summaryrefslogtreecommitdiffstats
path: root/mm
diff options
context:
space:
mode:
authorEric Dumazet2005-08-02 06:11:43 +0200
committerLinus Torvalds2005-08-02 06:38:00 +0200
commitba17101b41977f124948e0a7797fdcbb59e19f3e (patch)
tree0d5e8b860e1294e4e38576624e1909075cb84ea6 /mm
parent[PATCH] x86_64: access of some bad address (diff)
downloadkernel-qcow2-linux-ba17101b41977f124948e0a7797fdcbb59e19f3e.tar.gz
kernel-qcow2-linux-ba17101b41977f124948e0a7797fdcbb59e19f3e.tar.xz
kernel-qcow2-linux-ba17101b41977f124948e0a7797fdcbb59e19f3e.zip
[PATCH] sys_set_mempolicy() doesnt check if mode < 0
A kernel BUG() is triggered by a call to set_mempolicy() with a negative first argument. This is because the mode is declared as an int, and the validity check doesnt check < 0 values. Alternatively, mode could be declared as unsigned int or unsigned long. Signed-off-by: Eric Dumazet <dada1@cosmosbay.com> Cc: Andi Kleen <ak@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'mm')
-rw-r--r--mm/mempolicy.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/mm/mempolicy.c b/mm/mempolicy.c
index 1694845526be..b4eababc8198 100644
--- a/mm/mempolicy.c
+++ b/mm/mempolicy.c
@@ -443,7 +443,7 @@ asmlinkage long sys_set_mempolicy(int mode, unsigned long __user *nmask,
struct mempolicy *new;
DECLARE_BITMAP(nodes, MAX_NUMNODES);
- if (mode > MPOL_MAX)
+ if (mode < 0 || mode > MPOL_MAX)
return -EINVAL;
err = get_nodes(nodes, nmask, maxnode, mode);
if (err)