ubuntu-kernel-tests

test_082_stack_guard_kernel in ubuntu_qrt_kernel_security failed with J-oem-6.5 (compressed modules)

Bug #2031377 reported by Po-Hsu Lin on 2023-08-15

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	QA Regression Testing	Fix Released	Undecided	Unassigned
	ubuntu-kernel-tests	Fix Released	Undecided	Unassigned

Bug Description

Test failed with 6.5.0-1002.2.

Running 'python3 ./test-kernel-security.py -v KernelSecurityTest.test_082_stack_guard_kernel'
Running test: './test-kernel-security.py' distro: 'Ubuntu 22.04' kernel: '6.5.0-1002.2 (Ubuntu 6.5.0-1002.2-oem 6.5.0-rc4)' arch: 'amd64' init: 'systemd' uid: 0/0 SUDO_USER: 'ubuntu')
test_082_stack_guard_kernel (__main__.KernelSecurityTest)
Kernel stack guard ... FAIL

======================================================================
FAIL: test_082_stack_guard_kernel (__main__.KernelSecurityTest)
Kernel stack guard
----------------------------------------------------------------------
Traceback (most recent call last):
File "/home/ubuntu/autotest/client/tmp/ubuntu_qrt_kernel_security/src/qa-regression-testing/scripts/./test-kernel-security.py", line 758, in test_082_stack_guard_kernel
self.assertTrue(module, 'Could not find a suitable kernel module to test')
AssertionError: '' is not true : Could not find a suitable kernel module to test

----------------------------------------------------------------------
Ran 1 test in 0.003s

FAILED (failures=1)

Here is the test case:

def test_082_stack_guard_kernel(self):
'''Kernel stack guard'''

        expected = True
        if not self.kernel_at_least('2.6.31'):
            self._skipped("only Karmic and later")
            expected = False
        else:
            if self.dpkg_arch in self.arm_archs and \
               not self.kernel_at_least('2.6.35'):
                self._skipped("not available on ARM before 10.10")
                expected = False
            if self.dpkg_arch in ['arm64'] and \
               not self.kernel_at_least('4.4'):
                self._skipped("not available on ARM64 before xenial")
                expected = False
            if self.lsb_release['Release'] == 9.10 and self.kernel_version.endswith('-ec2'):
                self._skipped("ignored on Karmic EC2")
                expected = False
            if self.dpkg_arch in ['powerpc']:
                self._skipped("not available on 32-bit powerpc")
                expected = False
            if self.dpkg_arch in ['ppc64', 'ppc64el'] and \
               not self.kernel_at_least('4.20'):
                self._skipped("not available on powerpc before disco")
                expected = False
            if self.dpkg_arch in ['s390x']:
                self._skipped("not available on s390x")
                expected = False
        if self._get_config('MODULES') is None:
            self.announce("cannot check, non-modular")
            # Fall back to config test...
            self.assertTrue(self._get_config('CC_STACKPROTECTOR'))
            expected = False

        module = ""
        for m in ['fs/befs/befs.ko', 'crypto/tcrypt.ko', 'fs/cifs/cifs.ko',
                  'net/ipv4/netfilter/arp_tables.ko',
                  'net/bridge/netfilter/ebtables.ko']:
            m = os.path.join('/lib/modules/%s/kernel/' % (self.kernel_version), m)
            if os.path.exists(m):
                module = m
                break
        if expected:
            self.assertTrue(module, 'Could not find a suitable kernel module to test')

        rc, out = testlib.cmd(['readelf', '-s', module])
        if expected:
            self.assertEqual(rc, 0, out)
        self.assertEqual(expected, ' UND __stack_chk_fail\n' in out, '__stack_chk_fail missing from kernel (tested befs.ko)')

Tags:

Related branches

~alexmurray/qa-regression-testing:fix-lp2031377

Merged into qa-regression-testing:master at revision 20f7556ec019a4307d815de3d16d279f9bf4854b

Po-Hsu Lin (community): Approve on 2023-11-06

Ubuntu Security Team: Pending requested 2023-11-03

Revision history for this message

Po-Hsu Lin (cypressyew) wrote on 2023-08-15:

We're now using zstd compressed modules:
$ ls /lib/modules/6.5.0-1002-oem/kernel/fs/befs/befs.ko*
/lib/modules/6.5.0-1002-oem/kernel/fs/befs/befs.ko.zst
$ ls /lib/modules/6.5.0-1002-oem/kernel/fs/cifs/
ls: cannot access '/lib/modules/6.5.0-1002-oem/kernel/fs/cifs/cifs.ko*': No such file or directory
$ ls /lib/modules/6.5.0-1002-oem/kernel/crypto/tcrypt.ko*
/lib/modules/6.5.0-1002-oem/kernel/crypto/tcrypt.ko.zst
$ ls /lib/modules/6.5.0-1002-oem/kernel/net/ipv4/netfilter/arp_tables.ko*
/lib/modules/6.5.0-1002-oem/kernel/net/ipv4/netfilter/arp_tables.ko.zst
$ ls /lib/modules/6.5.0-1002-oem/kernel/net/bridge/netfilter/ebtables.ko*
/lib/modules/6.5.0-1002-oem/kernel/net/bridge/netfilter/ebtables.ko.zst

Po-Hsu Lin (cypressyew) on 2023-08-15

summary:

test_082_stack_guard_kernel in ubuntu_qrt_kernel_security failed with
- J-oem-6.5
+ J-oem-6.5 (compressed modules)

Revision history for this message

Alex Murray (alexmurray) wrote on 2023-11-03:

Proposed fix in https://code.launchpad.net/~alexmurray/qa-regression-testing/+git/qa-regression-testing/+merge/455095

Revision history for this message

Po-Hsu Lin (cypressyew) wrote on 2023-12-28:

Test passed, hints removed.
Thanks!

Changed in ubuntu-kernel-tests:
status:	New → Fix Released
Changed in qa-regression-testing:
status:	New → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

Bug #2042447

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.