[LTP] [Bug 219750] New: Unexpected result from the stack_clash test for CVE 2017-1000364

Leandro Awa lawa@nvidia.com
Wed Feb 5 19:22:27 CET 2025 

Thank you for the reply.

I forgot to include this information but the test system was running a Rocky 8.9 OS.



Regards,

Leandro Awa



________________________________
From: Andrew Morton <akpm@linux-foundation.org>
Sent: Tuesday, February 4, 2025 6:37 PM
To: bugzilla-daemon@kernel.org <bugzilla-daemon@kernel.org>
Cc: Leandro Awa <lawa@nvidia.com>; ltp@lists.linux.it <ltp@lists.linux.it>; rick.p.edgecombe@intel.com <rick.p.edgecombe@intel.com>
Subject: Re: [Bug 219750] New: Unexpected result from the stack_clash test for CVE 2017-1000364

[You don't often get email from akpm@linux-foundation.org. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]

External email: Use caution opening links or attachments


(switched to email.  Please respond via emailed reply-to-all, not via the
bugzilla web interface).

On Tue, 04 Feb 2025 22:19:44 +0000 bugzilla-daemon@kernel.org wrote:

> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.kernel.org%2Fshow_bug.cgi%3Fid%3D219750&data=05%7C02%7Clawa%40nvidia.com%7C5ab5b4d3c70344f417fe08dd458dfe42%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C638743198365806564%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=lCwiGq%2FLpeyLROctH6Zo%2FIYl7h5JSsbb8%2FZPmwpXuhQ%3D&reserved=0<https://bugzilla.kernel.org/show_bug.cgi?id=219750>
>
>             Bug ID: 219750
>            Summary: Unexpected result from the stack_clash test for CVE
>                     2017-1000364
>            Product: Memory Management
>            Version: 2.5
>           Hardware: All
>                 OS: Linux
>             Status: NEW
>           Severity: normal
>           Priority: P3
>          Component: Other
>           Assignee: akpm@linux-foundation.org
>           Reporter: lawa@nvidia.com
>         Regression: No

Thanks.  I'm suspecting that the changes in 6b008640db73 ("mm: move
'mmap_min_addr' logic from callers into vm_unmapped_area()") broke the
heuristics in stack_clash.c.  Let's cc the LTP team and ask whether
others are seeing this?

> Created attachment 307574
>   --> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.kernel.org%2Fattachment.cgi%3Fid%3D307574%26action%3Dedit&data=05%7C02%7Clawa%40nvidia.com%7C5ab5b4d3c70344f417fe08dd458dfe42%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C638743198365832526%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=FYbvvW9%2Bj9LS1usZlgAUmwWQZa%2BwSRfH9M38%2FNnHB6o%3D&reserved=0<https://bugzilla.kernel.org/attachment.cgi?id=307574&action=edit>
> git bisect log file
>
> I ran into the following unexpected result from the stack clash test included
> with the LTP testsuite while running tests against 6.12.10:
>
> ###
>
> tst_test.c:1724: TINFO: Overall timeout per run is 0h 04m 00s
> tst_kconfig.c:629: TINFO: stack_guard_gap is not found in /proc/cmdline
> stack_clash.c:296: TINFO: STACK_GROWSDOWN = 1 == 0x7fffffffcfd0 >
> 0x7fffffffcf40
> stack_clash.c:247: TINFO: Stack:0x7fffffefc000+0x103000
> mmap:0x7fffffdfb000+0x1000
> stack_clash.c:207: TBROK: mmap((nil),4096,PROT_READ | PROT_WRITE(3),34,0,0)
> failed: ENOMEM (12)
> stack_clash.c:329: TBROK: Child exited with 2
>
> HINT: You _MAY_ be missing kernel fixes:
>
> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgit.kernel.org%2Fpub%2Fscm%2Flinux%2Fkernel%2Fgit%2Ftorvalds%2Flinux.git%2Fcommit%2F%3Fid%3D58c5d0d6d522&data=05%7C02%7Clawa%40nvidia.com%7C5ab5b4d3c70344f417fe08dd458dfe42%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C638743198365845964%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=ykZjHGwpe2I2mEf5cV1hqpGRGZmqlPXVuWW0CEvXsyk%3D&reserved=0<https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=58c5d0d6d522>
>
> HINT: You _MAY_ be vulnerable to CVE(s):
>
> ###
>
>
> The test worked previously on 6.1.x.
>
> I ran the same test on a 6.6.x  (6.6.70 to be specific) and I got the same
> failure.
>
> git bisect testing appeared to narrow down the reason for the unexpected result
> to the   following commit:
>
> 6b008640db7355d8de6ac18f74cedd7ccc92684f
>
>
> Tested reverting the changes from the latter commit and I was able to get the
> expected result:
>
>
> [root@rno2-sim-j08-017 ~]# stack_clash
> tst_test.c:1900: TINFO: LTP version: 20240930
> tst_test.c:1904: TINFO: Tested kernel: 6.12.10 #8 SMP PREEMPT_DYNAMIC Fri Jan
> 31 12:42:41 PST 2025 x86_64
> tst_kconfig.c:88: TINFO: Parsing kernel config '/proc/config.gz'
> tst_test.c:1724: TINFO: Overall timeout per run is 0h 00m 30s
> tst_kconfig.c:629: TINFO: stack_guard_gap is not found in /proc/cmdline
> stack_clash.c:296: TINFO: STACK_GROWSDOWN = 1 == 0x7fffffffd3b0 >
> 0x7fffffffd320
> stack_clash.c:247: TINFO: Stack:0x7fffffefc000+0x103000
> mmap:0x7fffffdfb000+0x1000
> stack_clash.c:89: TINFO: mmap = [7fffffdfb000, 7fffffdfc000), addr =
> 7fffffefbd60, diff = ffd60, THRESHOLD = ff000
> stack_clash.c:321: TPASS: stack is far enough from mmaped area
>
> Summary:
> passed   1
> failed   0
> broken   0
> skipped  0
> warnings 0
>
> --
> You may reply to this email to add a comment.
>
> You are receiving this mail because:
> You are the assignee for the bug.

More information about the ltp mailing list