* [LTP] insmod01_sh test from commands test suite will make cve-2017-17053 test fail
@ 2019-05-31 7:41 Po-Hsu Lin
2019-05-31 8:32 ` Cyril Hrubis
0 siblings, 1 reply; 6+ messages in thread
From: Po-Hsu Lin @ 2019-05-31 7:41 UTC (permalink / raw)
To: ltp
Hello folks,
We found out that when running the LTP test suite directly (which uses
the "default" file in scenario_groups). The insmod01_sh will insert an
out-of-tree module and taints the kernel, and the following
cve-2017-17053 test in the cve test suite will check if the kernel is
tainted. Thus causing some false-positive in the test result.
Perhaps a workaround is to move the cve test suite to somewhere before
the commands test suite in the "default" scenario.
BugLink: https://bugs.launchpad.net/bugs/1830011
Thanks
^ permalink raw reply [flat|nested] 6+ messages in thread
* [LTP] insmod01_sh test from commands test suite will make cve-2017-17053 test fail
2019-05-31 7:41 [LTP] insmod01_sh test from commands test suite will make cve-2017-17053 test fail Po-Hsu Lin
@ 2019-05-31 8:32 ` Cyril Hrubis
2019-05-31 9:25 ` Cyril Hrubis
2019-05-31 9:43 ` Cyril Hrubis
0 siblings, 2 replies; 6+ messages in thread
From: Cyril Hrubis @ 2019-05-31 8:32 UTC (permalink / raw)
To: ltp
Hi!
> We found out that when running the LTP test suite directly (which uses
> the "default" file in scenario_groups). The insmod01_sh will insert an
> out-of-tree module and taints the kernel, and the following
> cve-2017-17053 test in the cve test suite will check if the kernel is
> tainted. Thus causing some false-positive in the test result.
>
> Perhaps a workaround is to move the cve test suite to somewhere before
> the commands test suite in the "default" scenario.
>
> BugLink: https://bugs.launchpad.net/bugs/1830011
Looking at the bug the problem is that the module is missing license.
I guess that adding MODULE_LICENSE("GPL"); to the dummy module
testcases/commands/insmod/ltp_insmod01.c should fix it.
--
Cyril Hrubis
chrubis@suse.cz
^ permalink raw reply [flat|nested] 6+ messages in thread* [LTP] insmod01_sh test from commands test suite will make cve-2017-17053 test fail
2019-05-31 8:32 ` Cyril Hrubis
@ 2019-05-31 9:25 ` Cyril Hrubis
2019-05-31 9:43 ` Cyril Hrubis
1 sibling, 0 replies; 6+ messages in thread
From: Cyril Hrubis @ 2019-05-31 9:25 UTC (permalink / raw)
To: ltp
Hi!
> > We found out that when running the LTP test suite directly (which uses
> > the "default" file in scenario_groups). The insmod01_sh will insert an
> > out-of-tree module and taints the kernel, and the following
> > cve-2017-17053 test in the cve test suite will check if the kernel is
> > tainted. Thus causing some false-positive in the test result.
> >
> > Perhaps a workaround is to move the cve test suite to somewhere before
> > the commands test suite in the "default" scenario.
> >
> > BugLink: https://bugs.launchpad.net/bugs/1830011
>
> Looking at the bug the problem is that the module is missing license.
>
> I guess that adding MODULE_LICENSE("GPL"); to the dummy module
> testcases/commands/insmod/ltp_insmod01.c should fix it.
Looking at the log closer there are three things that seem to tain the
kernel:
* Missing module license
* Out-of-tree module
* Missing signature
Now each of these should be setting very specific kernel taint flags.
i.e. (see ltp/include/tst_taint.h)
* Missing module license -> TST_TAINT_G
* Out-of-tree module -> TST_TAINT_O
* Missing signature -> TST_TAINT_E
While the CVE tests checks only presence of TST_TAINT_D and TST_TAINT_W
so in theory this should work fine.
If you look at the value of the taint flag for that bugreport:
14849 = 0011101000000001
^^^ ^ ^
EOI W G
Something has set the "warning" taint flag and also the "working around
firmware bug" flag, so it's quite possible that the insmod tests is not
the culprit here.
--
Cyril Hrubis
chrubis@suse.cz
^ permalink raw reply [flat|nested] 6+ messages in thread* [LTP] insmod01_sh test from commands test suite will make cve-2017-17053 test fail
2019-05-31 8:32 ` Cyril Hrubis
2019-05-31 9:25 ` Cyril Hrubis
@ 2019-05-31 9:43 ` Cyril Hrubis
2019-06-04 11:44 ` Po-Hsu Lin
1 sibling, 1 reply; 6+ messages in thread
From: Cyril Hrubis @ 2019-05-31 9:43 UTC (permalink / raw)
To: ltp
Hi!
> > BugLink: https://bugs.launchpad.net/bugs/1830011
>
> Looking at the bug the problem is that the module is missing license.
>
> I guess that adding MODULE_LICENSE("GPL"); to the dummy module
> testcases/commands/insmod/ltp_insmod01.c should fix it.
Just FYI, the licence taint flag is now fixed in:
https://github.com/linux-test-project/ltp/commit/3015d592301ef37afe2dee2ddb03be126cffd6f8
--
Cyril Hrubis
chrubis@suse.cz
^ permalink raw reply [flat|nested] 6+ messages in thread* [LTP] insmod01_sh test from commands test suite will make cve-2017-17053 test fail
2019-05-31 9:43 ` Cyril Hrubis
@ 2019-06-04 11:44 ` Po-Hsu Lin
2019-06-05 7:02 ` Cyril Hrubis
0 siblings, 1 reply; 6+ messages in thread
From: Po-Hsu Lin @ 2019-06-04 11:44 UTC (permalink / raw)
To: ltp
Hello Cyril,
Yes you're right, the insmod test is not the cause here.
I found it's the block_dev test from kernel_misc, the ltp_block_dev
module insertion will first set the taint flag to 12288:
$ sudo insmod ltp_block_dev.ko
$ cat /proc/sys/kernel/tainted
12288
But the test will generate kernel warnings and make it 12800
$ sudo rmmod ltp_block_dev
$ sudo ./block_dev
block_dev 1 TPASS : Test-case '1'
block_dev 2 TPASS : Test-case '2'
block_dev 3 TPASS : Test-case '3'
block_dev 4 TPASS : Test-case '4'
block_dev 5 TPASS : Test-case '5'
block_dev 6 TPASS : Test-case '6'
block_dev 7 TPASS : Test-case '7'
$ cat /proc/sys/kernel/tainted
12800
12800 = 0011001000000000
The W flag is here.
Traces could be found in dmesg:
https://pastebin.ubuntu.com/p/gp9ZDHNj6J/
On Fri, May 31, 2019 at 5:43 PM Cyril Hrubis <chrubis@suse.cz> wrote:
>
> Hi!
> > > BugLink: https://bugs.launchpad.net/bugs/1830011
> >
> > Looking at the bug the problem is that the module is missing license.
> >
> > I guess that adding MODULE_LICENSE("GPL"); to the dummy module
> > testcases/commands/insmod/ltp_insmod01.c should fix it.
>
> Just FYI, the licence taint flag is now fixed in:
>
> https://github.com/linux-test-project/ltp/commit/3015d592301ef37afe2dee2ddb03be126cffd6f8
>
> --
> Cyril Hrubis
> chrubis@suse.cz
^ permalink raw reply [flat|nested] 6+ messages in thread* [LTP] insmod01_sh test from commands test suite will make cve-2017-17053 test fail
2019-06-04 11:44 ` Po-Hsu Lin
@ 2019-06-05 7:02 ` Cyril Hrubis
0 siblings, 0 replies; 6+ messages in thread
From: Cyril Hrubis @ 2019-06-05 7:02 UTC (permalink / raw)
To: ltp
Hi!
> Yes you're right, the insmod test is not the cause here.
>
> I found it's the block_dev test from kernel_misc, the ltp_block_dev
> module insertion will first set the taint flag to 12288:
> $ sudo insmod ltp_block_dev.ko
> $ cat /proc/sys/kernel/tainted
> 12288
>
> But the test will generate kernel warnings and make it 12800
> $ sudo rmmod ltp_block_dev
> $ sudo ./block_dev
> block_dev 1 TPASS : Test-case '1'
> block_dev 2 TPASS : Test-case '2'
> block_dev 3 TPASS : Test-case '3'
> block_dev 4 TPASS : Test-case '4'
> block_dev 5 TPASS : Test-case '5'
> block_dev 6 TPASS : Test-case '6'
> block_dev 7 TPASS : Test-case '7'
> $ cat /proc/sys/kernel/tainted
> 12800
>
> 12800 = 0011001000000000
> The W flag is here.
>
> Traces could be found in dmesg:
> https://pastebin.ubuntu.com/p/gp9ZDHNj6J/
Looking at the test and at the kernel source the test is triggering
exactly the condition it's supposed to to trigger and the warning is to
be expected.
I guess that the best solution would be running the kernel_misc
testcases separately from the rest.
--
Cyril Hrubis
chrubis@suse.cz
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2019-06-05 7:02 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-05-31 7:41 [LTP] insmod01_sh test from commands test suite will make cve-2017-17053 test fail Po-Hsu Lin
2019-05-31 8:32 ` Cyril Hrubis
2019-05-31 9:25 ` Cyril Hrubis
2019-05-31 9:43 ` Cyril Hrubis
2019-06-04 11:44 ` Po-Hsu Lin
2019-06-05 7:02 ` Cyril Hrubis
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox