From mboxrd@z Thu Jan 1 00:00:00 1970 From: Xiao Yang Date: Tue, 27 Mar 2018 17:48:26 +0800 Subject: [LTP] [PATCH v6 0/3] Add regression test for CVE-2017-17053 In-Reply-To: <5AB35983.6060900@cn.fujitsu.com> References: <20180309124418.30271-1-mmoese@suse.de> <5AB35983.6060900@cn.fujitsu.com> Message-ID: <5ABA136A.8080609@cn.fujitsu.com> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1252" Content-Transfer-Encoding: quoted-printable To: ltp@lists.linux.it Hi=EF=BC=8C Can anybody help me look into this issue? Thanks, Xiao Yang On 2018/03/22 15:21, Xiao Yang wrote: > Hi Michael, > > Sorry to bother you. > > tst_taint_init() always got TBROK before verifying CVE-2017-17053 on=20 > my enviorment, as below: > ----------------------------------------------------------------- > [root@RHEL7U5RC_Intel64 cve]# ./cve-2017-17053 > tst_test.c:987: INFO: Timeout per run is 0h 05m 00s > tst_taint.c:88: BROK: Kernel is already tainted: 512 > ...... > ----------------------------------------------------------------- > > On my enviorment, __ioremap_caller() displayed the warning message and=20 > set /proc/sys/kernel/tainted to > TST_TAINT_W(512) when too high physical address wasn't handled. Is=20 > this a usual case? should we break > and skip CVE-2017-17053 due to this existed TST_TAINT_W? > > Please see the the following warning message: > ----------------------------------------------------------------- > [ 0.059261] ioremap: invalid physical address fffffffffff90000 > [ 0.059263] ------------[ cut here ]------------ > [ 0.059268] WARNING: CPU: 0 PID: 1 at arch/x86/mm/ioremap.c:103=20 > __ioremap_caller+0x2f2/0x340 > [ 0.059269] Modules linked in: > [ 0.059272] CPU: 0 PID: 1 Comm: swapper/0 Not tainted=20 > 3.10.0-860.el7.x86_64 #1 > [ 0.059273] Hardware name: LENOVO QiTianM7150/To be filled by=20 > O.E.M., BIOS 90KT20CUS 09/14/2010 > [ 0.059275] Call Trace: > [ 0.059281] [] dump_stack+0x19/0x1b > [ 0.059284] [] __warn+0xd8/0x100 > [ 0.059286] [] warn_slowpath_null+0x1d/0x20 > [ 0.059288] [] __ioremap_caller+0x2f2/0x340 > [ 0.059290] [] ? acpi_os_map_memory+0xfd/0x155 > [ 0.059293] [] ? kmem_cache_alloc_trace+0x1d6/0x200 > [ 0.059295] [] ioremap_cache+0x14/0x20 > [ 0.059297] [] acpi_os_map_memory+0xfd/0x155 > [ 0.059301] []=20 > acpi_ex_system_memory_space_handler+0xdd/0x1ca > [ 0.059304] []=20 > acpi_ev_address_space_dispatch+0x1c5/0x231 > [ 0.059306] [] acpi_ex_access_region+0x20e/0x2a2 > [ 0.059309] [] ? acpi_os_release_lock+0xe/0x10 > [ 0.059312] [] ?=20 > acpi_ut_update_ref_count+0x99/0x2bf > [ 0.059314] [] acpi_ex_field_datum_io+0x105/0x196 > [ 0.059316] []=20 > acpi_ex_extract_from_field+0x98/0x228 > [ 0.059318] [] ?=20 > acpi_ut_create_internal_object_dbg+0x23/0x8a > [ 0.059321] []=20 > acpi_ex_read_data_from_field+0x13c/0x178 > [ 0.059323] []=20 > acpi_ex_resolve_node_to_value+0x1a3/0x245 > [ 0.059325] [] acpi_ex_resolve_to_value+0x21d/0x23a > [ 0.059327] []=20 > acpi_ds_evaluate_name_path+0x8d/0x11b > [ 0.059329] [] acpi_ds_exec_end_op+0x98/0x3f3 > [ 0.059332] [] acpi_ps_parse_loop+0x526/0x583 > [ 0.059335] [] ?=20 > acpi_ut_create_generic_state+0x37/0x54 > [ 0.059337] [] acpi_ps_parse_aml+0x98/0x289 > [ 0.059339] [] acpi_ps_execute_method+0x1c7/0x272 > [ 0.059341] [] acpi_ns_evaluate+0x1c1/0x258 > [ 0.059343] [] acpi_evaluate_object+0x135/0x252 > [ 0.059346] [] acpi_evaluate_integer+0x52/0x84 > [ 0.059348] [] ? acpi_os_signal_semaphore+0x21/0x2d > [ 0.059350] [] acpi_bus_get_status_handle+0x1e/0x39 > [ 0.059353] [] acpi_bus_check_add+0x81/0x1c2 > [ 0.059355] [] ? up+0x32/0x50 > [ 0.059358] [] acpi_ns_walk_namespace+0xcb/0x184 > [ 0.059360] [] ? acpi_add_single_object+0x4f9/0x4f9 > [ 0.059362] [] ? acpi_add_single_object+0x4f9/0x4f9 > [ 0.059364] [] acpi_walk_namespace+0x95/0xc5 > [ 0.059367] [] ? acpi_sleep_proc_init+0x2a/0x2a > [ 0.059369] [] acpi_bus_scan+0x5c/0x90 > [ 0.059371] [] acpi_scan_init+0x89/0x1d8 > [ 0.059373] [] acpi_init+0x2a3/0x2bd > [ 0.059376] [] do_one_initcall+0xba/0x240 > [ 0.059379] [] kernel_init_freeable+0x180/0x21f > [ 0.059381] [] ? initcall_blacklist+0xb0/0xb0 > [ 0.059383] [] ? rest_init+0x80/0x80 > [ 0.059385] [] kernel_init+0xe/0xf0 > [ 0.059388] [] ret_from_fork_nospec_begin+0x21/0x21 > [ 0.059390] [] ? rest_init+0x80/0x80 > [ 0.059393] ---[ end trace a7b32a0fce036eb7 ]--- > ----------------------------------------------------------------- > > Please let me know if more information is needed, thanks. > > Thanks, > Xiao Yang > On 2018/03/09 20:44, Michael Moese wrote: > >> Add a regression test for CVE-2017-17053. This testcase is depending >> on some new library functions included in this series. >> >> This patch series consists of reworked patches according to previous >> review comments, as well as a small new library wrapper function >> SAFE_SIGACTION() to install a signal handler. >> >> Michael Moese (3): >> Add library support for /proc/sys/kernel/tainted >> Add a library wrapper for sigaction() >> Add regression test for CVE-2017-17053 >> >> doc/test-writing-guidelines.txt | 42 ++++++++++ >> include/tst_safe_macros.h | 20 +++++ >> include/tst_taint.h | 104 +++++++++++++++++++++++++ >> lib/tst_taint.c | 106 +++++++++++++++++++++++++ >> runtest/cve | 1 + >> testcases/cve/.gitignore | 1 + >> testcases/cve/Makefile | 2 + >> testcases/cve/cve-2017-17053.c | 166=20 >> ++++++++++++++++++++++++++++++++++++++++ >> 8 files changed, 442 insertions(+) >> create mode 100644 include/tst_taint.h >> create mode 100644 lib/tst_taint.c >> create mode 100644 testcases/cve/cve-2017-17053.c >> > > > >