[LTP] sockets/xfrm02: Add ESP-in-TCP page cache corruption test
linuxtestproject.agent@gmail.com
linuxtestproject.agent@gmail.com
Wed May 13 18:29:25 CEST 2026
Hi Andrea,
On Wed, 13 May 2026 17:35:03 +0200, Andrea Cervesato wrote:
> sockets/xfrm02: Add ESP-in-TCP page cache corruption test
> + SAFE_POSIX_FADVISE(cli_fd, 0, 0, POSIX_FADV_DONTNEED);
posix_fadvise(2) is only valid for regular files; on a socket fd it
returns ESPIPE, causing SAFE_POSIX_FADVISE to call tst_brk(TBROK) in
the child and the test never actually exercises the corruption path.
Replace with SAFE_POSIX_FADVISE(file_fd, 0, DATA_SIZE, POSIX_FADV_DONTNEED).
> + /* Let the espintcp strparser process buffered ESP data */
> + usleep(30000);
Sleep-based synchronization is not allowed (G2). Use poll() on acc_fd
waiting for POLLIN to detect when the strparser has consumed the data.
> + acc_fd = SAFE_ACCEPT(srv_fd, NULL, NULL);
> + SAFE_CLOSE(srv_fd);
srv_fd is not reset to -1 after close here; cleanup() will find
srv_fd != -1 and attempt a double-close, hitting TBROK on every run.
Add `srv_fd = -1;` after SAFE_CLOSE(srv_fd).
> +cve-2026-fragnesia xfrm02
Please confirm whether the fix for this CVE is in kernel 7.1 (current
stable). If not, this belongs in runtest/staging with a [STAGING]
prefix in the commit subject.
---
Note:
Our agent completed the review of the patch. The full review can be
found at: https://github.com/linux-test-project/ltp-agent/actions/runs/25811801064
The agent can sometimes produce false positives although often its
findings are genuine. If you find issues with the review, please
comment this email or ignore the suggestions.
Regards,
LTP AI Reviewer
More information about the ltp
mailing list