mm/page_frag: reject invalid CPUs in page_frag_test

The page_frag selftest module accepts test_push_cpu and test_pop_cpu as
signed module parameters, then validates them by passing them directly to
cpu_active().

That validation is itself unsafe for negative or out-of-range CPU numbers.
For example, test_push_cpu=-1 is converted to a very large unsigned CPU
number before cpu_active() reaches cpumask_test_cpu(), which trips the
cpumask range check with CONFIG_DEBUG_PER_CPU_MAPS enabled.

Reject CPU values outside [0, nr_cpu_ids) before asking whether the CPU is
active.

Assisted-by: Codex:gpt-5.5-cyber-preview
Link: https://lore.kernel.org/20260605184157.2490353-1-sam.moelius@trailofbits.com
Signed-off-by: Samuel Moelius <sam.moelius@trailofbits.com>
Cc: David Hildenbrand <david@kernel.org>
Cc: Liam R. Howlett <liam@infradead.org>
Cc: Lorenzo Stoakes <ljs@kernel.org>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Mike Rapoport <rppt@kernel.org>
Cc: Shuah Khan <shuah@kernel.org>
Cc: Suren Baghdasaryan <surenb@google.com>
Cc: Vlastimil Babka <vbabka@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

diff --git a/tools/testing/selftests/mm/page_frag/page_frag_test.c b/tools/testing/selftests/mm/page_frag/page_frag_test.c
index e806c1866e36661f8e9cdcfc2e7f8c40130f8c65..c8584d0fdeab02130f0e2c0662b0de9a27793040 100644 (file)
--- a/tools/testing/selftests/mm/page_frag/page_frag_test.c
+++ b/tools/testing/selftests/mm/page_frag/page_frag_test.c
@@ -131,6 +131,8 @@ static int __init page_frag_test_init(void)
        init_completion(&wait);
 
        if (test_alloc_len > PAGE_SIZE || test_alloc_len <= 0 ||
+           test_push_cpu < 0 || test_push_cpu >= nr_cpu_ids ||
+           test_pop_cpu < 0 || test_pop_cpu >= nr_cpu_ids ||
            !cpu_active(test_push_cpu) || !cpu_active(test_pop_cpu))
                return -EINVAL;