[PATCH v2] ltp: Fix hang of cve test cases

[PATCH v2] ltp: Fix hang of cve test cases

[zhe.he]

From: He Zhe <zhe.he@windriver.com>

Backport a patch to the fix possible hang caused by the case of CVE-2017-17052.

CVE: CVE-2017-17052

Signed-off-by: He Zhe <zhe.he@windriver.com>
---
 ...-2017-17052-Avoid-unsafe-exits-in-threads.patch | 62 ++++++++++++++++++++++
 meta/recipes-extended/ltp/ltp_20190517.bb          |  1 +
 2 files changed, 63 insertions(+)
 create mode 100644 meta/recipes-extended/ltp/ltp/0001-cve-2017-17052-Avoid-unsafe-exits-in-threads.patch

diff --git a/meta/recipes-extended/ltp/ltp/0001-cve-2017-17052-Avoid-unsafe-exits-in-threads.patch b/meta/recipes-extended/ltp/ltp/0001-cve-2017-17052-Avoid-unsafe-exits-in-threads.patch
new file mode 100644
index 0000000..1b66238
--- /dev/null
+++ b/meta/recipes-extended/ltp/ltp/0001-cve-2017-17052-Avoid-unsafe-exits-in-threads.patch
@@ -0,0 +1,62 @@
+From e3a8502d0a4f8a44ddd02ca4b2efc097133fb9f7 Mon Sep 17 00:00:00 2001
+From: Mathias Fiedler <mathias.fiedler@aox-tech.de>
+Date: Fri, 23 Aug 2019 12:46:48 +0200
+Subject: [PATCH] cve-2017-17052: Avoid unsafe exits in threads
+
+According to manpage exit(3) calling exit is not thread-safe.
+And with glibc 2.28 (and probably also with glibc >=2.27) sometimes
+child processes created in fork_thread can get stuck on process exit in
+glibc's __run_exit_handlers trying to acquire some lock which was in
+locked state while the fork was created. This can happen when exit is
+called in mmap_thread concurrently to the fork.
+While the main process will still return with PASSED some of its
+children are left behind.
+
+Comparing the source code with the original program as described in the
+commit 2b7e8665b4ff51c034c55df3cff76518d1a9ee3a of linux kernel >=4.13
+the exits in mmap_thread and fork_thread should not be necessary to
+trigger the original bug.
+
+Therefore those exit calls are removed. The mmap_thread and fork_thread
+should still exit when their corresponding main thread in do_test_fork
+calls exit_group. The remaining exit in do_test_fork will be called in
+the main thread without any concurrent thread in the same process.
+
+Signed-off-by: Mathias Fiedler <mathias.fiedler@aox-tech.de>
+Acked-by: Cyril Hrubis <chrubis@suse.cz>
+Acked-by: Jan Stancek <jstancek@redhat.com>
+
+Upstream-Status: Backport
+[https://github.com/linux-test-project/ltp/commit/9f0b452c1af4bcb54da35711eb3fa77334a350b4]
+
+Signed-off-by: He Zhe <zhe.he@windriver.com>
+---
+ testcases/cve/cve-2017-17052.c | 5 -----
+ 1 file changed, 5 deletions(-)
+
+diff --git a/testcases/cve/cve-2017-17052.c b/testcases/cve/cve-2017-17052.c
+index d7da7e919..18cd2a6d7 100644
+--- a/testcases/cve/cve-2017-17052.c
++++ b/testcases/cve/cve-2017-17052.c
+@@ -58,8 +58,6 @@ static void *mmap_thread(void *arg)
+ 	for (;;) {
+ 		SAFE_MMAP(NULL, 0x1000000, PROT_READ,
+ 				MAP_POPULATE|MAP_ANONYMOUS|MAP_PRIVATE, -1, 0);
+-		if (*do_exit)
+-			exit(0);
+ 	}
+ 
+ 	return arg;
+@@ -67,9 +65,6 @@ static void *mmap_thread(void *arg)
+ 
+ static void *fork_thread(void *arg)
+ {
+-	if (*do_exit)
+-		exit(0);
+-
+ 	usleep(rand() % 10000);
+ 	SAFE_FORK();
+ 
+-- 
+2.17.1
+
diff --git a/meta/recipes-extended/ltp/ltp_20190517.bb b/meta/recipes-extended/ltp/ltp_20190517.bb
index e9a588f..4650715 100644
--- a/meta/recipes-extended/ltp/ltp_20190517.bb
+++ b/meta/recipes-extended/ltp/ltp_20190517.bb
@@ -48,6 +48,7 @@ SRC_URI = "git://github.com/linux-test-project/ltp.git \
            file://0001-cve-meltdown.c-Fix-kernel-symbol-finding.patch \
            file://0001-testcases-use-python3-everywhere-to-run-python-scrip.patch \
            file://0001-syscall-rt_sigtimedwait01-Fix-wrong-sigset-length-fo.patch \
+           file://0001-cve-2017-17052-Avoid-unsafe-exits-in-threads.patch \
            "
 
 S = "${WORKDIR}/git"
-- 
2.7.4

✗ patchtest: failure for ltp: Fix hang of cve test cases (rev2)

[Patchwork]

== Series Details ==

Series: ltp: Fix hang of cve test cases (rev2)
Revision: 2
URL   : https://patchwork.openembedded.org/series/20234/
State : failure

== Summary ==


Thank you for submitting this patch series to OpenEmbedded Core. This is
an automated response. Several tests have been executed on the proposed
series by patchtest resulting in the following failures:



* Patch            [v2] ltp: Fix hang of cve test cases
 Issue             Missing or incorrectly formatted CVE tag in included patch file [test_cve_tag_format] 
  Suggested fix    Correct or include the CVE tag on cve patch with format: "CVE: CVE-YYYY-XXXX"



If you believe any of these test results are incorrect, please reply to the
mailing list (openembedded-core@lists.openembedded.org) raising your concerns.
Otherwise we would appreciate you correcting the issues and submitting a new
version of the patchset if applicable. Please ensure you add/increment the
version number when sending the new version (i.e. [PATCH] -> [PATCH v2] ->
[PATCH v3] -> ...).

---
Guidelines:     https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines
Test framework: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest
Test suite:     http://git.yoctoproject.org/cgit/cgit.cgi/patchtest-oe