1 files changed, 0 insertions, 97 deletions
diff --git a/meta/recipes-extended/ltp/ltp/0041-cve-2017-5669-shmat-for-0-or-PAGESIZE-with-RND-flag-.patch b/meta/recipes-extended/ltp/ltp/0041-cve-2017-5669-shmat-for-0-or-PAGESIZE-with-RND-flag-.patch
deleted file mode 100644
index 0d2d2cbce4..0000000000
--- a/meta/recipes-extended/ltp/ltp/0041-cve-2017-5669-shmat-for-0-or-PAGESIZE-with-RND-flag-.patch
+++ /dev/null
@@ -1,97 +0,0 @@
-From b767b73ef027ba8d35f297c7d3659265ac80425b Mon Sep 17 00:00:00 2001
-From: Rafael David Tinoco <rafael.tinoco@canonical.com>
-Date: Wed, 30 May 2018 09:14:34 -0300
-Subject: [PATCH] cve-2017-5669: shmat() for 0 (or <PAGESIZE with RND flag) has
- to fail with REMAPs
-Fixes: https://github.com/linux-test-project/ltp/issues/319
-According to upstream thread (https://lkml.org/lkml/2018/5/28/2056),
-cve-2017-5669 needs to address the "new" way of handling nil addresses
-for shmat() when used with MAP_FIXED or SHM_REMAP flags.
- mapping nil-page is OK on lower addresses with MAP_FIXED (or else X11 is broken)
- mapping nil-page is NOT OK with SHM_REMAP on lower addresses
-Addresses Davidlohr Bueso's comments/changes:
-commit 8f89c007b6de
-Author: Davidlohr Bueso <dave@stgolabs.net>
-Date:   Fri May 25 14:47:30 2018 -0700
-    ipc/shm: fix shmat() nil address after round-down when remapping
-commit a73ab244f0da
-Author: Davidlohr Bueso <dave@stgolabs.net>
-Date:   Fri May 25 14:47:27 2018 -0700
-    Revert "ipc/shm: Fix shmat mmap nil-page protection"
-For previously test, and now broken, made based on:
-commit 95e91b831f87
-Author: Davidlohr Bueso <dave@stgolabs.net>
-Date:   Mon Feb 27 14:28:24 2017 -0800
-    ipc/shm: Fix shmat mmap nil-page protection
-Signed-off-by: Rafael David Tinoco <rafael.tinoco@linaro.org>
-Tested-by: Naresh Kamboju <naresh.kamboju@linaro.org>
-Reviewed-by: Jan Stancek <jstancek@redhat.com>
-Upstream-Status: Accepted [https://github.com/linux-test-project/ltp/pull/324]
-CVE: CVE-2017-5669
-Signed-off-by: Rafael David Tinoco <rafael.tinoco@linaro.org>
---
- testcases/cve/cve-2017-5669.c | 20 +++++++++++++++++++-
- 1 file changed, 19 insertions(+), 1 deletion(-)
-diff --git a/testcases/cve/cve-2017-5669.c b/testcases/cve/cve-2017-5669.c
-index 1ca5983..0834626 100644
--- a/testcases/cve/cve-2017-5669.c
-+++ b/testcases/cve/cve-2017-5669.c
-@@ -28,7 +28,20 @@
-  * is just to see if we get an access error or some other unexpected behaviour.
-  *
-  * See commit 95e91b831f (ipc/shm: Fix shmat mmap nil-page protection)
-+ *
-+ * The commit above disallowed SHM_RND maps to zero (and rounded) entirely and
-+ * that broke userland for cases like Xorg. New behavior disallows REMAPs to
-+ * lower addresses (0<=PAGESIZE).
-+ *
-+ * See commit a73ab244f0da (Revert "ipc/shm: Fix shmat mmap nil-page protect...)
-+ * See commit 8f89c007b6de (ipc/shm: fix shmat() nil address after round-dow...)
-+ * See https://github.com/linux-test-project/ltp/issues/319
-+ *
-+ * This test needs root permissions or else security_mmap_addr(), from
-+ * get_unmapped_area(), will cause permission errors when trying to mmap lower
-+ * addresses.
-  */
-+
- #include <sys/types.h>
- #include <sys/ipc.h>
- #include <sys/shm.h>
-@@ -60,7 +73,11 @@ static void cleanup(void)
- static void run(void)
- {
-        tst_res(TINFO, "Attempting to attach shared memory to null page");
-       shm_addr = shmat(shm_id, ((void *)1), SHM_RND);
-+       /*
-+        * shmat() for 0 (or < PAGESIZE with RND flag) has to fail with REMAPs
-+        * https://github.com/linux-test-project/ltp/issues/319
-+        */
-+       shm_addr = shmat(shm_id, ((void *)1), SHM_RND | SHM_REMAP);
-        if (shm_addr == (void *)-1) {
-                shm_addr = NULL;
-                if (errno == EINVAL) {
-@@ -89,6 +106,7 @@ static void run(void)
- }
- 
- static struct tst_test test = {
-+       .needs_root = 1,
-        .setup = setup,
-        .cleanup = cleanup,
-        .test_all = run,
-- 
-2.7.4

diff --git a/meta/recipes-extended/ltp/ltp/0041-cve-2017-5669-shmat-for-0-or-PAGESIZE-with-RND-flag-.patch b/meta/recipes-extended/ltp/ltp/0041-cve-2017-5669-shmat-for-0-or-PAGESIZE-with-RND-flag-.patch deleted file mode 100644 index 0d2d2cbce4..0000000000 --- a/meta/recipes-extended/ltp/ltp/0041-cve-2017-5669-shmat-for-0-or-PAGESIZE-with-RND-flag-.patch +++ /dev/null
@@ -1,97 +0,0 @@
1	From b767b73ef027ba8d35f297c7d3659265ac80425b Mon Sep 17 00:00:00 2001
2	From: Rafael David Tinoco <rafael.tinoco@canonical.com>
3	Date: Wed, 30 May 2018 09:14:34 -0300
4	Subject: [PATCH] cve-2017-5669: shmat() for 0 (or <PAGESIZE with RND flag) has
5	to fail with REMAPs
6
7	Fixes: https://github.com/linux-test-project/ltp/issues/319
8
9	According to upstream thread (https://lkml.org/lkml/2018/5/28/2056),
10	cve-2017-5669 needs to address the "new" way of handling nil addresses
11	for shmat() when used with MAP_FIXED or SHM_REMAP flags.
12
13	- mapping nil-page is OK on lower addresses with MAP_FIXED (or else X11 is broken)
14	- mapping nil-page is NOT OK with SHM_REMAP on lower addresses
15
16	Addresses Davidlohr Bueso's comments/changes:
17
18	commit 8f89c007b6de
19	Author: Davidlohr Bueso <dave@stgolabs.net>
20	Date: Fri May 25 14:47:30 2018 -0700
21
22	ipc/shm: fix shmat() nil address after round-down when remapping
23
24	commit a73ab244f0da
25	Author: Davidlohr Bueso <dave@stgolabs.net>
26	Date: Fri May 25 14:47:27 2018 -0700
27
28	Revert "ipc/shm: Fix shmat mmap nil-page protection"
29
30	For previously test, and now broken, made based on:
31
32	commit 95e91b831f87
33	Author: Davidlohr Bueso <dave@stgolabs.net>
34	Date: Mon Feb 27 14:28:24 2017 -0800
35
36	ipc/shm: Fix shmat mmap nil-page protection
37
38	Signed-off-by: Rafael David Tinoco <rafael.tinoco@linaro.org>
39	Tested-by: Naresh Kamboju <naresh.kamboju@linaro.org>
40	Reviewed-by: Jan Stancek <jstancek@redhat.com>
41
42	Upstream-Status: Accepted [https://github.com/linux-test-project/ltp/pull/324]
43	CVE: CVE-2017-5669
44	Signed-off-by: Rafael David Tinoco <rafael.tinoco@linaro.org>
45	---
46	testcases/cve/cve-2017-5669.c \| 20 +++++++++++++++++++-
47	1 file changed, 19 insertions(+), 1 deletion(-)
48
49	diff --git a/testcases/cve/cve-2017-5669.c b/testcases/cve/cve-2017-5669.c
50	index 1ca5983..0834626 100644
51	--- a/testcases/cve/cve-2017-5669.c
52	+++ b/testcases/cve/cve-2017-5669.c
53	@@ -28,7 +28,20 @@
54	* is just to see if we get an access error or some other unexpected behaviour.
55	*
56	* See commit 95e91b831f (ipc/shm: Fix shmat mmap nil-page protection)
57	+ *
58	+ * The commit above disallowed SHM_RND maps to zero (and rounded) entirely and
59	+ * that broke userland for cases like Xorg. New behavior disallows REMAPs to
60	+ * lower addresses (0<=PAGESIZE).
61	+ *
62	+ * See commit a73ab244f0da (Revert "ipc/shm: Fix shmat mmap nil-page protect...)
63	+ * See commit 8f89c007b6de (ipc/shm: fix shmat() nil address after round-dow...)
64	+ * See https://github.com/linux-test-project/ltp/issues/319
65	+ *
66	+ * This test needs root permissions or else security_mmap_addr(), from
67	+ * get_unmapped_area(), will cause permission errors when trying to mmap lower
68	+ * addresses.
69	*/
70	+
71	#include <sys/types.h>
72	#include <sys/ipc.h>
73	#include <sys/shm.h>
74	@@ -60,7 +73,11 @@ static void cleanup(void)
75	static void run(void)
76	{
77	tst_res(TINFO, "Attempting to attach shared memory to null page");
78	- shm_addr = shmat(shm_id, ((void *)1), SHM_RND);
79	+ /*
80	+ * shmat() for 0 (or < PAGESIZE with RND flag) has to fail with REMAPs
81	+ * https://github.com/linux-test-project/ltp/issues/319
82	+ */
83	+ shm_addr = shmat(shm_id, ((void *)1), SHM_RND \| SHM_REMAP);
84	if (shm_addr == (void *)-1) {
85	shm_addr = NULL;
86	if (errno == EINVAL) {
87	@@ -89,6 +106,7 @@ static void run(void)
88	}
89
90	static struct tst_test test = {
91	+ .needs_root = 1,
92	.setup = setup,
93	.cleanup = cleanup,
94	.test_all = run,
95	--
96	2.7.4
97