From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 7 Apr 2020 14:56:14 +0000 (+0200)
Subject: 5.5-stable patches
X-Git-Tag: v5.4.31~3
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b665fc506d91da76475035784208f279448ec654;p=thirdparty%2Fkernel%2Fstable-queue.git

5.5-stable patches

added patches:
	mm-mempolicy-require-at-least-one-nodeid-for-mpol_preferred.patch
---

diff --git a/queue-5.5/mm-mempolicy-require-at-least-one-nodeid-for-mpol_preferred.patch b/queue-5.5/mm-mempolicy-require-at-least-one-nodeid-for-mpol_preferred.patch
new file mode 100644
index 00000000000..a800e97d886
--- /dev/null
+++ b/queue-5.5/mm-mempolicy-require-at-least-one-nodeid-for-mpol_preferred.patch
@@ -0,0 +1,57 @@
+From aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd Mon Sep 17 00:00:00 2001
+From: Randy Dunlap <rdunlap@infradead.org>
+Date: Wed, 1 Apr 2020 21:10:58 -0700
+Subject: mm: mempolicy: require at least one nodeid for MPOL_PREFERRED
+
+From: Randy Dunlap <rdunlap@infradead.org>
+
+commit aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd upstream.
+
+Using an empty (malformed) nodelist that is not caught during mount option
+parsing leads to a stack-out-of-bounds access.
+
+The option string that was used was: "mpol=prefer:,".  However,
+MPOL_PREFERRED requires a single node number, which is not being provided
+here.
+
+Add a check that 'nodes' is not empty after parsing for MPOL_PREFERRED's
+nodeid.
+
+Fixes: 095f1fc4ebf3 ("mempolicy: rework shmem mpol parsing and display")
+Reported-by: Entropy Moe <3ntr0py1337@gmail.com>
+Reported-by: syzbot+b055b1a6b2b958707a21@syzkaller.appspotmail.com
+Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Tested-by: syzbot+b055b1a6b2b958707a21@syzkaller.appspotmail.com
+Cc: Lee Schermerhorn <lee.schermerhorn@hp.com>
+Link: http://lkml.kernel.org/r/89526377-7eb6-b662-e1d8-4430928abde9@infradead.org
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Guenter Roeck <linux@roeck-us.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ mm/mempolicy.c |    6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+--- a/mm/mempolicy.c
++++ b/mm/mempolicy.c
+@@ -2841,7 +2841,9 @@ int mpol_parse_str(char *str, struct mem
+ 	switch (mode) {
+ 	case MPOL_PREFERRED:
+ 		/*
+-		 * Insist on a nodelist of one node only
++		 * Insist on a nodelist of one node only, although later
++		 * we use first_node(nodes) to grab a single node, so here
++		 * nodelist (or nodes) cannot be empty.
+ 		 */
+ 		if (nodelist) {
+ 			char *rest = nodelist;
+@@ -2849,6 +2851,8 @@ int mpol_parse_str(char *str, struct mem
+ 				rest++;
+ 			if (*rest)
+ 				goto out;
++			if (nodes_empty(nodes))
++				goto out;
+ 		}
+ 		break;
+ 	case MPOL_INTERLEAVE:
diff --git a/queue-5.5/series b/queue-5.5/series
index 9e0518caff8..cb94eca8566 100644
--- a/queue-5.5/series
+++ b/queue-5.5/series
@@ -45,3 +45,4 @@ net-genetlink-return-the-error-code-when-attribute-parsing-fails.patch
 net-fix-tx-hash-bound-checking.patch
 net-smc-fix-cleanup-for-linkgroup-setup-failures.patch
 padata-always-acquire-cpu_hotplug_lock-before-pinst-lock.patch
+mm-mempolicy-require-at-least-one-nodeid-for-mpol_preferred.patch