Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1754969AbbDQSAS (ORCPT <rfc822;w@1wt.eu>);
	Fri, 17 Apr 2015 14:00:18 -0400
Received: from mail-am1on0065.outbound.protection.outlook.com ([157.56.112.65]:35679
	"EHLO emea01-am1-obe.outbound.protection.outlook.com"
	rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
	id S1751494AbbDQSAP (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Fri, 17 Apr 2015 14:00:15 -0400
Authentication-Results: spf=fail (sender IP is 12.216.194.146)
 smtp.mailfrom=ezchip.com; vger.kernel.org; dkim=none (message not signed)
 header.d=none;
From: Chris Metcalf <cmetcalf@ezchip.com>
To: Andrew Morton <akpm@linux-foundation.org>,
        Rasmus Villemoes <linux@rasmusvillemoes.dk>, Tejun Heo <tj@kernel.org>,
        "Peter Zijlstra (Intel)" <peterz@infradead.org>,
        Sudeep Holla <sudeep.holla@arm.com>,
        "Michal Nazarewicz" <mina86@mina86.com>,
        <linux-kernel@vger.kernel.org>
CC: Chris Metcalf <cmetcalf@ezchip.com>, <stable@vger.kernel.org>
Subject: [PATCH] __bitmap_parselist: fix bug in empty string handling
Date: Fri, 17 Apr 2015 14:00:04 -0400
Message-ID: <1429293604-5210-1-git-send-email-cmetcalf@ezchip.com>
X-Mailer: git-send-email 2.1.2
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:12.216.194.146;CTRY:US;IPV:NLI;EFV:NLI;BMV:1;SFV:NSPM;SFS:(10009020)(6009001)(339900001)(189002)(199003)(105606002)(46102003)(19580395003)(50226001)(48376002)(50466002)(85426001)(19580405001)(6806004)(50986999)(47776003)(36756003)(77156002)(62966003)(33646002)(42186005)(87936001)(86362001)(229853001)(106466001)(92566002)(104016003);DIR:OUT;SFP:1101;SCL:1;SRVR:DB5PR02MB0775;H:ld-1.internal.tilera.com;FPR:;SPF:Fail;MLV:sfv;MX:1;A:1;LANG:en;
MIME-Version: 1.0
Content-Type: text/plain
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DB5PR02MB0775;UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DB5PR02MB0725;
X-Microsoft-Antispam-PRVS: <DB5PR02MB0775FB515BEA96A2933B84DAAFE30@DB5PR02MB0775.eurprd02.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(601004)(5005006)(5002010);SRVR:DB5PR02MB0775;BCL:0;PCL:0;RULEID:;SRVR:DB5PR02MB0775;
X-Forefront-PRVS: 0549E6FD50
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Apr 2015 18:00:08.2208
 (UTC)
X-MS-Exchange-CrossTenant-Id: 0fc16e0a-3cd3-4092-8b2f-0a42cff122c3
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=0fc16e0a-3cd3-4092-8b2f-0a42cff122c3;Ip=[12.216.194.146];Helo=[ld-1.internal.tilera.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB5PR02MB0775
X-OriginatorOrg: ezchip.com
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 2149
Lines: 78

bitmap_parselist("", &mask, nmaskbits) will erroneously set bit
zero in the mask.  The same bug is visible in cpumask_parselist()
since it is layered on top of the bitmask code, e.g. if you boot with
"isolcpus=", you will actually end up with cpu zero isolated.

The bug was introduced in commit 4b060420a596 ("bitmap, irq: add
smp_affinity_list interface to /proc/irq") when bitmap_parselist()
was generalized to support userspace as well as kernelspace.

Signed-off-by: Chris Metcalf <cmetcalf@ezchip.com>
Cc: stable@vger.kernel.org
---
 lib/bitmap.c | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/lib/bitmap.c b/lib/bitmap.c
index d456f4c15a9f..c04448bf1271 100644
--- a/lib/bitmap.c
+++ b/lib/bitmap.c
@@ -536,12 +536,12 @@ static int __bitmap_parselist(const char *buf, unsigned int buflen,
 	unsigned a, b;
 	int c, old_c, totaldigits;
 	const char __user __force *ubuf = (const char __user __force *)buf;
-	int exp_digit, in_range;
+	int at_start, in_range;
 
 	totaldigits = c = 0;
 	bitmap_zero(maskp, nmaskbits);
 	do {
-		exp_digit = 1;
+		at_start = 1;
 		in_range = 0;
 		a = b = 0;
 
@@ -570,11 +570,10 @@ static int __bitmap_parselist(const char *buf, unsigned int buflen,
 				break;
 
 			if (c == '-') {
-				if (exp_digit || in_range)
+				if (at_start || in_range)
 					return -EINVAL;
 				b = 0;
 				in_range = 1;
-				exp_digit = 1;
 				continue;
 			}
 
@@ -584,16 +583,18 @@ static int __bitmap_parselist(const char *buf, unsigned int buflen,
 			b = b * 10 + (c - '0');
 			if (!in_range)
 				a = b;
-			exp_digit = 0;
+			at_start = 0;
 			totaldigits++;
 		}
 		if (!(a <= b))
 			return -EINVAL;
 		if (b >= nmaskbits)
 			return -ERANGE;
-		while (a <= b) {
-			set_bit(a, maskp);
-			a++;
+		if (!at_start) {
+			while (a <= b) {
+				set_bit(a, maskp);
+				a++;
+			}
 		}
 	} while (buflen && c == ',');
 	return 0;
-- 
2.1.2

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/