* [LTP] [PATCH] scenario_groups/default: run the kernel_misc test after the cve test @ 2019-06-28 10:39 Po-Hsu Lin 2019-07-01 6:27 ` Xiao Yang 2019-07-02 13:04 ` Cyril Hrubis 0 siblings, 2 replies; 9+ messages in thread From: Po-Hsu Lin @ 2019-06-28 10:39 UTC (permalink / raw) To: ltp The block_dev test in kernel_misc will taint kernel with a warning flag, this is an expected behaviour. However, if you run the cve-2017-17053 after it, as the test is looking for a warning / died flag for a tainted kernel, it will cause false alarm with: tst_taint.c:88: BROK: Kernel is already tainted: 14849 The kernel_misc test was executed before the cve test in the default test plan. Move the kernel_misc test to the end of the list to workaround this issue. Signed-off-by: Po-Hsu Lin <po-hsu.lin@canonical.com> --- scenario_groups/default | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scenario_groups/default b/scenario_groups/default index 1f3e5b27f..e5b34782c 100644 --- a/scenario_groups/default +++ b/scenario_groups/default @@ -22,7 +22,6 @@ power_management_tests hugetlb commands hyperthreading -kernel_misc fs_ext4 can cpuhotplug @@ -30,3 +29,4 @@ net.ipv6_lib input cve crypto +kernel_misc -- 2.17.1 ^ permalink raw reply related [flat|nested] 9+ messages in thread
* [LTP] [PATCH] scenario_groups/default: run the kernel_misc test after the cve test 2019-06-28 10:39 [LTP] [PATCH] scenario_groups/default: run the kernel_misc test after the cve test Po-Hsu Lin @ 2019-07-01 6:27 ` Xiao Yang 2019-07-01 6:58 ` Po-Hsu Lin 2019-07-02 13:05 ` Cyril Hrubis 2019-07-02 13:04 ` Cyril Hrubis 1 sibling, 2 replies; 9+ messages in thread From: Xiao Yang @ 2019-07-01 6:27 UTC (permalink / raw) To: ltp Hi, Your patch just workarounds the issue for now, because it still happens if a new test designed to taint kernel is added to the group before cve group in future. Could we save the value of tainted before running block_dev and then restore it after running block_dev? Best Regards, Xiao Yang On 2019/06/28 18:39, Po-Hsu Lin wrote: > The block_dev test in kernel_misc will taint kernel with a warning flag, > this is an expected behaviour. > > However, if you run the cve-2017-17053 after it, as the test is looking > for a warning / died flag for a tainted kernel, it will cause false > alarm with: > tst_taint.c:88: BROK: Kernel is already tainted: 14849 > > The kernel_misc test was executed before the cve test in the default > test plan. Move the kernel_misc test to the end of the list to > workaround this issue. > > Signed-off-by: Po-Hsu Lin<po-hsu.lin@canonical.com> > --- > scenario_groups/default | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/scenario_groups/default b/scenario_groups/default > index 1f3e5b27f..e5b34782c 100644 > --- a/scenario_groups/default > +++ b/scenario_groups/default > @@ -22,7 +22,6 @@ power_management_tests > hugetlb > commands > hyperthreading > -kernel_misc > fs_ext4 > can > cpuhotplug > @@ -30,3 +29,4 @@ net.ipv6_lib > input > cve > crypto > +kernel_misc ^ permalink raw reply [flat|nested] 9+ messages in thread
* [LTP] [PATCH] scenario_groups/default: run the kernel_misc test after the cve test 2019-07-01 6:27 ` Xiao Yang @ 2019-07-01 6:58 ` Po-Hsu Lin 2019-07-01 7:12 ` Xiao Yang 2019-07-02 13:05 ` Cyril Hrubis 1 sibling, 1 reply; 9+ messages in thread From: Po-Hsu Lin @ 2019-07-01 6:58 UTC (permalink / raw) To: ltp Hello, I am not sure if we can restore the value in /proc/sys/kernel/tainted, which can be changed manually: # cat /proc/sys/kernel/tainted 0 # echo 12800 > /proc/sys/kernel/tainted # cat /proc/sys/kernel/tainted 12800 But it can't be reset back to 0. From the Documentation/admin-guide/tainted-kernels.rst, it states that: "Note the kernel will remain tainted even after you undo what caused the taint (i.e. unload a proprietary kernel module), to indicate the kernel remains not trustworthy." Thanks On Mon, Jul 1, 2019 at 2:27 PM Xiao Yang <yangx.jy@cn.fujitsu.com> wrote: > > Hi, > > Your patch just workarounds the issue for now, because it still happens > if a new test designed to taint > kernel is added to the group before cve group in future. > > Could we save the value of tainted before running block_dev and then > restore it after running block_dev? > > Best Regards, > Xiao Yang > On 2019/06/28 18:39, Po-Hsu Lin wrote: > > The block_dev test in kernel_misc will taint kernel with a warning flag, > > this is an expected behaviour. > > > > However, if you run the cve-2017-17053 after it, as the test is looking > > for a warning / died flag for a tainted kernel, it will cause false > > alarm with: > > tst_taint.c:88: BROK: Kernel is already tainted: 14849 > > > > The kernel_misc test was executed before the cve test in the default > > test plan. Move the kernel_misc test to the end of the list to > > workaround this issue. > > > > Signed-off-by: Po-Hsu Lin<po-hsu.lin@canonical.com> > > --- > > scenario_groups/default | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/scenario_groups/default b/scenario_groups/default > > index 1f3e5b27f..e5b34782c 100644 > > --- a/scenario_groups/default > > +++ b/scenario_groups/default > > @@ -22,7 +22,6 @@ power_management_tests > > hugetlb > > commands > > hyperthreading > > -kernel_misc > > fs_ext4 > > can > > cpuhotplug > > @@ -30,3 +29,4 @@ net.ipv6_lib > > input > > cve > > crypto > > +kernel_misc > > > ^ permalink raw reply [flat|nested] 9+ messages in thread
* [LTP] [PATCH] scenario_groups/default: run the kernel_misc test after the cve test 2019-07-01 6:58 ` Po-Hsu Lin @ 2019-07-01 7:12 ` Xiao Yang 2019-07-02 13:00 ` Cyril Hrubis 0 siblings, 1 reply; 9+ messages in thread From: Xiao Yang @ 2019-07-01 7:12 UTC (permalink / raw) To: ltp On 2019/07/01 14:58, Po-Hsu Lin wrote: > Hello, > > I am not sure if we can restore the value in /proc/sys/kernel/tainted, > which can be changed manually: > # cat /proc/sys/kernel/tainted > 0 > # echo 12800> /proc/sys/kernel/tainted > # cat /proc/sys/kernel/tainted > 12800 > But it can't be reset back to 0. Hi, It seems that the value of /proc/sys/kernel/tainted only be increased. Best Regards, Xiao Yang > > From the Documentation/admin-guide/tainted-kernels.rst, it states that: > "Note the kernel will remain tainted even after you undo what caused the taint > (i.e. unload a proprietary kernel module), to indicate the kernel remains not > trustworthy." > > Thanks > > On Mon, Jul 1, 2019 at 2:27 PM Xiao Yang<yangx.jy@cn.fujitsu.com> wrote: >> Hi, >> >> Your patch just workarounds the issue for now, because it still happens >> if a new test designed to taint >> kernel is added to the group before cve group in future. >> >> Could we save the value of tainted before running block_dev and then >> restore it after running block_dev? >> >> Best Regards, >> Xiao Yang >> On 2019/06/28 18:39, Po-Hsu Lin wrote: >>> The block_dev test in kernel_misc will taint kernel with a warning flag, >>> this is an expected behaviour. >>> >>> However, if you run the cve-2017-17053 after it, as the test is looking >>> for a warning / died flag for a tainted kernel, it will cause false >>> alarm with: >>> tst_taint.c:88: BROK: Kernel is already tainted: 14849 >>> >>> The kernel_misc test was executed before the cve test in the default >>> test plan. Move the kernel_misc test to the end of the list to >>> workaround this issue. >>> >>> Signed-off-by: Po-Hsu Lin<po-hsu.lin@canonical.com> >>> --- >>> scenario_groups/default | 2 +- >>> 1 file changed, 1 insertion(+), 1 deletion(-) >>> >>> diff --git a/scenario_groups/default b/scenario_groups/default >>> index 1f3e5b27f..e5b34782c 100644 >>> --- a/scenario_groups/default >>> +++ b/scenario_groups/default >>> @@ -22,7 +22,6 @@ power_management_tests >>> hugetlb >>> commands >>> hyperthreading >>> -kernel_misc >>> fs_ext4 >>> can >>> cpuhotplug >>> @@ -30,3 +29,4 @@ net.ipv6_lib >>> input >>> cve >>> crypto >>> +kernel_misc >> >> > > ^ permalink raw reply [flat|nested] 9+ messages in thread
* [LTP] [PATCH] scenario_groups/default: run the kernel_misc test after the cve test 2019-07-01 7:12 ` Xiao Yang @ 2019-07-02 13:00 ` Cyril Hrubis 0 siblings, 0 replies; 9+ messages in thread From: Cyril Hrubis @ 2019-07-02 13:00 UTC (permalink / raw) To: ltp Hi! > It seems that the value of /proc/sys/kernel/tainted only be increased. That is by design, since otherwise people would erase the track of unsigned/out-of-tree modules being loaded... -- Cyril Hrubis chrubis@suse.cz ^ permalink raw reply [flat|nested] 9+ messages in thread
* [LTP] [PATCH] scenario_groups/default: run the kernel_misc test after the cve test 2019-07-01 6:27 ` Xiao Yang 2019-07-01 6:58 ` Po-Hsu Lin @ 2019-07-02 13:05 ` Cyril Hrubis 2019-07-02 16:40 ` Po-Hsu Lin 1 sibling, 1 reply; 9+ messages in thread From: Cyril Hrubis @ 2019-07-02 13:05 UTC (permalink / raw) To: ltp Hi! > Your patch just workarounds the issue for now, because it still happens > if a new test designed to taint > kernel is added to the group before cve group in future. Unfortunately there is no better solution for this, so I pushed the patch. -- Cyril Hrubis chrubis@suse.cz ^ permalink raw reply [flat|nested] 9+ messages in thread
* [LTP] [PATCH] scenario_groups/default: run the kernel_misc test after the cve test 2019-07-02 13:05 ` Cyril Hrubis @ 2019-07-02 16:40 ` Po-Hsu Lin 2019-07-02 17:19 ` Cyril Hrubis 0 siblings, 1 reply; 9+ messages in thread From: Po-Hsu Lin @ 2019-07-02 16:40 UTC (permalink / raw) To: ltp Hello, thanks for the review, do you think if we should put a comment (if possible) inside that file to avoid getting re-ordered for some reason in the future? On Tue, Jul 2, 2019 at 9:05 PM Cyril Hrubis <chrubis@suse.cz> wrote: > > Hi! > > Your patch just workarounds the issue for now, because it still happens > > if a new test designed to taint > > kernel is added to the group before cve group in future. > > Unfortunately there is no better solution for this, so I pushed the > patch. > > -- > Cyril Hrubis > chrubis@suse.cz ^ permalink raw reply [flat|nested] 9+ messages in thread
* [LTP] [PATCH] scenario_groups/default: run the kernel_misc test after the cve test 2019-07-02 16:40 ` Po-Hsu Lin @ 2019-07-02 17:19 ` Cyril Hrubis 0 siblings, 0 replies; 9+ messages in thread From: Cyril Hrubis @ 2019-07-02 17:19 UTC (permalink / raw) To: ltp Hi! > thanks for the review, > do you think if we should put a comment (if possible) inside that file > to avoid getting re-ordered for some reason in the future? We cannot, the scenari files are simply read line by line, the format does not support comments. -- Cyril Hrubis chrubis@suse.cz ^ permalink raw reply [flat|nested] 9+ messages in thread
* [LTP] [PATCH] scenario_groups/default: run the kernel_misc test after the cve test 2019-06-28 10:39 [LTP] [PATCH] scenario_groups/default: run the kernel_misc test after the cve test Po-Hsu Lin 2019-07-01 6:27 ` Xiao Yang @ 2019-07-02 13:04 ` Cyril Hrubis 1 sibling, 0 replies; 9+ messages in thread From: Cyril Hrubis @ 2019-07-02 13:04 UTC (permalink / raw) To: ltp Hi! Pushed, thanks. -- Cyril Hrubis chrubis@suse.cz ^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2019-07-02 17:19 UTC | newest] Thread overview: 9+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2019-06-28 10:39 [LTP] [PATCH] scenario_groups/default: run the kernel_misc test after the cve test Po-Hsu Lin 2019-07-01 6:27 ` Xiao Yang 2019-07-01 6:58 ` Po-Hsu Lin 2019-07-01 7:12 ` Xiao Yang 2019-07-02 13:00 ` Cyril Hrubis 2019-07-02 13:05 ` Cyril Hrubis 2019-07-02 16:40 ` Po-Hsu Lin 2019-07-02 17:19 ` Cyril Hrubis 2019-07-02 13:04 ` Cyril Hrubis
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox