Commit e85c21ba authored May 25, 2024 by Ze Zuo

mm/mempolicy.c: fix the out-of-bounds access issue in mpol_parse_str

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I9S5SX


CVE: NA

------------------------------------------------------------------

commit 50afa875("mm: prepare to support weighted interleaving mempolicy")
kabi reservation for structures task_struct, vm_operations_struct, for
support of weighted L/R-based memory interleaving Allocation, the above
patch failed to add MPOL_WEIGHTED_INTERLEAVE to the policy_modes array,
resulting in out-of-bounds accesses when accessing the policy_modes array
in mpol_parse_str.

Fixes: 50afa875 ("mm: prepare to support weighted interleaving mempolicy")
Signed-off-by: Ze Zuo <zuoze1@huawei.com>

parent bc160a82

mm/mempolicy.c

+3 −1

Original line number	Diff line number	Diff line
		@@ -1477,7 +1477,8 @@ static inline int sanitize_mpol_flags(int mode, unsigned short flags)
		flags = mode & MPOL_MODE_FLAGS;
		*mode &= ~MPOL_MODE_FLAGS;

		if ((unsigned int)(*mode) >= MPOL_MAX)
		if ((unsigned int)(*mode) >= MPOL_MAX \|\|
		(unsigned int)(*mode) == MPOL_WEIGHTED_INTERLEAVE)
		return -EINVAL;
		if ((flags & MPOL_F_STATIC_NODES) && (flags & MPOL_F_RELATIVE_NODES))
		return -EINVAL;
		@@ -2989,6 +2990,7 @@ static const char * const policy_modes[] =
		[MPOL_PREFERRED] = "prefer",
		[MPOL_BIND] = "bind",
		[MPOL_INTERLEAVE] = "interleave",
		[MPOL_WEIGHTED_INTERLEAVE] = "weighted interleave",
		[MPOL_LOCAL] = "local",
		[MPOL_PREFERRED_MANY] = "prefer (many)",
		};