New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cve-2017-5669.c needs fix for shmat() nil addresses #319
Comments
I'm verifying: https://github.com/inaddy/ltp/commit/e3840669d2bb87e63c6df205cea1beb9eb5539dd With old and new LTP tests, old and new kernels to make sure test is good before merge proposal. |
with previous ltp and old kernel
with patched ltp and previous kernel
with previous ltp and mainline kernel
with patched ltp and mainline kernel
|
… with REMAPs Fixes: linux-test-project#319 According to upstream thread (https://lkml.org/lkml/2018/5/28/2056), cve-2017-5669 needs to address the "new" way of handling nil addresses for shmat() when used with MAP_FIXED or SHM_REMAP flags. - mapping nil-page is OK on lower addresses with MAP_FIXED (or else X11 is broken) - mapping nil-page is NOT OK with SHM_REMAP on lower addresses Addresses Davidlohr Bueso's comments/changes: commit 8f89c007b6de Author: Davidlohr Bueso <dave@stgolabs.net> Date: Fri May 25 14:47:30 2018 -0700 ipc/shm: fix shmat() nil address after round-down when remapping commit a73ab244f0da Author: Davidlohr Bueso <dave@stgolabs.net> Date: Fri May 25 14:47:27 2018 -0700 Revert "ipc/shm: Fix shmat mmap nil-page protection" For previously test, and now broken, made based on: commit 95e91b831f87 Author: Davidlohr Bueso <dave@stgolabs.net> Date: Mon Feb 27 14:28:24 2017 -0800 ipc/shm: Fix shmat mmap nil-page protection Signed-off-by: Rafael David Tinoco <rafael.tinoco@linaro.org> Tested-by: Naresh Kamboju <naresh.kamboju@linaro.org> Reviewed-by: Jan Stancek <jstancek@redhat.com>
According to upstream thread (https://lkml.org/lkml/2018/5/28/2056) , cve-2017-5669 needs to address the "new" way of handling nil addresses for shmat() when used with MAP_FIXED or SHM_REMAP flags.
Based on original discussion: https://marc.info/?i=20180430172152.nfa564pvgpk3ut7p%40linux-n805
You will find initial motivation for the patches:
AND
In 4.17-rc7 you will find:
TODO: Make sure a call to shmat() with SHM_RND & SHM_REMAP flags can't succeed for nil addresses (-EINVAL has to be returned), changing the current test that only tests SHM_RND flag.
and
The text was updated successfully, but these errors were encountered: