The maxnode used by mbind(), set_mempolicy() and migrate_pages() is not correctly handled in get_nodes(), where --maxnode cause the calculation endmask = (1UL << (maxnode % BITS_PER_LONG)) - 1; ignores the highest node ID bit. Then, at nodes_addr(*nodes)[nlongs-1] &= endmask; the highest node ID bit is cleared. Finally, cause mpol_new() think user does not pass in any node ID, and return EINVAL. The results are: - Application receives EINVAL when only the highest node ID bit is set. - Application recevies no error when other bits set together with the highest node ID bit, but that highest ID is ignored. Cc: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> Cc: Michal Hocko <mhocko@xxxxxxxx> Cc: Vlastimil Babka <vbabka@xxxxxxx> Cc: Hugh Dickins <hughd@xxxxxxxxxx> Signed-off-by: Li Xinhai <lixinhai.lxh@xxxxxxxxx> --- mm/mempolicy.c | 1 - 1 file changed, 1 deletion(-) diff --git a/mm/mempolicy.c b/mm/mempolicy.c index 4ae967b..2bdc365 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -1328,7 +1328,6 @@ static int get_nodes(nodemask_t *nodes, const unsigned long __user *nmask, unsigned long nlongs; unsigned long endmask; - --maxnode; nodes_clear(*nodes); if (maxnode == 0 || !nmask) return 0; -- 1.8.3.1
