From 99e1baf86ff6a31330ff0c7bb77110338f03ddc5 Mon Sep 17 00:00:00 2001
From: Chris Wright <chrisw@sous-sol.org>
Date: Fri, 17 Feb 2006 13:59:36 -0800
Subject: [PATCH] sys_mbind sanity checking

Make sure maxnodes is safe size before calculating nlongs in
get_nodes().

Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[chrisw: fix units, pointed out by Andi]
Cc: Andi Kleen <ak@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
 mm/mempolicy.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/mm/mempolicy.c b/mm/mempolicy.c
index 72f402cc9c9a..6e870ba707c7 100644
--- a/mm/mempolicy.c
+++ b/mm/mempolicy.c
@@ -524,6 +524,8 @@ static int get_nodes(nodemask_t *nodes, unsigned long __user *nmask,
 	nodes_clear(*nodes);
 	if (maxnode == 0 || !nmask)
 		return 0;
+	if (maxnode > PAGE_SIZE*BITS_PER_BYTE)
+		return -EINVAL;
 
 	nlongs = BITS_TO_LONGS(maxnode);
 	if ((maxnode % BITS_PER_LONG) == 0)
-- 
cgit v1.2.3