Re: stable-rc: ptrace: peeksiginfo failed on 4.19, 4.14, 4.9 and 4.4

Linux Kernel Selftest development
 help / color / mirror / Atom feed

From: ebiederm@xmission.com (Eric W. Biederman)
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: avagin@gmail.com, linux- stable <stable@vger.kernel.org>,
	lkft-triage@lists.linaro.org,
	"open list\:KERNEL SELFTEST FRAMEWORK" 
	<linux-kselftest@vger.kernel.org>,
	Naresh Kamboju <naresh.kamboju@linaro.org>
Subject: Re: stable-rc: ptrace: peeksiginfo failed on 4.19, 4.14, 4.9 and 4.4
Date: Mon, 17 Jun 2019 08:13:56 -0500	[thread overview]
Message-ID: <87lfy0pd63.fsf@xmission.com> (raw)
In-Reply-To: <CA+G9fYsFL5AH6dkdN2Qd6UP=wdiXRDR_ioQFPSCq=uUBcmtHXw@mail.gmail.com> (Naresh Kamboju's message of "Mon, 17 Jun 2019 13:45:32 +0530")

Naresh Kamboju <naresh.kamboju@linaro.org> writes:

> selftests: ptrace: peeksiginfo failed on x86_64, i386, arm64 and arm.
> FAILED on stable rc branches 4.19, 4.14, 4.9 and 4.4.
> PASS on mainline, next and 5.1 stable rc branch.

Greg.

Looking in my email it appears 4.19, 4.14, 4.9, and 4.4 patches are
missing the "found=1" line from the original change.   This explains
the test failure.

Can you handle this?

Thanks,
Eric


> Test output:
> ------------------
> cd /opt/kselftests/mainline/ptrace
> ./peeksiginfo
> Error (peeksiginfo.c:143): Only 0 signals were read
>
> The git bisect show that below commit caused this test to fail.
>
>  git bisect bad
> 5b6b0eac235ef1f915f24eda6d501a754022cbf0 is the first bad commit
> commit 5b6b0eac235ef1f915f24eda6d501a754022cbf0
> Author: Eric W. Biederman <ebiederm@xmission.com>
> Date:   Tue May 28 18:46:37 2019 -0500
>
>     signal/ptrace: Don't leak unitialized kernel memory with PTRACE_PEEK_SIGINFO
>
>     commit f6e2aa91a46d2bc79fce9b93a988dbe7655c90c0 upstream.
>
>     Recently syzbot in conjunction with KMSAN reported that
>     ptrace_peek_siginfo can copy an uninitialized siginfo to userspace.
>     Inspecting ptrace_peek_siginfo confirms this.
>
>     The problem is that off when initialized from args.off can be
>     initialized to a negaive value.  At which point the "if (off >= 0)"
>     test to see if off became negative fails because off started off
>     negative.
>
>     Prevent the core problem by adding a variable found that is only true
>     if a siginfo is found and copied to a temporary in preparation for
>     being copied to userspace.
>
>     Prevent args.off from being truncated when being assigned to off by
>     testing that off is <= the maximum possible value of off.  Convert off
>     to an unsigned long so that we should not have to truncate args.off,
>     we have well defined overflow behavior so if we add another check we
>     won't risk fighting undefined compiler behavior, and so that we have a
>     type whose maximum value is easy to test for.
>
>     Cc: Andrei Vagin <avagin@gmail.com>
>     Cc: stable@vger.kernel.org
>     Reported-by: syzbot+0d602a1b0d8c95bdf299@syzkaller.appspotmail.com
>     Fixes: 84c751bd4aeb ("ptrace: add ability to retrieve signals
> without removing from a queue (v4)")
>     Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
>     Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
>
> :040000 040000 ff9f3109f210274d0b87851d226c35e7305ce44a
> b36de2c855fe2a0b332f145f0966dc1a0304d4bd M kernel
>
> Test case link,
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/tools/testing/selftests/ptrace/peeksiginfo.c#n143
>
> Test output log link,
> https://lkft.validation.linaro.org/scheduler/job/777223#L1084
>
> Test results comparison on different branches,
> https://qa-reports.linaro.org/_/comparetest/?project=22&project=6&project=58&project=135&project=40&project=23&project=167&suite=kselftest&test=ptrace_peeksiginfo
>
> Best regards
> Naresh Kamboju

next prev parent reply	other threads:[~2019-06-17 13:58 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-06-17  8:15 stable-rc: ptrace: peeksiginfo failed on 4.19, 4.14, 4.9 and 4.4 Naresh Kamboju
2019-06-17 13:13 ` Eric W. Biederman [this message]
2019-06-17 14:14   ` Sasha Levin
2019-06-17 20:26   ` Greg Kroah-Hartman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87lfy0pd63.fsf@xmission.com \
    --to=ebiederm@xmission.com \
    --cc=avagin@gmail.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=linux-kselftest@vger.kernel.org \
    --cc=lkft-triage@lists.linaro.org \
    --cc=naresh.kamboju@linaro.org \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox