On Tue, 29 May 2018, Naresh Kamboju wrote:
On 28 May 2018 at 15:30, Greg Kroah-Hartman gregkh@linuxfoundation.org wrote: On all devices, ltp-syscalls-tests:
- cve-2017-5669
ltp-cve-tests:
- cve-2017-5669
Test log:
cve-2017-5669.c:62: INFO: Attempting to attach shared memory to null page cve-2017-5669.c:74: INFO: Mapped shared memory to (nil) cve-2017-5669.c:78: FAIL: We have mapped a VM address within the first 64Kb cve-2017-5669.c:84: INFO: Touching shared memory to see if anything strange happens Summary: passed 0 failed 1 skipped 0 warnings 0
The root cause is, "Revert "ipc/shm: Fix shmat mmap nil-page protection"", which explicitly rolls back the original change and mentions that the LTP test case needs to be updated accordingly.
This is expected in that the ltp testcase was made based on wrong assumptions. Furthermore, the reversion is being done because without it we breaks userspace; X11 most noticeably -- that alone indicates that the cve testcase is bogus.
This regression initially detected on 4.17.0-rc5-next-20180516 Need more investigation on this issue.
The correct way of proceeding is to update the ltp testcase to deal with the remap option only, which I mentioned and they are Cc'ed.
Thanks, Davidlohr