lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 23 Sep 2021 19:23:12 -0700 From: Andrew Morton <akpm@...ux-foundation.org> To: Chen Jun <chenjun102@...wei.com> Cc: <linux-kernel@...r.kernel.org>, <linux-mm@...ck.org>, <feng.tang@...el.com>, <mhocko@...e.com>, <rui.xiang@...wei.com> Subject: Re: [PATCH v3 1/1] mm: Fix the uninitialized use in overcommit_policy_handler On Thu, 23 Sep 2021 02:05:24 +0000 Chen Jun <chenjun102@...wei.com> wrote: > An unexpected value of /proc/sys/vm/overcommit_memory we will get, > after running the following program. > > int main() > { > int fd = open("/proc/sys/vm/overcommit_memory", O_RDWR) > write(fd, "1", 1); > write(fd, "2", 1); > close(fd); > } > > write(fd, "2", 1) will pass *ppos = 1 to proc_dointvec_minmax. > proc_dointvec_minmax will return 0 without setting new_policy. > > t.data = &new_policy; > ret = proc_dointvec_minmax(&t, write, buffer, lenp, ppos) > -->do_proc_dointvec > -->__do_proc_dointvec > if (write) { > if (proc_first_pos_non_zero_ignore(ppos, table)) > goto out; > > sysctl_overcommit_memory = new_policy; > > so sysctl_overcommit_memory will be set to an uninitialized value. > > Check whether new_policy has been changed by proc_dointvec_minmax. > Thanks. I added a cc:stable to this, so the fix will be backported into earlier kernels.
Powered by blists - more mailing lists