Remove user-triggerable BUG from mpol_to_str
authorDave Jones <davej@redhat.com>
Thu, 6 Sep 2012 16:01:00 +0000 (12:01 -0400)
committerLinus Torvalds <torvalds@linux-foundation.org>
Thu, 6 Sep 2012 16:37:58 +0000 (09:37 -0700)
Trivially triggerable, found by trinity:

  kernel BUG at mm/mempolicy.c:2546!
  Process trinity-child2 (pid: 23988, threadinfo ffff88010197e000, task ffff88007821a670)
  Call Trace:
    show_numa_map+0xd5/0x450
    show_pid_numa_map+0x13/0x20
    traverse+0xf2/0x230
    seq_read+0x34b/0x3e0
    vfs_read+0xac/0x180
    sys_pread64+0xa2/0xc0
    system_call_fastpath+0x1a/0x1f
  RIP: mpol_to_str+0x156/0x360

Cc: stable@vger.kernel.org
Signed-off-by: Dave Jones <davej@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
mm/mempolicy.c

index bd92431d4c49a8e29f4b46d50d6d0e66c69098d5..4ada3be6e2521278de6da6e110995d63ccd7ed8f 100644 (file)
@@ -2562,7 +2562,7 @@ int mpol_to_str(char *buffer, int maxlen, struct mempolicy *pol, int no_context)
                break;
 
        default:
-               BUG();
+               return -EINVAL;
        }
 
        l = strlen(policy_modes[mode]);