From patchwork Fri Sep 24 22:44:06 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Morton X-Patchwork-Id: 12516983 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 20C39C433EF for ; Fri, 24 Sep 2021 22:44:09 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id BFC4561019 for ; Fri, 24 Sep 2021 22:44:08 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org BFC4561019 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=linux-foundation.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 6D8826B0088; Fri, 24 Sep 2021 18:44:08 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 6881E6B0089; Fri, 24 Sep 2021 18:44:08 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 529DB900002; Fri, 24 Sep 2021 18:44:08 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0073.hostedemail.com [216.40.44.73]) by kanga.kvack.org (Postfix) with ESMTP id 445CA6B0088 for ; Fri, 24 Sep 2021 18:44:08 -0400 (EDT) Received: from smtpin08.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay05.hostedemail.com (Postfix) with ESMTP id 02A64181EE402 for ; Fri, 24 Sep 2021 22:44:08 +0000 (UTC) X-FDA: 78623946576.08.5ED91A6 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by imf15.hostedemail.com (Postfix) with ESMTP id C19CCD000096 for ; Fri, 24 Sep 2021 22:44:07 +0000 (UTC) Received: by mail.kernel.org (Postfix) with ESMTPSA id BC446610F7; Fri, 24 Sep 2021 22:44:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org; s=korg; t=1632523447; bh=/iXEJ0jhmXSVEgOcGxdKj/PT1MNs6Ql1OWiMFfWihQk=; h=Date:From:To:Subject:In-Reply-To:From; b=NYEcmriNinudufntzBrS4A2F5VPtudqbFdhwYlpi10T5eVfS3WojrM3pvohf1YLio Ue4hsXA26jcOAlO1LDmkA5eSNIa95vrGQOfipeQYR4Lhguia3a9dauDcVP84XZaGDZ ON/w9FimaHNFFG3yWV9sWh1dee+cppypZatCoN8w= Date: Fri, 24 Sep 2021 15:44:06 -0700 From: Andrew Morton To: akpm@linux-foundation.org, chenjun102@huawei.com, feng.tang@intel.com, linux-mm@kvack.org, mhocko@suse.com, mm-commits@vger.kernel.org, rui.xiang@huawei.com, stable@vger.kernel.org, torvalds@linux-foundation.org, wangkefeng.wang@huawei.com Subject: [patch 16/16] mm: fix uninitialized use in overcommit_policy_handler Message-ID: <20210924224406.83XR7wX9V%akpm@linux-foundation.org> In-Reply-To: <20210924154257.1dbf6699ab8d88c0460f924f@linux-foundation.org> User-Agent: s-nail v14.8.16 X-Rspamd-Server: rspam02 X-Rspamd-Queue-Id: C19CCD000096 X-Stat-Signature: a6y6j5fyhq73u13ue3wu57r4cdrs8i7e Authentication-Results: imf15.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=korg header.b=NYEcmriN; spf=pass (imf15.hostedemail.com: domain of akpm@linux-foundation.org designates 198.145.29.99 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org; dmarc=none X-HE-Tag: 1632523447-522999 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Chen Jun Subject: mm: fix uninitialized use in overcommit_policy_handler We get an unexpected value of /proc/sys/vm/overcommit_memory after running the following program: int main() { int fd = open("/proc/sys/vm/overcommit_memory", O_RDWR); write(fd, "1", 1); write(fd, "2", 1); close(fd); } write(fd, "2", 1) will pass *ppos = 1 to proc_dointvec_minmax. proc_dointvec_minmax will return 0 without setting new_policy. t.data = &new_policy; ret = proc_dointvec_minmax(&t, write, buffer, lenp, ppos) -->do_proc_dointvec -->__do_proc_dointvec if (write) { if (proc_first_pos_non_zero_ignore(ppos, table)) goto out; sysctl_overcommit_memory = new_policy; so sysctl_overcommit_memory will be set to an uninitialized value. Check whether new_policy has been changed by proc_dointvec_minmax. Link: https://lkml.kernel.org/r/20210923020524.13289-1-chenjun102@huawei.com Fixes: 56f3547bfa4d ("mm: adjust vm_committed_as_batch according to vm overcommit policy") Signed-off-by: Chen Jun Acked-by: Michal Hocko Reviewed-by: Feng Tang Reviewed-by: Kefeng Wang Cc: Rui Xiang Cc: Signed-off-by: Andrew Morton --- mm/util.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/mm/util.c~mm-fix-the-uninitialized-use-in-overcommit_policy_handler +++ a/mm/util.c @@ -787,7 +787,7 @@ int overcommit_policy_handler(struct ctl size_t *lenp, loff_t *ppos) { struct ctl_table t; - int new_policy; + int new_policy = -1; int ret; /* @@ -805,7 +805,7 @@ int overcommit_policy_handler(struct ctl t = *table; t.data = &new_policy; ret = proc_dointvec_minmax(&t, write, buffer, lenp, ppos); - if (ret) + if (ret || new_policy == -1) return ret; mm_compute_batch(new_policy);