View | Details | Raw Unified | Return to bug 222242
Collapse All | Expand All

(-)sys/kern/kern_cpuset.c (-4 / +4 lines)
Lines 1097-1103 Link Here
1097
	int error;
1097
	int error;
1098
	size_t size;
1098
	size_t size;
1099
1099
1100
	if (cpusetsize < sizeof(cpuset_t) || cpusetsize > CPU_MAXSIZE / NBBY)
1100
	if (cpusetsize < (mp_maxid + NBBY - 1) / NBBY || cpusetsize > CPU_MAXSIZE / NBBY)
1101
		return (ERANGE);
1101
		return (ERANGE);
1102
	/* In Capability mode, you can only get your own CPU set. */
1102
	/* In Capability mode, you can only get your own CPU set. */
1103
	if (IN_CAPABILITY_MODE(td)) {
1103
	if (IN_CAPABILITY_MODE(td)) {
Lines 1109-1115 Link Here
1109
		return (ECAPMODE);
1109
		return (ECAPMODE);
1110
	}
1110
	}
1111
	size = cpusetsize;
1111
	size = cpusetsize;
1112
	mask = malloc(size, M_TEMP, M_WAITOK | M_ZERO);
1112
	mask = malloc(size >= sizeof(cpuset_t) ? size : sizeof(cpuset_t), M_TEMP, M_WAITOK | M_ZERO);
1113
	error = cpuset_which(which, id, &p, &ttd, &set);
1113
	error = cpuset_which(which, id, &p, &ttd, &set);
1114
	if (error)
1114
	if (error)
1115
		goto out;
1115
		goto out;
Lines 1210-1216 Link Here
1210
	cpuset_t *mask;
1210
	cpuset_t *mask;
1211
	int error;
1211
	int error;
1212
1212
1213
	if (cpusetsize < sizeof(cpuset_t) || cpusetsize > CPU_MAXSIZE / NBBY)
1213
	if (cpusetsize < (mp_maxid + NBBY - 1) / NBBY || cpusetsize > CPU_MAXSIZE / NBBY)
1214
		return (ERANGE);
1214
		return (ERANGE);
1215
	/* In Capability mode, you can only set your own CPU set. */
1215
	/* In Capability mode, you can only set your own CPU set. */
1216
	if (IN_CAPABILITY_MODE(td)) {
1216
	if (IN_CAPABILITY_MODE(td)) {
Lines 1221-1227 Link Here
1221
	    if (id != -1)
1221
	    if (id != -1)
1222
		return (ECAPMODE);
1222
		return (ECAPMODE);
1223
	}
1223
	}
1224
	mask = malloc(cpusetsize, M_TEMP, M_WAITOK | M_ZERO);
1224
	mask = malloc(cpusetsize >= sizeof(cpuset_t) ? cpusetsize : sizeof(cpuset_t), M_TEMP, M_WAITOK | M_ZERO);
1225
	error = copyin(maskp, mask, cpusetsize);
1225
	error = copyin(maskp, mask, cpusetsize);
1226
	if (error)
1226
	if (error)
1227
		goto out;
1227
		goto out;

Return to bug 222242