| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 23 Sep 2021 01:56:27 +0000
From: "chenjun (AM)" <chenjun102@...wei.com>
To: Feng Tang <feng.tang@...el.com>
CC: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"linux-mm@...ck.org" <linux-mm@...ck.org>,
"akpm@...ux-foundation.org" <akpm@...ux-foundation.org>,
"mhocko@...e.com" <mhocko@...e.com>,
"Xiangrui (Euler)" <rui.xiang@...wei.com>
Subject: Re: [PATCH v2 1/1] mm: Fix the uninitialized use in
overcommit_policy_handler
Hi Tang,
在 2021/9/22 23:34, Feng Tang 写道:
> Hi Jun,
>
> On Wed, Sep 22, 2021 at 01:41:22AM +0000, Chen Jun wrote:
>> An unexpected value of /proc/sys/vm/panic_on_oom we will get,
>> after running the following program.
>>
>> int main()
>> {
>> int fd = open("/proc/sys/vm/panic_on_oom", O_RDWR)
>
> should this be "/proc/sys/vm/overcommit_memory"
>
Sorry, that is my mistake, I will correct it in v3. Thanks.
>> write(fd, "1", 1);
>> write(fd, "2", 1);
>> close(fd);
>> }
>>
>> write(fd, "2", 1) will pass *ppos = 1 to proc_dointvec_minmax.
>> proc_dointvec_minmax will return 0 without setting new_policy.
>>
>> t.data = &new_policy;
>> ret = proc_dointvec_minmax(&t, write, buffer, lenp, ppos)
>> -->do_proc_dointvec
>> -->__do_proc_dointvec
>> if (write) {
>> if (proc_first_pos_non_zero_ignore(ppos, table))
>> goto out;
>>
>> sysctl_overcommit_memory = new_policy;
>>
>> so sysctl_overcommit_memory will be set to an uninitialized value.
>>
>> Check whether new_policy has been changed by proc_dointvec_minmax.
>
> Other than the nit above, it looks good to me, thanks!
>
> Reviewed-by: Feng Tang <feng.tang@...el.com>
>
>> Fixes: 56f3547bfa4d ("mm: adjust vm_committed_as_batch according to vm overcommit policy"
>> Signed-off-by: Chen Jun <chenjun102@...wei.com>
>> ---
>>
>> v2:
>> * Check whether new_policy has been changed by proc_dointvec_minmax.
>>
>> mm/util.c | 4 ++--
>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/mm/util.c b/mm/util.c
>> index 4ddb6e186dd5..d5be67771850 100644
>> --- a/mm/util.c
>> +++ b/mm/util.c
>> @@ -756,7 +756,7 @@ int overcommit_policy_handler(struct ctl_table *table, int write, void *buffer,
>> size_t *lenp, loff_t *ppos)
>> {
>> struct ctl_table t;
>> - int new_policy;
>> + int new_policy = -1;
>> int ret;
>>
>> /*
>> @@ -774,7 +774,7 @@ int overcommit_policy_handler(struct ctl_table *table, int write, void *buffer,
>> t = *table;
>> t.data = &new_policy;
>> ret = proc_dointvec_minmax(&t, write, buffer, lenp, ppos);
>> - if (ret)
>> + if (ret || new_policy == -1)
>> return ret;
>>
>> mm_compute_batch(new_policy);
>> --
>> 2.17.1
>>
>
--
Regards
Chen Jun
Powered by blists - more mailing lists