lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 21 Sep 2021 17:44:38 +0200
From:   Michal Hocko <mhocko@...e.com>
To:     Chen Jun <chenjun102@...wei.com>
Cc:     linux-kernel@...r.kernel.org, linux-mm@...ck.org,
        akpm@...ux-foundation.org, feng.tang@...el.com,
        rui.xiang@...wei.com
Subject: Re: [PATCH] mm: Fix the uninitialized use in
 overcommit_policy_handler

On Tue 21-09-21 14:03:01, Chen Jun wrote:
> An unexpected value of /proc/sys/vm/panic_on_oom we will get,
> after running the following program
> 
> int main()
> {
>     int fd = open("/proc/sys/vm/panic_on_oom", O_RDWR)
>     write(fd, "1", 1);
>     write(fd, "2", 1);
>     close(fd);
> }
> 
> write(fd, "2", 1) will pass *ppos = 1 to proc_dointvec_minmax.
> proc_dointvec_minmax will return 0 without setting new_policy.
> 
> t.data = &new_policy;
> ret = proc_dointvec_minmax(&t, write, buffer, lenp, ppos)
>       -->do_proc_dointvec
>          -->__do_proc_dointvec
>               if (write) {
>                 if (proc_first_pos_non_zero_ignore(ppos, table))
>                   goto out;
>
> sysctl_overcommit_memory = new_policy;
> 
> so sysctl_overcommit_memory will be set to an uninitialized value.

The overcommit_policy_handler (ab)use of proc_dointvec_minmax is really
an odd one. It is not really great that proc_dointvec_minmax cannot
really tell whether the value has been changed but likely nobody really
needed that so far.

I strongly suspect the intention was to do all the follow up handling
before making the new mode visible to others. Maybe this can be changed
so that the handler doesn't really need to do any hops.

Your fix is an easier part I would just initialize the to -1 so that we
can tell nothing has been done the handler can bail out without any
follow up work.
-- 
Michal Hocko
SUSE Labs

Powered by blists - more mailing lists