From nobody Wed Sep 17 22:22:02 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3B9C2C25B04 for ; Wed, 14 Dec 2022 22:21:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229754AbiLNWVx (ORCPT ); Wed, 14 Dec 2022 17:21:53 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52762 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229749AbiLNWV2 (ORCPT ); Wed, 14 Dec 2022 17:21:28 -0500 Received: from smtpout.efficios.com (smtpout.efficios.com [167.114.26.122]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2BA8F116E; Wed, 14 Dec 2022 14:21:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=efficios.com; s=smtpout1; t=1671056483; bh=OwPacgMfzq+t+Js+BScNggpyccUTyftXnAv/AFiH6zw=; h=From:To:Cc:Subject:Date:From; b=GqNGuGANib8ov9H9kk3JHTVguBne0Fq6w32B7YeuElmDddZfC27OijEBZF7qvDIE9 AmvlSGspDuxrtk4kL/DETEYf/C7U7oYscCP0hWIZaIiIluj+uTGSnOQSqHWQ1KpZU0 /OXQkcNEx4e7kTGF9Jtj6Hb4W4E51/Aw/v91jLhyCupDRCTlO2FT4qbPjHW3PAFUFG +1/O1ngi4uSX2uBoe4rS08zGUXzL2EQQZyoMidwsGjvstKyTvw8V4ujqxyfmhYPGX4 pKE2v8TtOdqEylTqOZVNW8tiw1+PXWERuLKuG4payC+03Xn1JD3N0vPYJJWTZQCLdJ /iHSF+ynCAWSQ== Received: from localhost.localdomain (192-222-180-24.qc.cable.ebox.net [192.222.180.24]) by smtpout.efficios.com (Postfix) with ESMTPSA id 4NXVFb1fSJzbZs; Wed, 14 Dec 2022 17:21:23 -0500 (EST) From: Mathieu Desnoyers To: Andrew Morton Cc: linux-kernel@vger.kernel.org, Mathieu Desnoyers , "Aneesh Kumar K . V" , Ben Widawsky , Dave Hansen , Feng Tang , Michal Hocko , Andrea Arcangeli , Mel Gorman , Mike Kravetz , Randy Dunlap , Vlastimil Babka , Andi Kleen , Dan Williams , Huang Ying , linux-api@vger.kernel.org, stable@vger.kernel.org Subject: [RFC PATCH] mm/mempolicy: Fix memory leak in set_mempolicy_home_node system call Date: Wed, 14 Dec 2022 17:21:10 -0500 Message-Id: <20221214222110.200487-1-mathieu.desnoyers@efficios.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" When encountering any vma in the range with policy other than MPOL_BIND or MPOL_PREFERRED_MANY, an error is returned without issuing a mpol_put on the policy just allocated with mpol_dup(). This allows arbitrary users to leak kernel memory. Fixes: c6018b4b2549 ("mm/mempolicy: add set_mempolicy_home_node syscall") Signed-off-by: Mathieu Desnoyers Cc: Aneesh Kumar K.V Cc: Ben Widawsky Cc: Dave Hansen Cc: Feng Tang Cc: Michal Hocko Cc: Andrea Arcangeli Cc: Mel Gorman Cc: Mike Kravetz Cc: Randy Dunlap Cc: Vlastimil Babka Cc: Andi Kleen Cc: Dan Williams Cc: Huang Ying Cc: Cc: Andrew Morton Cc: stable@vger.kernel.org # 5.17+ Acked-by: Michal Hocko Reviewed-by: "Huang, Ying" Reviewed-by: Aneesh Kumar K.V Reviewed-by: Randy Dunlap --- mm/mempolicy.c | 1 + 1 file changed, 1 insertion(+) diff --git a/mm/mempolicy.c b/mm/mempolicy.c index 61aa9aedb728..02c8a712282f 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -1540,6 +1540,7 @@ SYSCALL_DEFINE4(set_mempolicy_home_node, unsigned lon= g, start, unsigned long, le * the home node for vmas we already updated before. */ if (new->mode !=3D MPOL_BIND && new->mode !=3D MPOL_PREFERRED_MANY) { + mpol_put(new); err =3D -EOPNOTSUPP; break; } --=20 2.25.1