From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=tPO9=OL=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,
	HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT
	autolearn=unavailable autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id BF1C1C4332F
	for <linux-mm@archiver.kernel.org>; Tue, 21 Sep 2021 14:05:43 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id 609AB611C5
	for <linux-mm@archiver.kernel.org>; Tue, 21 Sep 2021 14:05:43 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 609AB611C5
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=huawei.com
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org
Received: by kanga.kvack.org (Postfix)
	id BCB64940007; Tue, 21 Sep 2021 10:05:42 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id B7B056B0071; Tue, 21 Sep 2021 10:05:42 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id A41A0940007; Tue, 21 Sep 2021 10:05:42 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0023.hostedemail.com [216.40.44.23])
	by kanga.kvack.org (Postfix) with ESMTP id 9689A6B006C
	for <linux-mm@kvack.org>; Tue, 21 Sep 2021 10:05:42 -0400 (EDT)
Received: from smtpin03.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay04.hostedemail.com (Postfix) with ESMTP id 54ED52C586
	for <linux-mm@kvack.org>; Tue, 21 Sep 2021 14:05:42 +0000 (UTC)
X-FDA: 78611753724.03.86F6251
Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188])
	by imf21.hostedemail.com (Postfix) with ESMTP id 60B6CD166CE2
	for <linux-mm@kvack.org>; Tue, 21 Sep 2021 14:05:41 +0000 (UTC)
Received: from dggemv703-chm.china.huawei.com (unknown [172.30.72.54])
	by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4HDNPW3wytz8y0F;
	Tue, 21 Sep 2021 22:01:03 +0800 (CST)
Received: from dggpemm500006.china.huawei.com (7.185.36.236) by
 dggemv703-chm.china.huawei.com (10.3.19.46) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2308.8; Tue, 21 Sep 2021 22:05:35 +0800
Received: from mdc.huawei.com (10.175.112.208) by
 dggpemm500006.china.huawei.com (7.185.36.236) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2308.8; Tue, 21 Sep 2021 22:05:34 +0800
From: Chen Jun <chenjun102@huawei.com>
To: <linux-kernel@vger.kernel.org>, <linux-mm@kvack.org>
CC: <akpm@linux-foundation.org>, <feng.tang@intel.com>, <mhocko@suse.com>,
	<rui.xiang@huawei.com>
Subject: [PATCH] mm: Fix the uninitialized use in overcommit_policy_handler
Date: Tue, 21 Sep 2021 14:03:01 +0000
Message-ID: <20210921140301.9058-1-chenjun102@huawei.com>
X-Mailer: git-send-email 2.17.1
MIME-Version: 1.0
Content-Type: text/plain
X-Originating-IP: [10.175.112.208]
X-ClientProxiedBy: dggems704-chm.china.huawei.com (10.3.19.181) To
 dggpemm500006.china.huawei.com (7.185.36.236)
X-CFilter-Loop: Reflected
Authentication-Results: imf21.hostedemail.com;
	dkim=none;
	dmarc=pass (policy=none) header.from=huawei.com;
	spf=pass (imf21.hostedemail.com: domain of chenjun102@huawei.com designates 45.249.212.188 as permitted sender) smtp.mailfrom=chenjun102@huawei.com
X-Rspamd-Server: rspam06
X-Rspamd-Queue-Id: 60B6CD166CE2
X-Stat-Signature: kaoi87zbgb8o5wphqfp5utg5hmnegaeq
X-HE-Tag: 1632233141-519572
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

An unexpected value of /proc/sys/vm/panic_on_oom we will get,
after running the following program

int main()
{
    int fd = open("/proc/sys/vm/panic_on_oom", O_RDWR)
    write(fd, "1", 1);
    write(fd, "2", 1);
    close(fd);
}

write(fd, "2", 1) will pass *ppos = 1 to proc_dointvec_minmax.
proc_dointvec_minmax will return 0 without setting new_policy.

t.data = &new_policy;
ret = proc_dointvec_minmax(&t, write, buffer, lenp, ppos)
      -->do_proc_dointvec
         -->__do_proc_dointvec
              if (write) {
                if (proc_first_pos_non_zero_ignore(ppos, table))
                  goto out;

sysctl_overcommit_memory = new_policy;

so sysctl_overcommit_memory will be set to an uninitialized value.

Initialize new_policy with sysctl_overcommit_memory.

Fixes: 56f3547bfa4d ("mm: adjust vm_committed_as_batch according to vm overcommit policy"
Signed-off-by: Chen Jun <chenjun102@huawei.com>
---
 mm/util.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mm/util.c b/mm/util.c
index 4ddb6e186dd5..b4af8a1de4f7 100644
--- a/mm/util.c
+++ b/mm/util.c
@@ -756,7 +756,7 @@ int overcommit_policy_handler(struct ctl_table *table, int write, void *buffer,
 		size_t *lenp, loff_t *ppos)
 {
 	struct ctl_table t;
-	int new_policy;
+	int new_policy = sysctl_overcommit_memory;
 	int ret;
 
 	/*
-- 
2.17.1