lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 23 Sep 2021 01:56:27 +0000 From: "chenjun (AM)" <chenjun102@...wei.com> To: Feng Tang <feng.tang@...el.com> CC: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "linux-mm@...ck.org" <linux-mm@...ck.org>, "akpm@...ux-foundation.org" <akpm@...ux-foundation.org>, "mhocko@...e.com" <mhocko@...e.com>, "Xiangrui (Euler)" <rui.xiang@...wei.com> Subject: Re: [PATCH v2 1/1] mm: Fix the uninitialized use in overcommit_policy_handler Hi Tang, 在 2021/9/22 23:34, Feng Tang 写道: > Hi Jun, > > On Wed, Sep 22, 2021 at 01:41:22AM +0000, Chen Jun wrote: >> An unexpected value of /proc/sys/vm/panic_on_oom we will get, >> after running the following program. >> >> int main() >> { >> int fd = open("/proc/sys/vm/panic_on_oom", O_RDWR) > > should this be "/proc/sys/vm/overcommit_memory" > Sorry, that is my mistake, I will correct it in v3. Thanks. >> write(fd, "1", 1); >> write(fd, "2", 1); >> close(fd); >> } >> >> write(fd, "2", 1) will pass *ppos = 1 to proc_dointvec_minmax. >> proc_dointvec_minmax will return 0 without setting new_policy. >> >> t.data = &new_policy; >> ret = proc_dointvec_minmax(&t, write, buffer, lenp, ppos) >> -->do_proc_dointvec >> -->__do_proc_dointvec >> if (write) { >> if (proc_first_pos_non_zero_ignore(ppos, table)) >> goto out; >> >> sysctl_overcommit_memory = new_policy; >> >> so sysctl_overcommit_memory will be set to an uninitialized value. >> >> Check whether new_policy has been changed by proc_dointvec_minmax. > > Other than the nit above, it looks good to me, thanks! > > Reviewed-by: Feng Tang <feng.tang@...el.com> > >> Fixes: 56f3547bfa4d ("mm: adjust vm_committed_as_batch according to vm overcommit policy" >> Signed-off-by: Chen Jun <chenjun102@...wei.com> >> --- >> >> v2: >> * Check whether new_policy has been changed by proc_dointvec_minmax. >> >> mm/util.c | 4 ++-- >> 1 file changed, 2 insertions(+), 2 deletions(-) >> >> diff --git a/mm/util.c b/mm/util.c >> index 4ddb6e186dd5..d5be67771850 100644 >> --- a/mm/util.c >> +++ b/mm/util.c >> @@ -756,7 +756,7 @@ int overcommit_policy_handler(struct ctl_table *table, int write, void *buffer, >> size_t *lenp, loff_t *ppos) >> { >> struct ctl_table t; >> - int new_policy; >> + int new_policy = -1; >> int ret; >> >> /* >> @@ -774,7 +774,7 @@ int overcommit_policy_handler(struct ctl_table *table, int write, void *buffer, >> t = *table; >> t.data = &new_policy; >> ret = proc_dointvec_minmax(&t, write, buffer, lenp, ppos); >> - if (ret) >> + if (ret || new_policy == -1) >> return ret; >> >> mm_compute_batch(new_policy); >> -- >> 2.17.1 >> > -- Regards Chen Jun
Powered by blists - more mailing lists