Re: [PATCH] mm: don't allow empty relative nodemask in mpol_relative_nodemask()

From: Joshua Hahn

Date: Fri May 29 2026 - 12:02:17 EST

On Thu, 28 May 2026 12:41:33 -0700 Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> wrote:

> On Thu, 28 May 2026 15:03:37 -0400 Yury Norov <ynorov@xxxxxxxxxx> wrote:
>
> > Reassigning nodes relative an empty user-provided nodemask is useless,
> > and triggers divide-by-zero in the function.
> >
> > Reported-by: Farhad Alemi <farhad.alemi@xxxxxxxxxxxx>
> > Link: https://lore.kernel.org/all/CA+0ovCgxbZkXa+OU8w3s84R3KNPNxxRfmsNR-udh+afQBbGNmw@xxxxxxxxxxxxxx/
>
> Thanks both.
>
> It looks like this is very old code, so we'll be wanting a cc:stable in
> this.
>
> > --- a/mm/mempolicy.c
> > +++ b/mm/mempolicy.c
> > @@ -370,8 +370,13 @@ static inline int mpol_store_user_nodemask(const struct mempolicy *pol)
> > static void mpol_relative_nodemask(nodemask_t *ret, const nodemask_t *orig,
> > const nodemask_t *rel)
> > {
> > + unsigned int w = nodes_weight(*rel);
> > nodemask_t tmp;
> > - nodes_fold(tmp, *orig, nodes_weight(*rel));
> > +
> > + if (w == 0)
> > + return -EINVAL;
> > +
> > + nodes_fold(tmp, *orig, w);
> > nodes_onto(*ret, tmp, *rel);
> > }
>
> I suspect we should address this at the mpol level - it should never
> have got that far. Hopefully the mempolicy maintainers can have a
> think.

Hello Andrew, hello Yury,

I agree with Andrew here.
mpol_relative_nodemask is called from two places, the first being
mpol_rebind_nodemask which is the calling function seen in the bug report as
well.

The other place is mpol_set_nodemask, which has a helpful comment that notes:
"mpol_set_nodemask is called after mpol_new() [...snip...] mpol_new() has
already validated the nodes parameter with respect to the policy mode and
flags".

So it seems like we are missing the big if-else if-else if block from mpol_new
in other places that should in fact have it, like mpol_rebind_nodemask.

The approach proposed here of just checking whether the node weight is 0
won't work for a few cases, namely for MPOL_DEFAULT and MPOL_PREFERRED where
empty nodemasks are actually allowed. So what should really be done here is to
do the full policy-nodemask checking section in mpol_new and call that from
mpol_set_nodemask as well.

Thank you for taking a shot at fixing the bug report, please let me know what
you think! Have a great day : -)
Joshua