diff options
author | Eric Dumazet | 2005-08-02 06:11:43 +0200 |
---|---|---|
committer | Linus Torvalds | 2005-08-02 06:38:00 +0200 |
commit | ba17101b41977f124948e0a7797fdcbb59e19f3e (patch) | |
tree | 0d5e8b860e1294e4e38576624e1909075cb84ea6 /mm | |
parent | [PATCH] x86_64: access of some bad address (diff) | |
download | kernel-qcow2-linux-ba17101b41977f124948e0a7797fdcbb59e19f3e.tar.gz kernel-qcow2-linux-ba17101b41977f124948e0a7797fdcbb59e19f3e.tar.xz kernel-qcow2-linux-ba17101b41977f124948e0a7797fdcbb59e19f3e.zip |
[PATCH] sys_set_mempolicy() doesnt check if mode < 0
A kernel BUG() is triggered by a call to set_mempolicy() with a negative
first argument. This is because the mode is declared as an int, and the
validity check doesnt check < 0 values. Alternatively, mode could be
declared as unsigned int or unsigned long.
Signed-off-by: Eric Dumazet <dada1@cosmosbay.com>
Cc: Andi Kleen <ak@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'mm')
-rw-r--r-- | mm/mempolicy.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/mm/mempolicy.c b/mm/mempolicy.c index 1694845526be..b4eababc8198 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -443,7 +443,7 @@ asmlinkage long sys_set_mempolicy(int mode, unsigned long __user *nmask, struct mempolicy *new; DECLARE_BITMAP(nodes, MAX_NUMNODES); - if (mode > MPOL_MAX) + if (mode < 0 || mode > MPOL_MAX) return -EINVAL; err = get_nodes(nodes, nmask, maxnode, mode); if (err) |