[PATCH 3.10 74/89] __bitmap_parselist: fix bug in empty string handling

stable.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	stable@vger.kernel.org, Chris Metcalf <cmetcalf@ezchip.com>,
	Rasmus Villemoes <linux@rasmusvillemoes.dk>,
	Andrew Morton <akpm@linux-foundation.org>,
	Linus Torvalds <torvalds@linux-foundation.org>
Subject: [PATCH 3.10 74/89] __bitmap_parselist: fix bug in empty string handling
Date: Fri, 31 Jul 2015 12:41:56 -0700	[thread overview]
Message-ID: <20150731194033.038006994@linuxfoundation.org> (raw)
In-Reply-To: <20150731194030.516335023@linuxfoundation.org>

3.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Chris Metcalf <cmetcalf@ezchip.com>

commit 2528a8b8f457d7432552d0e2b6f0f4046bb702f4 upstream.

bitmap_parselist("", &mask, nmaskbits) will erroneously set bit zero in
the mask.  The same bug is visible in cpumask_parselist() since it is
layered on top of the bitmask code, e.g.  if you boot with "isolcpus=",
you will actually end up with cpu zero isolated.

The bug was introduced in commit 4b060420a596 ("bitmap, irq: add
smp_affinity_list interface to /proc/irq") when bitmap_parselist() was
generalized to support userspace as well as kernelspace.

Fixes: 4b060420a596 ("bitmap, irq: add smp_affinity_list interface to /proc/irq")
Signed-off-by: Chris Metcalf <cmetcalf@ezchip.com>
Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 lib/bitmap.c |   17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

--- a/lib/bitmap.c
+++ b/lib/bitmap.c
@@ -603,12 +603,12 @@ static int __bitmap_parselist(const char
 	unsigned a, b;
 	int c, old_c, totaldigits;
 	const char __user __force *ubuf = (const char __user __force *)buf;
-	int exp_digit, in_range;
+	int at_start, in_range;
 
 	totaldigits = c = 0;
 	bitmap_zero(maskp, nmaskbits);
 	do {
-		exp_digit = 1;
+		at_start = 1;
 		in_range = 0;
 		a = b = 0;
 
@@ -637,11 +637,10 @@ static int __bitmap_parselist(const char
 				break;
 
 			if (c == '-') {
-				if (exp_digit || in_range)
+				if (at_start || in_range)
 					return -EINVAL;
 				b = 0;
 				in_range = 1;
-				exp_digit = 1;
 				continue;
 			}
 
@@ -651,16 +650,18 @@ static int __bitmap_parselist(const char
 			b = b * 10 + (c - '0');
 			if (!in_range)
 				a = b;
-			exp_digit = 0;
+			at_start = 0;
 			totaldigits++;
 		}
 		if (!(a <= b))
 			return -EINVAL;
 		if (b >= nmaskbits)
 			return -ERANGE;
-		while (a <= b) {
-			set_bit(a, maskp);
-			a++;
+		if (!at_start) {
+			while (a <= b) {
+				set_bit(a, maskp);
+				a++;
+			}
 		}
 	} while (buflen && c == ',');
 	return 0;

next prev parent reply	other threads:[~2015-07-31 20:24 UTC|newest]

Thread overview: 88+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-07-31 19:40 [PATCH 3.10 00/89] 3.10.85-stable review Greg Kroah-Hartman
2015-07-31 19:40 ` [PATCH 3.10 01/89] ipr: Increase default adapter init stage change timeout Greg Kroah-Hartman
2015-07-31 19:40 ` [PATCH 3.10 02/89] Disable write buffering on Toshiba ToPIC95 Greg Kroah-Hartman
2015-07-31 19:40 ` [PATCH 3.10 03/89] ALSA: hda - Add headset support to Acer Aspire V5 Greg Kroah-Hartman
2015-07-31 19:40 ` [PATCH 3.10 04/89] ALSA: hda - Fix the dock headphone output on Fujitsu Lifebook E780 Greg Kroah-Hartman
2015-07-31 19:40 ` [PATCH 3.10 05/89] ARC: add compiler barrier to LLSC based cmpxchg Greg Kroah-Hartman
2015-07-31 19:40 ` [PATCH 3.10 06/89] arm64: Do not attempt to use init_mm in reset_context() Greg Kroah-Hartman
2015-07-31 19:40 ` [PATCH 3.10 07/89] arm64: mm: Fix freeing of the wrong memmap entries with !SPARSEMEM_VMEMMAP Greg Kroah-Hartman
2015-07-31 19:40 ` [PATCH 3.10 08/89] arm64: vdso: work-around broken ELF toolchains in Makefile Greg Kroah-Hartman
2015-07-31 19:40 ` [PATCH 3.10 09/89] cpuidle / menu: Return (-1) if there are no suitable states Greg Kroah-Hartman
2015-07-31 19:40 ` [PATCH 3.10 10/89] regmap: Fix regmap_bulk_read in BE mode Greg Kroah-Hartman
2015-07-31 19:40 ` [PATCH 3.10 11/89] regulator: core: fix constraints output buffer Greg Kroah-Hartman
2015-07-31 19:40 ` [PATCH 3.10 12/89] spi: pl022: Specify num-cs property as required in devicetree binding Greg Kroah-Hartman
2015-07-31 19:40 ` [PATCH 3.10 13/89] mtd: fix: avoid race condition when accessing mtd->usecount Greg Kroah-Hartman
2015-07-31 19:40 ` [PATCH 3.10 15/89] pinctrl: mvebu: armada-370: fix spi0 pin description Greg Kroah-Hartman
2015-07-31 19:40 ` [PATCH 3.10 16/89] pinctrl: mvebu: armada-xp: remove non-existing NAND pins Greg Kroah-Hartman
2015-07-31 19:40 ` [PATCH 3.10 17/89] pinctrl: mvebu: armada-xp: remove non-existing VDD cpu_pd functions Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 18/89] pinctrl: mvebu: armada-xp: fix functions of MPP48 Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 19/89] Bluetooth: btusb: Fix memory leak in Intel setup routine Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 20/89] ath9k: fix DMA stop sequence for AR9003+ Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 21/89] staging: rtl8712: prevent buffer overrun in recvbuf2recvframe Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 22/89] ext4: fix race between truncate and __ext4_journalled_writepage() Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 23/89] ext4: call sync_blockdev() before invalidate_bdev() in put_super() Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 24/89] ext4: dont retry file block mapping on bigalloc fs with non-extent file Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 25/89] ext4: fix reservation release on invalidatepage for delalloc fs Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 26/89] ext4: be more strict when migrating to non-extent based file Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 27/89] ext4: correctly migrate a file with a hole at the beginning Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 28/89] ext4: replace open coded nofail allocation in ext4_free_blocks() Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 29/89] jbd2: use GFP_NOFS in jbd2_cleanup_journal_tail() Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 30/89] jbd2: fix ocfs2 corrupt when updating journal superblock fails Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 31/89] i2c: at91: fix a race condition when using the DMA controller Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 32/89] iio: DAC: ad5624r_spi: fix bit shift of output data value Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 33/89] [media] af9013: Dont accept invalid bandwidth Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 34/89] [media] s5h1420: fix a buffer overflow when checking userspace params Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 35/89] [media] cx24116: " Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 37/89] ASoC: wm8955: Fix setting wrong register for WM8955_K_8_0_MASK bits Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 39/89] ASoC: wm8960: the enum of "DAC Polarity" should be wm8960_enum[1] Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 40/89] libata: add ATA_HORKAGE_BROKEN_FPDMA_AA quirk for HP 250GB SATA disk VB0250EAVER Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 41/89] libata: increase the timeout when setting transfer mode Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 42/89] usb: dwc3: gadget: return error if command sent to DGCMD register fails Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 43/89] usb: dwc3: gadget: return error if command sent to DEPCMD " Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 44/89] usb: dwc3: Reset the transfer resource index on SET_INTERFACE Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 45/89] USB: devio: fix a condition in async_completed() Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 46/89] USB: cp210x: add ID for Aruba Networks controllers Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 47/89] USB: option: add 2020:4000 ID Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 48/89] usb: xhci: Bugfix for NULL pointer deference in xhci_endpoint_init() function Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 49/89] dm btree remove: fix bug in redistribute3 Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 50/89] dm btree: silence lockdep lock inversion in dm_btree_del() Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 51/89] mmc: block: Add missing mmc_blk_put() in power_ro_lock_show() Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 52/89] drm/qxl: Do not cause spice-server to clean our objects Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 53/89] drm/radeon: take the mode_config mutex when dealing with hpds (v2) Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 55/89] drm: add a check for x/y in drm_mode_setcrtc Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 56/89] xfs: fix remote symlinks on V5/CRC filesystems Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 57/89] vTPM: set virtual device before passing to ibmvtpm_reset_crq Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 58/89] libata: add ATA_HORKAGE_NOTRIM Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 59/89] libata: force disable trim for SuperSSpeed S238 Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 60/89] tracing/filter: Do not WARN on operand count going below zero Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 61/89] tracing/filter: Do not allow infix to exceed end of string Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 62/89] tracing: Have branch tracer use recursive field of task struct Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 63/89] dmaengine: mv_xor: bug fix for racing condition in descriptors cleanup Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 64/89] hwmon: (mcp3021) Fix broken output scaling Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 65/89] md: fix a build warning Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 66/89] Btrfs: use kmem_cache_free when freeing entry in inode cache Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 67/89] fuse: initialize fc->release before calling it Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 68/89] crush: fix a bug in tree bucket decode Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 69/89] ACPICA: Tables: Fix an issue that FACS initialization is performed twice Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 70/89] iscsi-target: Convert iscsi_thread_set usage to kthread.h Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 71/89] iser-target: Fix possible deadlock in RDMA_CM connection error Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 72/89] iser-target: release stale iser connections Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 73/89] mmc: card: Fixup request missing in mmc_blk_issue_rw_rq Greg Kroah-Hartman
2015-07-31 19:41 ` Greg Kroah-Hartman [this message]
2015-07-31 19:41 ` [PATCH 3.10 75/89] mac80211: prevent possible crypto tx tailroom corruption Greg Kroah-Hartman
2015-07-31 19:41 ` [PATCH 3.10 76/89] USB: usbfs: allow URBs to be reaped after disconnection Greg Kroah-Hartman
2015-07-31 19:42 ` [PATCH 3.10 78/89] NFS: Fix size of NFSACL SETACL operations Greg Kroah-Hartman
2015-07-31 19:42 ` [PATCH 3.10 79/89] fixing infinite OPEN loop in 4.0 stateid recovery Greg Kroah-Hartman
2015-07-31 19:42 ` [PATCH 3.10 80/89] nfs: increase size of EXCHANGE_ID name string buffer Greg Kroah-Hartman
2015-07-31 19:42 ` [PATCH 3.10 81/89] SUNRPC: Fix a memory leak in the backchannel code Greg Kroah-Hartman
2015-07-31 19:42 ` [PATCH 3.10 82/89] 9p: forgetting to cancel request on interrupted zero-copy RPC Greg Kroah-Hartman
2015-07-31 19:42 ` [PATCH 3.10 83/89] 9p: dont leave a half-initialized inode sitting around Greg Kroah-Hartman
2015-07-31 19:42 ` [PATCH 3.10 84/89] rbd: use GFP_NOIO in rbd_obj_request_create() Greg Kroah-Hartman
2015-07-31 19:42 ` [PATCH 3.10 85/89] agp/intel: Fix typo in needs_ilk_vtd_wa() Greg Kroah-Hartman
2015-07-31 19:42 ` [PATCH 3.10 86/89] hpfs: hpfs_error: Remove static buffer, use vsprintf extension %pV instead Greg Kroah-Hartman
2015-07-31 19:42 ` [PATCH 3.10 87/89] Fix firmware loader uevent buffer NULL pointer dereference Greg Kroah-Hartman
2015-07-31 19:42 ` [PATCH 3.10 88/89] qla2xxx: Mark port lost when we receive an RSCN for it Greg Kroah-Hartman
2015-07-31 19:42 ` [PATCH 3.10 89/89] MIPS: KVM: Do not sign extend on unsigned MMIO load Greg Kroah-Hartman
2015-08-01  2:06 ` [PATCH 3.10 00/89] 3.10.85-stable review Guenter Roeck
2015-08-01  8:27 ` Sudip Mukherjee
2015-08-03 18:26 ` Shuah Khan

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20150731194033.038006994@linuxfoundation.org \
    --to=gregkh@linuxfoundation.org \
    --cc=akpm@linux-foundation.org \
    --cc=cmetcalf@ezchip.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux@rasmusvillemoes.dk \
    --cc=stable@vger.kernel.org \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).