Ubuntu
linux package

test_095_kernel_symbols_missing in ubuntu_qrt_kernel_security failed on Bionic

Bug #1751202 reported by Po-Hsu Lin
20
This bug affects 2 people
Affects Status Importance Assigned to Milestone
QA Regression Testing
Fix Released
Undecided
Unassigned
linux (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

This issue could be found on AMD64, ppc64le, ARM64, s390x (not sure about i386, which was not tested because of the deployment issue in the last cycle)

Steps:
 1. Deploy an AMD64 system with Bionic
 2. sudo apt-get install git python-minimal -y
 3. git clone --depth=1 git://kernel.ubuntu.com/ubuntu/autotest-client-tests -b master-next
 4. git clone --depth=1 git://kernel.ubuntu.com/ubuntu/autotest
 5. rm -fr autotest/client/tests
 6. ln -sf ~/autotest-client-tests autotest/client/tests
 7. AUTOTEST_PATH=/home/ubuntu/autotest sudo -E autotest/client/autotest-local --verbose autotest/client/tests/ubuntu_qrt_kernel_security/control

  ERROR: test_095_kernel_symbols_missing (__main__.KernelSecurityTest)
  kernel addresses in kallsyms and modules are zeroed out
  ----------------------------------------------------------------------
  Traceback (most recent call last):
    File "./test-kernel-security.py", line 1508, in test_095_kernel_symbols_missing
      self._check_pK_files(expected)
    File "./test-kernel-security.py", line 1440, in _check_pK_files
      expected)
    File "./test-kernel-security.py", line 1401, in _read_twice
      self.assertEqual(expected, 0 == int(address, 16), "%s: user saw %s" % (filename, address))
  ValueError: invalid literal for int() with base 16: '(null)'

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: linux-image-4.15.0-10-generic 4.15.0-10.11
ProcVersionSignature: User Name 4.15.0-10.11-generic 4.15.3
Uname: Linux 4.15.0-10-generic x86_64
AlsaDevices:
 total 0
 crw-rw---- 1 root audio 116, 1 Feb 23 04:53 seq
 crw-rw---- 1 root audio 116, 33 Feb 23 04:53 timer
AplayDevices: Error: [Errno 2] No such file or directory: 'aplay': 'aplay'
ApportVersion: 2.20.8-0ubuntu10
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord': 'arecord'
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
CurrentDmesg:

Date: Fri Feb 23 06:57:48 2018
IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig': 'iwconfig'
MachineType: Dell Inc. PowerEdge R320
PciMultimedia:

ProcEnviron:
 TERM=xterm-256color
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=C.UTF-8
 SHELL=/bin/bash
ProcFB: 0 mgadrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.15.0-10-generic root=UUID=0845f9a0-ab8c-4dfa-8385-af21f2f2b9ad ro
RelatedPackageVersions:
 linux-restricted-modules-4.15.0-10-generic N/A
 linux-backports-modules-4.15.0-10-generic N/A
 linux-firmware 1.171
RfKill: Error: [Errno 2] No such file or directory: 'rfkill': 'rfkill'
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 05/11/2012
dmi.bios.vendor: Dell Inc.
dmi.bios.version: 1.2.4
dmi.board.name: 0DY523
dmi.board.vendor: Dell Inc.
dmi.board.version: A03
dmi.chassis.type: 23
dmi.chassis.vendor: Dell Inc.
dmi.modalias: dmi:bvnDellInc.:bvr1.2.4:bd05/11/2012:svnDellInc.:pnPowerEdgeR320:pvr:rvnDellInc.:rn0DY523:rvrA03:cvnDellInc.:ct23:cvr:
dmi.product.name: PowerEdge R320
dmi.sys.vendor: Dell Inc.

See original description
Revision history for this message
Po-Hsu Lin (cypressyew) wrote :
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1751202

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Po-Hsu Lin (cypressyew)
summary: test_095_kernel_symbols_missing in ubuntu_qrt_kernel_security failed on
- AMD64 Bionic
+ Bionic
description: updated
description: updated
Revision history for this message
Seth Forshee (sforshee) wrote :

This is because /proc/kallsyms changed the way it displays null addresses.

Joseph Salisbury (jsalisbury)
Changed in linux (Ubuntu):
importance: Undecided → Medium
status: Incomplete → Triaged
tags: added: kernel-da-key
Revision history for this message
Steve Beattie (sbeattie) wrote :

Looks like the change to how /proc/kallsyms displays addresses was introduced in:

commit d97106ab53f812910a62d18afb9dbe882819c1ba
Author: Linus Torvalds <email address hidden>
Date: Sat Jan 3 11:46:17 2009 -0800

    Make %p print '(null)' for NULL pointers

Upstream fixed it in 3a129cc2151425e5aeb69aeb25fbc994ec738137 but was not originally submitted to linux-stable (that has been rectified).

It could be worked around in the qrt script, but I'm not convinced that's the right thing to do here.

It should be noted that the behavior that the script is testing for, kernel addresses in /proc/kallsyms not being visible to unprivileged processes, is correct here. So there's no security impact from this, and it should not block promoting kernels, from the security team's perspective.

Revision history for this message
Steve Beattie (sbeattie) wrote :

Queued for stable 4.15 branch here: https://www.spinics.net/lists/stable/msg219894.html

Changed in qa-regression-testing:
status: New → Invalid
Revision history for this message
Steve Beattie (sbeattie) wrote :

After the kernel fixed the /proc/kallsyms output, this exposed some other behavioral changes around kernel pointers that were introduced in 4.15. I've refactored the qrt script to make these changes independent of each other (so that if one fails, other checks will still run), as well as fixed things up to take into account the new 4.15 behaviors.

This is in qrt git commit https://git.launchpad.net/qa-regression-testing/commit/?id=21d3d42aa75eef6b4253f9a0304a4ef63ec84b18 .

Thanks.

Changed in qa-regression-testing:
status: Invalid → Fix Released
Changed in linux (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.