* [igt-dev] [PATCH i-g-t 0/3] More fixes from Fedora packaging
@ 2019-05-08 20:15 Lyude
2019-05-08 20:15 ` [igt-dev] [PATCH i-g-t 1/3] lib/aux: Use igt_assert_eq() in igt_drop_root() Lyude
` (4 more replies)
0 siblings, 5 replies; 7+ messages in thread
From: Lyude @ 2019-05-08 20:15 UTC (permalink / raw)
To: igt-dev; +Cc: Petri Latvala
From: Lyude Paul <lyude@redhat.com>
Some last minute fixes that came up during the package review, along
with updating our dockerfile to Fedora 30 while we're at it since that
just came out and CI appears to work just fine with it. Results from a
successful test run on CI:
https://gitlab.freedesktop.org/lyudess/igt-gpu-tools/pipelines/35812
These should be very easy to review
Lyude Paul (3):
lib/aux: Use igt_assert_eq() in igt_drop_root()
lib/aux: Call setgroups() in igt_drop_root() before setgid()
Update Fedora dockerfile to F30
Dockerfile.fedora | 2 +-
lib/igt_aux.c | 13 ++++++++-----
2 files changed, 9 insertions(+), 6 deletions(-)
--
2.20.1
_______________________________________________
igt-dev mailing list
igt-dev@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/igt-dev
^ permalink raw reply [flat|nested] 7+ messages in thread
* [igt-dev] [PATCH i-g-t 1/3] lib/aux: Use igt_assert_eq() in igt_drop_root()
2019-05-08 20:15 [igt-dev] [PATCH i-g-t 0/3] More fixes from Fedora packaging Lyude
@ 2019-05-08 20:15 ` Lyude
2019-05-08 20:15 ` [igt-dev] [PATCH i-g-t 2/3] lib/aux: Call setgroups() in igt_drop_root() before setgid() Lyude
` (3 subsequent siblings)
4 siblings, 0 replies; 7+ messages in thread
From: Lyude @ 2019-05-08 20:15 UTC (permalink / raw)
To: igt-dev; +Cc: Petri Latvala
From: Lyude Paul <lyude@redhat.com>
Signed-off-by: Lyude Paul <lyude@redhat.com>
---
lib/igt_aux.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/lib/igt_aux.c b/lib/igt_aux.c
index 1a70edcc..caed1fed 100644
--- a/lib/igt_aux.c
+++ b/lib/igt_aux.c
@@ -957,13 +957,13 @@ int igt_get_autoresume_delay(enum igt_suspend_state state)
*/
void igt_drop_root(void)
{
- igt_assert(getuid() == 0);
+ igt_assert_eq(getuid(), 0);
- igt_assert(setgid(2) == 0);
- igt_assert(setuid(2) == 0);
+ igt_assert_eq(setgid(2), 0);
+ igt_assert_eq(setuid(2), 0);
- igt_assert(getgid() == 2);
- igt_assert(getuid() == 2);
+ igt_assert_eq(getgid(), 2);
+ igt_assert_eq(getuid(), 2);
}
/**
--
2.20.1
_______________________________________________
igt-dev mailing list
igt-dev@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/igt-dev
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [igt-dev] [PATCH i-g-t 2/3] lib/aux: Call setgroups() in igt_drop_root() before setgid()
2019-05-08 20:15 [igt-dev] [PATCH i-g-t 0/3] More fixes from Fedora packaging Lyude
2019-05-08 20:15 ` [igt-dev] [PATCH i-g-t 1/3] lib/aux: Use igt_assert_eq() in igt_drop_root() Lyude
@ 2019-05-08 20:15 ` Lyude
2019-05-09 8:19 ` Daniel Vetter
2019-05-08 20:15 ` [igt-dev] [PATCH i-g-t 3/3] Update Fedora dockerfile to F30 Lyude
` (2 subsequent siblings)
4 siblings, 1 reply; 7+ messages in thread
From: Lyude @ 2019-05-08 20:15 UTC (permalink / raw)
To: igt-dev; +Cc: Petri Latvala
From: Lyude Paul <lyude@redhat.com>
While igt isn't really security sensitive, forgetting to call
setgroups() before calling setgid() causes rpmlint on Fedora to
complain:
igt-gpu-tools.x86_64: E: missing-call-to-setgroups-before-setuid
/usr/lib64/libigt.so.0
...
missing-call-to-setgroups-before-setuid:
This executable is calling setuid and setgid without setgroups or
initgroups. There is a high probability this means it didn't relinquish
all groups, and this would be a potential security issue to be fixed.
Seek POS36-C on the web for details about the problem.
Since it's likely other package maintainers for other distros will have
to deal with similar issues eventually, and I can't see any harm in it,
let's do the right thing and call setgroups() first.
Signed-off-by: Lyude Paul <lyude@redhat.com>
---
lib/igt_aux.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/lib/igt_aux.c b/lib/igt_aux.c
index caed1fed..578f8579 100644
--- a/lib/igt_aux.c
+++ b/lib/igt_aux.c
@@ -49,6 +49,7 @@
#include <sys/utsname.h>
#include <termios.h>
#include <assert.h>
+#include <grp.h>
#include <proc/readproc.h>
#include <libudev.h>
@@ -959,9 +960,11 @@ void igt_drop_root(void)
{
igt_assert_eq(getuid(), 0);
+ igt_assert_eq(setgroups(0, NULL), 0);
igt_assert_eq(setgid(2), 0);
igt_assert_eq(setuid(2), 0);
+ igt_assert_eq(getgroups(0, NULL), 0);
igt_assert_eq(getgid(), 2);
igt_assert_eq(getuid(), 2);
}
--
2.20.1
_______________________________________________
igt-dev mailing list
igt-dev@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/igt-dev
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [igt-dev] [PATCH i-g-t 3/3] Update Fedora dockerfile to F30
2019-05-08 20:15 [igt-dev] [PATCH i-g-t 0/3] More fixes from Fedora packaging Lyude
2019-05-08 20:15 ` [igt-dev] [PATCH i-g-t 1/3] lib/aux: Use igt_assert_eq() in igt_drop_root() Lyude
2019-05-08 20:15 ` [igt-dev] [PATCH i-g-t 2/3] lib/aux: Call setgroups() in igt_drop_root() before setgid() Lyude
@ 2019-05-08 20:15 ` Lyude
2019-05-08 21:44 ` [igt-dev] ✓ Fi.CI.BAT: success for More fixes from Fedora packaging Patchwork
2019-05-09 3:35 ` [igt-dev] ✓ Fi.CI.IGT: " Patchwork
4 siblings, 0 replies; 7+ messages in thread
From: Lyude @ 2019-05-08 20:15 UTC (permalink / raw)
To: igt-dev; +Cc: Petri Latvala
From: Lyude Paul <lyude@redhat.com>
Yes-we did just update to F29 very recently, but I made the mistake of
doing that two weeks before F30 was scheduled for release. So, update
again to the latest stable release of Fedora.
Signed-off-by: Lyude Paul <lyude@redhat.com>
---
Dockerfile.fedora | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Dockerfile.fedora b/Dockerfile.fedora
index 5c952708..5283c8eb 100644
--- a/Dockerfile.fedora
+++ b/Dockerfile.fedora
@@ -1,4 +1,4 @@
-FROM fedora:29
+FROM fedora:30
RUN dnf install -y \
gcc flex bison meson ninja-build xdotool \
--
2.20.1
_______________________________________________
igt-dev mailing list
igt-dev@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/igt-dev
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [igt-dev] ✓ Fi.CI.BAT: success for More fixes from Fedora packaging
2019-05-08 20:15 [igt-dev] [PATCH i-g-t 0/3] More fixes from Fedora packaging Lyude
` (2 preceding siblings ...)
2019-05-08 20:15 ` [igt-dev] [PATCH i-g-t 3/3] Update Fedora dockerfile to F30 Lyude
@ 2019-05-08 21:44 ` Patchwork
2019-05-09 3:35 ` [igt-dev] ✓ Fi.CI.IGT: " Patchwork
4 siblings, 0 replies; 7+ messages in thread
From: Patchwork @ 2019-05-08 21:44 UTC (permalink / raw)
To: Lyude; +Cc: igt-dev
== Series Details ==
Series: More fixes from Fedora packaging
URL : https://patchwork.freedesktop.org/series/60434/
State : success
== Summary ==
CI Bug Log - changes from CI_DRM_6067 -> IGTPW_2954
====================================================
Summary
-------
**SUCCESS**
No regressions found.
External URL: https://patchwork.freedesktop.org/api/1.0/series/60434/revisions/1/mbox/
Known issues
------------
Here are the changes found in IGTPW_2954 that come from known issues:
### IGT changes ###
#### Possible fixes ####
* igt@gem_exec_suspend@basic-s3:
- fi-blb-e6850: [INCOMPLETE][1] ([fdo#107718]) -> [PASS][2]
[1]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_6067/fi-blb-e6850/igt@gem_exec_suspend@basic-s3.html
[2]: https://intel-gfx-ci.01.org/tree/drm-tip/IGTPW_2954/fi-blb-e6850/igt@gem_exec_suspend@basic-s3.html
* igt@i915_selftest@live_contexts:
- fi-skl-gvtdvm: [DMESG-FAIL][3] ([fdo#110235]) -> [PASS][4]
[3]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_6067/fi-skl-gvtdvm/igt@i915_selftest@live_contexts.html
[4]: https://intel-gfx-ci.01.org/tree/drm-tip/IGTPW_2954/fi-skl-gvtdvm/igt@i915_selftest@live_contexts.html
* igt@kms_chamelium@hdmi-hpd-fast:
- fi-kbl-7500u: [FAIL][5] ([fdo#109485]) -> [PASS][6]
[5]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_6067/fi-kbl-7500u/igt@kms_chamelium@hdmi-hpd-fast.html
[6]: https://intel-gfx-ci.01.org/tree/drm-tip/IGTPW_2954/fi-kbl-7500u/igt@kms_chamelium@hdmi-hpd-fast.html
{name}: This element is suppressed. This means it is ignored when computing
the status of the difference (SUCCESS, WARNING, or FAILURE).
[fdo#107713]: https://bugs.freedesktop.org/show_bug.cgi?id=107713
[fdo#107718]: https://bugs.freedesktop.org/show_bug.cgi?id=107718
[fdo#108569]: https://bugs.freedesktop.org/show_bug.cgi?id=108569
[fdo#109485]: https://bugs.freedesktop.org/show_bug.cgi?id=109485
[fdo#110235]: https://bugs.freedesktop.org/show_bug.cgi?id=110235
Participating hosts (51 -> 45)
------------------------------
Additional (1): fi-apl-guc
Missing (7): fi-kbl-soraka fi-ilk-m540 fi-hsw-4200u fi-byt-squawks fi-bsw-cyan fi-byt-clapper fi-bdw-samus
Build changes
-------------
* IGT: IGT_4973 -> IGTPW_2954
CI_DRM_6067: 1498347b6b9748fcdbf1dc6ae5203caec1baf1d4 @ git://anongit.freedesktop.org/gfx-ci/linux
IGTPW_2954: https://intel-gfx-ci.01.org/tree/drm-tip/IGTPW_2954/
IGT_4973: 3e3ff0e48989abd25fce4916e85e8fef20a3c63a @ git://anongit.freedesktop.org/xorg/app/intel-gpu-tools
== Logs ==
For more details see: https://intel-gfx-ci.01.org/tree/drm-tip/IGTPW_2954/
_______________________________________________
igt-dev mailing list
igt-dev@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/igt-dev
^ permalink raw reply [flat|nested] 7+ messages in thread
* [igt-dev] ✓ Fi.CI.IGT: success for More fixes from Fedora packaging
2019-05-08 20:15 [igt-dev] [PATCH i-g-t 0/3] More fixes from Fedora packaging Lyude
` (3 preceding siblings ...)
2019-05-08 21:44 ` [igt-dev] ✓ Fi.CI.BAT: success for More fixes from Fedora packaging Patchwork
@ 2019-05-09 3:35 ` Patchwork
4 siblings, 0 replies; 7+ messages in thread
From: Patchwork @ 2019-05-09 3:35 UTC (permalink / raw)
To: Lyude; +Cc: igt-dev
== Series Details ==
Series: More fixes from Fedora packaging
URL : https://patchwork.freedesktop.org/series/60434/
State : success
== Summary ==
CI Bug Log - changes from CI_DRM_6067_full -> IGTPW_2954_full
====================================================
Summary
-------
**SUCCESS**
No regressions found.
External URL: https://patchwork.freedesktop.org/api/1.0/series/60434/revisions/1/mbox/
Known issues
------------
Here are the changes found in IGTPW_2954_full that come from known issues:
### IGT changes ###
#### Issues hit ####
* igt@gem_ctx_isolation@vcs1-s3:
- shard-kbl: [PASS][1] -> [INCOMPLETE][2] ([fdo#103665])
[1]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_6067/shard-kbl4/igt@gem_ctx_isolation@vcs1-s3.html
[2]: https://intel-gfx-ci.01.org/tree/drm-tip/IGTPW_2954/shard-kbl2/igt@gem_ctx_isolation@vcs1-s3.html
* igt@i915_suspend@debugfs-reader:
- shard-apl: [PASS][3] -> [DMESG-WARN][4] ([fdo#108566]) +2 similar issues
[3]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_6067/shard-apl4/igt@i915_suspend@debugfs-reader.html
[4]: https://intel-gfx-ci.01.org/tree/drm-tip/IGTPW_2954/shard-apl4/igt@i915_suspend@debugfs-reader.html
* igt@kms_cursor_crc@cursor-256x256-suspend:
- shard-kbl: [PASS][5] -> [DMESG-WARN][6] ([fdo#108566]) +1 similar issue
[5]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_6067/shard-kbl6/igt@kms_cursor_crc@cursor-256x256-suspend.html
[6]: https://intel-gfx-ci.01.org/tree/drm-tip/IGTPW_2954/shard-kbl7/igt@kms_cursor_crc@cursor-256x256-suspend.html
* igt@kms_flip@flip-vs-suspend-interruptible:
- shard-hsw: [PASS][7] -> [INCOMPLETE][8] ([fdo#103540])
[7]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_6067/shard-hsw2/igt@kms_flip@flip-vs-suspend-interruptible.html
[8]: https://intel-gfx-ci.01.org/tree/drm-tip/IGTPW_2954/shard-hsw6/igt@kms_flip@flip-vs-suspend-interruptible.html
* igt@kms_flip_tiling@flip-y-tiled:
- shard-iclb: [PASS][9] -> [FAIL][10] ([fdo#108303])
[9]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_6067/shard-iclb4/igt@kms_flip_tiling@flip-y-tiled.html
[10]: https://intel-gfx-ci.01.org/tree/drm-tip/IGTPW_2954/shard-iclb4/igt@kms_flip_tiling@flip-y-tiled.html
* igt@kms_frontbuffer_tracking@fbc-1p-offscren-pri-shrfb-draw-blt:
- shard-iclb: [PASS][11] -> [FAIL][12] ([fdo#103167]) +3 similar issues
[11]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_6067/shard-iclb1/igt@kms_frontbuffer_tracking@fbc-1p-offscren-pri-shrfb-draw-blt.html
[12]: https://intel-gfx-ci.01.org/tree/drm-tip/IGTPW_2954/shard-iclb2/igt@kms_frontbuffer_tracking@fbc-1p-offscren-pri-shrfb-draw-blt.html
* igt@kms_frontbuffer_tracking@fbc-1p-primscrn-spr-indfb-fullscreen:
- shard-kbl: [PASS][13] -> [FAIL][14] ([fdo#103167])
[13]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_6067/shard-kbl7/igt@kms_frontbuffer_tracking@fbc-1p-primscrn-spr-indfb-fullscreen.html
[14]: https://intel-gfx-ci.01.org/tree/drm-tip/IGTPW_2954/shard-kbl3/igt@kms_frontbuffer_tracking@fbc-1p-primscrn-spr-indfb-fullscreen.html
* igt@kms_plane_scaling@pipe-c-scaler-with-rotation:
- shard-glk: [PASS][15] -> [SKIP][16] ([fdo#109271] / [fdo#109278])
[15]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_6067/shard-glk9/igt@kms_plane_scaling@pipe-c-scaler-with-rotation.html
[16]: https://intel-gfx-ci.01.org/tree/drm-tip/IGTPW_2954/shard-glk1/igt@kms_plane_scaling@pipe-c-scaler-with-rotation.html
* igt@kms_psr@psr2_sprite_plane_move:
- shard-iclb: [PASS][17] -> [SKIP][18] ([fdo#109441]) +3 similar issues
[17]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_6067/shard-iclb2/igt@kms_psr@psr2_sprite_plane_move.html
[18]: https://intel-gfx-ci.01.org/tree/drm-tip/IGTPW_2954/shard-iclb8/igt@kms_psr@psr2_sprite_plane_move.html
* igt@kms_universal_plane@universal-plane-pipe-a-functional:
- shard-glk: [PASS][19] -> [FAIL][20] ([fdo#110037])
[19]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_6067/shard-glk1/igt@kms_universal_plane@universal-plane-pipe-a-functional.html
[20]: https://intel-gfx-ci.01.org/tree/drm-tip/IGTPW_2954/shard-glk8/igt@kms_universal_plane@universal-plane-pipe-a-functional.html
- shard-apl: [PASS][21] -> [FAIL][22] ([fdo#110037])
[21]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_6067/shard-apl7/igt@kms_universal_plane@universal-plane-pipe-a-functional.html
[22]: https://intel-gfx-ci.01.org/tree/drm-tip/IGTPW_2954/shard-apl7/igt@kms_universal_plane@universal-plane-pipe-a-functional.html
- shard-kbl: [PASS][23] -> [FAIL][24] ([fdo#110037])
[23]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_6067/shard-kbl3/igt@kms_universal_plane@universal-plane-pipe-a-functional.html
[24]: https://intel-gfx-ci.01.org/tree/drm-tip/IGTPW_2954/shard-kbl3/igt@kms_universal_plane@universal-plane-pipe-a-functional.html
#### Possible fixes ####
* igt@gem_cpu_reloc@forked:
- shard-snb: [INCOMPLETE][25] ([fdo#105411]) -> [PASS][26]
[25]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_6067/shard-snb6/igt@gem_cpu_reloc@forked.html
[26]: https://intel-gfx-ci.01.org/tree/drm-tip/IGTPW_2954/shard-snb7/igt@gem_cpu_reloc@forked.html
* igt@gem_tiled_swapping@non-threaded:
- shard-hsw: [FAIL][27] ([fdo#108686]) -> [PASS][28]
[27]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_6067/shard-hsw5/igt@gem_tiled_swapping@non-threaded.html
[28]: https://intel-gfx-ci.01.org/tree/drm-tip/IGTPW_2954/shard-hsw5/igt@gem_tiled_swapping@non-threaded.html
* igt@i915_pm_rc6_residency@rc6-accuracy:
- shard-kbl: [SKIP][29] ([fdo#109271]) -> [PASS][30]
[29]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_6067/shard-kbl7/igt@i915_pm_rc6_residency@rc6-accuracy.html
[30]: https://intel-gfx-ci.01.org/tree/drm-tip/IGTPW_2954/shard-kbl4/igt@i915_pm_rc6_residency@rc6-accuracy.html
* igt@i915_pm_sseu@full-enable:
- shard-apl: [FAIL][31] -> [PASS][32]
[31]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_6067/shard-apl2/igt@i915_pm_sseu@full-enable.html
[32]: https://intel-gfx-ci.01.org/tree/drm-tip/IGTPW_2954/shard-apl1/igt@i915_pm_sseu@full-enable.html
* igt@i915_suspend@fence-restore-untiled:
- shard-apl: [DMESG-WARN][33] ([fdo#108566]) -> [PASS][34] +8 similar issues
[33]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_6067/shard-apl5/igt@i915_suspend@fence-restore-untiled.html
[34]: https://intel-gfx-ci.01.org/tree/drm-tip/IGTPW_2954/shard-apl7/igt@i915_suspend@fence-restore-untiled.html
* igt@kms_cursor_crc@cursor-64x21-sliding:
- shard-apl: [FAIL][35] ([fdo#103232]) -> [PASS][36]
[35]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_6067/shard-apl5/igt@kms_cursor_crc@cursor-64x21-sliding.html
[36]: https://intel-gfx-ci.01.org/tree/drm-tip/IGTPW_2954/shard-apl6/igt@kms_cursor_crc@cursor-64x21-sliding.html
- shard-kbl: [FAIL][37] ([fdo#103232]) -> [PASS][38]
[37]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_6067/shard-kbl5/igt@kms_cursor_crc@cursor-64x21-sliding.html
[38]: https://intel-gfx-ci.01.org/tree/drm-tip/IGTPW_2954/shard-kbl6/igt@kms_cursor_crc@cursor-64x21-sliding.html
* igt@kms_dp_dsc@basic-dsc-enable-edp:
- shard-iclb: [SKIP][39] ([fdo#109349]) -> [PASS][40]
[39]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_6067/shard-iclb1/igt@kms_dp_dsc@basic-dsc-enable-edp.html
[40]: https://intel-gfx-ci.01.org/tree/drm-tip/IGTPW_2954/shard-iclb2/igt@kms_dp_dsc@basic-dsc-enable-edp.html
* igt@kms_frontbuffer_tracking@fbc-rgb565-draw-pwrite:
- shard-iclb: [FAIL][41] ([fdo#103167]) -> [PASS][42] +5 similar issues
[41]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_6067/shard-iclb6/igt@kms_frontbuffer_tracking@fbc-rgb565-draw-pwrite.html
[42]: https://intel-gfx-ci.01.org/tree/drm-tip/IGTPW_2954/shard-iclb6/igt@kms_frontbuffer_tracking@fbc-rgb565-draw-pwrite.html
* igt@kms_plane_scaling@pipe-b-scaler-with-clipping-clamping:
- shard-glk: [SKIP][43] ([fdo#109271] / [fdo#109278]) -> [PASS][44]
[43]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_6067/shard-glk2/igt@kms_plane_scaling@pipe-b-scaler-with-clipping-clamping.html
[44]: https://intel-gfx-ci.01.org/tree/drm-tip/IGTPW_2954/shard-glk9/igt@kms_plane_scaling@pipe-b-scaler-with-clipping-clamping.html
* igt@kms_psr2_su@page_flip:
- shard-iclb: [SKIP][45] ([fdo#109642]) -> [PASS][46]
[45]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_6067/shard-iclb4/igt@kms_psr2_su@page_flip.html
[46]: https://intel-gfx-ci.01.org/tree/drm-tip/IGTPW_2954/shard-iclb2/igt@kms_psr2_su@page_flip.html
* igt@kms_psr@psr2_primary_mmap_cpu:
- shard-iclb: [SKIP][47] ([fdo#109441]) -> [PASS][48] +1 similar issue
[47]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_6067/shard-iclb1/igt@kms_psr@psr2_primary_mmap_cpu.html
[48]: https://intel-gfx-ci.01.org/tree/drm-tip/IGTPW_2954/shard-iclb2/igt@kms_psr@psr2_primary_mmap_cpu.html
* igt@kms_setmode@basic:
- shard-apl: [FAIL][49] ([fdo#99912]) -> [PASS][50]
[49]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_6067/shard-apl8/igt@kms_setmode@basic.html
[50]: https://intel-gfx-ci.01.org/tree/drm-tip/IGTPW_2954/shard-apl6/igt@kms_setmode@basic.html
- shard-kbl: [FAIL][51] ([fdo#99912]) -> [PASS][52]
[51]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_6067/shard-kbl1/igt@kms_setmode@basic.html
[52]: https://intel-gfx-ci.01.org/tree/drm-tip/IGTPW_2954/shard-kbl6/igt@kms_setmode@basic.html
* igt@kms_vblank@pipe-a-ts-continuation-suspend:
- shard-kbl: [DMESG-WARN][53] ([fdo#108566]) -> [PASS][54]
[53]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_6067/shard-kbl7/igt@kms_vblank@pipe-a-ts-continuation-suspend.html
[54]: https://intel-gfx-ci.01.org/tree/drm-tip/IGTPW_2954/shard-kbl1/igt@kms_vblank@pipe-a-ts-continuation-suspend.html
* igt@prime_self_import@export-vs-gem_close-race:
- shard-apl: [INCOMPLETE][55] ([fdo#103927]) -> [PASS][56]
[55]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_6067/shard-apl3/igt@prime_self_import@export-vs-gem_close-race.html
[56]: https://intel-gfx-ci.01.org/tree/drm-tip/IGTPW_2954/shard-apl1/igt@prime_self_import@export-vs-gem_close-race.html
[fdo#103167]: https://bugs.freedesktop.org/show_bug.cgi?id=103167
[fdo#103232]: https://bugs.freedesktop.org/show_bug.cgi?id=103232
[fdo#103540]: https://bugs.freedesktop.org/show_bug.cgi?id=103540
[fdo#103665]: https://bugs.freedesktop.org/show_bug.cgi?id=103665
[fdo#103927]: https://bugs.freedesktop.org/show_bug.cgi?id=103927
[fdo#105411]: https://bugs.freedesktop.org/show_bug.cgi?id=105411
[fdo#108303]: https://bugs.freedesktop.org/show_bug.cgi?id=108303
[fdo#108566]: https://bugs.freedesktop.org/show_bug.cgi?id=108566
[fdo#108686]: https://bugs.freedesktop.org/show_bug.cgi?id=108686
[fdo#109271]: https://bugs.freedesktop.org/show_bug.cgi?id=109271
[fdo#109278]: https://bugs.freedesktop.org/show_bug.cgi?id=109278
[fdo#109349]: https://bugs.freedesktop.org/show_bug.cgi?id=109349
[fdo#109441]: https://bugs.freedesktop.org/show_bug.cgi?id=109441
[fdo#109642]: https://bugs.freedesktop.org/show_bug.cgi?id=109642
[fdo#110037]: https://bugs.freedesktop.org/show_bug.cgi?id=110037
[fdo#99912]: https://bugs.freedesktop.org/show_bug.cgi?id=99912
Participating hosts (10 -> 6)
------------------------------
Missing (4): pig-skl-6260u shard-skl pig-hsw-4770r pig-glk-j5005
Build changes
-------------
* IGT: IGT_4973 -> IGTPW_2954
* Piglit: piglit_4509 -> None
CI_DRM_6067: 1498347b6b9748fcdbf1dc6ae5203caec1baf1d4 @ git://anongit.freedesktop.org/gfx-ci/linux
IGTPW_2954: https://intel-gfx-ci.01.org/tree/drm-tip/IGTPW_2954/
IGT_4973: 3e3ff0e48989abd25fce4916e85e8fef20a3c63a @ git://anongit.freedesktop.org/xorg/app/intel-gpu-tools
piglit_4509: fdc5a4ca11124ab8413c7988896eec4c97336694 @ git://anongit.freedesktop.org/piglit
== Logs ==
For more details see: https://intel-gfx-ci.01.org/tree/drm-tip/IGTPW_2954/
_______________________________________________
igt-dev mailing list
igt-dev@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/igt-dev
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [igt-dev] [PATCH i-g-t 2/3] lib/aux: Call setgroups() in igt_drop_root() before setgid()
2019-05-08 20:15 ` [igt-dev] [PATCH i-g-t 2/3] lib/aux: Call setgroups() in igt_drop_root() before setgid() Lyude
@ 2019-05-09 8:19 ` Daniel Vetter
0 siblings, 0 replies; 7+ messages in thread
From: Daniel Vetter @ 2019-05-09 8:19 UTC (permalink / raw)
To: Lyude; +Cc: igt-dev, Petri Latvala
On Wed, May 08, 2019 at 04:15:11PM -0400, Lyude wrote:
> From: Lyude Paul <lyude@redhat.com>
>
> While igt isn't really security sensitive, forgetting to call
> setgroups() before calling setgid() causes rpmlint on Fedora to
> complain:
>
> igt-gpu-tools.x86_64: E: missing-call-to-setgroups-before-setuid
> /usr/lib64/libigt.so.0
> ...
> missing-call-to-setgroups-before-setuid:
> This executable is calling setuid and setgid without setgroups or
> initgroups. There is a high probability this means it didn't relinquish
> all groups, and this would be a potential security issue to be fixed.
> Seek POS36-C on the web for details about the problem.
>
> Since it's likely other package maintainers for other distros will have
> to deal with similar issues eventually, and I can't see any harm in it,
> let's do the right thing and call setgroups() first.
Yeah igt is more a pile of exploits really :-)
On the series: Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
>
> Signed-off-by: Lyude Paul <lyude@redhat.com>
> ---
> lib/igt_aux.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/lib/igt_aux.c b/lib/igt_aux.c
> index caed1fed..578f8579 100644
> --- a/lib/igt_aux.c
> +++ b/lib/igt_aux.c
> @@ -49,6 +49,7 @@
> #include <sys/utsname.h>
> #include <termios.h>
> #include <assert.h>
> +#include <grp.h>
>
> #include <proc/readproc.h>
> #include <libudev.h>
> @@ -959,9 +960,11 @@ void igt_drop_root(void)
> {
> igt_assert_eq(getuid(), 0);
>
> + igt_assert_eq(setgroups(0, NULL), 0);
> igt_assert_eq(setgid(2), 0);
> igt_assert_eq(setuid(2), 0);
>
> + igt_assert_eq(getgroups(0, NULL), 0);
> igt_assert_eq(getgid(), 2);
> igt_assert_eq(getuid(), 2);
> }
> --
> 2.20.1
>
> _______________________________________________
> igt-dev mailing list
> igt-dev@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/igt-dev
--
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch
_______________________________________________
igt-dev mailing list
igt-dev@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/igt-dev
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2019-05-09 8:19 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-05-08 20:15 [igt-dev] [PATCH i-g-t 0/3] More fixes from Fedora packaging Lyude
2019-05-08 20:15 ` [igt-dev] [PATCH i-g-t 1/3] lib/aux: Use igt_assert_eq() in igt_drop_root() Lyude
2019-05-08 20:15 ` [igt-dev] [PATCH i-g-t 2/3] lib/aux: Call setgroups() in igt_drop_root() before setgid() Lyude
2019-05-09 8:19 ` Daniel Vetter
2019-05-08 20:15 ` [igt-dev] [PATCH i-g-t 3/3] Update Fedora dockerfile to F30 Lyude
2019-05-08 21:44 ` [igt-dev] ✓ Fi.CI.BAT: success for More fixes from Fedora packaging Patchwork
2019-05-09 3:35 ` [igt-dev] ✓ Fi.CI.IGT: " Patchwork
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox