* [LTP] [PATCH] cve/cve-2016-10044.c: fix two errors
@ 2017-09-22 9:21 Xiao Yang
2017-09-22 11:06 ` Richard Palethorpe
0 siblings, 1 reply; 9+ messages in thread
From: Xiao Yang @ 2017-09-22 9:21 UTC (permalink / raw)
To: ltp
1) If the number of nr_events exceeds the limit of available events
defined in /proc/sys/fs/aio-max-nr, it returns EAGAIN. We should
call io_destroy() to cleanup the AIO context after finishing test.
Steps to reproduce this error:
#echo 4 > /proc/sys/fs/aio-max-nr
# ./cve-2016-10044 -i 5
tst_test.c:908: INFO: Timeout per run is 0h 05m 00s
cve-2016-10044.c:62: FAIL: AIO mapping is executable: rwxs!
cve-2016-10044.c:62: FAIL: AIO mapping is executable: rwxs!
cve-2016-10044.c:62: FAIL: AIO mapping is executable: rwxs!
cve-2016-10044.c:62: FAIL: AIO mapping is executable: rwxs!
cve-2016-10044.c:49: BROK: Failed to create AIO context: EAGAIN/EWOULDBLOCK
2) The kernel created an AIO pseudo-fs and introduced cve-2016-10044
by the following patch:
'71ad7490c1f3("rework aio migrate pages to use aio fs")'
We should return TCONF rather than TBROK when an AIO pseudo-fs is
not found in /proc/self/maps.
Signed-off-by: Xiao Yang <yangx.jy@cn.fujitsu.com>
---
testcases/cve/cve-2016-10044.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/testcases/cve/cve-2016-10044.c b/testcases/cve/cve-2016-10044.c
index 7928d27..a84590a 100644
--- a/testcases/cve/cve-2016-10044.c
+++ b/testcases/cve/cve-2016-10044.c
@@ -53,7 +53,7 @@ static void run(void)
if (strstr(line, "/[aio]") != NULL)
goto found_mapping;
}
- tst_brk(TBROK, "Could not find mapping in /proc/self/maps");
+ tst_brk(TCONF, "Could not find mapping in /proc/self/maps");
found_mapping:
if (sscanf(line, "%*x-%*x %s7", perms) < 0)
@@ -63,6 +63,9 @@ found_mapping:
else
tst_res(TPASS, "AIO mapping is not executable: %s", perms);
+ if (tst_syscall(__NR_io_destroy, ctx))
+ tst_brk(TBROK | TERRNO, "Failed to destroy AIO context");
+
SAFE_FCLOSE(f);
f = NULL;
}
--
1.8.3.1
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [LTP] [PATCH] cve/cve-2016-10044.c: fix two errors
2017-09-22 9:21 [LTP] [PATCH] cve/cve-2016-10044.c: fix two errors Xiao Yang
@ 2017-09-22 11:06 ` Richard Palethorpe
2017-09-25 10:47 ` Xiao Yang
0 siblings, 1 reply; 9+ messages in thread
From: Richard Palethorpe @ 2017-09-22 11:06 UTC (permalink / raw)
To: ltp
Hello,
Xiao Yang writes:
> 1) If the number of nr_events exceeds the limit of available events
> defined in /proc/sys/fs/aio-max-nr, it returns EAGAIN. We should
> call io_destroy() to cleanup the AIO context after finishing test.
>
> Steps to reproduce this error:
> #echo 4 > /proc/sys/fs/aio-max-nr
> # ./cve-2016-10044 -i 5
> tst_test.c:908: INFO: Timeout per run is 0h 05m 00s
> cve-2016-10044.c:62: FAIL: AIO mapping is executable: rwxs!
> cve-2016-10044.c:62: FAIL: AIO mapping is executable: rwxs!
> cve-2016-10044.c:62: FAIL: AIO mapping is executable: rwxs!
> cve-2016-10044.c:62: FAIL: AIO mapping is executable: rwxs!
> cve-2016-10044.c:49: BROK: Failed to create AIO context: EAGAIN/EWOULDBLOCK
>
> 2) The kernel created an AIO pseudo-fs and introduced cve-2016-10044
> by the following patch:
> '71ad7490c1f3("rework aio migrate pages to use aio fs")'
>
> We should return TCONF rather than TBROK when an AIO pseudo-fs is
> not found in /proc/self/maps.
Maybe instead of doing this we could increase the required kernel
version to 3.12 which appears to be where the patch was introduced?
Otherwise we may fail with TCONF because the format of the file has
slightly changed and I am worried that nobody will notice. I don't think
this will have been backported to earlier versions:
http://lkml.iu.edu/hypermail/linux/kernel/1312.0/04590.html
The rest LGTM. Thanks.
>
> Signed-off-by: Xiao Yang <yangx.jy@cn.fujitsu.com>
> ---
> testcases/cve/cve-2016-10044.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/testcases/cve/cve-2016-10044.c b/testcases/cve/cve-2016-10044.c
> index 7928d27..a84590a 100644
> --- a/testcases/cve/cve-2016-10044.c
> +++ b/testcases/cve/cve-2016-10044.c
> @@ -53,7 +53,7 @@ static void run(void)
> if (strstr(line, "/[aio]") != NULL)
> goto found_mapping;
> }
> - tst_brk(TBROK, "Could not find mapping in /proc/self/maps");
> + tst_brk(TCONF, "Could not find mapping in /proc/self/maps");
>
> found_mapping:
> if (sscanf(line, "%*x-%*x %s7", perms) < 0)
> @@ -63,6 +63,9 @@ found_mapping:
> else
> tst_res(TPASS, "AIO mapping is not executable: %s", perms);
>
> + if (tst_syscall(__NR_io_destroy, ctx))
> + tst_brk(TBROK | TERRNO, "Failed to destroy AIO context");
> +
> SAFE_FCLOSE(f);
> f = NULL;
> }
> --
> 1.8.3.1
--
Thank you,
Richard.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [LTP] [PATCH] cve/cve-2016-10044.c: fix two errors
2017-09-22 11:06 ` Richard Palethorpe
@ 2017-09-25 10:47 ` Xiao Yang
2017-09-25 11:16 ` Richard Palethorpe
0 siblings, 1 reply; 9+ messages in thread
From: Xiao Yang @ 2017-09-25 10:47 UTC (permalink / raw)
To: ltp
On 2017/09/22 19:06, Richard Palethorpe wrote:
> Hello,
>
> Xiao Yang writes:
>
>> 1) If the number of nr_events exceeds the limit of available events
>> defined in /proc/sys/fs/aio-max-nr, it returns EAGAIN. We should
>> call io_destroy() to cleanup the AIO context after finishing test.
>>
>> Steps to reproduce this error:
>> #echo 4 > /proc/sys/fs/aio-max-nr
>> # ./cve-2016-10044 -i 5
>> tst_test.c:908: INFO: Timeout per run is 0h 05m 00s
>> cve-2016-10044.c:62: FAIL: AIO mapping is executable: rwxs!
>> cve-2016-10044.c:62: FAIL: AIO mapping is executable: rwxs!
>> cve-2016-10044.c:62: FAIL: AIO mapping is executable: rwxs!
>> cve-2016-10044.c:62: FAIL: AIO mapping is executable: rwxs!
>> cve-2016-10044.c:49: BROK: Failed to create AIO context: EAGAIN/EWOULDBLOCK
>>
>> 2) The kernel created an AIO pseudo-fs and introduced cve-2016-10044
>> by the following patch:
>> '71ad7490c1f3("rework aio migrate pages to use aio fs")'
>>
>> We should return TCONF rather than TBROK when an AIO pseudo-fs is
>> not found in /proc/self/maps.
> Maybe instead of doing this we could increase the required kernel
> version to 3.12 which appears to be where the patch was introduced?
>
> Otherwise we may fail with TCONF because the format of the file has
> slightly changed and I am worried that nobody will notice. I don't think
> this will have been backported to earlier versions:
> http://lkml.iu.edu/hypermail/linux/kernel/1312.0/04590.html
Hi Richard,
On RHEL7, the above patch has been backported to v3.10.0, so increasing
the required
kernel version to 3.12 does not seem better.
The old format of file is set to 'anon_inode:[aio]' by the following patch set:
'55708698c5f1("fs/anon_inode: Introduce a new lib function anon_inode_getfile_private()")'
'36bc08cc0170("fs/aio: Add support to aio ring pages migration")'
The current format of file is set to '/[aio]' by the following patch:
'71ad7490c1f3("rework aio migrate pages to use aio fs")'
Could we change the keyword into '[aio]' to match as many formats as possible, and
return TCONF if the mapping file does not exist.
Thanks,
Xiao Yang.
> The rest LGTM. Thanks.
>
>> Signed-off-by: Xiao Yang <yangx.jy@cn.fujitsu.com>
>> ---
>> testcases/cve/cve-2016-10044.c | 5 ++++-
>> 1 file changed, 4 insertions(+), 1 deletion(-)
>>
>> diff --git a/testcases/cve/cve-2016-10044.c b/testcases/cve/cve-2016-10044.c
>> index 7928d27..a84590a 100644
>> --- a/testcases/cve/cve-2016-10044.c
>> +++ b/testcases/cve/cve-2016-10044.c
>> @@ -53,7 +53,7 @@ static void run(void)
>> if (strstr(line, "/[aio]") != NULL)
>> goto found_mapping;
>> }
>> - tst_brk(TBROK, "Could not find mapping in /proc/self/maps");
>> + tst_brk(TCONF, "Could not find mapping in /proc/self/maps");
>>
>> found_mapping:
>> if (sscanf(line, "%*x-%*x %s7", perms) < 0)
>> @@ -63,6 +63,9 @@ found_mapping:
>> else
>> tst_res(TPASS, "AIO mapping is not executable: %s", perms);
>>
>> + if (tst_syscall(__NR_io_destroy, ctx))
>> + tst_brk(TBROK | TERRNO, "Failed to destroy AIO context");
>> +
>> SAFE_FCLOSE(f);
>> f = NULL;
>> }
>> --
>> 1.8.3.1
>
^ permalink raw reply [flat|nested] 9+ messages in thread
* [LTP] [PATCH] cve/cve-2016-10044.c: fix two errors
2017-09-25 10:47 ` Xiao Yang
@ 2017-09-25 11:16 ` Richard Palethorpe
2017-09-26 2:04 ` [LTP] [PATCH v2] " Xiao Yang
0 siblings, 1 reply; 9+ messages in thread
From: Richard Palethorpe @ 2017-09-25 11:16 UTC (permalink / raw)
To: ltp
Hello,
Xiao Yang writes:
> On 2017/09/22 19:06, Richard Palethorpe wrote:
>> Hello,
>>
>> Xiao Yang writes:
>>
>>> 1) If the number of nr_events exceeds the limit of available events
>>> defined in /proc/sys/fs/aio-max-nr, it returns EAGAIN. We should
>>> call io_destroy() to cleanup the AIO context after finishing test.
>>>
>>> Steps to reproduce this error:
>>> #echo 4 > /proc/sys/fs/aio-max-nr
>>> # ./cve-2016-10044 -i 5
>>> tst_test.c:908: INFO: Timeout per run is 0h 05m 00s
>>> cve-2016-10044.c:62: FAIL: AIO mapping is executable: rwxs!
>>> cve-2016-10044.c:62: FAIL: AIO mapping is executable: rwxs!
>>> cve-2016-10044.c:62: FAIL: AIO mapping is executable: rwxs!
>>> cve-2016-10044.c:62: FAIL: AIO mapping is executable: rwxs!
>>> cve-2016-10044.c:49: BROK: Failed to create AIO context: EAGAIN/EWOULDBLOCK
>>>
>>> 2) The kernel created an AIO pseudo-fs and introduced cve-2016-10044
>>> by the following patch:
>>> '71ad7490c1f3("rework aio migrate pages to use aio fs")'
>>>
>>> We should return TCONF rather than TBROK when an AIO pseudo-fs is
>>> not found in /proc/self/maps.
>> Maybe instead of doing this we could increase the required kernel
>> version to 3.12 which appears to be where the patch was introduced?
>>
>> Otherwise we may fail with TCONF because the format of the file has
>> slightly changed and I am worried that nobody will notice. I don't think
>> this will have been backported to earlier versions:
>> http://lkml.iu.edu/hypermail/linux/kernel/1312.0/04590.html
> Hi Richard,
>
> On RHEL7, the above patch has been backported to v3.10.0, so increasing
> the required
> kernel version to 3.12 does not seem better.
>
> The old format of file is set to 'anon_inode:[aio]' by the following patch set:
> '55708698c5f1("fs/anon_inode: Introduce a new lib function anon_inode_getfile_private()")'
> '36bc08cc0170("fs/aio: Add support to aio ring pages migration")'
>
> The current format of file is set to '/[aio]' by the following patch:
> '71ad7490c1f3("rework aio migrate pages to use aio fs")'
>
> Could we change the keyword into '[aio]' to match as many formats as possible, and
> return TCONF if the mapping file does not exist.
OK, that makes sense to me.
--
Thank you,
Richard.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [LTP] [PATCH v2] cve/cve-2016-10044.c: fix two errors
2017-09-25 11:16 ` Richard Palethorpe
@ 2017-09-26 2:04 ` Xiao Yang
2017-10-05 2:11 ` Xiao Yang
` (2 more replies)
0 siblings, 3 replies; 9+ messages in thread
From: Xiao Yang @ 2017-09-26 2:04 UTC (permalink / raw)
To: ltp
1) If the number of nr_events exceeds the limit of available events
defined in /proc/sys/fs/aio-max-nr, it returns EAGAIN. We should
call io_destroy() to cleanup the AIO context after finishing test.
Steps to reproduce this error:
#echo 4 > /proc/sys/fs/aio-max-nr
# ./cve-2016-10044 -i 5
tst_test.c:908: INFO: Timeout per run is 0h 05m 00s
cve-2016-10044.c:62: FAIL: AIO mapping is executable: rwxs!
cve-2016-10044.c:62: FAIL: AIO mapping is executable: rwxs!
cve-2016-10044.c:62: FAIL: AIO mapping is executable: rwxs!
cve-2016-10044.c:62: FAIL: AIO mapping is executable: rwxs!
cve-2016-10044.c:49: BROK: Failed to create AIO context: EAGAIN/EWOULDBLOCK
2) This case fails with TBROK on an old kernel(e.g. v2.6.32) because
the mapping file does not exist.
The old format of file is set to 'anon_inode:[aio]' by the following
patch set:
'55708698c5f1("fs/anon_inode: Introduce a new lib function anon_inode_getfile_private()")'
'36bc08cc0170("fs/aio: Add support to aio ring pages migration")'
The current format of file is set to '/[aio]' by the following patch:
'71ad7490c1f3("rework aio migrate pages to use aio fs")'
We change the keyword into '[aio]' to match as many formats as
possible, and return TCONF if the mapping file does not exist.
Signed-off-by: Xiao Yang <yangx.jy@cn.fujitsu.com>
---
testcases/cve/cve-2016-10044.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/testcases/cve/cve-2016-10044.c b/testcases/cve/cve-2016-10044.c
index 7928d27..14fa0a4 100644
--- a/testcases/cve/cve-2016-10044.c
+++ b/testcases/cve/cve-2016-10044.c
@@ -50,10 +50,10 @@ static void run(void)
f = SAFE_FOPEN("/proc/self/maps", "r");
while (fgets(line, BUFSIZ, f) != NULL) {
- if (strstr(line, "/[aio]") != NULL)
+ if (strstr(line, "[aio]") != NULL)
goto found_mapping;
}
- tst_brk(TBROK, "Could not find mapping in /proc/self/maps");
+ tst_brk(TCONF, "Could not find mapping in /proc/self/maps");
found_mapping:
if (sscanf(line, "%*x-%*x %s7", perms) < 0)
@@ -63,6 +63,9 @@ found_mapping:
else
tst_res(TPASS, "AIO mapping is not executable: %s", perms);
+ if (tst_syscall(__NR_io_destroy, ctx))
+ tst_brk(TBROK | TERRNO, "Failed to destroy AIO context");
+
SAFE_FCLOSE(f);
f = NULL;
}
--
1.8.3.1
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [LTP] [PATCH v2] cve/cve-2016-10044.c: fix two errors
2017-09-26 2:04 ` [LTP] [PATCH v2] " Xiao Yang
@ 2017-10-05 2:11 ` Xiao Yang
2017-10-13 7:48 ` Xiao Yang
2017-10-26 9:02 ` Xiao Yang
2 siblings, 0 replies; 9+ messages in thread
From: Xiao Yang @ 2017-10-05 2:11 UTC (permalink / raw)
To: ltp
Hi,
Ping :-)
Thanks,
Xiao Yang.
On 2017/09/26 10:04, Xiao Yang wrote:
> 1) If the number of nr_events exceeds the limit of available events
> defined in /proc/sys/fs/aio-max-nr, it returns EAGAIN. We should
> call io_destroy() to cleanup the AIO context after finishing test.
>
> Steps to reproduce this error:
> #echo 4 > /proc/sys/fs/aio-max-nr
> # ./cve-2016-10044 -i 5
> tst_test.c:908: INFO: Timeout per run is 0h 05m 00s
> cve-2016-10044.c:62: FAIL: AIO mapping is executable: rwxs!
> cve-2016-10044.c:62: FAIL: AIO mapping is executable: rwxs!
> cve-2016-10044.c:62: FAIL: AIO mapping is executable: rwxs!
> cve-2016-10044.c:62: FAIL: AIO mapping is executable: rwxs!
> cve-2016-10044.c:49: BROK: Failed to create AIO context: EAGAIN/EWOULDBLOCK
>
> 2) This case fails with TBROK on an old kernel(e.g. v2.6.32) because
> the mapping file does not exist.
>
> The old format of file is set to 'anon_inode:[aio]' by the following
> patch set:
> '55708698c5f1("fs/anon_inode: Introduce a new lib function anon_inode_getfile_private()")'
> '36bc08cc0170("fs/aio: Add support to aio ring pages migration")'
>
> The current format of file is set to '/[aio]' by the following patch:
> '71ad7490c1f3("rework aio migrate pages to use aio fs")'
>
> We change the keyword into '[aio]' to match as many formats as
> possible, and return TCONF if the mapping file does not exist.
>
> Signed-off-by: Xiao Yang <yangx.jy@cn.fujitsu.com>
> ---
> testcases/cve/cve-2016-10044.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/testcases/cve/cve-2016-10044.c b/testcases/cve/cve-2016-10044.c
> index 7928d27..14fa0a4 100644
> --- a/testcases/cve/cve-2016-10044.c
> +++ b/testcases/cve/cve-2016-10044.c
> @@ -50,10 +50,10 @@ static void run(void)
>
> f = SAFE_FOPEN("/proc/self/maps", "r");
> while (fgets(line, BUFSIZ, f) != NULL) {
> - if (strstr(line, "/[aio]") != NULL)
> + if (strstr(line, "[aio]") != NULL)
> goto found_mapping;
> }
> - tst_brk(TBROK, "Could not find mapping in /proc/self/maps");
> + tst_brk(TCONF, "Could not find mapping in /proc/self/maps");
>
> found_mapping:
> if (sscanf(line, "%*x-%*x %s7", perms) < 0)
> @@ -63,6 +63,9 @@ found_mapping:
> else
> tst_res(TPASS, "AIO mapping is not executable: %s", perms);
>
> + if (tst_syscall(__NR_io_destroy, ctx))
> + tst_brk(TBROK | TERRNO, "Failed to destroy AIO context");
> +
> SAFE_FCLOSE(f);
> f = NULL;
> }
^ permalink raw reply [flat|nested] 9+ messages in thread
* [LTP] [PATCH v2] cve/cve-2016-10044.c: fix two errors
2017-09-26 2:04 ` [LTP] [PATCH v2] " Xiao Yang
2017-10-05 2:11 ` Xiao Yang
@ 2017-10-13 7:48 ` Xiao Yang
2017-10-26 9:02 ` Xiao Yang
2 siblings, 0 replies; 9+ messages in thread
From: Xiao Yang @ 2017-10-13 7:48 UTC (permalink / raw)
To: ltp
Hi Cyril,
Could you help me review this patch? Thanks a lot. :-)
Thanks,
Xiao Yang
On 2017/09/26 10:04, Xiao Yang wrote:
> 1) If the number of nr_events exceeds the limit of available events
> defined in /proc/sys/fs/aio-max-nr, it returns EAGAIN. We should
> call io_destroy() to cleanup the AIO context after finishing test.
>
> Steps to reproduce this error:
> #echo 4> /proc/sys/fs/aio-max-nr
> # ./cve-2016-10044 -i 5
> tst_test.c:908: INFO: Timeout per run is 0h 05m 00s
> cve-2016-10044.c:62: FAIL: AIO mapping is executable: rwxs!
> cve-2016-10044.c:62: FAIL: AIO mapping is executable: rwxs!
> cve-2016-10044.c:62: FAIL: AIO mapping is executable: rwxs!
> cve-2016-10044.c:62: FAIL: AIO mapping is executable: rwxs!
> cve-2016-10044.c:49: BROK: Failed to create AIO context: EAGAIN/EWOULDBLOCK
>
> 2) This case fails with TBROK on an old kernel(e.g. v2.6.32) because
> the mapping file does not exist.
>
> The old format of file is set to 'anon_inode:[aio]' by the following
> patch set:
> '55708698c5f1("fs/anon_inode: Introduce a new lib function anon_inode_getfile_private()")'
> '36bc08cc0170("fs/aio: Add support to aio ring pages migration")'
>
> The current format of file is set to '/[aio]' by the following patch:
> '71ad7490c1f3("rework aio migrate pages to use aio fs")'
>
> We change the keyword into '[aio]' to match as many formats as
> possible, and return TCONF if the mapping file does not exist.
>
> Signed-off-by: Xiao Yang<yangx.jy@cn.fujitsu.com>
> ---
> testcases/cve/cve-2016-10044.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/testcases/cve/cve-2016-10044.c b/testcases/cve/cve-2016-10044.c
> index 7928d27..14fa0a4 100644
> --- a/testcases/cve/cve-2016-10044.c
> +++ b/testcases/cve/cve-2016-10044.c
> @@ -50,10 +50,10 @@ static void run(void)
>
> f = SAFE_FOPEN("/proc/self/maps", "r");
> while (fgets(line, BUFSIZ, f) != NULL) {
> - if (strstr(line, "/[aio]") != NULL)
> + if (strstr(line, "[aio]") != NULL)
> goto found_mapping;
> }
> - tst_brk(TBROK, "Could not find mapping in /proc/self/maps");
> + tst_brk(TCONF, "Could not find mapping in /proc/self/maps");
>
> found_mapping:
> if (sscanf(line, "%*x-%*x %s7", perms)< 0)
> @@ -63,6 +63,9 @@ found_mapping:
> else
> tst_res(TPASS, "AIO mapping is not executable: %s", perms);
>
> + if (tst_syscall(__NR_io_destroy, ctx))
> + tst_brk(TBROK | TERRNO, "Failed to destroy AIO context");
> +
> SAFE_FCLOSE(f);
> f = NULL;
> }
^ permalink raw reply [flat|nested] 9+ messages in thread
* [LTP] [PATCH v2] cve/cve-2016-10044.c: fix two errors
2017-09-26 2:04 ` [LTP] [PATCH v2] " Xiao Yang
2017-10-05 2:11 ` Xiao Yang
2017-10-13 7:48 ` Xiao Yang
@ 2017-10-26 9:02 ` Xiao Yang
2017-10-26 10:23 ` Cyril Hrubis
2 siblings, 1 reply; 9+ messages in thread
From: Xiao Yang @ 2017-10-26 9:02 UTC (permalink / raw)
To: ltp
Hi Cyril,
Could you help me review this patch? Thanks a lot. :-)
Thanks,
Xiao Yang
On 2017/09/26 10:04, Xiao Yang wrote:
> 1) If the number of nr_events exceeds the limit of available events
> defined in /proc/sys/fs/aio-max-nr, it returns EAGAIN. We should
> call io_destroy() to cleanup the AIO context after finishing test.
>
> Steps to reproduce this error:
> #echo 4 > /proc/sys/fs/aio-max-nr
> # ./cve-2016-10044 -i 5
> tst_test.c:908: INFO: Timeout per run is 0h 05m 00s
> cve-2016-10044.c:62: FAIL: AIO mapping is executable: rwxs!
> cve-2016-10044.c:62: FAIL: AIO mapping is executable: rwxs!
> cve-2016-10044.c:62: FAIL: AIO mapping is executable: rwxs!
> cve-2016-10044.c:62: FAIL: AIO mapping is executable: rwxs!
> cve-2016-10044.c:49: BROK: Failed to create AIO context: EAGAIN/EWOULDBLOCK
>
> 2) This case fails with TBROK on an old kernel(e.g. v2.6.32) because
> the mapping file does not exist.
>
> The old format of file is set to 'anon_inode:[aio]' by the following
> patch set:
> '55708698c5f1("fs/anon_inode: Introduce a new lib function anon_inode_getfile_private()")'
> '36bc08cc0170("fs/aio: Add support to aio ring pages migration")'
>
> The current format of file is set to '/[aio]' by the following patch:
> '71ad7490c1f3("rework aio migrate pages to use aio fs")'
>
> We change the keyword into '[aio]' to match as many formats as
> possible, and return TCONF if the mapping file does not exist.
>
> Signed-off-by: Xiao Yang <yangx.jy@cn.fujitsu.com>
> ---
> testcases/cve/cve-2016-10044.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/testcases/cve/cve-2016-10044.c b/testcases/cve/cve-2016-10044.c
> index 7928d27..14fa0a4 100644
> --- a/testcases/cve/cve-2016-10044.c
> +++ b/testcases/cve/cve-2016-10044.c
> @@ -50,10 +50,10 @@ static void run(void)
>
> f = SAFE_FOPEN("/proc/self/maps", "r");
> while (fgets(line, BUFSIZ, f) != NULL) {
> - if (strstr(line, "/[aio]") != NULL)
> + if (strstr(line, "[aio]") != NULL)
> goto found_mapping;
> }
> - tst_brk(TBROK, "Could not find mapping in /proc/self/maps");
> + tst_brk(TCONF, "Could not find mapping in /proc/self/maps");
>
> found_mapping:
> if (sscanf(line, "%*x-%*x %s7", perms) < 0)
> @@ -63,6 +63,9 @@ found_mapping:
> else
> tst_res(TPASS, "AIO mapping is not executable: %s", perms);
>
> + if (tst_syscall(__NR_io_destroy, ctx))
> + tst_brk(TBROK | TERRNO, "Failed to destroy AIO context");
> +
> SAFE_FCLOSE(f);
> f = NULL;
> }
^ permalink raw reply [flat|nested] 9+ messages in thread
* [LTP] [PATCH v2] cve/cve-2016-10044.c: fix two errors
2017-10-26 9:02 ` Xiao Yang
@ 2017-10-26 10:23 ` Cyril Hrubis
0 siblings, 0 replies; 9+ messages in thread
From: Cyril Hrubis @ 2017-10-26 10:23 UTC (permalink / raw)
To: ltp
Hi!
> Could you help me review this patch? Thanks a lot. :-)
Sorry for the delay, pushed.
--
Cyril Hrubis
chrubis@suse.cz
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2017-10-26 10:23 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-09-22 9:21 [LTP] [PATCH] cve/cve-2016-10044.c: fix two errors Xiao Yang
2017-09-22 11:06 ` Richard Palethorpe
2017-09-25 10:47 ` Xiao Yang
2017-09-25 11:16 ` Richard Palethorpe
2017-09-26 2:04 ` [LTP] [PATCH v2] " Xiao Yang
2017-10-05 2:11 ` Xiao Yang
2017-10-13 7:48 ` Xiao Yang
2017-10-26 9:02 ` Xiao Yang
2017-10-26 10:23 ` Cyril Hrubis
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox