From: Collin Funk <collin.funk1@gmail.com>
To: bug-gnulib@gnu.org
Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
selinux@vger.kernel.org, Christian Brauner <brauner@kernel.org>,
Stephen Smalley <stephen.smalley.work@gmail.com>
Subject: Recent Linux kernel commit breaks Gnulib test suite.
Date: Wed, 04 Jun 2025 21:03:37 -0700 [thread overview]
Message-ID: <8734ceal7q.fsf@gmail.com> (raw)
Hi,
Using the following testdir:
$ git clone https://git.savannah.gnu.org/git/gnulib.git && cd gnulib
$ ./gnulib-tool --create-testdir --dir testdir1 --single-configure `./gnulib-tool --list | grep acl`
I see the following result:
$ cd testdir1 && ./configure && make check
[...]
FAIL: test-copy-acl.sh
[...]
FAIL: test-file-has-acl.sh
This occurs with these two kernels:
$ uname -r
6.14.9-300.fc42.x86_64
$ uname -r
6.14.8-300.fc42.x86_64
But with this kernel:
$ uname -r
6.14.6-300.fc42.x86_64
The result is:
$ cd testdir1 && ./configure && make check
[...]
PASS: test-copy-acl.sh
[...]
PASS: test-file-has-acl.sh
Here is the test-suite.log from 6.14.9-300.fc42.x86_64:
FAIL: test-copy-acl.sh
======================
/home/collin/.local/src/gnulib/testdir1/gltests/test-copy-acl: preserving permissions for 'tmpfile2': Numerical result out of range
FAIL test-copy-acl.sh (exit status: 1)
FAIL: test-file-has-acl.sh
==========================
file_has_acl("tmpfile0") returned no, expected yes
FAIL test-file-has-acl.sh (exit status: 1)
To investigate further, I created the testdir again after applying the
following diff:
diff --git a/tests/test-copy-acl.sh b/tests/test-copy-acl.sh
index 061755f124..f9457e884f 100755
--- a/tests/test-copy-acl.sh
+++ b/tests/test-copy-acl.sh
@@ -209,7 +209,7 @@ cd "$builddir" ||
{
echo "Simple contents" > "$2"
chmod 600 "$2"
- ${CHECKER} "$builddir"/test-copy-acl${EXEEXT} "$1" "$2" || exit 1
+ ${CHECKER} strace "$builddir"/test-copy-acl${EXEEXT} "$1" "$2" || exit 1
${CHECKER} "$builddir"/test-sameacls${EXEEXT} "$1" "$2" || exit 1
func_test_same_acls "$1" "$2" || exit 1
}
Then running the test from inside testdir1/gltests:
$ ./test-copy-acl.sh
[...]
access("/etc/selinux/config", F_OK) = 0
openat(AT_FDCWD, "tmpfile0", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0610, st_size=16, ...}) = 0
openat(AT_FDCWD, "tmpfile2", O_WRONLY) = 4
fchmod(4, 0610) = 0
flistxattr(3, NULL, 0) = 17
flistxattr(3, 0x7ffda3f6c900, 17) = -1 ERANGE (Numerical result out of range)
write(2, "/home/collin/.local/src/gnulib/t"..., 63/home/collin/.local/src/gnulib/testdir1/gltests/test-copy-acl: ) = 63
write(2, "preserving permissions for 'tmpf"..., 37preserving permissions for 'tmpfile2') = 37
write(2, ": Numerical result out of range", 31: Numerical result out of range) = 31
write(2, "\n", 1
) = 1
exit_group(1) = ?
+++ exited with 1 +++
So, we get the buffer size from 'flistxattr(3, NULL, 0)' and then call
it again after allocating it 'flistxattr(3, 0x7ffda3f6c900, 17)'. This
shouldn't fail with ERANGE then.
To confirm, I replaced 'strace' with 'gdb --args'. Here is the result:
(gdb) b qcopy_acl
Breakpoint 1 at 0x400a10: file qcopy-acl.c, line 84.
(gdb) run
Starting program: /home/collin/.local/src/gnulib/testdir1/gltests/test-copy-acl tmpfile0 tmpfile2
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Breakpoint 1, qcopy_acl (src_name=src_name@entry=0x7fffffffd7c3 "tmpfile0", source_desc=source_desc@entry=3,
dst_name=dst_name@entry=0x7fffffffd7cc "tmpfile2", dest_desc=dest_desc@entry=4, mode=mode@entry=392) at qcopy-acl.c:84
84 ret = chmod_or_fchmod (dst_name, dest_desc, mode);
(gdb) n
90 if (ret == 0)
(gdb) n
92 ret = source_desc <= 0 || dest_desc <= 0
(gdb) s
attr_copy_fd (src_path=src_path@entry=0x7fffffffd7c3 "tmpfile0", src_fd=src_fd@entry=3, dst_path=dst_path@entry=0x7fffffffd7cc "tmpfile2",
dst_fd=dst_fd@entry=4, check=check@entry=0x4009b0 <is_attr_permissions>, ctx=ctx@entry=0x0) at libattr/attr_copy_fd.c:73
73 if (check == NULL)
(gdb) n
76 size = flistxattr (src_fd, NULL, 0);
(gdb) n
77 if (size < 0) {
(gdb) print size
$1 = 17
(gdb) n
86 names = (char *) my_alloc (size+1);
(gdb) n
92 size = flistxattr (src_fd, names, size);
(gdb) print errno
$2 = 0
(gdb) n
93 if (size < 0) {
(gdb) print size
$3 = -1
(gdb) print errno
$4 = 34
After confirming with the Fedora Kernel tags [1], I am fairly confident
that it was caused by this commit [2].
But I am not familiar enough with ACLs, SELinux, or the Kernel to know
the fix.
Adding the lists where this was discussed and some of the signers to CC,
since they will know better than me.
Collin
[1] https://gitlab.com/cki-project/kernel-ark
[2] https://github.com/torvalds/linux/commit/8b0ba61df5a1c44e2b3cf683831a4fc5e24ea99d
next reply other threads:[~2025-06-05 4:03 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-05 4:03 Collin Funk [this message]
2025-06-05 7:10 ` Recent Linux kernel commit breaks Gnulib test suite Paul Eggert
2025-06-05 13:46 ` Stephen Smalley
2025-06-05 16:53 ` Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8734ceal7q.fsf@gmail.com \
--to=collin.funk1@gmail.com \
--cc=brauner@kernel.org \
--cc=bug-gnulib@gnu.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=selinux@vger.kernel.org \
--cc=stephen.smalley.work@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).