[Kernel-packages] [Bug 1980648] Re: unprivileged tests in test_verifier from ubuntu_bpf failed with "Failed to load prog 'Operation not permitted'" on B-4.15
This bug was fixed in the package linux - 4.15.0-191.202 --- linux (4.15.0-191.202) bionic; urgency=medium * CVE-2022-2586 - SAUCE: netfilter: nf_tables: do not allow SET_ID to refer to another table - SAUCE: netfilter: nf_tables: do not allow RULE_ID to refer to another chain * CVE-2022-2588 - SAUCE: net_sched: cls_route: remove from list when handle is 0 * CVE-2022-34918 - netfilter: nf_tables: stricter validation of element data * BUG: kernel NULL pointer dereference, address: 0008 (LP: #1981658) - tcp: make sure treq->af_specific is initialized linux (4.15.0-190.201) bionic; urgency=medium * bionic/linux: 4.15.0-190.201 -proposed tracker (LP: #1981321) * CVE-2022-1679 - SAUCE: ath9k: fix use-after-free in ath9k_hif_usb_rx_cb * Bionic update: upstream stable patchset 2022-07-06 (LP: #1980879) - MIPS: Use address-of operator on section symbols - block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit - can: grcan: grcan_probe(): fix broken system id check for errata workaround needs - can: grcan: only use the NAPI poll budget for RX - Bluetooth: Fix the creation of hdev->name - mmc: rtsx: add 74 Clocks in power on flow - mm: hugetlb: fix missing cache flush in copy_huge_page_from_user() - mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic() - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls - ALSA: pcm: Fix races among concurrent read/write and buffer changes - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls - ALSA: pcm: Fix races among concurrent prealloc proc writes - ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock - VFS: Fix memory leak caused by concurrently mounting fs with subtype - batman-adv: Don't skb_split skbuffs with frag_list - net: Fix features skip in for_each_netdev_feature() - ipv4: drop dst in multicast routing path - netlink: do not reset transport header in netlink_recvmsg() - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection - hwmon: (ltq-cputemp) restrict it to SOC_XWAY - s390/ctcm: fix variable dereferenced before check - s390/ctcm: fix potential memory leak - s390/lcs: fix variable dereferenced before check - net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending - net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe() - hwmon: (f71882fg) Fix negative temperature - ASoC: max98090: Reject invalid values in custom control put() - ASoC: max98090: Generate notifications on changes for custom control - ASoC: ops: Validate input values in snd_soc_put_volsw_range() - tcp: resalt the secret every 10 seconds - usb: cdc-wdm: fix reading stuck on device close - USB: serial: pl2303: add device id for HP LM930 Display - USB: serial: qcserial: add support for Sierra Wireless EM7590 - USB: serial: option: add Fibocom L610 modem - USB: serial: option: add Fibocom MA510 modem - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() - drm/vmwgfx: Initialize drm_mode_fb_cmd2 - ping: fix address binding wrt vrf - tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() - net/sched: act_pedit: really ensure the skb is writable - um: Cleanup syscall_handler_t definition/cast, fix warning - Input: add bounds checking to input_set_capability() - Input: stmfts - fix reference leak in stmfts_input_open - MIPS: lantiq: check the return value of kzalloc() - drbd: remove usage of list iterator variable after loop - ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame() - ALSA: wavefront: Proper check of get_user() error - perf: Fix sys_perf_event_open() race against self - drm/dp/mst: fix a possible memory leak in fetch_monitor_name() - mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC - mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD - mmc: core: Default to generic_cmd6_time as timeout in __mmc_switch() - net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() - net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() - clk: at91: generated: consider range when calculating best rate - net/qla3xxx: Fix a test in ql_reset_work() - NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc - ARM: 9196/1: spectre-bhb: enable for Cortex-A15 - ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2 - igb: skip phy status check where unavailable - net: bridge: Clear offload_fwd_mark when passing frame up bridge interface. - gpio: gpio-vf610: do not touch other bits when set the target bit - gpio: mvebu/pwm: Refuse requests with inverted polarity - perf bench numa: Address
[Kernel-packages] [Bug 1980648] Re: unprivileged tests in test_verifier from ubuntu_bpf failed with "Failed to load prog 'Operation not permitted'" on B-4.15
Verified with B-AWS-4.15.0-1138.149
The test will be skipped now:
Running './test_verifier'
#0/u add+sub+mul SKIP
#0/p add+sub+mul OK
#1/u DIV32 by 0, zero check 1 SKIP
#1/p DIV32 by 0, zero check 1 OK
#2/u DIV32 by 0, zero check 2 SKIP
#2/p DIV32 by 0, zero check 2 OK
#3/u DIV64 by 0, zero check SKIP
#3/p DIV64 by 0, zero check OK
#4/u MOD32 by 0, zero check 1 SKIP
** Tags removed: verification-needed-bionic
** Tags added: verification-done-bionic
** Changed in: ubuntu-kernel-tests
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1980648
Title:
unprivileged tests in test_verifier from ubuntu_bpf failed with
"Failed to load prog 'Operation not permitted'" on B-4.15
Status in ubuntu-kernel-tests:
Fix Released
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Bionic:
Fix Committed
Bug description:
[Impact]
We have kernel.unprivileged_bpf_disabled enabled for Bionic kernel:
$ sysctl kernel.unprivileged_bpf_disabled
kernel.unprivileged_bpf_disabled = 2
This causes all unprivileged tests in test_verifier of bpf selftests
to fail like:
#0/u add+sub+mul FAIL
Failed to load prog 'Operation not permitted'!
Because it permanently disables unprivileged BPF access for
the currently running kernel.
[Fix]
* d0a0e4956f ("selftests/bpf: Count tests skipped by unpriv")
* 0a67487403 ("selftests/bpf: Only run tests if !bpf_disabled")
These two patches can be cherry-picked into our Bionic kernel.
Note that there is a follow-up fix for 0a67487403, which is commit
deea81228b ("selftests/bpf: check return value of fopen in
test_verifier.c"), but this is intended for older kernels (< 4.4) thus
I will leave it alone.
[Test]
Patch tested with Bionic 4.15.0-188, and these unprivileged won't fail
with "Failed to load prog 'Operation not permitted'!" anymore, they
will be marked as skipped tests.
Overall test result improves from:
Summary: 551 PASSED, 286 FAILED
To:
Summary: 551 PASSED, 278 SKIPPED, 8 FAILED
[Where problems could occur]
Change limited to the bpf selftest code, no actual changes to kernel
function. If this fix is wrong, we might get incorrect test results.
[Original Bug Report]
Issue found on Bionic 4.15 cloud variants (as we don't run this test on
bare-metals)
#0/u add+sub+mul FAIL
Failed to load prog 'Operation not permitted'!
--
#1/u DIV32 by 0, zero check 1 FAIL
Failed to load prog 'Operation not permitted'!
--
#2/u DIV32 by 0, zero check 2 FAIL
Failed to load prog 'Operation not permitted'!
--
#3/u DIV64 by 0, zero check FAIL
Failed to load prog 'Operation not permitted'!
--
#4/u MOD32 by 0, zero check 1 FAIL
Failed to load prog 'Operation not permitted'!
--
#5/u MOD32 by 0, zero check 2 FAIL
Failed to load prog 'Operation not permitted'!
--
#6/u MOD64 by 0, zero check FAIL
Failed to load prog 'Operation not permitted'!
--
#36/u test6 ld_imm64 FAIL
Failed to load prog 'Operation not permitted'!
--
#37/u test7 ld_imm64 FAIL
Failed to load prog 'Operation not permitted'!
--
#46/u arsh64 on imm FAIL
Failed to load prog 'Operation not permitted'!
--
#47/u arsh64 on reg FAIL
Failed to load prog 'Operation not permitted'!
--
#60/u uninitialized stack1 Failed to create hash map 'Operation not
permitted'!
--
#63/u non-invalid fp arithmetic FAIL
Failed to load prog 'Operation not permitted'!
--
#67/u check valid spill/fill, skb mark FAIL
Failed to load prog 'Operation not permitted'!
--
#81/u don't check return value before access Failed to create hash map
'Operation not permitted'!
--
#82/u access memory with incorrect alignment Failed to create hash map
'Operation not permitted'!
--
#83/u sometimes access memory with incorrect alignment Failed to create hash
map 'Operation not permitted'!
--
#86/u jump test 3 Failed to create hash map 'Operation not permitted'!
--
#89/u access skb fields ok FAIL
Failed to load prog 'Operation not permitted'!
--
#91/u access skb fields bad2 Failed to create hash map 'Operation not
permitted'!
--
#92/u access skb fields bad3 Failed to create hash map 'Operation not
permitted'!
--
#93/u access skb fields bad4 Failed to create hash map 'Operation not
permitted'!
--
#118/u check cb access: byte FAIL
Failed to load prog 'Operation not permitted'!
--
#121/u check skb->hash byte load permitted FAIL
Failed to load prog 'Operation not permitted'!
--
#126/u check cb access: half FAIL
Failed to load prog 'Operation not permitted'!
--
#130/u check skb->hash half load permitted FAIL
Failed to load prog 'Operation not permitted'!
--
#133/u check cb access: word FAIL
Failed to load prog 'Operation not permitted'!
--
[Kernel-packages] [Bug 1980648] Re: unprivileged tests in test_verifier from ubuntu_bpf failed with "Failed to load prog 'Operation not permitted'" on B-4.15
This bug is awaiting verification that the linux/4.15.0-190.201 kernel
in -proposed solves the problem. Please test the kernel and update this
bug with the results. If the problem is solved, change the tag
'verification-needed-bionic' to 'verification-done-bionic'. If the
problem still exists, change the tag 'verification-needed-bionic' to
'verification-failed-bionic'.
If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.
See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!
** Tags added: verification-needed-bionic
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1980648
Title:
unprivileged tests in test_verifier from ubuntu_bpf failed with
"Failed to load prog 'Operation not permitted'" on B-4.15
Status in ubuntu-kernel-tests:
In Progress
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Bionic:
Fix Committed
Bug description:
[Impact]
We have kernel.unprivileged_bpf_disabled enabled for Bionic kernel:
$ sysctl kernel.unprivileged_bpf_disabled
kernel.unprivileged_bpf_disabled = 2
This causes all unprivileged tests in test_verifier of bpf selftests
to fail like:
#0/u add+sub+mul FAIL
Failed to load prog 'Operation not permitted'!
Because it permanently disables unprivileged BPF access for
the currently running kernel.
[Fix]
* d0a0e4956f ("selftests/bpf: Count tests skipped by unpriv")
* 0a67487403 ("selftests/bpf: Only run tests if !bpf_disabled")
These two patches can be cherry-picked into our Bionic kernel.
Note that there is a follow-up fix for 0a67487403, which is commit
deea81228b ("selftests/bpf: check return value of fopen in
test_verifier.c"), but this is intended for older kernels (< 4.4) thus
I will leave it alone.
[Test]
Patch tested with Bionic 4.15.0-188, and these unprivileged won't fail
with "Failed to load prog 'Operation not permitted'!" anymore, they
will be marked as skipped tests.
Overall test result improves from:
Summary: 551 PASSED, 286 FAILED
To:
Summary: 551 PASSED, 278 SKIPPED, 8 FAILED
[Where problems could occur]
Change limited to the bpf selftest code, no actual changes to kernel
function. If this fix is wrong, we might get incorrect test results.
[Original Bug Report]
Issue found on Bionic 4.15 cloud variants (as we don't run this test on
bare-metals)
#0/u add+sub+mul FAIL
Failed to load prog 'Operation not permitted'!
--
#1/u DIV32 by 0, zero check 1 FAIL
Failed to load prog 'Operation not permitted'!
--
#2/u DIV32 by 0, zero check 2 FAIL
Failed to load prog 'Operation not permitted'!
--
#3/u DIV64 by 0, zero check FAIL
Failed to load prog 'Operation not permitted'!
--
#4/u MOD32 by 0, zero check 1 FAIL
Failed to load prog 'Operation not permitted'!
--
#5/u MOD32 by 0, zero check 2 FAIL
Failed to load prog 'Operation not permitted'!
--
#6/u MOD64 by 0, zero check FAIL
Failed to load prog 'Operation not permitted'!
--
#36/u test6 ld_imm64 FAIL
Failed to load prog 'Operation not permitted'!
--
#37/u test7 ld_imm64 FAIL
Failed to load prog 'Operation not permitted'!
--
#46/u arsh64 on imm FAIL
Failed to load prog 'Operation not permitted'!
--
#47/u arsh64 on reg FAIL
Failed to load prog 'Operation not permitted'!
--
#60/u uninitialized stack1 Failed to create hash map 'Operation not
permitted'!
--
#63/u non-invalid fp arithmetic FAIL
Failed to load prog 'Operation not permitted'!
--
#67/u check valid spill/fill, skb mark FAIL
Failed to load prog 'Operation not permitted'!
--
#81/u don't check return value before access Failed to create hash map
'Operation not permitted'!
--
#82/u access memory with incorrect alignment Failed to create hash map
'Operation not permitted'!
--
#83/u sometimes access memory with incorrect alignment Failed to create hash
map 'Operation not permitted'!
--
#86/u jump test 3 Failed to create hash map 'Operation not permitted'!
--
#89/u access skb fields ok FAIL
Failed to load prog 'Operation not permitted'!
--
#91/u access skb fields bad2 Failed to create hash map 'Operation not
permitted'!
--
#92/u access skb fields bad3 Failed to create hash map 'Operation not
permitted'!
--
#93/u access skb fields bad4 Failed to create hash map 'Operation not
permitted'!
--
#118/u check cb access: byte FAIL
Failed to load prog 'Operation not permitted'!
--
#121/u check skb->hash byte load permitted FAIL
Failed to load prog 'Operation not permitted'!
--
#126/u check cb access: half FAIL
Failed to load prog 'Operation not permitted'!
--
#130/u check skb->hash half load permitted FAIL
Failed to load prog 'Operation
[Kernel-packages] [Bug 1980648] Re: unprivileged tests in test_verifier from ubuntu_bpf failed with "Failed to load prog 'Operation not permitted'" on B-4.15
** Changed in: linux (Ubuntu Bionic)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1980648
Title:
unprivileged tests in test_verifier from ubuntu_bpf failed with
"Failed to load prog 'Operation not permitted'" on B-4.15
Status in ubuntu-kernel-tests:
In Progress
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Bionic:
Fix Committed
Bug description:
[Impact]
We have kernel.unprivileged_bpf_disabled enabled for Bionic kernel:
$ sysctl kernel.unprivileged_bpf_disabled
kernel.unprivileged_bpf_disabled = 2
This causes all unprivileged tests in test_verifier of bpf selftests
to fail like:
#0/u add+sub+mul FAIL
Failed to load prog 'Operation not permitted'!
Because it permanently disables unprivileged BPF access for
the currently running kernel.
[Fix]
* d0a0e4956f ("selftests/bpf: Count tests skipped by unpriv")
* 0a67487403 ("selftests/bpf: Only run tests if !bpf_disabled")
These two patches can be cherry-picked into our Bionic kernel.
Note that there is a follow-up fix for 0a67487403, which is commit
deea81228b ("selftests/bpf: check return value of fopen in
test_verifier.c"), but this is intended for older kernels (< 4.4) thus
I will leave it alone.
[Test]
Patch tested with Bionic 4.15.0-188, and these unprivileged won't fail
with "Failed to load prog 'Operation not permitted'!" anymore, they
will be marked as skipped tests.
Overall test result improves from:
Summary: 551 PASSED, 286 FAILED
To:
Summary: 551 PASSED, 278 SKIPPED, 8 FAILED
[Where problems could occur]
Change limited to the bpf selftest code, no actual changes to kernel
function. If this fix is wrong, we might get incorrect test results.
[Original Bug Report]
Issue found on Bionic 4.15 cloud variants (as we don't run this test on
bare-metals)
#0/u add+sub+mul FAIL
Failed to load prog 'Operation not permitted'!
--
#1/u DIV32 by 0, zero check 1 FAIL
Failed to load prog 'Operation not permitted'!
--
#2/u DIV32 by 0, zero check 2 FAIL
Failed to load prog 'Operation not permitted'!
--
#3/u DIV64 by 0, zero check FAIL
Failed to load prog 'Operation not permitted'!
--
#4/u MOD32 by 0, zero check 1 FAIL
Failed to load prog 'Operation not permitted'!
--
#5/u MOD32 by 0, zero check 2 FAIL
Failed to load prog 'Operation not permitted'!
--
#6/u MOD64 by 0, zero check FAIL
Failed to load prog 'Operation not permitted'!
--
#36/u test6 ld_imm64 FAIL
Failed to load prog 'Operation not permitted'!
--
#37/u test7 ld_imm64 FAIL
Failed to load prog 'Operation not permitted'!
--
#46/u arsh64 on imm FAIL
Failed to load prog 'Operation not permitted'!
--
#47/u arsh64 on reg FAIL
Failed to load prog 'Operation not permitted'!
--
#60/u uninitialized stack1 Failed to create hash map 'Operation not
permitted'!
--
#63/u non-invalid fp arithmetic FAIL
Failed to load prog 'Operation not permitted'!
--
#67/u check valid spill/fill, skb mark FAIL
Failed to load prog 'Operation not permitted'!
--
#81/u don't check return value before access Failed to create hash map
'Operation not permitted'!
--
#82/u access memory with incorrect alignment Failed to create hash map
'Operation not permitted'!
--
#83/u sometimes access memory with incorrect alignment Failed to create hash
map 'Operation not permitted'!
--
#86/u jump test 3 Failed to create hash map 'Operation not permitted'!
--
#89/u access skb fields ok FAIL
Failed to load prog 'Operation not permitted'!
--
#91/u access skb fields bad2 Failed to create hash map 'Operation not
permitted'!
--
#92/u access skb fields bad3 Failed to create hash map 'Operation not
permitted'!
--
#93/u access skb fields bad4 Failed to create hash map 'Operation not
permitted'!
--
#118/u check cb access: byte FAIL
Failed to load prog 'Operation not permitted'!
--
#121/u check skb->hash byte load permitted FAIL
Failed to load prog 'Operation not permitted'!
--
#126/u check cb access: half FAIL
Failed to load prog 'Operation not permitted'!
--
#130/u check skb->hash half load permitted FAIL
Failed to load prog 'Operation not permitted'!
--
#133/u check cb access: word FAIL
Failed to load prog 'Operation not permitted'!
--
#138/u check cb access: double FAIL
Failed to load prog 'Operation not permitted'!
--
#149/u PTR_TO_STACK store/load FAIL
Failed to load prog 'Operation not permitted'!
--
#155/u unpriv: add const to pointer FAIL
Failed to load prog 'Operation not permitted'!
--
#161/u unpriv: pass pointer to helper function Failed to create hash map
'Operation not permitted'!
--
#162/u unpriv: indirectly pass pointer on stack to helper function
