| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 23 Sep 2021 19:23:12 -0700
From: Andrew Morton <akpm@...ux-foundation.org>
To: Chen Jun <chenjun102@...wei.com>
Cc: <linux-kernel@...r.kernel.org>, <linux-mm@...ck.org>,
<feng.tang@...el.com>, <mhocko@...e.com>, <rui.xiang@...wei.com>
Subject: Re: [PATCH v3 1/1] mm: Fix the uninitialized use in
overcommit_policy_handler
On Thu, 23 Sep 2021 02:05:24 +0000 Chen Jun <chenjun102@...wei.com> wrote:
> An unexpected value of /proc/sys/vm/overcommit_memory we will get,
> after running the following program.
>
> int main()
> {
> int fd = open("/proc/sys/vm/overcommit_memory", O_RDWR)
> write(fd, "1", 1);
> write(fd, "2", 1);
> close(fd);
> }
>
> write(fd, "2", 1) will pass *ppos = 1 to proc_dointvec_minmax.
> proc_dointvec_minmax will return 0 without setting new_policy.
>
> t.data = &new_policy;
> ret = proc_dointvec_minmax(&t, write, buffer, lenp, ppos)
> -->do_proc_dointvec
> -->__do_proc_dointvec
> if (write) {
> if (proc_first_pos_non_zero_ignore(ppos, table))
> goto out;
>
> sysctl_overcommit_memory = new_policy;
>
> so sysctl_overcommit_memory will be set to an uninitialized value.
>
> Check whether new_policy has been changed by proc_dointvec_minmax.
>
Thanks. I added a cc:stable to this, so the fix will be backported
into earlier kernels.
Powered by blists - more mailing lists