bitmap_parselist("", &mask, nmaskbits) will erroneously set bit
zero in the mask. The same bug is visible in cpumask_parselist()
since it is layered on top of the bitmask code, e.g. if you boot with
"isolcpus=", you will actually end up with cpu zero isolated.
The bug was introduced in commit 4b060420a596 ("bitmap, irq: add
smp_affinity_list interface to /proc/irq") when bitmap_parselist()
was generalized to support userspace as well as kernelspace.
Signed-off-by: Chris Metcalf <cmetcalf@xxxxxxxxxx>
Cc: stable@xxxxxxxxxxxxxxx
---
lib/bitmap.c | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/lib/bitmap.c b/lib/bitmap.c
index d456f4c15a9f..c04448bf1271 100644
--- a/lib/bitmap.c
+++ b/lib/bitmap.c
@@ -536,12 +536,12 @@ static int __bitmap_parselist(const char *buf, unsigned int buflen,
unsigned a, b;
int c, old_c, totaldigits;
const char __user __force *ubuf = (const char __user __force *)buf;
- int exp_digit, in_range;
+ int at_start, in_range;
totaldigits = c = 0;
bitmap_zero(maskp, nmaskbits);
do {
- exp_digit = 1;
+ at_start = 1;
in_range = 0;
a = b = 0;
@@ -570,11 +570,10 @@ static int __bitmap_parselist(const char *buf, unsigned int buflen,
break;
if (c == '-') {
- if (exp_digit || in_range)
+ if (at_start || in_range)
return -EINVAL;
b = 0;
in_range = 1;
- exp_digit = 1;
continue;
}
@@ -584,16 +583,18 @@ static int __bitmap_parselist(const char *buf, unsigned int buflen,
b = b * 10 + (c - '0');
if (!in_range)
a = b;
- exp_digit = 0;
+ at_start = 0;
totaldigits++;
}
if (!(a <= b))
return -EINVAL;
if (b >= nmaskbits)
return -ERANGE;
- while (a <= b) {
- set_bit(a, maskp);
- a++;
+ if (!at_start) {
+ while (a <= b) {
+ set_bit(a, maskp);
+ a++;
+ }
}
} while (buflen && c == ',');
return 0;
--
2.1.2
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html