On Wed, Jan 05, 2011 at 10:08:49AM -0700, Eric B Munson wrote:
> This patch is a candidate for stable.
>
> ==== CUT HERE ====
>
> When parsing changes to the huge page pool sizes made from userspace
> via the sysctl interface, bogus input values are being covered up
> by nr_hugepages_store_common and nr_overcommit_hugepages_store
> returning 0 when strict_strtoul returns an error.
Not just that, it can infinite loop so it's a fairly serious problem.
> This patch changes
> the return value for these functions to -EINVAL when strict_strtoul
> returns an error.
>
> Reported-by: CAI Qian <caiq...@redhat.com>
>
> Signed-off-by: Eric B Munson <emun...@mgebm.net>
Acked-by: Mel Gorman <m...@csn.ul.ie>
> ---
> mm/hugetlb.c | 4 ++--
> 1 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/mm/hugetlb.c b/mm/hugetlb.c
> index 8585524..5cb71a9 100644
> --- a/mm/hugetlb.c
> +++ b/mm/hugetlb.c
> @@ -1440,7 +1440,7 @@ static ssize_t nr_hugepages_store_common(bool
> obey_mempolicy,
>
> err = strict_strtoul(buf, 10, &count);
> if (err)
> - return 0;
> + return -EINVAL;
>
> h = kobj_to_hstate(kobj, &nid);
> if (nid == NUMA_NO_NODE) {
> @@ -1519,7 +1519,7 @@ static ssize_t nr_overcommit_hugepages_store(struct
> kobject *kobj,
>
> err = strict_strtoul(buf, 10, &input);
> if (err)
> - return 0;
> + return -EINVAL;
>
> spin_lock(&hugetlb_lock);
> h->nr_overcommit_huge_pages = input;
--
Mel Gorman
Part-time Phd Student Linux Technology Center
University of Limerick IBM Dublin Software Lab
_______________________________________________
stable mailing list
stable@linux.kernel.org
http://linux.kernel.org/mailman/listinfo/stable
