| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20210921140301.9058-1-chenjun102@huawei.com>
Date: Tue, 21 Sep 2021 14:03:01 +0000
From: Chen Jun <chenjun102@...wei.com>
To: <linux-kernel@...r.kernel.org>, <linux-mm@...ck.org>
CC: <akpm@...ux-foundation.org>, <feng.tang@...el.com>,
<mhocko@...e.com>, <rui.xiang@...wei.com>
Subject: [PATCH] mm: Fix the uninitialized use in overcommit_policy_handler
An unexpected value of /proc/sys/vm/panic_on_oom we will get,
after running the following program
int main()
{
int fd = open("/proc/sys/vm/panic_on_oom", O_RDWR)
write(fd, "1", 1);
write(fd, "2", 1);
close(fd);
}
write(fd, "2", 1) will pass *ppos = 1 to proc_dointvec_minmax.
proc_dointvec_minmax will return 0 without setting new_policy.
t.data = &new_policy;
ret = proc_dointvec_minmax(&t, write, buffer, lenp, ppos)
-->do_proc_dointvec
-->__do_proc_dointvec
if (write) {
if (proc_first_pos_non_zero_ignore(ppos, table))
goto out;
sysctl_overcommit_memory = new_policy;
so sysctl_overcommit_memory will be set to an uninitialized value.
Initialize new_policy with sysctl_overcommit_memory.
Fixes: 56f3547bfa4d ("mm: adjust vm_committed_as_batch according to vm overcommit policy"
Signed-off-by: Chen Jun <chenjun102@...wei.com>
---
mm/util.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mm/util.c b/mm/util.c
index 4ddb6e186dd5..b4af8a1de4f7 100644
--- a/mm/util.c
+++ b/mm/util.c
@@ -756,7 +756,7 @@ int overcommit_policy_handler(struct ctl_table *table, int write, void *buffer,
size_t *lenp, loff_t *ppos)
{
struct ctl_table t;
- int new_policy;
+ int new_policy = sysctl_overcommit_memory;
int ret;
/*
--
2.17.1
Powered by blists - more mailing lists