[LTP] [PATCH] syscalls/keyctl05: new test for key_update() crash
Richard Palethorpe
rpalethorpe@suse.de
Tue Aug 1 16:32:56 CEST 2017
Hello Eric,
Eric Biggers writes:
> On Mon, Jul 31, 2017 at 10:57:56AM +0200, Richard Palethorpe wrote:
>> > + for (i = 0; i < 10000; i++) {
>> > + TEST(tst_syscall(__NR_keyctl, KEYCTL_UPDATE, keyid,
>> > + payload, sizeof(payload)));
>> > + if (TEST_RETURN < 0 && TEST_ERRNO != EACCES) {
>> > + tst_res(TFAIL | TTERRNO, "failed to update 'user' key");
>> > + return;
>> > + }
>> > + }
>>
>> There is a library for causing race conditions (tst_fuzzy_sync.h), but
>> it only works with threads at the moment. I'm not entirely sure whether
>> to ask you to use it or not at this stage. How reliable is the test at
>> crashing a vulnerable system currently?
>>
>
> It happens either very reliably or not at all, depending on how the kernel stack
> is laid out which the test has no control over. And if it *can* happen, it
> doesn't need any fancy synchronization to trigger the crash.
>
> (Also this test could use threads; it just seemed that forking was simpler.)
>
> Eric
OK, the updated patches look good to me. I may try refactoring the test
at some date to use the library, but there doesn't seem to be any reason
to do it at the moment.
--
Thank you,
Richard.
More information about the ltp
mailing list