patches/old/mm-mempolicy-fix-get_nodes-out-of-bound-access.patch - pub/scm/linux/kernel/git/akpm/25-new - Git at Google

 From: Tianyu Li <tianyu.li@arm.com>
 Subject: mm/mempolicy: fix get_nodes out of bound access
 Date: Wed, 1 Jun 2022 17:32:11 +0800

 When user specified more nodes than supported, get_nodes will access nmask
 array out of bounds.

 Link: https://lkml.kernel.org/r/20220601093211.2970565-1-tianyu.li@arm.com
 Fixes: e130242dc351 ("mm: simplify compat numa syscalls")
 Signed-off-by: Tianyu Li <tianyu.li@arm.com>
 Cc: Arnd Bergmann <arnd@arndb.de>
 Cc: Mark Rutland <mark.rutland@arm.com>
 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
 ---

  mm/mempolicy.c |    2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

 --- a/mm/mempolicy.c~mm-mempolicy-fix-get_nodes-out-of-bound-access
 +++ a/mm/mempolicy.c
 @@ -1388,7 +1388,7 @@ static int get_nodes(nodemask_t *nodes,
  		unsigned long bits = min_t(unsigned long, maxnode, BITS_PER_LONG);
  		unsigned long t;

 -		if (get_bitmap(&t, &nmask[maxnode / BITS_PER_LONG], bits))
 +		if (get_bitmap(&t, &nmask[(maxnode - 1) / BITS_PER_LONG], bits))
  			return -EFAULT;

  		if (maxnode - bits >= MAX_NUMNODES) {
 _
	From: Tianyu Li <tianyu.li@arm.com>
	Subject: mm/mempolicy: fix get_nodes out of bound access
	Date: Wed, 1 Jun 2022 17:32:11 +0800

	When user specified more nodes than supported, get_nodes will access nmask
	array out of bounds.

	Link: https://lkml.kernel.org/r/20220601093211.2970565-1-tianyu.li@arm.com
	Fixes: e130242dc351 ("mm: simplify compat numa syscalls")
	Signed-off-by: Tianyu Li <tianyu.li@arm.com>
	Cc: Arnd Bergmann <arnd@arndb.de>
	Cc: Mark Rutland <mark.rutland@arm.com>
	Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
	---

	mm/mempolicy.c \| 2 +-
	1 file changed, 1 insertion(+), 1 deletion(-)

	--- a/mm/mempolicy.c~mm-mempolicy-fix-get_nodes-out-of-bound-access
	+++ a/mm/mempolicy.c
	@@ -1388,7 +1388,7 @@ static int get_nodes(nodemask_t *nodes,
	unsigned long bits = min_t(unsigned long, maxnode, BITS_PER_LONG);
	unsigned long t;

	- if (get_bitmap(&t, &nmask[maxnode / BITS_PER_LONG], bits))
	+ if (get_bitmap(&t, &nmask[(maxnode - 1) / BITS_PER_LONG], bits))
	return -EFAULT;

	if (maxnode - bits >= MAX_NUMNODES) {
	_