[Kernel-packages] [Bug 1980648] Re: unprivileged tests in test_verifier from ubuntu_bpf failed with "Failed to load prog 'Operation not permitted'" on B-4.15
This bug was fixed in the package linux - 4.15.0-191.202 --- linux (4.15.0-191.202) bionic; urgency=medium * CVE-2022-2586 - SAUCE: netfilter: nf_tables: do not allow SET_ID to refer to another table - SAUCE: netfilter: nf_tables: do not allow RULE_ID to refer to another chain * CVE-2022-2588 - SAUCE: net_sched: cls_route: remove from list when handle is 0 * CVE-2022-34918 - netfilter: nf_tables: stricter validation of element data * BUG: kernel NULL pointer dereference, address: 0008 (LP: #1981658) - tcp: make sure treq->af_specific is initialized linux (4.15.0-190.201) bionic; urgency=medium * bionic/linux: 4.15.0-190.201 -proposed tracker (LP: #1981321) * CVE-2022-1679 - SAUCE: ath9k: fix use-after-free in ath9k_hif_usb_rx_cb * Bionic update: upstream stable patchset 2022-07-06 (LP: #1980879) - MIPS: Use address-of operator on section symbols - block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit - can: grcan: grcan_probe(): fix broken system id check for errata workaround needs - can: grcan: only use the NAPI poll budget for RX - Bluetooth: Fix the creation of hdev->name - mmc: rtsx: add 74 Clocks in power on flow - mm: hugetlb: fix missing cache flush in copy_huge_page_from_user() - mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic() - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls - ALSA: pcm: Fix races among concurrent read/write and buffer changes - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls - ALSA: pcm: Fix races among concurrent prealloc proc writes - ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock - VFS: Fix memory leak caused by concurrently mounting fs with subtype - batman-adv: Don't skb_split skbuffs with frag_list - net: Fix features skip in for_each_netdev_feature() - ipv4: drop dst in multicast routing path - netlink: do not reset transport header in netlink_recvmsg() - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection - hwmon: (ltq-cputemp) restrict it to SOC_XWAY - s390/ctcm: fix variable dereferenced before check - s390/ctcm: fix potential memory leak - s390/lcs: fix variable dereferenced before check - net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending - net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe() - hwmon: (f71882fg) Fix negative temperature - ASoC: max98090: Reject invalid values in custom control put() - ASoC: max98090: Generate notifications on changes for custom control - ASoC: ops: Validate input values in snd_soc_put_volsw_range() - tcp: resalt the secret every 10 seconds - usb: cdc-wdm: fix reading stuck on device close - USB: serial: pl2303: add device id for HP LM930 Display - USB: serial: qcserial: add support for Sierra Wireless EM7590 - USB: serial: option: add Fibocom L610 modem - USB: serial: option: add Fibocom MA510 modem - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() - drm/vmwgfx: Initialize drm_mode_fb_cmd2 - ping: fix address binding wrt vrf - tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() - net/sched: act_pedit: really ensure the skb is writable - um: Cleanup syscall_handler_t definition/cast, fix warning - Input: add bounds checking to input_set_capability() - Input: stmfts - fix reference leak in stmfts_input_open - MIPS: lantiq: check the return value of kzalloc() - drbd: remove usage of list iterator variable after loop - ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame() - ALSA: wavefront: Proper check of get_user() error - perf: Fix sys_perf_event_open() race against self - drm/dp/mst: fix a possible memory leak in fetch_monitor_name() - mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC - mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD - mmc: core: Default to generic_cmd6_time as timeout in __mmc_switch() - net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() - net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() - clk: at91: generated: consider range when calculating best rate - net/qla3xxx: Fix a test in ql_reset_work() - NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc - ARM: 9196/1: spectre-bhb: enable for Cortex-A15 - ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2 - igb: skip phy status check where unavailable - net: bridge: Clear offload_fwd_mark when passing frame up bridge interface. - gpio: gpio-vf610: do not touch other bits when set the target bit - gpio: mvebu/pwm: Refuse requests with inverted polarity - perf bench numa: Address
[Kernel-packages] [Bug 1980648] Re: unprivileged tests in test_verifier from ubuntu_bpf failed with "Failed to load prog 'Operation not permitted'" on B-4.15
Verified with B-AWS-4.15.0-1138.149 The test will be skipped now: Running './test_verifier' #0/u add+sub+mul SKIP #0/p add+sub+mul OK #1/u DIV32 by 0, zero check 1 SKIP #1/p DIV32 by 0, zero check 1 OK #2/u DIV32 by 0, zero check 2 SKIP #2/p DIV32 by 0, zero check 2 OK #3/u DIV64 by 0, zero check SKIP #3/p DIV64 by 0, zero check OK #4/u MOD32 by 0, zero check 1 SKIP ** Tags removed: verification-needed-bionic ** Tags added: verification-done-bionic ** Changed in: ubuntu-kernel-tests Status: In Progress => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1980648 Title: unprivileged tests in test_verifier from ubuntu_bpf failed with "Failed to load prog 'Operation not permitted'" on B-4.15 Status in ubuntu-kernel-tests: Fix Released Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Committed Bug description: [Impact] We have kernel.unprivileged_bpf_disabled enabled for Bionic kernel: $ sysctl kernel.unprivileged_bpf_disabled kernel.unprivileged_bpf_disabled = 2 This causes all unprivileged tests in test_verifier of bpf selftests to fail like: #0/u add+sub+mul FAIL Failed to load prog 'Operation not permitted'! Because it permanently disables unprivileged BPF access for the currently running kernel. [Fix] * d0a0e4956f ("selftests/bpf: Count tests skipped by unpriv") * 0a67487403 ("selftests/bpf: Only run tests if !bpf_disabled") These two patches can be cherry-picked into our Bionic kernel. Note that there is a follow-up fix for 0a67487403, which is commit deea81228b ("selftests/bpf: check return value of fopen in test_verifier.c"), but this is intended for older kernels (< 4.4) thus I will leave it alone. [Test] Patch tested with Bionic 4.15.0-188, and these unprivileged won't fail with "Failed to load prog 'Operation not permitted'!" anymore, they will be marked as skipped tests. Overall test result improves from: Summary: 551 PASSED, 286 FAILED To: Summary: 551 PASSED, 278 SKIPPED, 8 FAILED [Where problems could occur] Change limited to the bpf selftest code, no actual changes to kernel function. If this fix is wrong, we might get incorrect test results. [Original Bug Report] Issue found on Bionic 4.15 cloud variants (as we don't run this test on bare-metals) #0/u add+sub+mul FAIL Failed to load prog 'Operation not permitted'! -- #1/u DIV32 by 0, zero check 1 FAIL Failed to load prog 'Operation not permitted'! -- #2/u DIV32 by 0, zero check 2 FAIL Failed to load prog 'Operation not permitted'! -- #3/u DIV64 by 0, zero check FAIL Failed to load prog 'Operation not permitted'! -- #4/u MOD32 by 0, zero check 1 FAIL Failed to load prog 'Operation not permitted'! -- #5/u MOD32 by 0, zero check 2 FAIL Failed to load prog 'Operation not permitted'! -- #6/u MOD64 by 0, zero check FAIL Failed to load prog 'Operation not permitted'! -- #36/u test6 ld_imm64 FAIL Failed to load prog 'Operation not permitted'! -- #37/u test7 ld_imm64 FAIL Failed to load prog 'Operation not permitted'! -- #46/u arsh64 on imm FAIL Failed to load prog 'Operation not permitted'! -- #47/u arsh64 on reg FAIL Failed to load prog 'Operation not permitted'! -- #60/u uninitialized stack1 Failed to create hash map 'Operation not permitted'! -- #63/u non-invalid fp arithmetic FAIL Failed to load prog 'Operation not permitted'! -- #67/u check valid spill/fill, skb mark FAIL Failed to load prog 'Operation not permitted'! -- #81/u don't check return value before access Failed to create hash map 'Operation not permitted'! -- #82/u access memory with incorrect alignment Failed to create hash map 'Operation not permitted'! -- #83/u sometimes access memory with incorrect alignment Failed to create hash map 'Operation not permitted'! -- #86/u jump test 3 Failed to create hash map 'Operation not permitted'! -- #89/u access skb fields ok FAIL Failed to load prog 'Operation not permitted'! -- #91/u access skb fields bad2 Failed to create hash map 'Operation not permitted'! -- #92/u access skb fields bad3 Failed to create hash map 'Operation not permitted'! -- #93/u access skb fields bad4 Failed to create hash map 'Operation not permitted'! -- #118/u check cb access: byte FAIL Failed to load prog 'Operation not permitted'! -- #121/u check skb->hash byte load permitted FAIL Failed to load prog 'Operation not permitted'! -- #126/u check cb access: half FAIL Failed to load prog 'Operation not permitted'! -- #130/u check skb->hash half load permitted FAIL Failed to load prog 'Operation not permitted'! -- #133/u check cb access: word FAIL Failed to load prog 'Operation not permitted'! --
[Kernel-packages] [Bug 1980648] Re: unprivileged tests in test_verifier from ubuntu_bpf failed with "Failed to load prog 'Operation not permitted'" on B-4.15
This bug is awaiting verification that the linux/4.15.0-190.201 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-bionic -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1980648 Title: unprivileged tests in test_verifier from ubuntu_bpf failed with "Failed to load prog 'Operation not permitted'" on B-4.15 Status in ubuntu-kernel-tests: In Progress Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Committed Bug description: [Impact] We have kernel.unprivileged_bpf_disabled enabled for Bionic kernel: $ sysctl kernel.unprivileged_bpf_disabled kernel.unprivileged_bpf_disabled = 2 This causes all unprivileged tests in test_verifier of bpf selftests to fail like: #0/u add+sub+mul FAIL Failed to load prog 'Operation not permitted'! Because it permanently disables unprivileged BPF access for the currently running kernel. [Fix] * d0a0e4956f ("selftests/bpf: Count tests skipped by unpriv") * 0a67487403 ("selftests/bpf: Only run tests if !bpf_disabled") These two patches can be cherry-picked into our Bionic kernel. Note that there is a follow-up fix for 0a67487403, which is commit deea81228b ("selftests/bpf: check return value of fopen in test_verifier.c"), but this is intended for older kernels (< 4.4) thus I will leave it alone. [Test] Patch tested with Bionic 4.15.0-188, and these unprivileged won't fail with "Failed to load prog 'Operation not permitted'!" anymore, they will be marked as skipped tests. Overall test result improves from: Summary: 551 PASSED, 286 FAILED To: Summary: 551 PASSED, 278 SKIPPED, 8 FAILED [Where problems could occur] Change limited to the bpf selftest code, no actual changes to kernel function. If this fix is wrong, we might get incorrect test results. [Original Bug Report] Issue found on Bionic 4.15 cloud variants (as we don't run this test on bare-metals) #0/u add+sub+mul FAIL Failed to load prog 'Operation not permitted'! -- #1/u DIV32 by 0, zero check 1 FAIL Failed to load prog 'Operation not permitted'! -- #2/u DIV32 by 0, zero check 2 FAIL Failed to load prog 'Operation not permitted'! -- #3/u DIV64 by 0, zero check FAIL Failed to load prog 'Operation not permitted'! -- #4/u MOD32 by 0, zero check 1 FAIL Failed to load prog 'Operation not permitted'! -- #5/u MOD32 by 0, zero check 2 FAIL Failed to load prog 'Operation not permitted'! -- #6/u MOD64 by 0, zero check FAIL Failed to load prog 'Operation not permitted'! -- #36/u test6 ld_imm64 FAIL Failed to load prog 'Operation not permitted'! -- #37/u test7 ld_imm64 FAIL Failed to load prog 'Operation not permitted'! -- #46/u arsh64 on imm FAIL Failed to load prog 'Operation not permitted'! -- #47/u arsh64 on reg FAIL Failed to load prog 'Operation not permitted'! -- #60/u uninitialized stack1 Failed to create hash map 'Operation not permitted'! -- #63/u non-invalid fp arithmetic FAIL Failed to load prog 'Operation not permitted'! -- #67/u check valid spill/fill, skb mark FAIL Failed to load prog 'Operation not permitted'! -- #81/u don't check return value before access Failed to create hash map 'Operation not permitted'! -- #82/u access memory with incorrect alignment Failed to create hash map 'Operation not permitted'! -- #83/u sometimes access memory with incorrect alignment Failed to create hash map 'Operation not permitted'! -- #86/u jump test 3 Failed to create hash map 'Operation not permitted'! -- #89/u access skb fields ok FAIL Failed to load prog 'Operation not permitted'! -- #91/u access skb fields bad2 Failed to create hash map 'Operation not permitted'! -- #92/u access skb fields bad3 Failed to create hash map 'Operation not permitted'! -- #93/u access skb fields bad4 Failed to create hash map 'Operation not permitted'! -- #118/u check cb access: byte FAIL Failed to load prog 'Operation not permitted'! -- #121/u check skb->hash byte load permitted FAIL Failed to load prog 'Operation not permitted'! -- #126/u check cb access: half FAIL Failed to load prog 'Operation not permitted'! -- #130/u check skb->hash half load permitted FAIL Failed to load prog 'Operation
[Kernel-packages] [Bug 1980648] Re: unprivileged tests in test_verifier from ubuntu_bpf failed with "Failed to load prog 'Operation not permitted'" on B-4.15
** Changed in: linux (Ubuntu Bionic) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1980648 Title: unprivileged tests in test_verifier from ubuntu_bpf failed with "Failed to load prog 'Operation not permitted'" on B-4.15 Status in ubuntu-kernel-tests: In Progress Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Committed Bug description: [Impact] We have kernel.unprivileged_bpf_disabled enabled for Bionic kernel: $ sysctl kernel.unprivileged_bpf_disabled kernel.unprivileged_bpf_disabled = 2 This causes all unprivileged tests in test_verifier of bpf selftests to fail like: #0/u add+sub+mul FAIL Failed to load prog 'Operation not permitted'! Because it permanently disables unprivileged BPF access for the currently running kernel. [Fix] * d0a0e4956f ("selftests/bpf: Count tests skipped by unpriv") * 0a67487403 ("selftests/bpf: Only run tests if !bpf_disabled") These two patches can be cherry-picked into our Bionic kernel. Note that there is a follow-up fix for 0a67487403, which is commit deea81228b ("selftests/bpf: check return value of fopen in test_verifier.c"), but this is intended for older kernels (< 4.4) thus I will leave it alone. [Test] Patch tested with Bionic 4.15.0-188, and these unprivileged won't fail with "Failed to load prog 'Operation not permitted'!" anymore, they will be marked as skipped tests. Overall test result improves from: Summary: 551 PASSED, 286 FAILED To: Summary: 551 PASSED, 278 SKIPPED, 8 FAILED [Where problems could occur] Change limited to the bpf selftest code, no actual changes to kernel function. If this fix is wrong, we might get incorrect test results. [Original Bug Report] Issue found on Bionic 4.15 cloud variants (as we don't run this test on bare-metals) #0/u add+sub+mul FAIL Failed to load prog 'Operation not permitted'! -- #1/u DIV32 by 0, zero check 1 FAIL Failed to load prog 'Operation not permitted'! -- #2/u DIV32 by 0, zero check 2 FAIL Failed to load prog 'Operation not permitted'! -- #3/u DIV64 by 0, zero check FAIL Failed to load prog 'Operation not permitted'! -- #4/u MOD32 by 0, zero check 1 FAIL Failed to load prog 'Operation not permitted'! -- #5/u MOD32 by 0, zero check 2 FAIL Failed to load prog 'Operation not permitted'! -- #6/u MOD64 by 0, zero check FAIL Failed to load prog 'Operation not permitted'! -- #36/u test6 ld_imm64 FAIL Failed to load prog 'Operation not permitted'! -- #37/u test7 ld_imm64 FAIL Failed to load prog 'Operation not permitted'! -- #46/u arsh64 on imm FAIL Failed to load prog 'Operation not permitted'! -- #47/u arsh64 on reg FAIL Failed to load prog 'Operation not permitted'! -- #60/u uninitialized stack1 Failed to create hash map 'Operation not permitted'! -- #63/u non-invalid fp arithmetic FAIL Failed to load prog 'Operation not permitted'! -- #67/u check valid spill/fill, skb mark FAIL Failed to load prog 'Operation not permitted'! -- #81/u don't check return value before access Failed to create hash map 'Operation not permitted'! -- #82/u access memory with incorrect alignment Failed to create hash map 'Operation not permitted'! -- #83/u sometimes access memory with incorrect alignment Failed to create hash map 'Operation not permitted'! -- #86/u jump test 3 Failed to create hash map 'Operation not permitted'! -- #89/u access skb fields ok FAIL Failed to load prog 'Operation not permitted'! -- #91/u access skb fields bad2 Failed to create hash map 'Operation not permitted'! -- #92/u access skb fields bad3 Failed to create hash map 'Operation not permitted'! -- #93/u access skb fields bad4 Failed to create hash map 'Operation not permitted'! -- #118/u check cb access: byte FAIL Failed to load prog 'Operation not permitted'! -- #121/u check skb->hash byte load permitted FAIL Failed to load prog 'Operation not permitted'! -- #126/u check cb access: half FAIL Failed to load prog 'Operation not permitted'! -- #130/u check skb->hash half load permitted FAIL Failed to load prog 'Operation not permitted'! -- #133/u check cb access: word FAIL Failed to load prog 'Operation not permitted'! -- #138/u check cb access: double FAIL Failed to load prog 'Operation not permitted'! -- #149/u PTR_TO_STACK store/load FAIL Failed to load prog 'Operation not permitted'! -- #155/u unpriv: add const to pointer FAIL Failed to load prog 'Operation not permitted'! -- #161/u unpriv: pass pointer to helper function Failed to create hash map 'Operation not permitted'! -- #162/u unpriv: indirectly pass pointer on stack to helper function