From: Andrey Ryabinin <a.ryabinin@samsung.com>
To: akpm@linux-foundation.org
Cc: Andrey Ryabinin <a.ryabinin@samsung.com>,
Dmitry Vyukov <dvyukov@google.com>,
Manfred Spraul <manfred@colorfullife.com>,
David Rientjes <rientjes@google.com>,
Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>,
Luiz Capitulino <lcapitulino@redhat.com>,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
"nadia.derbey@bull.net" <Nadia.Derbey@bull.net>,
aquini@redhat.com, Joe Perches <joe@perches.com>,
avagin@openvz.org, LKML <linux-kernel@vger.kernel.org>,
Kostya Serebryany <kcc@google.com>,
Dmitry Chernenkov <dmitryc@google.com>,
Andrey Konovalov <andreyknvl@google.com>,
Konstantin Khlebnikov <koct9i@gmail.com>,
kasan-dev <kasan-dev@googlegroups.com>,
Davidlohr Bueso <dave@stgolabs.net>,
linux-mm@kvack.org
Subject: [PATCH 1/2] hugetlb, sysctl: pass '.extra1 = NULL' rather then '.extra1 = &zero'
Date: Wed, 17 Dec 2014 17:30:49 +0300 [thread overview]
Message-ID: <1418826650-10145-1-git-send-email-a.ryabinin@samsung.com> (raw)
In-Reply-To: <548CA6B6.3060901@colorfullife.com>
Commit ed4d4902ebdd ("mm, hugetlb: remove hugetlb_zero and hugetlb_infinity") replaced
'unsigned long hugetlb_zero' with 'int zero' leading to out-of-bounds access
in proc_doulongvec_minmax().
Use '.extra1 = NULL' instead of '.extra1 = &zero'. Passing NULL is equivalent to
passing minimal value, which is 0 for unsigned types.
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Suggested-by: Manfred Spraul <manfred@colorfullife.com>
Fixes: ed4d4902ebdd ("mm, hugetlb: remove hugetlb_zero and hugetlb_infinity")
Signed-off-by: Andrey Ryabinin <a.ryabinin@samsung.com>
---
kernel/sysctl.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index 137c7f6..88ea2d6 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -1248,7 +1248,6 @@ static struct ctl_table vm_table[] = {
.maxlen = sizeof(unsigned long),
.mode = 0644,
.proc_handler = hugetlb_sysctl_handler,
- .extra1 = &zero,
},
#ifdef CONFIG_NUMA
{
@@ -1257,7 +1256,6 @@ static struct ctl_table vm_table[] = {
.maxlen = sizeof(unsigned long),
.mode = 0644,
.proc_handler = &hugetlb_mempolicy_sysctl_handler,
- .extra1 = &zero,
},
#endif
{
@@ -1280,7 +1278,6 @@ static struct ctl_table vm_table[] = {
.maxlen = sizeof(unsigned long),
.mode = 0644,
.proc_handler = hugetlb_overcommit_handler,
- .extra1 = &zero,
},
#endif
{
--
2.2.0
WARNING: multiple messages have this Message-ID (diff)
From: Andrey Ryabinin <a.ryabinin@samsung.com>
To: akpm@linux-foundation.org
Cc: Andrey Ryabinin <a.ryabinin@samsung.com>,
Dmitry Vyukov <dvyukov@google.com>,
Manfred Spraul <manfred@colorfullife.com>,
David Rientjes <rientjes@google.com>,
Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>,
Luiz Capitulino <lcapitulino@redhat.com>,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
"nadia.derbey@bull.net" <Nadia.Derbey@bull.net>,
aquini@redhat.com, Joe Perches <joe@perches.com>,
avagin@openvz.org, LKML <linux-kernel@vger.kernel.org>,
Kostya Serebryany <kcc@google.com>,
Dmitry Chernenkov <dmitryc@google.com>,
Andrey Konovalov <andreyknvl@google.com>,
Konstantin Khlebnikov <koct9i@gmail.com>,
kasan-dev <kasan-dev@googlegroups.com>,
Davidlohr Bueso <dave@stgolabs.net>,
linux-mm@kvack.org
Subject: [PATCH 1/2] hugetlb, sysctl: pass '.extra1 = NULL' rather then '.extra1 = &zero'
Date: Wed, 17 Dec 2014 17:30:49 +0300 [thread overview]
Message-ID: <1418826650-10145-1-git-send-email-a.ryabinin@samsung.com> (raw)
In-Reply-To: <548CA6B6.3060901@colorfullife.com>
Commit ed4d4902ebdd ("mm, hugetlb: remove hugetlb_zero and hugetlb_infinity") replaced
'unsigned long hugetlb_zero' with 'int zero' leading to out-of-bounds access
in proc_doulongvec_minmax().
Use '.extra1 = NULL' instead of '.extra1 = &zero'. Passing NULL is equivalent to
passing minimal value, which is 0 for unsigned types.
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Suggested-by: Manfred Spraul <manfred@colorfullife.com>
Fixes: ed4d4902ebdd ("mm, hugetlb: remove hugetlb_zero and hugetlb_infinity")
Signed-off-by: Andrey Ryabinin <a.ryabinin@samsung.com>
---
kernel/sysctl.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index 137c7f6..88ea2d6 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -1248,7 +1248,6 @@ static struct ctl_table vm_table[] = {
.maxlen = sizeof(unsigned long),
.mode = 0644,
.proc_handler = hugetlb_sysctl_handler,
- .extra1 = &zero,
},
#ifdef CONFIG_NUMA
{
@@ -1257,7 +1256,6 @@ static struct ctl_table vm_table[] = {
.maxlen = sizeof(unsigned long),
.mode = 0644,
.proc_handler = &hugetlb_mempolicy_sysctl_handler,
- .extra1 = &zero,
},
#endif
{
@@ -1280,7 +1278,6 @@ static struct ctl_table vm_table[] = {
.maxlen = sizeof(unsigned long),
.mode = 0644,
.proc_handler = hugetlb_overcommit_handler,
- .extra1 = &zero,
},
#endif
{
--
2.2.0
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2014-12-17 14:30 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-03 9:04 Out-of-bounds access in __do_proc_doulongvec_minmax Dmitry Vyukov
2014-12-03 12:39 ` Andrey Ryabinin
2014-12-03 12:41 ` [PATCH] kernel: sysctl: use 'unsigned long' type for 'zero' variable Andrey Ryabinin
2014-12-03 13:04 ` Rafael Aquini
2014-12-03 21:12 ` David Rientjes
2014-12-03 23:25 ` Andrew Morton
2014-12-04 0:19 ` Andrew Morton
2014-12-04 11:35 ` Andrey Ryabinin
2014-12-04 6:12 ` Manfred Spraul
2014-12-05 22:50 ` Andrew Morton
2014-12-13 20:51 ` Manfred Spraul
2014-12-15 6:41 ` Andrey Ryabinin
2014-12-17 14:30 ` Andrey Ryabinin [this message]
2014-12-17 14:30 ` [PATCH 1/2] hugetlb, sysctl: pass '.extra1 = NULL' rather then '.extra1 = &zero' Andrey Ryabinin
2014-12-17 14:30 ` [PATCH 2/2] mm: hugetlb: fix type of hugetlb_treat_as_movable variable Andrey Ryabinin
2014-12-17 14:30 ` Andrey Ryabinin
2014-12-18 0:39 ` David Rientjes
2014-12-18 0:39 ` David Rientjes
2014-12-18 0:38 ` [PATCH 1/2] hugetlb, sysctl: pass '.extra1 = NULL' rather then '.extra1 = &zero' David Rientjes
2014-12-18 0:38 ` David Rientjes
2014-12-03 13:27 ` Out-of-bounds access in __do_proc_doulongvec_minmax Dmitry Vyukov
2014-12-03 13:37 ` Andrey Ryabinin
2014-12-03 13:39 ` Dmitry Vyukov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1418826650-10145-1-git-send-email-a.ryabinin@samsung.com \
--to=a.ryabinin@samsung.com \
--cc=Nadia.Derbey@bull.net \
--cc=akpm@linux-foundation.org \
--cc=andreyknvl@google.com \
--cc=aquini@redhat.com \
--cc=avagin@openvz.org \
--cc=dave@stgolabs.net \
--cc=dmitryc@google.com \
--cc=dvyukov@google.com \
--cc=joe@perches.com \
--cc=kasan-dev@googlegroups.com \
--cc=kcc@google.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=koct9i@gmail.com \
--cc=lcapitulino@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=manfred@colorfullife.com \
--cc=n-horiguchi@ah.jp.nec.com \
--cc=rientjes@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.