd.h>
> #include <stdio.h>
> #include <errno.h>
> #include <linux/unistd.h>
>
> #define __NR_set_mempolicy 238
> #define __sys_set_mempolicy(mode, nmask, maxnode) _syscall3(int,
> set_mempolicy, int, mode, unsigned long *, nmask, unsigned long, maxnode)
> static __sys_set_mempolicy(mode, nmask, maxnode)
>
> unsigned long nodes = 3;
>
> int main()
> {
> int ret = set_mempolicy(-6, &nodes, 2);
> printf("result=%d errno=%d\n", ret, errno);
> return 0;
> }
>
>
> Signed-off-by: Eric Dumazet <[EMAIL PROTECTED]>
>
> --- linux-2.6.13-rc4/mm/mempolicy.c 2005-07-29 00:44:44.000000000 +0200
> +++ linux-2.6.13-rc4-ed/mm/mempolicy.c 2005-08-01 23:52:43.000000000
> +0200
> @@ -443,7 +443,7 @@
> struct mempolicy *new;
> DECLARE_BITMAP(nodes, MAX_NUMNODES);
>
> - if (mode > MPOL_MAX)
> + if ((unsigned int)mode > MPOL_MAX)
> return -EINVAL;
> err = get_nodes(nodes, nmask, maxnode, mode);
> if (err)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
