ubuntu_ltp:cve: CVE-2018-1000204 is broken (killed) on F-5.11 arm64/generic-64k

I will try to bump the timeout for this.

Note that this CVE-2018-1000204 test is actually running the ioctl_sg01 test case, which can be found in ubuntu_ltp_syscalls as well with name "ioctl_sg01".

Therefore I think if this has passed in ubuntu_ltp_syscalls, it's safe to let this through.

Found a similar issue with cve-2018-1000199 running bionic/linux-hwe-5.4 5.4.0-89.100~18.04.1 on vought (amd64):

20:35:07 DEBUG| [stdout] startup='Sun Oct 3 20:19:08 2021'
20:35:07 DEBUG| [stdout] tst_test.c:1355: TINFO: Timeout per run is 0h 05m 00s
20:35:07 DEBUG| [stdout] ioctl_sg01.c:81: TINFO: Found SCSI device /dev/sg1
20:35:07 DEBUG| [stdout] Test timeouted, sending SIGKILL!
20:35:07 DEBUG| [stdout] Test timeouted, sending SIGKILL!
20:35:07 DEBUG| [stdout] tst_test.c:1400: TINFO: If you are running on slow machine, try exporting L
TP_TIMEOUT_MUL > 1
20:35:07 DEBUG| [stdout] tst_test.c:1401: TBROK: Test killed! (timeout?)
20:35:07 DEBUG| [stdout]
20:35:07 DEBUG| [stdout] Summary:
20:35:07 DEBUG| [stdout] passed 0
20:35:07 DEBUG| [stdout] failed 0
20:35:07 DEBUG| [stdout] broken 1
20:35:07 DEBUG| [stdout] skipped 0
20:35:07 DEBUG| [stdout] warnings 0
20:35:07 DEBUG| [stdout] tag=cve-2018-1000204 stime=1633292348 dur=306 exit=exited stat=2 core=no cu=1923 cs=28610

This is the first time ubuntu_ltp is run on this node, so this is not a regression.

This issue should be resolved with our updated LTP branch now.

Which contains krzk's fix:
lib: memutils: don't pollute entire system memory to avoid OoM

OK with the updated branch this is indeed still failing on these two arm64 nodes (appleton-kernel / kuzzle) with the generic-64k kernel:

 startup='Wed Oct 13 03:36:11 2021'
 tst_test.c:1363: TINFO: Timeout per run is 0h 05m 00s
 ioctl_sg01.c:81: TINFO: Found SCSI device /dev/sg1
 tst_test.c:1409: TINFO: If you are running on slow machine, try exporting LTP_TIMEOUT_MUL > 1
 tst_test.c:1411: TBROK: Test killed! (timeout?)

 Summary:
 passed 0
 failed 0
 broken 1
 skipped 0
 warnings 0
 tag=cve-2018-1000204 stime=1634096171 dur=100 exit=exited stat=2 core=no cu=4666 cs=5347

It took about 100 seconds to run on appleton-kerenl, 20 seconds to run on kuzzle.

This will needs to be investigated.

With more test on node kuzzle:
* F-5.11.0-37-generic ARM64 kernel - passed
* F-5.11.0-37-generic-64k ARM64 kernel - failed

Looks like this is specific to the generic-64k kernel

It's a similar issue as before - the memory in normal zone dropped below "min" watermark. On this arm64 machine with 128 GB RAM, min watermark is 6 GB (6463168 kB) and free memory was slightly below (6460096 kB).

Patch sent upstream:
https://lists.linux.it/pipermail/ltp/2021-October/025519.html

Unfortunately the test still does not pass. Now, the kernel leaks memory from IOCTL call. Focal/hwe-5.11, 5.11.0-38-generic-64k, anuchin node (ARM64, Cavium, ThunderX with 48 cores). This issue is separate, looks similar to lp:1899441.

----
tst_test.c:1363: TINFO: Timeout per run is 0h 05m 00s
ioctl_sg01.c:81: TINFO: Found SCSI device /dev/sg8
ioctl_sg01.c:116: TFAIL: Kernel memory leaked

HINT: You _MAY_ be missing kernel fixes, see:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a45b599ad808

HINT: You _MAY_ be vulnerable to CVE(s), see:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000204
----

The kernel has mentioned commit. This looks like some other problem in the kernel or in test (/dev/sg8 returns real data...).

Update - above "TFAIL: Kernel memory leaked" error on that ARM64 machine disappeared after reboot.

Patch applied upstream:
https://github.com/linux-test-project/ltp/commit/7dcb3b9aa4350504dd1f909f7e400d846fe640b7
https://github.com/linux-test-project/ltp/commit/67fa51f2add8575d4db20775f86d91cc39605574

Rebased and pushed to our LTP repo:
https://kernel.ubuntu.com/git/ubuntu/ltp.git/commit/?h=sru&id=59cdfae26cdaa8f6336801b32a7dfb0890d49490

Retest in progress.

Retested on F-5.13 / H / I and this is not failing anymore on 64k ARM64 systems, I will mark this as fix-released.