[Bug 1775316] Re: add_key04 in LTP syscall test cause kernel oops (NULL pointer dereference) with T kernel
** Changed in: ubuntu-kernel-tests Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1775316 Title: add_key04 in LTP syscall test cause kernel oops (NULL pointer dereference) with T kernel To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1775316/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1775316] Re: add_key04 in LTP syscall test cause kernel oops (NULL pointer dereference) with T kernel
This bug was fixed in the package linux - 3.13.0-153.203 --- linux (3.13.0-153.203) trusty; urgency=medium * linux: 3.13.0-153.203 -proposed tracker (LP: #1776819) * CVE-2018-3665 (x86) - x86/fpu: Print out whether we are doing lazy/eager FPU context switches - x86/fpu: Default eagerfpu=on on all CPUs - x86/fpu: Fix math emulation in eager fpu mode linux (3.13.0-152.202) trusty; urgency=medium * linux: 3.13.0-152.202 -proposed tracker (LP: #1776350) * CVE-2017-15265 - ALSA: seq: Fix use-after-free at creating a port * register on binfmt_misc may overflow and crash the system (LP: #1775856) - fs/binfmt_misc.c: do not allow offset overflow * CVE-2018-1130 - dccp: check sk for closed state in dccp_sendmsg() - ipv6: dccp: add missing bind_conflict to dccp_ipv6_mapped * add_key04 in LTP syscall test cause kernel oops (NULL pointer dereference) with T kernel (LP: #1775316) // CVE-2017-12193 - assoc_array: Fix a buggy node-splitting case * CVE-2017-12154 - kvm: nVMX: Don't allow L2 to access the hardware CR8 * CVE-2018-7757 - scsi: libsas: fix memory leak in sas_smp_get_phy_events() * CVE-2018-6927 - futex: Prevent overflow by strengthen input validation * FS-Cache: Assertion failed: FS-Cache: 6 == 5 is false (LP: #1774336) - SAUCE: CacheFiles: fix a read_waiter/read_copier race * CVE-2018-5803 - sctp: verify size of a new chunk in _sctp_make_chunk() * WARNING: CPU: 28 PID: 34085 at /build/linux- 90Gc2C/linux-3.13.0/net/core/dev.c:1433 dev_disable_lro+0x87/0x90() (LP: #1771480) - net/core: generic support for disabling netdev features down stack - SAUCE: Backport helper function netdev_upper_get_next_dev_rcu * CVE-2018-7755 - SAUCE: floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl * CVE-2018-5750 - ACPI: sbshc: remove raw pointer from printk() message -- Stefan Bader Thu, 14 Jun 2018 07:00:42 +0200 ** Changed in: linux (Ubuntu Trusty) Status: Fix Committed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-12154 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-15265 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1130 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-3665 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-5750 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-5803 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6927 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-7755 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-7757 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1775316 Title: add_key04 in LTP syscall test cause kernel oops (NULL pointer dereference) with T kernel To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1775316/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1775316] Re: add_key04 in LTP syscall test cause kernel oops (NULL pointer dereference) with T kernel
** Changed in: ubuntu-kernel-tests Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1775316 Title: add_key04 in LTP syscall test cause kernel oops (NULL pointer dereference) with T kernel To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1775316/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1775316] Re: add_key04 in LTP syscall test cause kernel oops (NULL pointer dereference) with T kernel
add_key04 test passed with the proposed Trusty kernel. <<>> tag=add_key04 stime=1529400599 cmdline="add_key04" contacts="" analysis=exit <<>> tst_test.c:1015: INFO: Timeout per run is 0h 05m 00s add_key04.c:80: PASS: didn't crash while filling keyring Summary: passed 1 failed 0 skipped 0 warnings 0 <<>> initiation_status="ok" duration=0 termination_type=exited termination_id=0 corefile=no cutime=0 cstime=1 <<>> ** Tags removed: verification-needed-trusty ** Tags added: verification-done-trusty -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1775316 Title: add_key04 in LTP syscall test cause kernel oops (NULL pointer dereference) with T kernel To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1775316/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1775316] Re: add_key04 in LTP syscall test cause kernel oops (NULL pointer dereference) with T kernel
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- trusty' to 'verification-done-trusty'. If the problem still exists, change the tag 'verification-needed-trusty' to 'verification-failed- trusty'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-trusty -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1775316 Title: add_key04 in LTP syscall test cause kernel oops (NULL pointer dereference) with T kernel To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1775316/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1775316] Re: add_key04 in LTP syscall test cause kernel oops (NULL pointer dereference) with T kernel
** Also affects: linux (Ubuntu Trusty) Importance: Undecided Status: New ** Changed in: linux (Ubuntu Trusty) Status: New => Fix Committed ** Changed in: linux (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1775316 Title: add_key04 in LTP syscall test cause kernel oops (NULL pointer dereference) with T kernel To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1775316/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1775316] Re: add_key04 in LTP syscall test cause kernel oops (NULL pointer dereference) with T kernel
** Description changed: + [SRU Justification] + The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in + the Linux kernel before 4.13.11 mishandles node splitting, which allows + local users to cause a denial of service (NULL pointer dereference and + panic) via a crafted application, as demonstrated by the keyring key type, + and key addition and link creation operations. + The "add_key04" from the LTP syscall tests will cause kernel oops on a testing node with Trusty kernel installed. And it will make incoming ssh connection hang (bug 1775158) + [Test Case] + This issue can easily be reproduced with the "add_key04" test from the LTP syscall test suite. + Steps (with root): - 1. sudo apt-get install git xfsprogs -y - 2. git clone --depth=1 https://github.com/linux-test-project/ltp.git - 3. cd ltp - 4. make autotools - 5. ./configure - 6. make; make install - 7. cd /opt/ltp/testcases/bin - 8. ./add_key04 + 1. sudo apt-get install git -y + 2. git clone --depth=1 https://github.com/linux-test-project/ltp.git + 3. cd ltp + 4. make autotools + 5. ./configure + 6. make; make install + 7. /opt/ltp/testcases/bin/add_key04 - Test result: + Test result before the patch: ubuntu@amaura:/opt/ltp/testcases/bin$ sudo ./add_key04 tst_test.c:1015: INFO: Timeout per run is 0h 05m 00s add_key04.c:82: FAIL: kernel oops while filling keyring Summary: passed 0 failed 1 skipped 0 warnings 0 [52399.298894] BUG: unable to handle kernel NULL pointer dereference at 0010 [52399.298918] IP: [] assoc_array_apply_edit+0x67/0x110 - [52399.298938] PGD 800455a3a067 PUD 45725f067 PMD 0 - [52399.298952] Oops: 0002 [#1] SMP + [52399.298938] PGD 800455a3a067 PUD 45725f067 PMD 0 + [52399.298952] Oops: 0002 [#1] SMP [52399.298963] Modules linked in: cfg80211 ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi dm_crypt joydev hid_generic x86_pkg_temp_thermal coretemp kvm_intel kvm usbhid hid lpc_ich shpchp mac_hid crct10dif_pclmul crc32_pclmul i915_bdw ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper igb cryptd ahci dca ptp libahci pps_core intel_ips i2c_algo_bit drm_kms_helper video drm [52399.299100] CPU: 7 PID: 9559 Comm: add_key04 Not tainted 3.13.0-149-generic #199-Ubuntu [52399.299118] Hardware name: Intel Corporation S1200RP/S1200RP, BIOS S1200RP.86B.03.02.0003.070120151022 07/01/2015 [52399.299142] task: 880457b43000 ti: 88045a2e2000 task.ti: 88045a2e2000 [52399.299159] RIP: 0010:[] [] assoc_array_apply_edit+0x67/0x110 [52399.299182] RSP: 0018:88045a2e3df0 EFLAGS: 00010202 [52399.299194] RAX: 0010 RBX: 88045a2e3e78 RCX: [52399.299211] RDX: 88045a1d1741 RSI: 880456028880 RDI: 880456028800 [52399.299228] RBP: 88045a2e3df0 R08: 00016880 R09: 812dba97 [52399.299244] R10: 880460803c00 R11: ddf32900 R12: 880456f7f680 [52399.299261] R13: 88045a1d09c0 R14: R15: [52399.299278] FS: 7ff43fc39740() GS:8804704e() knlGS: [52399.299297] CS: 0010 DS: ES: CR0: 80050033 [52399.299311] CR2: 0010 CR3: 00045514c000 CR4: 00360770 [52399.299328] DR0: DR1: DR2: [52399.299344] DR3: DR6: fffe0ff0 DR7: 0400 [52399.299361] Stack: [52399.299366] 88045a2e3e08 812d7a33 88045a2e3e50 [52399.299387] 812d57a7 88045a1d0a30 88045a2e3e78 880456f7f681 [52399.299407] 3f01 880456f7f380 88045a1d09c0 880457b43000 [52399.299427] Call Trace: [52399.299436] [] __key_link+0x33/0x40 [52399.299450] [] __key_instantiate_and_link+0x87/0xf0 [52399.299467] [] key_create_or_update+0x32e/0x420 [52399.299482] [] SyS_add_key+0x110/0x210 [52399.299497] [] ? schedule_tail+0x5c/0xb0 [52399.299512] [] system_call_fastpath+0x1a/0x1f - [52399.299526] Code: 48 85 d2 74 0a 48 8b 8f e8 00 00 00 48 89 0a 48 83 c0 08 48 39 f0 75 e4 48 8b 87 00 01 00 00 48 85 c0 74 0a 48 8b 97 08 01 00 00 <48> 89 10 48 8b 87 10 01 00 00 48 85 c0 74 0a 48 8b 97 18 01 00 + [52399.299526] Code: 48 85 d2 74 0a 48 8b 8f e8 00 00 00 48 89 0a 48 83 c0 08 48 39 f0 75 e4 48 8b 87 00 01 00 00 48 85 c0 74 0a 48 8b 97 08 01 00 00 <48> 89 10 48 8b 87 10 01 00 00 48 85 c0 74 0a 48 8b 97 18 01 00 [52399.299625] RIP [] assoc_array_apply_edit+0x67/0x110 [52399.299642] RSP [52399.299650] CR2: 0010 [52399.302015] ---[ end trace 0f3e00901ea9f056 ]--- + + Test result after the patch: + $ sudo /opt/ltp/testcases/bin/add_key04 + tst_test.c:1015: INFO: Timeout per run is 0h 05m 00s + add_key04.c:80: PASS: didn't crash while filling keyring + +
[Bug 1775316] Re: add_key04 in LTP syscall test cause kernel oops (NULL pointer dereference) with T kernel
The kernel in comment #3 can fix this issue: ubuntu@amaura:~$ sudo /opt/ltp/testcases/bin/add_key04 tst_test.c:1015: INFO: Timeout per run is 0h 05m 00s add_key04.c:80: PASS: didn't crash while filling keyring Summary: passed 1 failed 0 skipped 0 warnings 0 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1775316 Title: add_key04 in LTP syscall test cause kernel oops (NULL pointer dereference) with T kernel To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1775316/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1775316] Re: add_key04 in LTP syscall test cause kernel oops (NULL pointer dereference) with T kernel
This seems to be related to CVE-2017-12193 A test kernel with the fix (ea678998) could be found here: http://people.canonical.com/~phlin/kernel/lp-1775316/ -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1775316 Title: add_key04 in LTP syscall test cause kernel oops (NULL pointer dereference) with T kernel To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1775316/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1775316] Re: add_key04 in LTP syscall test cause kernel oops (NULL pointer dereference) with T kernel
** Changed in: ubuntu-kernel-tests Assignee: (unassigned) => Po-Hsu Lin (cypressyew) ** Changed in: ubuntu-kernel-tests Status: New => In Progress ** Changed in: linux (Ubuntu) Status: Confirmed => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1775316 Title: add_key04 in LTP syscall test cause kernel oops (NULL pointer dereference) with T kernel To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1775316/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1775316] Re: add_key04 in LTP syscall test cause kernel oops (NULL pointer dereference) with T kernel
** Also affects: ubuntu-kernel-tests Importance: Undecided Status: New ** No longer affects: ubuntu-kernel-tests ** Also affects: ubuntu-kernel-tests Importance: Undecided Status: New ** Changed in: linux (Ubuntu) Assignee: (unassigned) => Po-Hsu Lin (cypressyew) ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-12193 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1775316 Title: add_key04 in LTP syscall test cause kernel oops (NULL pointer dereference) with T kernel To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1775316/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs