[LTP] [PATCH v6 0/3] Add regression test for CVE-2017-17053
Xiao Yang
yangx.jy@cn.fujitsu.com
Tue Mar 27 11:48:26 CEST 2018
Hi,
Can anybody help me look into this issue?
Thanks,
Xiao Yang
On 2018/03/22 15:21, Xiao Yang wrote:
> Hi Michael,
>
> Sorry to bother you.
>
> tst_taint_init() always got TBROK before verifying CVE-2017-17053 on
> my enviorment, as below:
> -----------------------------------------------------------------
> [root@RHEL7U5RC_Intel64 cve]# ./cve-2017-17053
> tst_test.c:987: INFO: Timeout per run is 0h 05m 00s
> tst_taint.c:88: BROK: Kernel is already tainted: 512
> ......
> -----------------------------------------------------------------
>
> On my enviorment, __ioremap_caller() displayed the warning message and
> set /proc/sys/kernel/tainted to
> TST_TAINT_W(512) when too high physical address wasn't handled. Is
> this a usual case? should we break
> and skip CVE-2017-17053 due to this existed TST_TAINT_W?
>
> Please see the the following warning message:
> -----------------------------------------------------------------
> [ 0.059261] ioremap: invalid physical address fffffffffff90000
> [ 0.059263] ------------[ cut here ]------------
> [ 0.059268] WARNING: CPU: 0 PID: 1 at arch/x86/mm/ioremap.c:103
> __ioremap_caller+0x2f2/0x340
> [ 0.059269] Modules linked in:
> [ 0.059272] CPU: 0 PID: 1 Comm: swapper/0 Not tainted
> 3.10.0-860.el7.x86_64 #1
> [ 0.059273] Hardware name: LENOVO QiTianM7150/To be filled by
> O.E.M., BIOS 90KT20CUS 09/14/2010
> [ 0.059275] Call Trace:
> [ 0.059281] [<ffffffffaed0d768>] dump_stack+0x19/0x1b
> [ 0.059284] [<ffffffffae6916d8>] __warn+0xd8/0x100
> [ 0.059286] [<ffffffffae69181d>] warn_slowpath_null+0x1d/0x20
> [ 0.059288] [<ffffffffae66f442>] __ioremap_caller+0x2f2/0x340
> [ 0.059290] [<ffffffffaed0064a>] ? acpi_os_map_memory+0xfd/0x155
> [ 0.059293] [<ffffffffae7f7606>] ? kmem_cache_alloc_trace+0x1d6/0x200
> [ 0.059295] [<ffffffffae66f4c4>] ioremap_cache+0x14/0x20
> [ 0.059297] [<ffffffffaed0064a>] acpi_os_map_memory+0xfd/0x155
> [ 0.059301] [<ffffffffae9ec576>]
> acpi_ex_system_memory_space_handler+0xdd/0x1ca
> [ 0.059304] [<ffffffffae9e5fa3>]
> acpi_ev_address_space_dispatch+0x1c5/0x231
> [ 0.059306] [<ffffffffae9e963a>] acpi_ex_access_region+0x20e/0x2a2
> [ 0.059309] [<ffffffffae9cf86d>] ? acpi_os_release_lock+0xe/0x10
> [ 0.059312] [<ffffffffae9fae9c>] ?
> acpi_ut_update_ref_count+0x99/0x2bf
> [ 0.059314] [<ffffffffae9e99f5>] acpi_ex_field_datum_io+0x105/0x196
> [ 0.059316] [<ffffffffae9e9c0e>]
> acpi_ex_extract_from_field+0x98/0x228
> [ 0.059318] [<ffffffffae9fca3a>] ?
> acpi_ut_create_internal_object_dbg+0x23/0x8a
> [ 0.059321] [<ffffffffae9e91bd>]
> acpi_ex_read_data_from_field+0x13c/0x178
> [ 0.059323] [<ffffffffae9ec8fc>]
> acpi_ex_resolve_node_to_value+0x1a3/0x245
> [ 0.059325] [<ffffffffae9ecbbb>] acpi_ex_resolve_to_value+0x21d/0x23a
> [ 0.059327] [<ffffffffae9e26c3>]
> acpi_ds_evaluate_name_path+0x8d/0x11b
> [ 0.059329] [<ffffffffae9e2aaa>] acpi_ds_exec_end_op+0x98/0x3f3
> [ 0.059332] [<ffffffffae9f4fb8>] acpi_ps_parse_loop+0x526/0x583
> [ 0.059335] [<ffffffffae9fd618>] ?
> acpi_ut_create_generic_state+0x37/0x54
> [ 0.059337] [<ffffffffae9f5ac0>] acpi_ps_parse_aml+0x98/0x289
> [ 0.059339] [<ffffffffae9f6313>] acpi_ps_execute_method+0x1c7/0x272
> [ 0.059341] [<ffffffffae9f0a40>] acpi_ns_evaluate+0x1c1/0x258
> [ 0.059343] [<ffffffffae9f3387>] acpi_evaluate_object+0x135/0x252
> [ 0.059346] [<ffffffffae9cfc7e>] acpi_evaluate_integer+0x52/0x84
> [ 0.059348] [<ffffffffae9cf811>] ? acpi_os_signal_semaphore+0x21/0x2d
> [ 0.059350] [<ffffffffae9d3818>] acpi_bus_get_status_handle+0x1e/0x39
> [ 0.059353] [<ffffffffae9d5d1b>] acpi_bus_check_add+0x81/0x1c2
> [ 0.059355] [<ffffffffae6c0d02>] ? up+0x32/0x50
> [ 0.059358] [<ffffffffae9f316c>] acpi_ns_walk_namespace+0xcb/0x184
> [ 0.059360] [<ffffffffae9d5c9a>] ? acpi_add_single_object+0x4f9/0x4f9
> [ 0.059362] [<ffffffffae9d5c9a>] ? acpi_add_single_object+0x4f9/0x4f9
> [ 0.059364] [<ffffffffae9f36a2>] acpi_walk_namespace+0x95/0xc5
> [ 0.059367] [<ffffffffaf3b722b>] ? acpi_sleep_proc_init+0x2a/0x2a
> [ 0.059369] [<ffffffffae9d60dd>] acpi_bus_scan+0x5c/0x90
> [ 0.059371] [<ffffffffaf3b76b1>] acpi_scan_init+0x89/0x1d8
> [ 0.059373] [<ffffffffaf3b74ce>] acpi_init+0x2a3/0x2bd
> [ 0.059376] [<ffffffffae60210a>] do_one_initcall+0xba/0x240
> [ 0.059379] [<ffffffffaf36c362>] kernel_init_freeable+0x180/0x21f
> [ 0.059381] [<ffffffffaf36bb1f>] ? initcall_blacklist+0xb0/0xb0
> [ 0.059383] [<ffffffffaecfc6b0>] ? rest_init+0x80/0x80
> [ 0.059385] [<ffffffffaecfc6be>] kernel_init+0xe/0xf0
> [ 0.059388] [<ffffffffaed1f637>] ret_from_fork_nospec_begin+0x21/0x21
> [ 0.059390] [<ffffffffaecfc6b0>] ? rest_init+0x80/0x80
> [ 0.059393] ---[ end trace a7b32a0fce036eb7 ]---
> -----------------------------------------------------------------
>
> Please let me know if more information is needed, thanks.
>
> Thanks,
> Xiao Yang
> On 2018/03/09 20:44, Michael Moese wrote:
>
>> Add a regression test for CVE-2017-17053. This testcase is depending
>> on some new library functions included in this series.
>>
>> This patch series consists of reworked patches according to previous
>> review comments, as well as a small new library wrapper function
>> SAFE_SIGACTION() to install a signal handler.
>>
>> Michael Moese (3):
>> Add library support for /proc/sys/kernel/tainted
>> Add a library wrapper for sigaction()
>> Add regression test for CVE-2017-17053
>>
>> doc/test-writing-guidelines.txt | 42 ++++++++++
>> include/tst_safe_macros.h | 20 +++++
>> include/tst_taint.h | 104 +++++++++++++++++++++++++
>> lib/tst_taint.c | 106 +++++++++++++++++++++++++
>> runtest/cve | 1 +
>> testcases/cve/.gitignore | 1 +
>> testcases/cve/Makefile | 2 +
>> testcases/cve/cve-2017-17053.c | 166
>> ++++++++++++++++++++++++++++++++++++++++
>> 8 files changed, 442 insertions(+)
>> create mode 100644 include/tst_taint.h
>> create mode 100644 lib/tst_taint.c
>> create mode 100644 testcases/cve/cve-2017-17053.c
>>
>
>
>
>
More information about the ltp
mailing list