On Thu, May 31, 2018 at 11:36:46AM +0900, Daniel Sangorrin wrote:
-----Original Message----- From: stable-owner@vger.kernel.org [mailto:stable-owner@vger.kernel.org] On 4.4-stable review patch. If anyone has any objections, please let me know.
From: Davidlohr Bueso dave@stgolabs.net
commit a73ab244f0dad8fffb3291b905f73e2d3eaa7c00 upstream.
Patch series "ipc/shm: shmat() fixes around nil-page".
Sorry for being a bit late (the pace is really fast here).
I have found a regression from 4.4.133-rc1 to 4.4.134-rc1 using Fuego LTP wrapper.
4.4.134-rc1 tst_test.c:982: INFO: Timeout per run is 0h 05m 00s cve-2017-5669.c:62: INFO: Attempting to attach shared memory to null page cve-2017-5669.c:74: INFO: Mapped shared memory to (nil) cve-2017-5669.c:78: FAIL: We have mapped a VM address within the first 64Kb cve-2017-5669.c:84: INFO: Touching shared memory to see if anything strange happens
4.4.133-rc1: tst_test.c:982: INFO: Timeout per run is 0h 05m 00s cve-2017-5669.c:62: INFO: Attempting to attach shared memory to null page cve-2017-5669.c:67: PASS: shmat returned EINVAL
The culprits should be one or both of the two last commits to ipc/shm (one of them a revert).
- ipc/shm: fix shmat() nil address after round-down when remapping
- Revert "ipc/shm: Fix shmat mmap nil-page protection"
I need to investigate the concrete reason, but for now I just wanted to report it.
Thanks for letting us know, but this was reported already. See the emails on lkml with the subject: Subject: Re: [PATCH 4.16 000/272] 4.16.13-stable review from Davidlohr Bueso Message-ID: 20180528213039.yy2madue67njkmw5@linux-n805
where he discusses that the LTP test is incorrect and that the kernel change is correct and that LTP is going to be fixed because of this.
thanks,
greg k-h