4.4.0-207.239

Kleber Sacilotto de Souza Thu, 01 Apr 2021 02:01:00 -0700

** Description changed:

- This is a scripted bug report about ADT failures while running linux
- tests for linux/4.4.0-207.239 on xenial. Whether this is caused by the
- tested source or the kernel has yet to be determined.
+ [Impact]
+ The backport of upstream commit ad67b74d2469d9b82aaa572d76474c95bc484d57 
("printk: hash addresses printed with %p"), applied to fix CVEs 
CVE-2018-5953/CVE-2018-5995/CVE-2018-7754 on xenial/linux 4.4.0-207.239, 
introduced a regression caught by testcases from 
ubuntu_qrt_kernel_security.test-kernel-security.py testsuite.
  
+ The failing testcases are:
+ test_095_kernel_symbols_missing_kallsyms
+ test_095_kernel_symbols_missing_proc_modules
+ test_095_kernel_symbols_missing_proc_net_tcp
+ test_300_test_kaslr_base
+ 
+ The '095' testcases expect the addresses read by a regular user to be
+ zeroed out and test '300' expects the default address for 'startup_64'
+ to be 'ffffffff81000000' for non-kaslr kernels (<4.15). The applied
+ backport leaks what the address 0x0 hashes to on the /proc interfaces
+ instead of the expected values.
+ 
+ Examples:
+ $ head /proc/kallsyms
+ 00000000b845aaf2 A irq_stack_union
+ 00000000b845aaf2 A __per_cpu_start
+ 00000000b845aaf2 A __per_cpu_user_mapped_start
+ 00000000b845aaf2 A vector_irq
+ 00000000b845aaf2 A unsafe_stack_register_backup
+ 00000000b845aaf2 A cpu_debug_store
+ 00000000b845aaf2 A cpu_tss
+ 00000000b845aaf2 A exception_stacks
+ 00000000b845aaf2 A gdt_page
+ 00000000b845aaf2 A espfix_waddr
+ 
+ $ sudo head /proc/kallsyms
+ 00000000b845aaf2 A irq_stack_union
+ 00000000b845aaf2 A __per_cpu_start
+ 00000000b845aaf2 A __per_cpu_user_mapped_start
+ 00000000cd84b193 A vector_irq
+ 00000000f271a77b A unsafe_stack_register_backup
+ 00000000b451cc91 A cpu_debug_store
+ 00000000108c2558 A cpu_tss
+ 000000001484be48 A exception_stacks
+ 000000000a1b6bc6 A gdt_page
+ 00000000f38c128a A espfix_waddr
+ 
+ $ sudo grep -w startup_64 /proc/kallsyms
+ 0000000028c44c50 T startup_64
+ 
+ [Fix]
+ For the backport to work as expected, we would likely need to backport the 
following commits as well:
+ 
+ 57e734423add vsprintf: refactor %pK code out of pointer()
+ ef0010a30935 vsprintf: don't use 'restricted_pointer()' when not restricting
+ 
+ However, this could introduce other regressions as there are several
+ corner cases in this code path.
+ 
+ Given that the CVEs which are fixed by this patch are all low or
+ negligible, the best solution seems to be to revert this patch
+ altogether.
+ 
+ [Test]
+ Run ubuntu_qrt_kernel_security.test-kernel-security.py tests from the kernel 
team autotest repository.
+ 
+ [Where problems could occur]
+ Reverting this patch can't introduce any regression as it would return the 
code to the previous state, however it would keep the kernel vulnerable to 
these CVEs.
+ 
+ [Additional Info]
  Testing failed on:
-     amd64: 
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-xenial/xenial/amd64/l/linux/20210331_014541_79861@/log.gz
-     i386: 
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-xenial/xenial/i386/l/linux/20210331_012734_ec0bc@/log.gz
-     ppc64el: 
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-xenial/xenial/ppc64el/l/linux/20210331_014757_ec0bc@/log.gz
-     s390x: 
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-xenial/xenial/s390x/l/linux/20210330_031532_e87f8@/log.gz
+     amd64: 
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-xenial/xenial/amd64/l/linux/20210331_014541_79861@/log.gz
+     i386: 
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-xenial/xenial/i386/l/linux/20210331_012734_ec0bc@/log.gz
+     ppc64el: 
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-xenial/xenial/ppc64el/l/linux/20210331_014757_ec0bc@/log.gz
+     s390x: 
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-xenial/xenial/s390x/l/linux/20210330_031532_e87f8@/log.gz


** Summary changed:

- linux/4.4.0-207.239 ADT test failure with linux/4.4.0-207.239
+ linux ADT test failure with linux/4.4.0-207.239 - 
ubuntu_qrt_kernel_security.test-kernel-security.py

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1922200

Title:
  linux ADT test failure with linux/4.4.0-207.239 -
  ubuntu_qrt_kernel_security.test-kernel-security.py

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1922200/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1922200] Re: linux/4.4.0-207.239 ADT test failure with linux/4.4.0-207.239

Reply via email to