[LTP] [Bug 219750] New: Unexpected result from the stack_clash test for CVE 2017-1000364

Andrew Morton akpm@linux-foundation.org
Wed Feb 5 03:37:09 CET 2025 

(switched to email.  Please respond via emailed reply-to-all, not via the
bugzilla web interface).

On Tue, 04 Feb 2025 22:19:44 +0000 bugzilla-daemon@kernel.org wrote:

> https://bugzilla.kernel.org/show_bug.cgi?id=219750
> 
>             Bug ID: 219750
>            Summary: Unexpected result from the stack_clash test for CVE
>                     2017-1000364
>            Product: Memory Management
>            Version: 2.5
>           Hardware: All
>                 OS: Linux
>             Status: NEW
>           Severity: normal
>           Priority: P3
>          Component: Other
>           Assignee: akpm@linux-foundation.org
>           Reporter: lawa@nvidia.com
>         Regression: No

Thanks.  I'm suspecting that the changes in 6b008640db73 ("mm: move
'mmap_min_addr' logic from callers into vm_unmapped_area()") broke the
heuristics in stack_clash.c.  Let's cc the LTP team and ask whether
others are seeing this?

> Created attachment 307574
>   --> https://bugzilla.kernel.org/attachment.cgi?id=307574&action=edit
> git bisect log file
> 
> I ran into the following unexpected result from the stack clash test included
> with the LTP testsuite while running tests against 6.12.10:
> 
> ###
> 
> tst_test.c:1724: TINFO: Overall timeout per run is 0h 04m 00s 
> tst_kconfig.c:629: TINFO: stack_guard_gap is not found in /proc/cmdline 
> stack_clash.c:296: TINFO: STACK_GROWSDOWN = 1 == 0x7fffffffcfd0 >
> 0x7fffffffcf40 
> stack_clash.c:247: TINFO: Stack:0x7fffffefc000+0x103000
> mmap:0x7fffffdfb000+0x1000 
> stack_clash.c:207: TBROK: mmap((nil),4096,PROT_READ | PROT_WRITE(3),34,0,0)
> failed: ENOMEM (12) 
> stack_clash.c:329: TBROK: Child exited with 2 
> 
> HINT: You _MAY_ be missing kernel fixes: 
> 
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=58c5d0d6d522 
> 
> HINT: You _MAY_ be vulnerable to CVE(s): 
> 
> ###
> 
> 
> The test worked previously on 6.1.x.   
> 
> I ran the same test on a 6.6.x  (6.6.70 to be specific) and I got the same
> failure.
> 
> git bisect testing appeared to narrow down the reason for the unexpected result
> to the   following commit:
> 
> 6b008640db7355d8de6ac18f74cedd7ccc92684f
> 
> 
> Tested reverting the changes from the latter commit and I was able to get the
> expected result:
> 
> 
> [root@rno2-sim-j08-017 ~]# stack_clash
> tst_test.c:1900: TINFO: LTP version: 20240930
> tst_test.c:1904: TINFO: Tested kernel: 6.12.10 #8 SMP PREEMPT_DYNAMIC Fri Jan
> 31 12:42:41 PST 2025 x86_64
> tst_kconfig.c:88: TINFO: Parsing kernel config '/proc/config.gz'
> tst_test.c:1724: TINFO: Overall timeout per run is 0h 00m 30s 
> tst_kconfig.c:629: TINFO: stack_guard_gap is not found in /proc/cmdline
> stack_clash.c:296: TINFO: STACK_GROWSDOWN = 1 == 0x7fffffffd3b0 >
> 0x7fffffffd320
> stack_clash.c:247: TINFO: Stack:0x7fffffefc000+0x103000
> mmap:0x7fffffdfb000+0x1000
> stack_clash.c:89: TINFO: mmap = [7fffffdfb000, 7fffffdfc000), addr =
> 7fffffefbd60, diff = ffd60, THRESHOLD = ff000
> stack_clash.c:321: TPASS: stack is far enough from mmaped area
> 
> Summary:
> passed   1   
> failed   0   
> broken   0   
> skipped  0
> warnings 0
> 
> -- 
> You may reply to this email to add a comment.
> 
> You are receiving this mail because:
> You are the assignee for the bug.

More information about the ltp mailing list