[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YUn95tAEvHEsT6R+@dhcp22.suse.cz>
Date: Tue, 21 Sep 2021 17:44:38 +0200
From: Michal Hocko <mhocko@...e.com>
To: Chen Jun <chenjun102@...wei.com>
Cc: linux-kernel@...r.kernel.org, linux-mm@...ck.org,
akpm@...ux-foundation.org, feng.tang@...el.com,
rui.xiang@...wei.com
Subject: Re: [PATCH] mm: Fix the uninitialized use in
overcommit_policy_handler
On Tue 21-09-21 14:03:01, Chen Jun wrote:
> An unexpected value of /proc/sys/vm/panic_on_oom we will get,
> after running the following program
>
> int main()
> {
> int fd = open("/proc/sys/vm/panic_on_oom", O_RDWR)
> write(fd, "1", 1);
> write(fd, "2", 1);
> close(fd);
> }
>
> write(fd, "2", 1) will pass *ppos = 1 to proc_dointvec_minmax.
> proc_dointvec_minmax will return 0 without setting new_policy.
>
> t.data = &new_policy;
> ret = proc_dointvec_minmax(&t, write, buffer, lenp, ppos)
> -->do_proc_dointvec
> -->__do_proc_dointvec
> if (write) {
> if (proc_first_pos_non_zero_ignore(ppos, table))
> goto out;
>
> sysctl_overcommit_memory = new_policy;
>
> so sysctl_overcommit_memory will be set to an uninitialized value.
The overcommit_policy_handler (ab)use of proc_dointvec_minmax is really
an odd one. It is not really great that proc_dointvec_minmax cannot
really tell whether the value has been changed but likely nobody really
needed that so far.
I strongly suspect the intention was to do all the follow up handling
before making the new mode visible to others. Maybe this can be changed
so that the handler doesn't really need to do any hops.
Your fix is an easier part I would just initialize the to -1 so that we
can tell nothing has been done the handler can bail out without any
follow up work.
--
Michal Hocko
SUSE Labs
Powered by blists - more mailing lists