Handle overflow in proc_get_long of sysctl

Bug #1833935 reported by Po-Hsu Lin on 2019-06-24
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ubuntu-kernel-tests
Undecided
Po-Hsu Lin
linux (Ubuntu)
Status tracked in Eoan
Xenial
Undecided
Po-Hsu Lin
Bionic
Undecided
Po-Hsu Lin
Cosmic
Undecided
Po-Hsu Lin
Disco
Undecided
Po-Hsu Lin
Eoan
Undecided
Po-Hsu Lin

Bug Description

== SRU Justification ==
With the upper / lower boundary confined in bug 1834310, the file-max
is still suffering with overflow issue.

This is because the simple_strtoul() used in proc_get_long() to parse
user input explicitly ignores overflows. So when you tried to put 2^64
into file-max, it will:
    # echo 18446744073709551616 > /proc/sys/fs/file-max
    # cat /proc/sys/fs/file-max
    0

Which will cause your system to silently die behind your back.

This issue was reported by the case 1 of the sysctl02 test in LTP:
sysctl02 1 TFAIL: /proc/sys/fs/file-max overflows and set to 0

== Fix ==
* 7f2923c4 (sysctl: handle overflow in proc_get_long)

A new strtoul_lenient() was introduced here to solve this issue, with
extra check to notify userspace with -EINVAL.

This patch can be cherry-picked into B/C/D/E, it needs some content
adjustment for X.

== Test ==
Test kernels could be found here:
https://people.canonical.com/~phlin/kernel/lp-1833935-proc_get_long/

The attempt to set file-max to 2^64 will be rejected:
$ sudo sysctl -w -q fs.file-max=18446744073709551616
sysctl: setting key "fs.file-max": Invalid argument

Tested and passed with these kernels on AMD64 KVM nodes.

== Regression Potential ==
Low, the newly introduced function strtoul_lenient() is just for
proc_get_long here.

== Original bug report ==
Test complains about apparmor enabled.
As it's enabled by default, I think we might need to disable this test.

Furthermore, this test will need kallsyms to be enabled, which is not for KVM kernels.

<<<test_start>>>
tag=sysctl02_sh stime=1561360893
cmdline="sysctl02.sh"
contacts=""
analysis=exit
<<<test_output>>>
incrementing stop
sysctl02 1 TINFO: timeout per run is 0h 5m 0s
sysctl02 1 TFAIL: /proc/sys/fs/file-max overflows and set to 0
sysctl02 2 TFAIL: /proc/sys/fs/file-max overflows and set to 18446744073709551615
sysctl02 3 TFAIL: /proc/sys/fs/file-max overflows and set to 9223372036854775808
sysctl02 4 TCONF: /proc/kallsyms not enabled
sysctl02 4 TINFO: AppArmor enabled, this may affect test results
sysctl02 4 TINFO: You can try to disable it with TST_DISABLE_APPARMOR=1 (requires super/root)
sysctl02 4 TINFO: loaded AppArmor profiles: none

Summary:
passed 0
failed 3
skipped 1
warnings 0
<<<execution_status>>>
initiation_status="ok"
duration=0 termination_type=exited termination_id=33 corefile=no
cutime=2 cstime=1
<<<test_end>>>

ProblemType: Bug
DistroRelease: Ubuntu 18.10
Package: linux-image-4.18.0-1015-kvm 4.18.0-1015.15
ProcVersionSignature: User Name 4.18.0-1015.15-kvm 4.18.20
Uname: Linux 4.18.0-1015-kvm x86_64
ApportVersion: 2.20.10-0ubuntu13.3
Architecture: amd64
Date: Mon Jun 24 07:21:41 2019
SourcePackage: linux-kvm
UpgradeStatus: No upgrade log present (probably fresh install)

Po-Hsu Lin (cypressyew) wrote :
tags: added: sru-20190603 ubuntu-ltp
Po-Hsu Lin (cypressyew) on 2019-06-24
tags: added: linux-kvm
Po-Hsu Lin (cypressyew) wrote :

Built a Cosmic generic kernel with AppArmor disabled, failures still can be seen in the test report:
$ grep -i apparmor /boot/config-4.18.0-25-generic
# CONFIG_SECURITY_APPARMOR is not set
$ uname -a
Linux amaura 4.18.0-25-generic #26 SMP Tue Jun 25 07:49:54 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

<<<test_output>>>
incrementing stop
sysctl02 1 TINFO: timeout per run is 0h 5m 0s
sysctl02 1 TFAIL: /proc/sys/fs/file-max overflows and set to 0
sysctl02 2 TFAIL: /proc/sys/fs/file-max overflows and set to 18446744073709551615
sysctl02 3 TFAIL: /proc/sys/fs/file-max overflows and set to 9223372036854775808
sysctl02 4 TCONF: kernel doesn't support KASAN

Summary:
passed 0
failed 3
skipped 1
warnings 0

And the commits mentioned in this test case does not exist in our kernel, so this is a valid kernel issue.

summary: - sysctl02_sh from ubuntu_ltp failed on KVM kernels because AppArmor
- enabled
+ sysctl02_sh from ubuntu_ltp failed
summary: - sysctl02_sh from ubuntu_ltp failed
+ sysctl02_sh from ubuntu_ltp failed with Cosmic kernel

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1833935

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Changed in linux (Ubuntu Cosmic):
status: New → Incomplete
Po-Hsu Lin (cypressyew) on 2019-06-26
Changed in ubuntu-kernel-tests:
assignee: nobody → Po-Hsu Lin (cypressyew)
status: New → In Progress

Test case 2 and 3 split into bug 1834310
Test case 1 will be addressed here.

Po-Hsu Lin (cypressyew) on 2019-06-27
summary: - sysctl02_sh from ubuntu_ltp failed with Cosmic kernel
+ Handle overflow in proc_get_long of sysctl
Po-Hsu Lin (cypressyew) on 2019-06-28
description: updated
Po-Hsu Lin (cypressyew) wrote :
no longer affects: linux-kvm (Ubuntu)
no longer affects: linux-kvm (Ubuntu Xenial)
no longer affects: linux-kvm (Ubuntu Cosmic)
Changed in linux (Ubuntu Xenial):
assignee: nobody → Po-Hsu Lin (cypressyew)
status: New → In Progress
Changed in linux (Ubuntu Bionic):
assignee: nobody → Po-Hsu Lin (cypressyew)
status: New → In Progress
no longer affects: linux-kvm (Ubuntu Bionic)
no longer affects: linux-kvm (Ubuntu Disco)
no longer affects: linux-kvm (Ubuntu Eoan)
Changed in linux (Ubuntu Cosmic):
status: Incomplete → In Progress
assignee: nobody → Po-Hsu Lin (cypressyew)
Changed in linux (Ubuntu Disco):
assignee: nobody → Po-Hsu Lin (cypressyew)
status: New → In Progress
Changed in linux (Ubuntu Eoan):
assignee: nobody → Po-Hsu Lin (cypressyew)
status: Incomplete → In Progress
Changed in linux (Ubuntu Cosmic):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Disco):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Bionic):
status: In Progress → Fix Committed

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-disco' to 'verification-done-disco'. If the problem still exists, change the tag 'verification-needed-disco' to 'verification-failed-disco'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-disco
tags: added: verification-needed-xenial

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-xenial' to 'verification-done-xenial'. If the problem still exists, change the tag 'verification-needed-xenial' to 'verification-failed-xenial'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-cosmic' to 'verification-done-cosmic'. If the problem still exists, change the tag 'verification-needed-cosmic' to 'verification-failed-cosmic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-cosmic
tags: added: verification-needed-bionic

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

Po-Hsu Lin (cypressyew) wrote :

sysctl02 test passed with Disco kernel.

tags: added: verification-done-disco
removed: verification-needed-disco
Po-Hsu Lin (cypressyew) wrote :

sysctl02 test passed with Bionic kernel.

tags: added: verification-done-bionic
removed: verification-needed-bionic
Po-Hsu Lin (cypressyew) wrote :

sysctl02 test passed with Xenial kernel.

tags: added: verification-done-xenial
removed: verification-needed-xenial
Po-Hsu Lin (cypressyew) wrote :

Eoan already got this patch.

Changed in linux (Ubuntu Eoan):
status: In Progress → Fix Released
Changed in ubuntu-kernel-tests:
status: In Progress → Fix Released
tags: added: verification-done-cosmic
removed: verification-needed-cosmic
Launchpad Janitor (janitor) wrote :
Download full text (11.2 KiB)

This bug was fixed in the package linux - 4.15.0-55.60

---------------
linux (4.15.0-55.60) bionic; urgency=medium

  * linux: 4.15.0-55.60 -proposed tracker (LP: #1834954)

  * Request backport of ceph commits into bionic (LP: #1834235)
    - ceph: use atomic_t for ceph_inode_info::i_shared_gen
    - ceph: define argument structure for handle_cap_grant
    - ceph: flush pending works before shutdown super
    - ceph: send cap releases more aggressively
    - ceph: single workqueue for inode related works
    - ceph: avoid dereferencing invalid pointer during cached readdir
    - ceph: quota: add initial infrastructure to support cephfs quotas
    - ceph: quota: support for ceph.quota.max_files
    - ceph: quota: don't allow cross-quota renames
    - ceph: fix root quota realm check
    - ceph: quota: support for ceph.quota.max_bytes
    - ceph: quota: update MDS when max_bytes is approaching
    - ceph: quota: add counter for snaprealms with quota
    - ceph: avoid iput_final() while holding mutex or in dispatch thread

  * QCA9377 isn't being recognized sometimes (LP: #1757218)
    - SAUCE: USB: Disable USB2 LPM at shutdown

  * hns: fix ICMP6 neighbor solicitation messages discard problem (LP: #1833140)
    - net: hns: fix ICMP6 neighbor solicitation messages discard problem
    - net: hns: fix unsigned comparison to less than zero

  * Fix occasional boot time crash in hns driver (LP: #1833138)
    - net: hns: Fix probabilistic memory overwrite when HNS driver initialized

  * use-after-free in hns_nic_net_xmit_hw (LP: #1833136)
    - net: hns: fix KASAN: use-after-free in hns_nic_net_xmit_hw()

  * hns: attempt to restart autoneg when disabled should report error
    (LP: #1833147)
    - net: hns: Restart autoneg need return failed when autoneg off

  * systemd 237-3ubuntu10.14 ADT test failure on Bionic ppc64el (test-seccomp)
    (LP: #1821625)
    - powerpc: sys_pkey_alloc() and sys_pkey_free() system calls
    - powerpc: sys_pkey_mprotect() system call

  * [UBUNTU] pkey: Indicate old mkvp only if old and curr. mkvp are different
    (LP: #1832625)
    - pkey: Indicate old mkvp only if old and current mkvp are different

  * [UBUNTU] kernel: Fix gcm-aes-s390 wrong scatter-gather list processing
    (LP: #1832623)
    - s390/crypto: fix gcm-aes-s390 selftest failures

  * System crashes on hot adding a core with drmgr command (4.15.0-48-generic)
    (LP: #1833716)
    - powerpc/numa: improve control of topology updates
    - powerpc/numa: document topology_updates_enabled, disable by default

  * Kernel modules generated incorrectly when system is localized to a non-
    English language (LP: #1828084)
    - scripts: override locale from environment when running recordmcount.pl

  * [UBUNTU] kernel: Fix wrong dispatching for control domain CPRBs
    (LP: #1832624)
    - s390/zcrypt: Fix wrong dispatching for control domain CPRBs

  * CVE-2019-11815
    - net: rds: force to destroy connection if t_sock is NULL in
      rds_tcp_kill_sock().

  * Sound device not detected after resume from hibernate (LP: #1826868)
    - drm/i915: Force 2*96 MHz cdclk on glk/cnl when audio power is enabled
    - drm/i915: Save the old CDCLK atomic state
...

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (57.5 KiB)

This bug was fixed in the package linux - 5.0.0-21.22

---------------
linux (5.0.0-21.22) disco; urgency=medium

  * linux: 5.0.0-21.22 -proposed tracker (LP: #1834902)

  * Disco update: 5.0.15 upstream stable release (LP: #1834529)
    - net: stmmac: Use bfsize1 in ndesc_init_rx_desc
    - Drivers: hv: vmbus: Remove the undesired put_cpu_ptr() in hv_synic_cleanup()
    - ubsan: Fix nasty -Wbuiltin-declaration-mismatch GCC-9 warnings
    - staging: greybus: power_supply: fix prop-descriptor request size
    - staging: wilc1000: Avoid GFP_KERNEL allocation from atomic context.
    - staging: most: cdev: fix chrdev_region leak in mod_exit
    - staging: most: sound: pass correct device when creating a sound card
    - ASoC: tlv320aic3x: fix reset gpio reference counting
    - ASoC: hdmi-codec: fix S/PDIF DAI
    - ASoC: stm32: sai: fix iec958 controls indexation
    - ASoC: stm32: sai: fix exposed capabilities in spdif mode
    - ASoC: stm32: sai: fix race condition in irq handler
    - ASoC:soc-pcm:fix a codec fixup issue in TDM case
    - ASoC:hdac_hda:use correct format to setup hda codec
    - ASoC:intel:skl:fix a simultaneous playback & capture issue on hda platform
    - ASoC: dpcm: prevent snd_soc_dpcm use after free
    - ASoC: nau8824: fix the issue of the widget with prefix name
    - ASoC: nau8810: fix the issue of widget with prefixed name
    - ASoC: samsung: odroid: Fix clock configuration for 44100 sample rate
    - ASoC: rt5682: Check JD status when system resume
    - ASoC: rt5682: fix jack type detection issue
    - ASoC: rt5682: recording has no sound after booting
    - ASoC: wm_adsp: Add locking to wm_adsp2_bus_error
    - clk: meson-gxbb: round the vdec dividers to closest
    - ASoC: stm32: dfsdm: manage multiple prepare
    - ASoC: stm32: dfsdm: fix debugfs warnings on entry creation
    - ASoC: cs4270: Set auto-increment bit for register writes
    - ASoC: dapm: Fix NULL pointer dereference in snd_soc_dapm_free_kcontrol
    - drm/omap: hdmi4_cec: Fix CEC clock handling for PM
    - IB/hfi1: Clear the IOWAIT pending bits when QP is put into error state
    - IB/hfi1: Eliminate opcode tests on mr deref
    - IB/hfi1: Fix the allocation of RSM table
    - MIPS: KGDB: fix kgdb support for SMP platforms.
    - ASoC: tlv320aic32x4: Fix Common Pins
    - drm/mediatek: Fix an error code in mtk_hdmi_dt_parse_pdata()
    - perf/x86/intel: Fix handling of wakeup_events for multi-entry PEBS
    - perf/x86/intel: Initialize TFA MSR
    - linux/kernel.h: Use parentheses around argument in u64_to_user_ptr()
    - iov_iter: Fix build error without CONFIG_CRYPTO
    - xtensa: fix initialization of pt_regs::syscall in start_thread
    - ASoC: rockchip: pdm: fix regmap_ops hang issue
    - drm/amdkfd: Add picasso pci id
    - drm/amdgpu: Adjust IB test timeout for XGMI configuration
    - drm/amdgpu: amdgpu_device_recover_vram always failed if only one node in
      shadow_list
    - drm/amd/display: fix cursor black issue
    - ASoC: cs35l35: Disable regulators on driver removal
    - objtool: Add rewind_stack_do_exit() to the noreturn list
    - slab: fix a crash by reading /proc/slab_allocators
    - drm/sun4i: tcon top: Fix NULL/inv...

Changed in linux (Ubuntu Disco):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (30.5 KiB)

This bug was fixed in the package linux - 4.4.0-157.185

---------------
linux (4.4.0-157.185) xenial; urgency=medium

  * linux: 4.4.0-157.185 -proposed tracker (LP: #1837476)

  * systemd 229-4ubuntu21.22 ADT test failure with linux 4.4.0-156.183 (storage)
    (LP: #1837235)
    - Revert "block/bio: Do not zero user pages"
    - Revert "block: Clear kernel memory before copying to user"
    - Revert "bio_copy_from_iter(): get rid of copying iov_iter"

linux (4.4.0-156.183) xenial; urgency=medium

  * linux: 4.4.0-156.183 -proposed tracker (LP: #1836880)

  * BCM43602 802.11ac Wireless regression - PCI ID 14e4:43ba (LP: #1836801)
    - brcmfmac: add eth_type_trans back for PCIe full dongle

linux (4.4.0-155.182) xenial; urgency=medium

  * linux: 4.4.0-155.182 -proposed tracker (LP: #1834918)

  * Geneve tunnels don't work when ipv6 is disabled (LP: #1794232)
    - geneve: correctly handle ipv6.disable module parameter

  * Kernel modules generated incorrectly when system is localized to a non-
    English language (LP: #1828084)
    - scripts: override locale from environment when running recordmcount.pl

  * Handle overflow in proc_get_long of sysctl (LP: #1833935)
    - sysctl: handle overflow in proc_get_long

  * Xenial update: 4.4.181 upstream stable release (LP: #1832661)
    - x86/speculation/mds: Revert CPU buffer clear on double fault exit
    - x86/speculation/mds: Improve CPU buffer clear documentation
    - ARM: exynos: Fix a leaked reference by adding missing of_node_put
    - crypto: vmx - fix copy-paste error in CTR mode
    - crypto: crct10dif-generic - fix use via crypto_shash_digest()
    - crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest()
    - ALSA: usb-audio: Fix a memory leak bug
    - ALSA: hda/hdmi - Consider eld_valid when reporting jack event
    - ALSA: hda/realtek - EAPD turn on later
    - ASoC: max98090: Fix restore of DAPM Muxes
    - ASoC: RT5677-SPI: Disable 16Bit SPI Transfers
    - mm/mincore.c: make mincore() more conservative
    - ocfs2: fix ocfs2 read inode data panic in ocfs2_iget
    - mfd: da9063: Fix OTP control register names to match datasheets for
      DA9063/63L
    - tty/vt: fix write/write race in ioctl(KDSKBSENT) handler
    - ext4: actually request zeroing of inode table after grow
    - ext4: fix ext4_show_options for file systems w/o journal
    - Btrfs: do not start a transaction at iterate_extent_inodes()
    - bcache: fix a race between cache register and cacheset unregister
    - bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim()
    - ipmi:ssif: compare block number correctly for multi-part return messages
    - crypto: gcm - Fix error return code in crypto_gcm_create_common()
    - crypto: gcm - fix incompatibility between "gcm" and "gcm_base"
    - crypto: chacha20poly1305 - set cra_name correctly
    - crypto: salsa20 - don't access already-freed walk.iv
    - crypto: arm/aes-neonbs - don't access already-freed walk.iv
    - writeback: synchronize sync(2) against cgroup writeback membership switches
    - fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going
      into workqueue when umount
    - ALSA: hda/realtek - Fix for Lenovo B...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers