* [LTP] [PATCH] fanotify25: Add CVE reference and include it in CVE runfile
@ 2026-07-13 15:57 Martin Doucha
2026-07-13 16:43 ` [LTP] " linuxtestproject.agent
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Martin Doucha @ 2026-07-13 15:57 UTC (permalink / raw)
To: ltp
The kernel bug tested by fanotify25 is assigned CVE 2023-52879. Add
CVE reference and git reference for the kernel fix. Also add the test
to the CVE runfile.
Signed-off-by: Martin Doucha <mdoucha@suse.cz>
---
runtest/cve | 1 +
testcases/kernel/syscalls/fanotify/fanotify25.c | 16 +++++++++++++++-
2 files changed, 16 insertions(+), 1 deletion(-)
diff --git a/runtest/cve b/runtest/cve
index ca9994868..27e12e0c1 100644
--- a/runtest/cve
+++ b/runtest/cve
@@ -87,6 +87,7 @@ cve-2022-23222 bpf_prog07
cve-2023-1829 tcindex01
cve-2023-0461 setsockopt10
cve-2023-31248 nft02
+cve-2023-52879 fanotify25
# Tests below may cause kernel memory leak
cve-2020-25704 perf_event_open03
cve-2022-0185 fsconfig03
diff --git a/testcases/kernel/syscalls/fanotify/fanotify25.c b/testcases/kernel/syscalls/fanotify/fanotify25.c
index d2d3f6e6a..6b22f65b3 100644
--- a/testcases/kernel/syscalls/fanotify/fanotify25.c
+++ b/testcases/kernel/syscalls/fanotify/fanotify25.c
@@ -6,8 +6,17 @@
*/
/*\
+ * CVE-2023-52879
+ *
* Verify that :manpage:`fanotify(7)` monitoring can be applied to the tracing
- * filesystem and write events will be correctly delivered.
+ * filesystem and write events will be correctly delivered. NULL pointer
+ * dereference fixed in:
+ *
+ * commit bb32500fb9b78215e4ef6ee8b4345c5f5d7eafb4
+ * Author: Steven Rostedt (Google) <rostedt@goodmis.org>
+ * Date: Tue Oct 31 12:24:53 2023 -0400
+ *
+ * tracing: Have trace_event_file have ref counters
*/
#define _GNU_SOURCE
@@ -118,6 +127,11 @@ static struct tst_test test = {
.needs_kconfigs = (const char *[]) {
"CONFIG_TRACING",
NULL
+ },
+ .tags = (const struct tst_tag[]) {
+ {"linux-git", "bb32500fb9b7"},
+ {"CVE", "2023-52879"},
+ {}
}
};
--
2.54.0
--
Mailing list info: https://lists.linux.it/listinfo/ltp
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [LTP] fanotify25: Add CVE reference and include it in CVE runfile
2026-07-13 15:57 [LTP] [PATCH] fanotify25: Add CVE reference and include it in CVE runfile Martin Doucha
@ 2026-07-13 16:43 ` linuxtestproject.agent
2026-07-13 19:24 ` [LTP] [PATCH] " Avinesh Kumar via ltp
2026-07-14 5:41 ` Petr Vorel
2 siblings, 0 replies; 4+ messages in thread
From: linuxtestproject.agent @ 2026-07-13 16:43 UTC (permalink / raw)
To: Martin Doucha; +Cc: ltp
Hi Martin,
On Mon, Jul 13 2026, Martin Doucha wrote:
> fanotify25: Add CVE reference and include it in CVE runfile
> + * CVE-2023-52879
> + *
> + * Verify that :manpage:`fanotify(7)` monitoring can be applied to the tracing
> + * filesystem and write events will be correctly delivered. NULL pointer
> + * dereference fixed in:
> + *
> + * commit bb32500fb9b78215e4ef6ee8b4345c5f5d7eafb4
> + * Author: Steven Rostedt (Google) <rostedt@goodmis.org>
> + * Date: Tue Oct 31 12:24:53 2023 -0400
> + *
> + * tracing: Have trace_event_file have ref counters
The Author: and Date: lines are commit metadata that do not help
describe what the test does or why it matters. The linux-git tag
already records the commit reference.
Other tests in the tree use a compact inline format, e.g. fanotify24.c:
commit 28bba2c2935e2 ("fsnotify: Pass correct offset to
fsnotify_mmap_perm()")
Would it be possible to drop the Author:/Date: lines and fold the
reference into the description as a single line, e.g.:
NULL pointer dereference fixed in commit bb32500fb9b7
("tracing: Have trace_event_file have ref counters").
Verdict - Needs revision
---
Note:
The agent can sometimes produce false positives although often its
findings are genuine. If you find issues with the review, please
comment this email or ignore the suggestions.
Regards,
LTP AI Reviewer
--
Mailing list info: https://lists.linux.it/listinfo/ltp
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [LTP] [PATCH] fanotify25: Add CVE reference and include it in CVE runfile
2026-07-13 15:57 [LTP] [PATCH] fanotify25: Add CVE reference and include it in CVE runfile Martin Doucha
2026-07-13 16:43 ` [LTP] " linuxtestproject.agent
@ 2026-07-13 19:24 ` Avinesh Kumar via ltp
2026-07-14 5:41 ` Petr Vorel
2 siblings, 0 replies; 4+ messages in thread
From: Avinesh Kumar via ltp @ 2026-07-13 19:24 UTC (permalink / raw)
To: Martin Doucha; +Cc: ltp
Hi Martin,
Reviewed-by: Avinesh Kumar <avinesh.kumar@suse.com>
Regards,
Avinesh
--
Mailing list info: https://lists.linux.it/listinfo/ltp
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [LTP] [PATCH] fanotify25: Add CVE reference and include it in CVE runfile
2026-07-13 15:57 [LTP] [PATCH] fanotify25: Add CVE reference and include it in CVE runfile Martin Doucha
2026-07-13 16:43 ` [LTP] " linuxtestproject.agent
2026-07-13 19:24 ` [LTP] [PATCH] " Avinesh Kumar via ltp
@ 2026-07-14 5:41 ` Petr Vorel
2 siblings, 0 replies; 4+ messages in thread
From: Petr Vorel @ 2026-07-14 5:41 UTC (permalink / raw)
To: Martin Doucha; +Cc: ltp
Hi Martin,
> The kernel bug tested by fanotify25 is assigned CVE 2023-52879. Add
> CVE reference and git reference for the kernel fix. Also add the test
> to the CVE runfile.
Thanks, merged!
...
> /*\
> + * CVE-2023-52879
> + *
> * Verify that :manpage:`fanotify(7)` monitoring can be applied to the tracing
> - * filesystem and write events will be correctly delivered.
> + * filesystem and write events will be correctly delivered. NULL pointer
> + * dereference fixed in:
> + *
> + * commit bb32500fb9b78215e4ef6ee8b4345c5f5d7eafb4
> + * Author: Steven Rostedt (Google) <rostedt@goodmis.org>
> + * Date: Tue Oct 31 12:24:53 2023 -0400
> + *
> + * tracing: Have trace_event_file have ref counters
Using this form in /*\ results in ugly inline string in the test catalog:
commit bb32500fb9b78215e4ef6ee8b4345c5f5d7eafb4 Author: Steven Rostedt (Google) <rostedt@goodmis.org> Date: Tue Oct 31 12:24:53 2023 -0400
I dared to convert this to inline + add kernel version.
...
+ * dereference fixed in kernel 6.7:
+ * bb32500fb9b7 ("tracing: Have trace_event_file have ref counters")
If we really see a benefit of having author and date in the docs, it'd be better
to have it in C comments /* */ which aren't generated in the test catalog. Or,
we could shift it so that it is preformatted (<pre>...</pre>). Or we could use
sphinx automarkup extension to detect this form and format it as is (not inline)
+ use link.
...
> @@ -118,6 +127,11 @@ static struct tst_test test = {
> .needs_kconfigs = (const char *[]) {
> "CONFIG_TRACING",
> NULL
> + },
> + .tags = (const struct tst_tag[]) {
> + {"linux-git", "bb32500fb9b7"},
And I should have changed the hash to the longer one:
bb32500fb9b78215e4ef6ee8b4345c5f5d7eafb4
FYI we have decided keep in the description the long the short variant (with
strlen) to minimize possibility of git hash collision. I plan to convert all
with script/agent.
Kind regards,
Petr
--
Mailing list info: https://lists.linux.it/listinfo/ltp
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2026-07-14 5:42 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-07-13 15:57 [LTP] [PATCH] fanotify25: Add CVE reference and include it in CVE runfile Martin Doucha
2026-07-13 16:43 ` [LTP] " linuxtestproject.agent
2026-07-13 19:24 ` [LTP] [PATCH] " Avinesh Kumar via ltp
2026-07-14 5:41 ` Petr Vorel
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.