Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp1360190imm; Wed, 13 Jun 2018 18:50:12 -0700 (PDT) X-Google-Smtp-Source: ADUXVKLis1Q59f/x7s0/jPnUTbqffJnjdITBAMP89d4tdN2mbqK5M+mU4NI7zIcDJgrkEplK1J/3 X-Received: by 2002:a17:902:6b45:: with SMTP id g5-v6mr666884plt.67.1528941011997; Wed, 13 Jun 2018 18:50:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1528941011; cv=none; d=google.com; s=arc-20160816; b=YcqHEE+pO85vzSGxKErBrCGe2hDi4SCpS7hYsmNJTlpTOxo2L5JXaUqRPN0vfo06yK IRtVVWgTbUWo9j5UccKawSCnGLRmDQFr7wuarIeGxUSYsejqzk4oMNFwknx1kJEegP5i lsfhY3JNvwc4j2oZ/yxsL0W1UUzkRmm+FTfFckscNnQlax71YS3c/Qu8Uci2PKejs5wN btNb/57cYUd5jYVDJ12mzhudRyyn5zmF7soHwq5bniJndPYgsQmy3bitDYkZj2jjnVwS Lns8lkS8Yf8OYwlDKgg9LvTVxeRBw2EnfC5puzZvZNkJhp7NDLluP64IaIjHeOSqs7I5 mb/g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject :message-id:date:from:references:in-reply-to:mime-version :dkim-signature:arc-authentication-results; bh=v8hCz8jlIfMPGHzVYHSwjQTQx8qic5cDl0iMeW9Jhvw=; b=HkB8TJ7wcDEXKFeksGNzsOzDB1fOM4wfiOuw0F8dh5HBnL3EDO22JR4XzSv1+Tg0sb tvJJcZURY25wX+zx/dcO91F+APULoJ/yccqj7ywmBx8rB+iyxod3tV7VLTrl2XZxbYsg 7cHK6m0P2I/BAXe15uIsV/9gz4x92IqUHDaIahfd+Ty2puCdwgBv2RiB0Sp746meCHne 6ZtXQZhkUw683gafYM11JfvD6gJmkOA8S233L0jiATSRLsbMq30Ca9fOT+dmGiMED0nk 00pxXflQFqT6+PdGvueBYK544zgTaINT9gItfmYfQkVvV3W7o2KR+T89trusP40Nq1Fp 3cXw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=hX0aFH8+; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l19-v6si3402673pgn.625.2018.06.13.18.49.57; Wed, 13 Jun 2018 18:50:11 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=hX0aFH8+; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S935877AbeFNBte (ORCPT + 99 others); Wed, 13 Jun 2018 21:49:34 -0400 Received: from mail-wr0-f195.google.com ([209.85.128.195]:38732 "EHLO mail-wr0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S935796AbeFNBtc (ORCPT ); Wed, 13 Jun 2018 21:49:32 -0400 Received: by mail-wr0-f195.google.com with SMTP id e18-v6so4643702wrs.5 for ; Wed, 13 Jun 2018 18:49:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=v8hCz8jlIfMPGHzVYHSwjQTQx8qic5cDl0iMeW9Jhvw=; b=hX0aFH8+zunofQSa4qsjuabOpcRFyL6xiO05ZT3xOOwG43qAd/LhZjoXQF5GazgJvE 1LDxVUHF/MVJ5hqgNAE/qlhp95zzXMYwTrKlp3uLTbcyK5uSvnTa3Ol9hptARj9GqvuM q1sBAy3t9tyHALvi4GiR9/SGXG7vQmY9CoaHc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=v8hCz8jlIfMPGHzVYHSwjQTQx8qic5cDl0iMeW9Jhvw=; b=FkKPlW21bMBwRE1H4hB+yjfYmkYJlBd/gXPCVpjGahvy0MVPG7IygSot+SfFsJHhRX dORu8cUtuyEo4HOxDhklswb70pjq5KvhjLRI5PyJ/dutfIc72rDPV8dW9VsG6I4q7UcT qmmOwVt4h1TaS3ir5n/7kJoQYyqEgQIWZEzjxinK/x6XxQb+oZBZvEJzf8ch94T/Vm8Y CCnYfiAPp5YmlDma4YSEuMYPuPL1eDmx6mgYYdz8rSDKGEu12z2kiP2tE1+FfUl56Aqc XwvszWgSPYLoKlS1I4EUcwyL3VEfZlLRues1e7J91mwtGtpuGYtlGdjgN22RS7b81Pk5 Y3uw== X-Gm-Message-State: APt69E3UuP70irBAWslEx6Tq0ARTIIAbp7UNPIuYUV5LQ8antEtQMlWT HzKmb1UouV76bx4rjTyn12DYtJH0ShQn+5KeYS9+dQ== X-Received: by 2002:adf:b782:: with SMTP id s2-v6mr321049wre.247.1528940971477; Wed, 13 Jun 2018 18:49:31 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a1c:c389:0:0:0:0:0 with HTTP; Wed, 13 Jun 2018 18:48:50 -0700 (PDT) In-Reply-To: References: <20180612164816.587001852@linuxfoundation.org> <20180613210044.GA15146@kroah.com> From: Rafael Tinoco Date: Wed, 13 Jun 2018 22:48:50 -0300 Message-ID: Subject: Re: [PATCH 4.4 00/24] 4.4.137-stable review To: Greg Kroah-Hartman Cc: linux-kernel@vger.kernel.org, shuah@kernel.org, patches@kernelci.org, lkft-triage@lists.linaro.org, ben.hutchings@codethink.co.uk, stable@vger.kernel.org, akpm@linux-foundation.org, torvalds@linux-foundation.org, linux@roeck-us.net, ltp@lists.linux.it, Rafael Tinoco Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 13 June 2018 at 18:08, Rafael David Tinoco wrote: > On Wed, Jun 13, 2018 at 6:00 PM, Greg Kroah-Hartman > wrote: >> On Wed, Jun 13, 2018 at 05:47:49PM -0300, Rafael Tinoco wrote: >>> Results from Linaro=E2=80=99s test farm. >>> Regressions detected. >>> >>> NOTE: >>> >>> 1) LTP vma03 test (cve-2011-2496) broken on v4.4-137-rc1 because of: >>> >>> 6ea1dc96a03a mmap: relax file size limit for regular files >>> bd2f9ce5bacb mmap: introduce sane default mmap limits >>> >>> discussion: >>> >>> https://github.com/linux-test-project/ltp/issues/341 >>> >>> mainline commit (v4.13-rc7): >>> >>> 0cc3b0ec23ce Clarify (and fix) MAX_LFS_FILESIZE macros >>> >>> should be backported to 4.4.138-rc2 and fixes the issue. >> >> Really? That commit says it fixes c2a9737f45e2 ("vfs,mm: fix a dead >> loop in truncate_inode_pages_range()") which is not in 4.4.y at all. >> >> Did you test this out? > > Yes, the LTP contains the tests (last comment is the final test for > arm32, right before Jan tests i686). > > Fixing MAX_LFS_FILESIZE fixes the new limit for mmap() brought by > those 2 commits (file_mmap_size_max()). > offset tested by the LTP test is 0xfffffffe000. > file_mmap_size_max gives: 0xFFFFFFFF000 as max value, but only after > the mentioned patch. > > Original intent for this fix was other though. To clarify this a bit further. The LTP CVE test is breaking in the first call to mmap(), even before trying to remap and test the security issue. That start happening in this round because of those mmap() changes and the offset used in the LTP test. Linus changed limit checks and made them to be related to MAX_LFS_FILESIZE. Unfortunately, in 4.4 stable, we were missing the fix for MAX_LFS_FILESIZE (which before commit 0cc3b0ec23ce was less than the REAL 32 bit limit). Commit 0cc3b0ec23ce was made because an user noticed the FS limit not being what it should be. In our case, the 4.4 stable kernel, we are facing this 32 bit lower limit (than the real 32 bit real limit), because of the LTP CVE test, so we need this fix to have the real 32 bit limit set for that macro (mmap limits did not use that macro before). I have tested in arm32 and Jan Stancek, who first responded to LTP issue, has tested this in i686 and both worked after that patch was included to v4.4-137-rc1 (my last test was even with 4.4.138-rc1). Hope that helps a bit.