On Wed, Jan 05, 2011 at 10:08:49AM -0700, Eric B Munson wrote:
> This patch is a candidate for stable.
>
> ==== CUT HERE ====
>
> When parsing changes to the huge page pool sizes made from userspace
> via the sysctl interface, bogus input values are being covered up
> by nr_hugepages_store_common and nr_overcommit_hugepages_store
> returning 0 when strict_strtoul returns an error.
Not just that, it can infinite loop so it's a fairly serious problem.
> This patch changes
> the return value for these functions to -EINVAL when strict_strtoul
> returns an error.
>
> Reported-by: CAI Qian <caiqian@xxxxxxxxxx>
>
> Signed-off-by: Eric B Munson <emunson@xxxxxxxxx>
Acked-by: Mel Gorman <mel@xxxxxxxxx>
> ---
> mm/hugetlb.c | 4 ++--
> 1 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/mm/hugetlb.c b/mm/hugetlb.c
> index 8585524..5cb71a9 100644
> --- a/mm/hugetlb.c
> +++ b/mm/hugetlb.c
> @@ -1440,7 +1440,7 @@ static ssize_t nr_hugepages_store_common(bool obey_mempolicy,
>
> err = strict_strtoul(buf, 10, &count);
> if (err)
> - return 0;
> + return -EINVAL;
>
> h = kobj_to_hstate(kobj, &nid);
> if (nid == NUMA_NO_NODE) {
> @@ -1519,7 +1519,7 @@ static ssize_t nr_overcommit_hugepages_store(struct kobject *kobj,
>
> err = strict_strtoul(buf, 10, &input);
> if (err)
> - return 0;
> + return -EINVAL;
>
> spin_lock(&hugetlb_lock);
> h->nr_overcommit_huge_pages = input;
--
Mel Gorman
Part-time Phd Student Linux Technology Center
University of Limerick IBM Dublin Software Lab
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxxx For more info on Linux MM,
see: http://www.linux-mm.org/ .
Fight unfair telecom policy in Canada: sign http://dissolvethecrtc.ca/
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>