lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 15 Aug 2022 20:01:42 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-kernel@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, stable@...r.kernel.org, Tianyu Li <tianyu.li@....com>, Arnd Bergmann <arnd@...db.de>, Mark Rutland <mark.rutland@....com>, Andrew Morton <akpm@...ux-foundation.org>, Sasha Levin <sashal@...nel.org> Subject: [PATCH 5.15 458/779] mm/mempolicy: fix get_nodes out of bound access From: Tianyu Li <tianyu.li@....com> [ Upstream commit 000eca5d044d1ee23b4ca311793cf3fc528da6c6 ] When user specified more nodes than supported, get_nodes will access nmask array out of bounds. Link: https://lkml.kernel.org/r/20220601093211.2970565-1-tianyu.li@arm.com Fixes: e130242dc351 ("mm: simplify compat numa syscalls") Signed-off-by: Tianyu Li <tianyu.li@....com> Cc: Arnd Bergmann <arnd@...db.de> Cc: Mark Rutland <mark.rutland@....com> Signed-off-by: Andrew Morton <akpm@...ux-foundation.org> Signed-off-by: Sasha Levin <sashal@...nel.org> --- mm/mempolicy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/mempolicy.c b/mm/mempolicy.c index 9db0158155e1..4472be6f123d 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -1389,7 +1389,7 @@ static int get_nodes(nodemask_t *nodes, const unsigned long __user *nmask, unsigned long bits = min_t(unsigned long, maxnode, BITS_PER_LONG); unsigned long t; - if (get_bitmap(&t, &nmask[maxnode / BITS_PER_LONG], bits)) + if (get_bitmap(&t, &nmask[(maxnode - 1) / BITS_PER_LONG], bits)) return -EFAULT; if (maxnode - bits >= MAX_NUMNODES) { -- 2.35.1
Powered by blists - more mailing lists