lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 18 Jul 2017 08:39:24 -0500 From: Luis Felipe Sandoval Castro <luis.felipe.sandoval.castro@...el.com> To: linux-mm@...ck.org, linux-kernel@...r.kernel.org Cc: Luis Felipe Sandoval Castro <luis.felipe.sandoval.castro@...el.com> Subject: [PATCH v1] mm/mempolicy.c: Fix get_nodes() off-by-one error. set_mempolicy() and mbind() take as argument a pointer to a bit mask (nodemask) and the number of bits in the mask the kernel will use (maxnode), among others. For instace on a system with 2 NUMA nodes valid masks are: 0b00, 0b01, 0b10 and 0b11 it's clear maxnode=2, however an off-by-one error in get_nodes() the function that copies the node mask from user space requires users to pass maxnode = 3 in this example and maxnode = actual_maxnode + 1 in the general case. This patch fixes such error. Signed-off-by: Luis Felipe Sandoval Castro <luis.felipe.sandoval.castro@...el.com> --- mm/mempolicy.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/mm/mempolicy.c b/mm/mempolicy.c index d911fa5..5274e9d2 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -1208,11 +1208,10 @@ static int get_nodes(nodemask_t *nodes, const unsigned long __user *nmask, unsigned long nlongs; unsigned long endmask; - --maxnode; nodes_clear(*nodes); - if (maxnode == 0 || !nmask) + if (maxnode == 1 || !nmask) return 0; - if (maxnode > PAGE_SIZE*BITS_PER_BYTE) + if (maxnode - 1 > PAGE_SIZE * BITS_PER_BYTE) return -EINVAL; nlongs = BITS_TO_LONGS(maxnode); -- 1.8.3.1
Powered by blists - more mailing lists