qiurui
/
Centos-kernel-stream-9
mirror of https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

mm: fix uninitialized use in overcommit_policy_handler 

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2023396

This patch is a backport of the following upstream commit:
commit bcbda81020c3ee77e2c098cadf3e84f99ca3de17
Author: Chen Jun <chenjun102@huawei.com>
Date:   Fri Sep 24 15:44:06 2021 -0700

    mm: fix uninitialized use in overcommit_policy_handler

    We get an unexpected value of /proc/sys/vm/overcommit_memory after
    running the following program:

      int main()
      {
          int fd = open("/proc/sys/vm/overcommit_memory", O_RDWR);
          write(fd, "1", 1);
          write(fd, "2", 1);
          close(fd);
      }

    write(fd, "2", 1) will pass *ppos = 1 to proc_dointvec_minmax.
    proc_dointvec_minmax will return 0 without setting new_policy.

      t.data = &new_policy;
      ret = proc_dointvec_minmax(&t, write, buffer, lenp, ppos)
          -->do_proc_dointvec
             -->__do_proc_dointvec
                  if (write) {
                    if (proc_first_pos_non_zero_ignore(ppos, table))
                      goto out;

      sysctl_overcommit_memory = new_policy;

    so sysctl_overcommit_memory will be set to an uninitialized value.

    Check whether new_policy has been changed by proc_dointvec_minmax.

    Link: https://lkml.kernel.org/r/20210923020524.13289-1-chenjun102@huawei.com
    Fixes: 56f3547bfa ("mm: adjust vm_committed_as_batch according to vm overcommit policy")
    Signed-off-by: Chen Jun <chenjun102@huawei.com>
    Acked-by: Michal Hocko <mhocko@suse.com>
    Reviewed-by: Feng Tang <feng.tang@intel.com>
    Reviewed-by: Kefeng Wang <wangkefeng.wang@huawei.com>
    Cc: Rui Xiang <rui.xiang@huawei.com>
    Cc: <stable@vger.kernel.org>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

Signed-off-by: Rafael Aquini <aquini@redhat.com>
This commit is contained in:
Rafael Aquini 2021-11-29 11:38:54 -05:00
parent 50ec26a05d
commit 42aa03f98c
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
mm/util.c
View File

@ -787,7 +787,7 @@ int overcommit_policy_handler(struct ctl_table *table, int write, void *buffer,
size_t *lenp, loff_t *ppos)
{
struct ctl_table t;
int new_policy;
int new_policy = -1;
int ret;
/*
@ -805,7 +805,7 @@ int overcommit_policy_handler(struct ctl_table *table, int write, void *buffer,
t = *table;
t.data = &new_policy;
ret = proc_dointvec_minmax(&t, write, buffer, lenp, ppos);
if (ret)
if (ret || new_policy == -1)
return ret;
mm_compute_batch(new_policy);