[LTP] [PATCH] Add setsockopt10 TLS ULP UAF CVE-2023-0461

Petr Vorel pvorel@suse.cz
Fri Oct 13 14:13:35 CEST 2023 

Hi Richie, Cyril,

> >> On NixOS:

> >> $ ./setsockopt10
> >> tst_kconfig.c:87: TINFO: Parsing kernel config '/proc/config.gz'
> >> tst_kernel.c:110: TWARN: expected file /lib/modules/6.5.5/modules.dep does not exist or not a file
> >> tst_kernel.c:110: TWARN: expected file /lib/modules/6.5.5/modules.builtin does not exist or not a file

For my info: this comes from Cyrils suggestion to use .needs_drivers.

> > Can you strace modprobe to see what is different on the system, these
> > files have to be installed somewhere in order for modprobe to actually
> > work...

> They will be in /nix/store/<kernel package hash>/.../modules or similar.
> I can probably make it work on NixOS by creating a nix file, but I think
> there is a bigger issue.

"NixOS is a Linux distribution built on top of the Nix package manager." [1]

I have no idea why Linux distro needs non-standard patch. IMHO we can take patch
which detects NixOS and use it's path, but for the distro itself would be better
if it has at least symlink to the standard path (i.e. it'd be worth to report
it).

As Cyril noted we have .needs_drivers, but that's also require config files in
/lib/modules. But setsockopt10 could also benefit from .modprobe patchset [2],
particularly [3]. i.e. instead of asking for CONFIG_TLS "modprobe tls" could
work. But currently we also expect modules.builtin is in /lib/modules. We could
rethink that (e.g. introduce variable which ignores the check, or allows to pass
path the correct prefix of the directory or remove
tst_check_builtin_driver(name), which is based on parsing modules.builtin).

But for broader discussion please comment on the patchset itself.

And now something completely different: root vs. normal user:
$ find /lib/modules/$(uname -r) |grep tls
...
/lib/modules/6.5.0-1-amd64/kernel/net/tls/tls.ko

But this does not work, when run as user:
$ ./setsockopt10
...
setsockopt10.c:96: TINFO: child: Listen for tcp1 connection
setsockopt10.c:133: TINFO: parent: Connect for tcp0 connection
setsockopt10.c:138: TCONF: parent: setsockopt failed: The TLS module is probably not loaded: ENOENT (2)
tst_test.c:1622: TINFO: Killed the leftover descendant processes

Maybe that has been discussed, but I'd really request the root, because it works
with it:

# ./setsockopt10
...
setsockopt10.c:145: TINFO: parent: Disconnect by setting unspec address
setsockopt10.c:153: TPASS: parent: Can't listen on disconnected TLS socket: EINVAL (22)
setsockopt10.c:110: TINFO: child: connect for tcp2 connection
setsockopt10.c:114: TINFO: child: could not connect to tcp1: ECONNREFUSED (111)

Kind regards,
Petr

[1] https://en.wikipedia.org/wiki/NixOS
[2] https://patchwork.ozlabs.org/project/ltp/list/?series=377451&state=*
[3] https://patchwork.ozlabs.org/project/ltp/patch/20231013074748.702214-3-pvorel@suse.cz/

More information about the ltp mailing list