Re: [PATCH] mm: don't allow empty relative nodemask in mpol_relative_nodemask()

Next message: Danilo Krummrich: "Re: [PATCH 0/5] Revert cleanups for IS_ERR_OR_NULL() usage"
Previous message: Ian Rogers: "Re: [PATCH 00/16] lib/cpumask: get rid of cpumap_print_to_pagebuf()"
In reply to: Matthew Wilcox: "Re: [PATCH] mm: don't allow empty relative nodemask in mpol_relative_nodemask()"
Next in thread: Joshua Hahn: "Re: [PATCH] mm: don't allow empty relative nodemask in mpol_relative_nodemask()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Andrew Morton

Date: Thu May 28 2026 - 15:45:40 EST

On Thu, 28 May 2026 15:03:37 -0400 Yury Norov <ynorov@xxxxxxxxxx> wrote:

> Reassigning nodes relative an empty user-provided nodemask is useless,
> and triggers divide-by-zero in the function.
>
> Reported-by: Farhad Alemi <farhad.alemi@xxxxxxxxxxxx>
> Link: https://lore.kernel.org/all/CA+0ovCgxbZkXa+OU8w3s84R3KNPNxxRfmsNR-udh+afQBbGNmw@xxxxxxxxxxxxxx/

Thanks both.

It looks like this is very old code, so we'll be wanting a cc:stable in
this.

> --- a/mm/mempolicy.c
> +++ b/mm/mempolicy.c
> @@ -370,8 +370,13 @@ static inline int mpol_store_user_nodemask(const struct mempolicy *pol)
> static void mpol_relative_nodemask(nodemask_t *ret, const nodemask_t *orig,
> const nodemask_t *rel)
> {
> + unsigned int w = nodes_weight(*rel);
> nodemask_t tmp;
> - nodes_fold(tmp, *orig, nodes_weight(*rel));
> +
> + if (w == 0)
> + return -EINVAL;
> +
> + nodes_fold(tmp, *orig, w);
> nodes_onto(*ret, tmp, *rel);
> }

I suspect we should address this at the mpol level - it should never
have got that far. Hopefully the mempolicy maintainers can have a
think.