From: Andi Kleen <ak@muc.de>
To: akpm@osdl.org, linux-kernel@vger.kernel.org
Subject: [PATCH] Fix argument checking in sched_setaffinity
Date: Tue, 31 Aug 2004 16:30:50 +0200 [thread overview]
Message-ID: <m3zn4bidlx.fsf@averell.firstfloor.org> (raw)
This patch fixes the argument length checking in sched_setaffinity.
Previously it would error out when the length passed was
smaller than sizeof(cpumask_t). And any bits beyond cpumask_s
would be silently ignored.
First this assumes that the user application knows the size
of cpumask_t, which should be kernel internal. When you increase
cpumask_t old applications break and there is no good way
for the application to find out the cpumask_t size the kernel
uses.
This patch changes it to do similar checking to the NUMA API calls:
- Any length is ok as long as all online CPUs are covered
(this could still cause application breakage with more CPUs,
but there is no good way around it)
- When the user passes more than cpumask_t bytes the excess
bytes are checked to be zero.
diff -u linux-2.6.8-work/kernel/sched.c-AFFINITY linux-2.6.8-work/kernel/sched.c
--- linux-2.6.8-work/kernel/sched.c-AFFINITY 2004-08-05 04:31:11.000000000 +0200
+++ linux-2.6.8-work/kernel/sched.c 2004-08-31 15:36:38.000000000 +0200
@@ -2891,6 +2891,34 @@
return retval;
}
+static int get_user_cpu_mask(unsigned long __user *user_mask_ptr, unsigned len,
+ cpumask_t *new_mask)
+{
+ if (len < sizeof(cpumask_t)) {
+ /* Smaller is ok as long as all online CPUs are covered */
+ int i, max = 0;
+ for_each_online_cpu(i)
+ max = i;
+ if (len < (max + 7)/8)
+ return -EINVAL;
+ memset(new_mask, 0, sizeof(cpumask_t));
+ } else if (len > sizeof(cpumask_t)) {
+ /* Longer is ok as long as all high bits are 0 */
+ int i;
+ if (len > PAGE_SIZE)
+ return -EINVAL;
+ for (i = sizeof(cpumask_t); i < len; i++) {
+ unsigned char val;
+ if (get_user(val, (unsigned char *)user_mask_ptr + i))
+ return -EFAULT;
+ if (val)
+ return -EINVAL;
+ }
+ len = sizeof(cpumask_t);
+ }
+ return copy_from_user(new_mask, user_mask_ptr, len) ? -EFAULT : 0;
+}
+
/**
* sys_sched_setaffinity - set the cpu affinity of a process
* @pid: pid of the process
@@ -2903,12 +2931,10 @@
cpumask_t new_mask;
int retval;
task_t *p;
-
- if (len < sizeof(new_mask))
- return -EINVAL;
-
- if (copy_from_user(&new_mask, user_mask_ptr, sizeof(new_mask)))
- return -EFAULT;
+
+ retval = get_user_cpu_mask(user_mask_ptr, len, &new_mask);
+ if (retval)
+ return retval;
lock_cpu_hotplug();
read_lock(&tasklist_lock);
next reply other threads:[~2004-08-31 14:31 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-08-31 14:30 Andi Kleen [this message]
2004-09-01 1:36 ` [PATCH] Fix argument checking in sched_setaffinity Paul Jackson
2004-09-01 1:59 ` Anton Blanchard
2004-09-02 9:33 ` Paul Jackson
2004-09-04 13:40 ` Andi Kleen
2004-09-05 14:27 ` Anton Blanchard
2004-09-04 13:37 ` Andi Kleen
[not found] ` <20040904171417.67649169.pj@sgi.com>
2004-09-05 0:18 ` Linus Torvalds
2004-09-05 1:05 ` Paul Jackson
2004-09-05 1:38 ` Linus Torvalds
2004-09-05 3:48 ` Paul Jackson
2004-09-05 3:57 ` Linus Torvalds
2004-09-05 4:17 ` Paul Jackson
2004-09-05 4:52 ` Paul Jackson
2004-09-06 18:23 ` Andi Kleen
2004-09-06 18:48 ` Linus Torvalds
2004-09-06 21:11 ` Paul Jackson
2004-09-07 8:07 ` Andi Kleen
2004-09-06 13:16 ` Andi Kleen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m3zn4bidlx.fsf@averell.firstfloor.org \
--to=ak@muc.de \
--cc=akpm@osdl.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).