From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2ABE1C433F5 for ; Wed, 1 Jun 2022 09:33:07 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id BF1F68D0002; Wed, 1 Jun 2022 05:33:06 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id B7C796B00A7; Wed, 1 Jun 2022 05:33:06 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A8DAA8D0002; Wed, 1 Jun 2022 05:33:06 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 98AD76B00A6 for ; Wed, 1 Jun 2022 05:33:06 -0400 (EDT) Received: from smtpin22.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 6E3462059C for ; Wed, 1 Jun 2022 09:33:06 +0000 (UTC) X-FDA: 79529153172.22.2A6F1B2 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by imf17.hostedemail.com (Postfix) with ESMTP id D83DD40066 for ; Wed, 1 Jun 2022 09:32:29 +0000 (UTC) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 5C1F223A; Wed, 1 Jun 2022 02:32:58 -0700 (PDT) Received: from net-x86-dell-8268.shanghai.arm.com (net-x86-dell-8268.shanghai.arm.com [10.169.210.133]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 3F2223F66F; Wed, 1 Jun 2022 02:32:56 -0700 (PDT) From: Tianyu Li To: Andrew Morton , Arnd Bergmann , linux-mm@kvack.org (open list:MEMORY MANAGEMENT), linux-kernel@vger.kernel.org (open list) Cc: nd@arm.com, Tianyu Li Subject: [PATCH] mm/mempolicy: fix get_nodes out of bound access Date: Wed, 1 Jun 2022 17:32:11 +0800 Message-Id: <20220601093211.2970565-1-tianyu.li@arm.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Stat-Signature: 5uctpwa3ejxoiiytnkh76quikfiizrbr Authentication-Results: imf17.hostedemail.com; dkim=none; dmarc=pass (policy=none) header.from=arm.com; spf=pass (imf17.hostedemail.com: domain of tianyu.li@arm.com designates 217.140.110.172 as permitted sender) smtp.mailfrom=tianyu.li@arm.com X-Rspam-User: X-Rspamd-Server: rspam11 X-Rspamd-Queue-Id: D83DD40066 X-HE-Tag: 1654075949-837548 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: When user specified more nodes than supported, get_nodes will access nmask array out of bound. Fixes: e130242dc351 ("mm: simplify compat numa syscalls") Signed-off-by: Tianyu Li --- mm/mempolicy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/mempolicy.c b/mm/mempolicy.c index 0b4ba3ee810e..9f27dc4b66ba 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -1388,7 +1388,7 @@ static int get_nodes(nodemask_t *nodes, const unsigned long __user *nmask, unsigned long bits = min_t(unsigned long, maxnode, BITS_PER_LONG); unsigned long t; - if (get_bitmap(&t, &nmask[maxnode / BITS_PER_LONG], bits)) + if (get_bitmap(&t, &nmask[(maxnode - 1) / BITS_PER_LONG], bits)) return -EFAULT; if (maxnode - bits >= MAX_NUMNODES) { -- 2.25.1