* [PATCH] mm: Fix the uninitialized use in overcommit_policy_handler
@ 2021-09-21 14:03 Chen Jun
2021-09-21 15:44 ` Michal Hocko
0 siblings, 1 reply; 3+ messages in thread
From: Chen Jun @ 2021-09-21 14:03 UTC (permalink / raw)
To: linux-kernel, linux-mm; +Cc: akpm, feng.tang, mhocko, rui.xiang
An unexpected value of /proc/sys/vm/panic_on_oom we will get,
after running the following program
int main()
{
int fd = open("/proc/sys/vm/panic_on_oom", O_RDWR)
write(fd, "1", 1);
write(fd, "2", 1);
close(fd);
}
write(fd, "2", 1) will pass *ppos = 1 to proc_dointvec_minmax.
proc_dointvec_minmax will return 0 without setting new_policy.
t.data = &new_policy;
ret = proc_dointvec_minmax(&t, write, buffer, lenp, ppos)
-->do_proc_dointvec
-->__do_proc_dointvec
if (write) {
if (proc_first_pos_non_zero_ignore(ppos, table))
goto out;
sysctl_overcommit_memory = new_policy;
so sysctl_overcommit_memory will be set to an uninitialized value.
Initialize new_policy with sysctl_overcommit_memory.
Fixes: 56f3547bfa4d ("mm: adjust vm_committed_as_batch according to vm overcommit policy"
Signed-off-by: Chen Jun <chenjun102@huawei.com>
---
mm/util.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mm/util.c b/mm/util.c
index 4ddb6e186dd5..b4af8a1de4f7 100644
--- a/mm/util.c
+++ b/mm/util.c
@@ -756,7 +756,7 @@ int overcommit_policy_handler(struct ctl_table *table, int write, void *buffer,
size_t *lenp, loff_t *ppos)
{
struct ctl_table t;
- int new_policy;
+ int new_policy = sysctl_overcommit_memory;
int ret;
/*
--
2.17.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] mm: Fix the uninitialized use in overcommit_policy_handler
2021-09-21 14:03 [PATCH] mm: Fix the uninitialized use in overcommit_policy_handler Chen Jun
@ 2021-09-21 15:44 ` Michal Hocko
2021-09-22 15:30 ` Feng Tang
0 siblings, 1 reply; 3+ messages in thread
From: Michal Hocko @ 2021-09-21 15:44 UTC (permalink / raw)
To: Chen Jun; +Cc: linux-kernel, linux-mm, akpm, feng.tang, rui.xiang
On Tue 21-09-21 14:03:01, Chen Jun wrote:
> An unexpected value of /proc/sys/vm/panic_on_oom we will get,
> after running the following program
>
> int main()
> {
> int fd = open("/proc/sys/vm/panic_on_oom", O_RDWR)
> write(fd, "1", 1);
> write(fd, "2", 1);
> close(fd);
> }
>
> write(fd, "2", 1) will pass *ppos = 1 to proc_dointvec_minmax.
> proc_dointvec_minmax will return 0 without setting new_policy.
>
> t.data = &new_policy;
> ret = proc_dointvec_minmax(&t, write, buffer, lenp, ppos)
> -->do_proc_dointvec
> -->__do_proc_dointvec
> if (write) {
> if (proc_first_pos_non_zero_ignore(ppos, table))
> goto out;
>
> sysctl_overcommit_memory = new_policy;
>
> so sysctl_overcommit_memory will be set to an uninitialized value.
The overcommit_policy_handler (ab)use of proc_dointvec_minmax is really
an odd one. It is not really great that proc_dointvec_minmax cannot
really tell whether the value has been changed but likely nobody really
needed that so far.
I strongly suspect the intention was to do all the follow up handling
before making the new mode visible to others. Maybe this can be changed
so that the handler doesn't really need to do any hops.
Your fix is an easier part I would just initialize the to -1 so that we
can tell nothing has been done the handler can bail out without any
follow up work.
--
Michal Hocko
SUSE Labs
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] mm: Fix the uninitialized use in overcommit_policy_handler
2021-09-21 15:44 ` Michal Hocko
@ 2021-09-22 15:30 ` Feng Tang
0 siblings, 0 replies; 3+ messages in thread
From: Feng Tang @ 2021-09-22 15:30 UTC (permalink / raw)
To: Michal Hocko; +Cc: Chen Jun, linux-kernel, linux-mm, akpm, rui.xiang
On Tue, Sep 21, 2021 at 05:44:38PM +0200, Michal Hocko wrote:
> On Tue 21-09-21 14:03:01, Chen Jun wrote:
> > An unexpected value of /proc/sys/vm/panic_on_oom we will get,
> > after running the following program
> >
> > int main()
> > {
> > int fd = open("/proc/sys/vm/panic_on_oom", O_RDWR)
> > write(fd, "1", 1);
> > write(fd, "2", 1);
> > close(fd);
> > }
> >
> > write(fd, "2", 1) will pass *ppos = 1 to proc_dointvec_minmax.
> > proc_dointvec_minmax will return 0 without setting new_policy.
> >
> > t.data = &new_policy;
> > ret = proc_dointvec_minmax(&t, write, buffer, lenp, ppos)
> > -->do_proc_dointvec
> > -->__do_proc_dointvec
> > if (write) {
> > if (proc_first_pos_non_zero_ignore(ppos, table))
> > goto out;
> >
> > sysctl_overcommit_memory = new_policy;
> >
> > so sysctl_overcommit_memory will be set to an uninitialized value.
>
> The overcommit_policy_handler (ab)use of proc_dointvec_minmax is really
> an odd one. It is not really great that proc_dointvec_minmax cannot
> really tell whether the value has been changed but likely nobody really
> needed that so far.
>
> I strongly suspect the intention was to do all the follow up handling
> before making the new mode visible to others.
IIRC, You are right, there was some error caught by ltp tool, that when
the overcommit policy get frequently changed while there is stress memory
test, so if the policy is changed to OVERCOMMIT_NEVER, it must happen
after the batch number is changed.
Thanks,
Feng
> Maybe this can be changed
> so that the handler doesn't really need to do any hops.
>
> Your fix is an easier part I would just initialize the to -1 so that we
> can tell nothing has been done the handler can bail out without any
> follow up work.
> --
> Michal Hocko
> SUSE Labs
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-09-22 15:30 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-21 14:03 [PATCH] mm: Fix the uninitialized use in overcommit_policy_handler Chen Jun
2021-09-21 15:44 ` Michal Hocko
2021-09-22 15:30 ` Feng Tang
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).