From: Xiao Yang <yangx.jy@cn.fujitsu.com>
To: ltp@lists.linux.it
Subject: [LTP] [PATCH v6 0/3] Add regression test for CVE-2017-17053
Date: Tue, 27 Mar 2018 17:48:26 +0800 [thread overview]
Message-ID: <5ABA136A.8080609@cn.fujitsu.com> (raw)
In-Reply-To: <5AB35983.6060900@cn.fujitsu.com>
Hi,
Can anybody help me look into this issue?
Thanks,
Xiao Yang
On 2018/03/22 15:21, Xiao Yang wrote:
> Hi Michael,
>
> Sorry to bother you.
>
> tst_taint_init() always got TBROK before verifying CVE-2017-17053 on
> my enviorment, as below:
> -----------------------------------------------------------------
> [root@RHEL7U5RC_Intel64 cve]# ./cve-2017-17053
> tst_test.c:987: INFO: Timeout per run is 0h 05m 00s
> tst_taint.c:88: BROK: Kernel is already tainted: 512
> ......
> -----------------------------------------------------------------
>
> On my enviorment, __ioremap_caller() displayed the warning message and
> set /proc/sys/kernel/tainted to
> TST_TAINT_W(512) when too high physical address wasn't handled. Is
> this a usual case? should we break
> and skip CVE-2017-17053 due to this existed TST_TAINT_W?
>
> Please see the the following warning message:
> -----------------------------------------------------------------
> [ 0.059261] ioremap: invalid physical address fffffffffff90000
> [ 0.059263] ------------[ cut here ]------------
> [ 0.059268] WARNING: CPU: 0 PID: 1 at arch/x86/mm/ioremap.c:103
> __ioremap_caller+0x2f2/0x340
> [ 0.059269] Modules linked in:
> [ 0.059272] CPU: 0 PID: 1 Comm: swapper/0 Not tainted
> 3.10.0-860.el7.x86_64 #1
> [ 0.059273] Hardware name: LENOVO QiTianM7150/To be filled by
> O.E.M., BIOS 90KT20CUS 09/14/2010
> [ 0.059275] Call Trace:
> [ 0.059281] [<ffffffffaed0d768>] dump_stack+0x19/0x1b
> [ 0.059284] [<ffffffffae6916d8>] __warn+0xd8/0x100
> [ 0.059286] [<ffffffffae69181d>] warn_slowpath_null+0x1d/0x20
> [ 0.059288] [<ffffffffae66f442>] __ioremap_caller+0x2f2/0x340
> [ 0.059290] [<ffffffffaed0064a>] ? acpi_os_map_memory+0xfd/0x155
> [ 0.059293] [<ffffffffae7f7606>] ? kmem_cache_alloc_trace+0x1d6/0x200
> [ 0.059295] [<ffffffffae66f4c4>] ioremap_cache+0x14/0x20
> [ 0.059297] [<ffffffffaed0064a>] acpi_os_map_memory+0xfd/0x155
> [ 0.059301] [<ffffffffae9ec576>]
> acpi_ex_system_memory_space_handler+0xdd/0x1ca
> [ 0.059304] [<ffffffffae9e5fa3>]
> acpi_ev_address_space_dispatch+0x1c5/0x231
> [ 0.059306] [<ffffffffae9e963a>] acpi_ex_access_region+0x20e/0x2a2
> [ 0.059309] [<ffffffffae9cf86d>] ? acpi_os_release_lock+0xe/0x10
> [ 0.059312] [<ffffffffae9fae9c>] ?
> acpi_ut_update_ref_count+0x99/0x2bf
> [ 0.059314] [<ffffffffae9e99f5>] acpi_ex_field_datum_io+0x105/0x196
> [ 0.059316] [<ffffffffae9e9c0e>]
> acpi_ex_extract_from_field+0x98/0x228
> [ 0.059318] [<ffffffffae9fca3a>] ?
> acpi_ut_create_internal_object_dbg+0x23/0x8a
> [ 0.059321] [<ffffffffae9e91bd>]
> acpi_ex_read_data_from_field+0x13c/0x178
> [ 0.059323] [<ffffffffae9ec8fc>]
> acpi_ex_resolve_node_to_value+0x1a3/0x245
> [ 0.059325] [<ffffffffae9ecbbb>] acpi_ex_resolve_to_value+0x21d/0x23a
> [ 0.059327] [<ffffffffae9e26c3>]
> acpi_ds_evaluate_name_path+0x8d/0x11b
> [ 0.059329] [<ffffffffae9e2aaa>] acpi_ds_exec_end_op+0x98/0x3f3
> [ 0.059332] [<ffffffffae9f4fb8>] acpi_ps_parse_loop+0x526/0x583
> [ 0.059335] [<ffffffffae9fd618>] ?
> acpi_ut_create_generic_state+0x37/0x54
> [ 0.059337] [<ffffffffae9f5ac0>] acpi_ps_parse_aml+0x98/0x289
> [ 0.059339] [<ffffffffae9f6313>] acpi_ps_execute_method+0x1c7/0x272
> [ 0.059341] [<ffffffffae9f0a40>] acpi_ns_evaluate+0x1c1/0x258
> [ 0.059343] [<ffffffffae9f3387>] acpi_evaluate_object+0x135/0x252
> [ 0.059346] [<ffffffffae9cfc7e>] acpi_evaluate_integer+0x52/0x84
> [ 0.059348] [<ffffffffae9cf811>] ? acpi_os_signal_semaphore+0x21/0x2d
> [ 0.059350] [<ffffffffae9d3818>] acpi_bus_get_status_handle+0x1e/0x39
> [ 0.059353] [<ffffffffae9d5d1b>] acpi_bus_check_add+0x81/0x1c2
> [ 0.059355] [<ffffffffae6c0d02>] ? up+0x32/0x50
> [ 0.059358] [<ffffffffae9f316c>] acpi_ns_walk_namespace+0xcb/0x184
> [ 0.059360] [<ffffffffae9d5c9a>] ? acpi_add_single_object+0x4f9/0x4f9
> [ 0.059362] [<ffffffffae9d5c9a>] ? acpi_add_single_object+0x4f9/0x4f9
> [ 0.059364] [<ffffffffae9f36a2>] acpi_walk_namespace+0x95/0xc5
> [ 0.059367] [<ffffffffaf3b722b>] ? acpi_sleep_proc_init+0x2a/0x2a
> [ 0.059369] [<ffffffffae9d60dd>] acpi_bus_scan+0x5c/0x90
> [ 0.059371] [<ffffffffaf3b76b1>] acpi_scan_init+0x89/0x1d8
> [ 0.059373] [<ffffffffaf3b74ce>] acpi_init+0x2a3/0x2bd
> [ 0.059376] [<ffffffffae60210a>] do_one_initcall+0xba/0x240
> [ 0.059379] [<ffffffffaf36c362>] kernel_init_freeable+0x180/0x21f
> [ 0.059381] [<ffffffffaf36bb1f>] ? initcall_blacklist+0xb0/0xb0
> [ 0.059383] [<ffffffffaecfc6b0>] ? rest_init+0x80/0x80
> [ 0.059385] [<ffffffffaecfc6be>] kernel_init+0xe/0xf0
> [ 0.059388] [<ffffffffaed1f637>] ret_from_fork_nospec_begin+0x21/0x21
> [ 0.059390] [<ffffffffaecfc6b0>] ? rest_init+0x80/0x80
> [ 0.059393] ---[ end trace a7b32a0fce036eb7 ]---
> -----------------------------------------------------------------
>
> Please let me know if more information is needed, thanks.
>
> Thanks,
> Xiao Yang
> On 2018/03/09 20:44, Michael Moese wrote:
>
>> Add a regression test for CVE-2017-17053. This testcase is depending
>> on some new library functions included in this series.
>>
>> This patch series consists of reworked patches according to previous
>> review comments, as well as a small new library wrapper function
>> SAFE_SIGACTION() to install a signal handler.
>>
>> Michael Moese (3):
>> Add library support for /proc/sys/kernel/tainted
>> Add a library wrapper for sigaction()
>> Add regression test for CVE-2017-17053
>>
>> doc/test-writing-guidelines.txt | 42 ++++++++++
>> include/tst_safe_macros.h | 20 +++++
>> include/tst_taint.h | 104 +++++++++++++++++++++++++
>> lib/tst_taint.c | 106 +++++++++++++++++++++++++
>> runtest/cve | 1 +
>> testcases/cve/.gitignore | 1 +
>> testcases/cve/Makefile | 2 +
>> testcases/cve/cve-2017-17053.c | 166
>> ++++++++++++++++++++++++++++++++++++++++
>> 8 files changed, 442 insertions(+)
>> create mode 100644 include/tst_taint.h
>> create mode 100644 lib/tst_taint.c
>> create mode 100644 testcases/cve/cve-2017-17053.c
>>
>
>
>
>
next prev parent reply other threads:[~2018-03-27 9:48 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-09 12:44 [LTP] [PATCH v6 0/3] Add regression test for CVE-2017-17053 Michael Moese
2018-03-09 12:44 ` [LTP] [PATCH v6 1/3] Add library support for /proc/sys/kernel/tainted Michael Moese
2018-03-13 12:26 ` Cyril Hrubis
2018-03-09 12:44 ` [LTP] [PATCH v6 2/3] Add a library wrapper for sigaction() Michael Moese
2018-03-13 12:27 ` Cyril Hrubis
2018-03-09 12:44 ` [LTP] [PATCH v6 3/3] Add regression test for CVE-2017-17053 Michael Moese
2018-03-13 12:27 ` Cyril Hrubis
2018-03-22 7:21 ` [LTP] [PATCH v6 0/3] " Xiao Yang
2018-03-27 9:48 ` Xiao Yang [this message]
2018-03-27 9:58 ` Michael Moese
2018-03-27 13:01 ` Cyril Hrubis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5ABA136A.8080609@cn.fujitsu.com \
--to=yangx.jy@cn.fujitsu.com \
--cc=ltp@lists.linux.it \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.