diff options
author | Andi Kleen <ak@suse.de> | 2006-01-03 00:07:28 +0100 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-01-03 02:01:42 +0100 |
commit | 8f493d797bc1fe470377adc9d8775845427e240e (patch) | |
tree | 08f4555a0064185152a51ed707e9571dbeedddc7 | |
parent | [PATCH] Avoid namespace pollution in <asm/param.h> (diff) | |
download | linux-8f493d797bc1fe470377adc9d8775845427e240e.tar.xz linux-8f493d797bc1fe470377adc9d8775845427e240e.zip |
[PATCH] Make sure interleave masks have at least one node set
Otherwise a bad mem policy system call can confuse the interleaving
code into referencing undefined nodes.
Originally reported by Doug Chapman
I was told it's CVE-2005-3358
(one has to love these security people - they make everything sound important)
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r-- | mm/mempolicy.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/mm/mempolicy.c b/mm/mempolicy.c index bec88c81244e..72f402cc9c9a 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -161,6 +161,10 @@ static struct mempolicy *mpol_new(int mode, nodemask_t *nodes) switch (mode) { case MPOL_INTERLEAVE: policy->v.nodes = *nodes; + if (nodes_weight(*nodes) == 0) { + kmem_cache_free(policy_cache, policy); + return ERR_PTR(-EINVAL); + } break; case MPOL_PREFERRED: policy->v.preferred_node = first_node(*nodes); |