ubuntu-kernel-tests

request_key03 in LTP syscall test cause kernel oops with T kernel

Bug #1775370 reported by Po-Hsu Lin
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ubuntu-kernel-tests
Fix Released
Undecided
Unassigned
linux (Ubuntu)
Fix Committed
Medium
Unassigned
Trusty
Fix Committed
Medium
Unassigned

Bug Description

The "request_key03" from the LTP syscall tests will cause kernel oops with Trusty kernel.

Steps (with root):
  1. sudo apt-get install git xfsprogs -y
  2. git clone --depth=1 https://github.com/linux-test-project/ltp.git
  3. cd ltp
  4. make autotools
  5. ./configure
  6. make; make install
  7. /opt/ltp/testcases/bin/request_key03

$ sudo /opt/ltp/testcases/bin/request_key03
tst_test.c:1015: INFO: Timeout per run is 0h 05m 00s
request_key03.c:158: FAIL: kernel oops while updating key of type 'encrypted'
request_key03.c:168: PASS: didn't crash while requesting key of type 'encrypted'
request_key03.c:158: FAIL: kernel oops while updating key of type 'trusted'
request_key03.c:168: PASS: didn't crash while requesting key of type 'trusted'
request_key03.c:154: PASS: didn't crash while updating key of type 'user'
request_key03.c:168: PASS: didn't crash while requesting key of type 'user'

Summary:
passed 4
failed 2
skipped 0
warnings 0

[14180.795675] encrypted_key: keyword 'update' not allowed when called from .instantiate method
[14180.796205] BUG: unable to handle kernel NULL pointer dereference at 0000000000000018
[14180.796230] IP: [<ffffffff812e0936>] encrypted_update+0xa6/0x160
[14180.796248] PGD 800000045383e067 PUD 4568c5067 PMD 0
[14180.796263] Oops: 0000 [#1] SMP
[14180.796273] Modules linked in: ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi dm_crypt joydev hid_generic x86_pkg_temp_thermal coretemp kvm_intel kvm usbhid hid mac_hid lpc_ich shpchp crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul i915_bdw glue_helper ablk_helper cryptd igb dca ptp ahci intel_ips pps_core libahci i2c_algo_bit drm_kms_helper drm video
[14180.796407] CPU: 6 PID: 1888 Comm: request_key03 Not tainted 3.13.0-151-generic #201
[14180.796425] Hardware name: Intel Corporation S1200RP/S1200RP, BIOS S1200RP.86B.03.02.0003.070120151022 07/01/2015
[14180.796449] task: ffff880458463000 ti: ffff880454b16000 task.ti: ffff880454b16000
[14180.796466] RIP: 0010:[<ffffffff812e0936>] [<ffffffff812e0936>] encrypted_update+0xa6/0x160
[14180.796488] RSP: 0018:ffff880454b17e18 EFLAGS: 00010246
[14180.796502] RAX: 0000000000000000 RBX: ffff880455db1a40 RCX: 0000000000000000
[14180.796518] RDX: 0000000000000005 RSI: ffff880455db1a4c RDI: ffffffff818400a3
[14180.796535] RBP: ffff880454b17e50 R08: 0000000000000000 R09: ffff880455db1a4f
[14180.796552] R10: 0000000000000020 R11: ffffffff81388b44 R12: 0000000000000000
[14180.796568] R13: 0000000000000000 R14: ffff88045553a240 R15: ffff880455db1a47
[14180.796585] FS: 00007faf78341740(0000) GS:ffff8804704c0000(0000) knlGS:0000000000000000
[14180.796604] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[14180.796618] CR2: 0000000000000018 CR3: 00000004550c8000 CR4: 0000000000360770
[14180.796635] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[14180.796652] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[14180.796668] Stack:
[14180.796674] ffff880455db1a47 0000000000000000 ffff88045553a240 ffff88045553a260
[14180.796695] ffff880459c092c0 ffff88045553a241 ffff880458463000 ffff880454b17f00
[14180.796715] ffffffff812d761b 0000000000000286 0000000000000000 ffff880459c09980
[14180.796735] Call Trace:
[14180.796744] [<ffffffff812d761b>] key_create_or_update+0x27b/0x420
[14180.796760] [<ffffffff812d8e10>] SyS_add_key+0x110/0x210
[14180.796775] [<ffffffff81749770>] system_call_fastpath+0x1a/0x1f
[14180.796789] Code: 89 c7 e8 7e de 09 00 48 8d 55 c8 48 8d 75 d0 45 31 c0 31 c9 48 89 df e8 19 f3 ff ff 85 c0 41 89 c4 0f 88 88 00 00 00 4c 8b 7d c8 <49> 8b 75 18 4c 89 ff e8 fe f1 ff ff 85 c0 41 89 c4 78 71 49 8b
[14180.796888] RIP [<ffffffff812e0936>] encrypted_update+0xa6/0x160
[14180.796904] RSP <ffff880454b17e18>
[14180.796913] CR2: 0000000000000018
[14180.799331] ---[ end trace 4fc59232fdc581c7 ]---
[14180.805266] BUG: unable to handle kernel NULL pointer dereference at 0000000000000018
[14180.805303] IP: [<ffffffff812df6c8>] trusted_update+0x28/0x1e0
[14180.805334] PGD 800000045a2b7067 PUD 45710b067 PMD 0
[14180.805361] Oops: 0000 [#2] SMP
[14180.805379] Modules linked in: ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi dm_crypt joydev hid_generic x86_pkg_temp_thermal coretemp kvm_intel kvm usbhid hid mac_hid lpc_ich shpchp crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul i915_bdw glue_helper ablk_helper cryptd igb dca ptp ahci intel_ips pps_core libahci i2c_algo_bit drm_kms_helper drm video
[14180.806196] CPU: 6 PID: 1893 Comm: request_key03 Tainted: G D 3.13.0-151-generic #201
[14180.806881] Hardware name: Intel Corporation S1200RP/S1200RP, BIOS S1200RP.86B.03.02.0003.070120151022 07/01/2015
[14180.807578] task: ffff880455966000 ti: ffff880454004000 task.ti: ffff880454004000
[14180.808273] RIP: 0010:[<ffffffff812df6c8>] [<ffffffff812df6c8>] trusted_update+0x28/0x1e0
[14180.808970] RSP: 0018:ffff880454005e18 EFLAGS: 00010286
[14180.809661] RAX: ffffffff812df6a0 RBX: ffff88045553a600 RCX: 0000000000000004
[14180.810362] RDX: 0000000000000000 RSI: ffff880454005e98 RDI: ffff88045553a600
[14180.811049] RBP: ffff880454005e50 R08: 0000000000016980 R09: ffff8804704d6980
[14180.811724] R10: ffffea0011559100 R11: ffffffff81388b44 R12: 0000000000000006
[14180.812387] R13: ffff880457b5d740 R14: ffff880454005e98 R15: 0000000000000000
[14180.813033] FS: 00007faf78341740(0000) GS:ffff8804704c0000(0000) knlGS:0000000000000000
[14180.813676] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[14180.814304] CR2: 0000000000000018 CR3: 0000000459a00000 CR4: 0000000000360770
[14180.814935] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[14180.815551] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[14180.816177] Stack:
[14180.816769] ffffffff812e408c ffff88045553a600 ffff88045553a600 ffff88045553a620
[14180.817390] ffff880457b5d740 ffff88045553a601 ffff880455966000 ffff880454005f00
[14180.818006] ffffffff812d761b 0000000000000286 0000000000000000 ffff880457b5d140
[14180.818622] Call Trace:
[14180.819232] [<ffffffff812e408c>] ? security_key_permission+0x1c/0x20
[14180.819847] [<ffffffff812d761b>] key_create_or_update+0x27b/0x420
[14180.820455] [<ffffffff812d8e10>] SyS_add_key+0x110/0x210
[14180.821059] [<ffffffff81749770>] system_call_fastpath+0x1a/0x1f
[14180.821658] Code: 00 00 00 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 49 89 f6 41 55 41 54 53 48 83 ec 10 4c 8b bf a0 00 00 00 48 89 7d d0 4c 8b 66 28 <41> 80 7f 18 00 0f 84 5d 01 00 00 49 8d 44 24 ff 48 3d fe 7f 00
[14180.823022] RIP [<ffffffff812df6c8>] trusted_update+0x28/0x1e0
[14180.823655] RSP <ffff880454005e18>
[14180.824286] CR2: 0000000000000018
[14180.824914] ---[ end trace 4fc59232fdc581c8 ]---

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: linux-image-3.13.0-151-generic 3.13.0-151.201
ProcVersionSignature: User Name 3.13.0-151.201-generic 3.13.11-ckt39
Uname: Linux 3.13.0-151-generic x86_64
AlsaDevices:
 total 0
 crw-rw---- 1 root audio 116, 1 Jun 6 08:22 seq
 crw-rw---- 1 root audio 116, 33 Jun 6 08:22 timer
AplayDevices: Error: [Errno 2] No such file or directory: 'aplay'
ApportVersion: 2.14.1-0ubuntu3.29
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord'
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
CurrentDmesg:

Date: Wed Jun 6 09:37:28 2018
IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig'
MachineType: Dell Inc. PowerEdge R310
PciMultimedia:

ProcEnviron:
 TERM=xterm-256color
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcFB:

ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.13.0-151-generic root=UUID=ded56b2d-3057-4d58-a1e5-422853291ffd ro
RelatedPackageVersions:
 linux-restricted-modules-3.13.0-151-generic N/A
 linux-backports-modules-3.13.0-151-generic N/A
 linux-firmware 1.127.24
RfKill: Error: [Errno 2] No such file or directory: 'rfkill'
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 08/17/2011
dmi.bios.vendor: Dell Inc.
dmi.bios.version: 1.8.2
dmi.board.name: 05XKKK
dmi.board.vendor: Dell Inc.
dmi.board.version: A05
dmi.chassis.type: 23
dmi.chassis.vendor: Dell Inc.
dmi.modalias: dmi:bvnDellInc.:bvr1.8.2:bd08/17/2011:svnDellInc.:pnPowerEdgeR310:pvr:rvnDellInc.:rn05XKKK:rvrA05:cvnDellInc.:ct23:cvr:
dmi.product.name: PowerEdge R310
dmi.sys.vendor: Dell Inc.

CVE References

Revision history for this message
Po-Hsu Lin (cypressyew) wrote :
Revision history for this message
Po-Hsu Lin (cypressyew) wrote :

This might be related to CVE-2017-15299 and CVE-2017-15951

But from our CVE tracker, CVE-2017-15951 has gone (and not affecting Trusty), I will mark this as affected by CVE-2017-15299 only.

Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : Status changed to Confirmed

This change was made by a bot.

Changed in linux (Ubuntu):
status: New → Confirmed
Joseph Salisbury (jsalisbury)
Changed in linux (Ubuntu Trusty):
status: New → Triaged
Changed in linux (Ubuntu):
status: Confirmed → Triaged
importance: Undecided → Medium
Changed in linux (Ubuntu Trusty):
importance: Undecided → Medium
Revision history for this message
Po-Hsu Lin (cypressyew) wrote :

With all the CVEs listed here fixed in Trusty kernel, we need to check this issue again.
https://lists.ubuntu.com/archives/kernel-team/2018-October/095725.html

Changed in ubuntu-kernel-tests:
status: New → Incomplete
Changed in linux (Ubuntu):
status: Triaged → Fix Committed
Changed in linux (Ubuntu Trusty):
status: Triaged → Fix Committed
Revision history for this message
Po-Hsu Lin (cypressyew) wrote :

This issue no longer exist.

The test will fail with another error message, I will open a new bug report.

$ sudo ./request_key03
tst_test.c:1072: INFO: Timeout per run is 0h 05m 00s
request_key03.c:154: PASS: didn't crash while updating key of type 'encrypted'
request_key03.c:168: PASS: didn't crash while requesting key of type 'encrypted'
request_key03.c:115: BROK: unexpected error adding key of type 'trusted': ENOMEM
request_key03.c:160: BROK: add_key child exited with 2

Summary:
passed 2
failed 0
skipped 0
warnings 0
ubuntu@amaura:/opt/ltp/testcases/bin$ uname -a
Linux amaura 3.13.0-161-generic #211-Ubuntu SMP Wed Oct 3 14:52:35 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

Changed in ubuntu-kernel-tests:
status: Incomplete → Fix Released
Brad Figg (brad-figg)
tags: added: cscc
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.