Commit 6f59e648 authored by Andrey Ryabinin's avatar Andrey Ryabinin Committed by Sasha Levin

mm, hugetlb: remove unnecessary lower bound on sysctl handlers"?

commit 3cd7645d upstream.

Commit ed4d4902 ("mm, hugetlb: remove hugetlb_zero and
hugetlb_infinity") replaced 'unsigned long hugetlb_zero' with 'int zero'
leading to out-of-bounds access in proc_doulongvec_minmax().  Use
'.extra1 = NULL' instead of '.extra1 = &zero'.  Passing NULL is
equivalent to passing minimal value, which is 0 for unsigned types.

Fixes: ed4d4902 ("mm, hugetlb: remove hugetlb_zero and hugetlb_infinity")
Signed-off-by: default avatarAndrey Ryabinin <a.ryabinin@samsung.com>
Reported-by: default avatarDmitry Vyukov <dvyukov@google.com>
Suggested-by: default avatarManfred Spraul <manfred@colorfullife.com>
Acked-by: default avatarDavid Rientjes <rientjes@google.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
parent ac369918
...@@ -1232,7 +1232,6 @@ static struct ctl_table vm_table[] = { ...@@ -1232,7 +1232,6 @@ static struct ctl_table vm_table[] = {
.maxlen = sizeof(unsigned long), .maxlen = sizeof(unsigned long),
.mode = 0644, .mode = 0644,
.proc_handler = hugetlb_sysctl_handler, .proc_handler = hugetlb_sysctl_handler,
.extra1 = &zero,
}, },
#ifdef CONFIG_NUMA #ifdef CONFIG_NUMA
{ {
...@@ -1241,7 +1240,6 @@ static struct ctl_table vm_table[] = { ...@@ -1241,7 +1240,6 @@ static struct ctl_table vm_table[] = {
.maxlen = sizeof(unsigned long), .maxlen = sizeof(unsigned long),
.mode = 0644, .mode = 0644,
.proc_handler = &hugetlb_mempolicy_sysctl_handler, .proc_handler = &hugetlb_mempolicy_sysctl_handler,
.extra1 = &zero,
}, },
#endif #endif
{ {
...@@ -1264,7 +1262,6 @@ static struct ctl_table vm_table[] = { ...@@ -1264,7 +1262,6 @@ static struct ctl_table vm_table[] = {
.maxlen = sizeof(unsigned long), .maxlen = sizeof(unsigned long),
.mode = 0644, .mode = 0644,
.proc_handler = hugetlb_overcommit_handler, .proc_handler = hugetlb_overcommit_handler,
.extra1 = &zero,
}, },
#endif #endif
{ {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment