[LTP] [PATCH v2 4/4] ioctl_sg01: Loop data leak check 100 times

Martin Doucha mdoucha@suse.cz
Thu Sep 3 15:19:13 CEST 2020


On 02. 09. 20 19:17, Petr Vorel wrote:
> BTW do I understand the test correctly: we expect ioctl() return -1 because we
> use uninitialized command[CMD_SIZE] in query.cmdp (as the requirement for empty
> command in kernel commit message)?

command[CMD_SIZE] is initialized to 0 which is the SCSI command TEST
UNIT READY. We expect ioctl() to return 0 but also ignore -1 because the
only thing we really care about are the contents of query.dxferp buffer.
If ioctl() fails for some legitimate reason but kernel still fills the
buffer with private data, we need to report that the CVE is present.

https://en.wikipedia.org/wiki/SCSI_command

-- 
Martin Doucha   mdoucha@suse.cz
QA Engineer for Software Maintenance
SUSE LINUX, s.r.o.
CORSO IIa
Krizikova 148/34
186 00 Prague 8
Czech Republic


More information about the ltp mailing list