An unexpected value of /proc/sys/vm/panic_on_oom we will get,
after running the following program.
int main()
{
int fd = open("/proc/sys/vm/panic_on_oom", O_RDWR)
write(fd, "1", 1);
write(fd, "2", 1);
close(fd);
}
write(fd, "2", 1) will pass *ppos = 1 to proc_dointvec_minmax.
proc_dointvec_minmax will return 0 without setting new_policy.
t.data = &new_policy;
ret = proc_dointvec_minmax(&t, write, buffer, lenp, ppos)
-->do_proc_dointvec
-->__do_proc_dointvec
if (write) {
if (proc_first_pos_non_zero_ignore(ppos, table))
goto out;
sysctl_overcommit_memory = new_policy;
so sysctl_overcommit_memory will be set to an uninitialized value.
Check whether new_policy has been changed by proc_dointvec_minmax.
Fixes: 56f3547bfa4d ("mm: adjust vm_committed_as_batch according to vm overcommit policy"
Signed-off-by: Chen Jun <[email protected]>
---
v2:
* Check whether new_policy has been changed by proc_dointvec_minmax.
mm/util.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/mm/util.c b/mm/util.c
index 4ddb6e186dd5..d5be67771850 100644
--- a/mm/util.c
+++ b/mm/util.c
@@ -756,7 +756,7 @@ int overcommit_policy_handler(struct ctl_table *table, int write, void *buffer,
size_t *lenp, loff_t *ppos)
{
struct ctl_table t;
- int new_policy;
+ int new_policy = -1;
int ret;
/*
@@ -774,7 +774,7 @@ int overcommit_policy_handler(struct ctl_table *table, int write, void *buffer,
t = *table;
t.data = &new_policy;
ret = proc_dointvec_minmax(&t, write, buffer, lenp, ppos);
- if (ret)
+ if (ret || new_policy == -1)
return ret;
mm_compute_batch(new_policy);
--
2.17.1
On Wed 22-09-21 01:41:22, Chen Jun wrote:
> An unexpected value of /proc/sys/vm/panic_on_oom we will get,
> after running the following program.
>
> int main()
> {
> int fd = open("/proc/sys/vm/panic_on_oom", O_RDWR)
> write(fd, "1", 1);
> write(fd, "2", 1);
> close(fd);
> }
>
> write(fd, "2", 1) will pass *ppos = 1 to proc_dointvec_minmax.
> proc_dointvec_minmax will return 0 without setting new_policy.
>
> t.data = &new_policy;
> ret = proc_dointvec_minmax(&t, write, buffer, lenp, ppos)
> -->do_proc_dointvec
> -->__do_proc_dointvec
> if (write) {
> if (proc_first_pos_non_zero_ignore(ppos, table))
> goto out;
>
> sysctl_overcommit_memory = new_policy;
>
> so sysctl_overcommit_memory will be set to an uninitialized value.
>
> Check whether new_policy has been changed by proc_dointvec_minmax.
>
> Fixes: 56f3547bfa4d ("mm: adjust vm_committed_as_batch according to vm overcommit policy"
> Signed-off-by: Chen Jun <[email protected]>
Acked-by: Michal Hocko <[email protected]>
Btw. you could also check for new_policy == sysctl_overcommit_memory so
that the sync of pcp counters is not fired without the policy change.
Something for a separate patch I guess.
> ---
>
> v2:
> * Check whether new_policy has been changed by proc_dointvec_minmax.
>
> mm/util.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/mm/util.c b/mm/util.c
> index 4ddb6e186dd5..d5be67771850 100644
> --- a/mm/util.c
> +++ b/mm/util.c
> @@ -756,7 +756,7 @@ int overcommit_policy_handler(struct ctl_table *table, int write, void *buffer,
> size_t *lenp, loff_t *ppos)
> {
> struct ctl_table t;
> - int new_policy;
> + int new_policy = -1;
> int ret;
>
> /*
> @@ -774,7 +774,7 @@ int overcommit_policy_handler(struct ctl_table *table, int write, void *buffer,
> t = *table;
> t.data = &new_policy;
> ret = proc_dointvec_minmax(&t, write, buffer, lenp, ppos);
> - if (ret)
> + if (ret || new_policy == -1)
> return ret;
>
> mm_compute_batch(new_policy);
> --
> 2.17.1
--
Michal Hocko
SUSE Labs
Hi Jun,
On Wed, Sep 22, 2021 at 01:41:22AM +0000, Chen Jun wrote:
> An unexpected value of /proc/sys/vm/panic_on_oom we will get,
> after running the following program.
>
> int main()
> {
> int fd = open("/proc/sys/vm/panic_on_oom", O_RDWR)
should this be "/proc/sys/vm/overcommit_memory"
> write(fd, "1", 1);
> write(fd, "2", 1);
> close(fd);
> }
>
> write(fd, "2", 1) will pass *ppos = 1 to proc_dointvec_minmax.
> proc_dointvec_minmax will return 0 without setting new_policy.
>
> t.data = &new_policy;
> ret = proc_dointvec_minmax(&t, write, buffer, lenp, ppos)
> -->do_proc_dointvec
> -->__do_proc_dointvec
> if (write) {
> if (proc_first_pos_non_zero_ignore(ppos, table))
> goto out;
>
> sysctl_overcommit_memory = new_policy;
>
> so sysctl_overcommit_memory will be set to an uninitialized value.
>
> Check whether new_policy has been changed by proc_dointvec_minmax.
Other than the nit above, it looks good to me, thanks!
Reviewed-by: Feng Tang <[email protected]>
> Fixes: 56f3547bfa4d ("mm: adjust vm_committed_as_batch according to vm overcommit policy"
> Signed-off-by: Chen Jun <[email protected]>
> ---
>
> v2:
> * Check whether new_policy has been changed by proc_dointvec_minmax.
>
> mm/util.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/mm/util.c b/mm/util.c
> index 4ddb6e186dd5..d5be67771850 100644
> --- a/mm/util.c
> +++ b/mm/util.c
> @@ -756,7 +756,7 @@ int overcommit_policy_handler(struct ctl_table *table, int write, void *buffer,
> size_t *lenp, loff_t *ppos)
> {
> struct ctl_table t;
> - int new_policy;
> + int new_policy = -1;
> int ret;
>
> /*
> @@ -774,7 +774,7 @@ int overcommit_policy_handler(struct ctl_table *table, int write, void *buffer,
> t = *table;
> t.data = &new_policy;
> ret = proc_dointvec_minmax(&t, write, buffer, lenp, ppos);
> - if (ret)
> + if (ret || new_policy == -1)
> return ret;
>
> mm_compute_batch(new_policy);
> --
> 2.17.1
>