lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20180531063408.GA7744@kroah.com>
Date:   Thu, 31 May 2018 08:34:08 +0200
From:   'Greg Kroah-Hartman' <gregkh@...uxfoundation.org>
To:     Daniel Sangorrin <daniel.sangorrin@...hiba.co.jp>
Cc:     linux-kernel@...r.kernel.org, stable@...r.kernel.org,
        'Davidlohr Bueso' <dbueso@...e.de>,
        'Joe Lawrence' <joe.lawrence@...hat.com>,
        'Andrea Arcangeli' <aarcange@...hat.com>,
        'Manfred Spraul' <manfred@...orfullife.com>,
        'Andrew Morton' <akpm@...ux-foundation.org>,
        'Linus Torvalds' <torvalds@...ux-foundation.org>
Subject: Re: [PATCH 4.4 011/268] Revert "ipc/shm: Fix shmat mmap nil-page
 protection"

On Thu, May 31, 2018 at 11:36:46AM +0900, Daniel Sangorrin wrote:
> > -----Original Message-----
> > From: stable-owner@...r.kernel.org [mailto:stable-owner@...r.kernel.org] On
> > 4.4-stable review patch.  If anyone has any objections, please let me know.
> > 
> > ------------------
> > 
> > From: Davidlohr Bueso <dave@...olabs.net>
> > 
> > commit a73ab244f0dad8fffb3291b905f73e2d3eaa7c00 upstream.
> > 
> > Patch series "ipc/shm: shmat() fixes around nil-page".
> 
> Sorry for being a bit late (the pace is really fast here).
> 
> I have found a regression from 4.4.133-rc1 to 4.4.134-rc1 using Fuego LTP wrapper.
> 
> 4.4.134-rc1
> 	tst_test.c:982: INFO: Timeout per run is 0h 05m 00s
> 	cve-2017-5669.c:62: INFO: Attempting to attach shared memory to null page
> 	cve-2017-5669.c:74: INFO: Mapped shared memory to (nil)
> 	cve-2017-5669.c:78: FAIL: We have mapped a VM address within the first 64Kb
> 	cve-2017-5669.c:84: INFO: Touching shared memory to see if anything strange happens
> 
> 4.4.133-rc1:
> 	tst_test.c:982: INFO: Timeout per run is 0h 05m 00s
> 	cve-2017-5669.c:62: INFO: Attempting to attach shared memory to null page
> 	cve-2017-5669.c:67: PASS: shmat returned EINVAL
> 
> The culprits should be one or both of the two last commits to ipc/shm (one of them a revert).
> 
> - ipc/shm: fix shmat() nil address after round-down when remapping
> - Revert "ipc/shm: Fix shmat mmap nil-page protection"
> 
> I need to investigate the concrete reason, but for now I just wanted to report it.

Thanks for letting us know, but this was reported already.  See the
emails on lkml with the subject:
	Subject: Re: [PATCH 4.16 000/272] 4.16.13-stable review
from Davidlohr Bueso
	Message-ID: <20180528213039.yy2madue67njkmw5@...ux-n805>

where he discusses that the LTP test is incorrect and that the kernel
change is correct and that LTP is going to be fixed because of this.

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ