Ubuntu
linux package

xattr length returned by vfs_getxattr() is not correct in Trusty kernel

Bug #1798013 reported by Po-Hsu Lin
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ubuntu-kernel-tests
Fix Released
Medium
Po-Hsu Lin
linux (Ubuntu)
Fix Released
Medium
Po-Hsu Lin
Trusty
Fix Released
Medium
Unassigned

Bug Description

== Justification ==
This issue has been addressed in bug 1789746 for other kernels

When the getxattr05 test in ubuntu_ltp_syscalls test suite, the test will failed with:

tag=getxattr05 stime=1539663573
cmdline="getxattr05"
contacts=""
analysis=exit
<<<test_output>>>
incrementing stop
tst_test.c:1072: INFO: Timeout per run is 0h 05m 00s
getxattr05.c:85: PASS: Got same data when acquiring the value of system.posix_acl_access twice
getxattr05.c:80: FAIL: Got different data(00 != ffffffff) at 16
getxattr05.c:85: PASS: Got same data when acquiring the value of system.posix_acl_access twice

Summary:
passed 2
failed 1
skipped 0
warnings 0

This is caused by posix_acl_fix_xattr_to_user() being passed the total buffer size and not the actual size of the xattr as returned by vfs_getxattr().

== Fix ==
82c9a927bc5d ("getxattr: use correct xattr length")

A test kernel for Trusty could be found here:
http://people.canonical.com/~phlin/kernel/lp-1798013-getxattr05/

== Regression Potential ==
Low, this one-liner fix just passes the actual length of the xattr as returned by vfs_getxattr() down.

== Test Case ==
Run the getxattr05 test in ubuntu_ltp_syscalls test suite. And it will pass with the patched kernel.

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: linux-image-3.13.0-160-generic 3.13.0-160.210
ProcVersionSignature: User Name 3.13.0-160.210-generic 3.13.11-ckt39
Uname: Linux 3.13.0-160-generic x86_64
AlsaDevices:
 total 0
 crw-rw---- 1 root audio 116, 1 Oct 16 03:39 seq
 crw-rw---- 1 root audio 116, 33 Oct 16 03:39 timer
AplayDevices: Error: [Errno 2] No such file or directory: 'aplay'
ApportVersion: 2.14.1-0ubuntu3.29
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord'
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
Date: Tue Oct 16 04:19:43 2018
IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig'
MachineType: Intel Corporation S1200RP
PciMultimedia:

ProcFB: 0 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.13.0-160-generic root=UUID=b0d2ae4e-12dd-423e-acea-272ee8b2a893 ro console=ttyS0,115200n8
RelatedPackageVersions:
 linux-restricted-modules-3.13.0-160-generic N/A
 linux-backports-modules-3.13.0-160-generic N/A
 linux-firmware 1.127.24
RfKill: Error: [Errno 2] No such file or directory: 'rfkill'
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 07/01/2015
dmi.bios.vendor: Intel Corp.
dmi.bios.version: S1200RP.86B.03.02.0003.070120151022
dmi.board.asset.tag: ....................
dmi.board.name: S1200RP
dmi.board.vendor: Intel Corporation
dmi.board.version: G62254-407
dmi.chassis.asset.tag: ....................
dmi.chassis.type: 17
dmi.chassis.vendor: ..............................
dmi.chassis.version: ..................
dmi.modalias: dmi:bvnIntelCorp.:bvrS1200RP.86B.03.02.0003.070120151022:bd07/01/2015:svnIntelCorporation:pnS1200RP:pvr....................:rvnIntelCorporation:rnS1200RP:rvrG62254-407:cvn..............................:ct17:cvr..................:
dmi.product.name: S1200RP
dmi.product.version: ....................
dmi.sys.vendor: Intel Corporation

See original description
Revision history for this message
Po-Hsu Lin (cypressyew) wrote :
Revision history for this message
Po-Hsu Lin (cypressyew) wrote :

From the test case:

 * This issue included by getxattr05 has been fixed in kernel:
 * '82c9a927bc5d ("getxattr: use correct xattr length")'
 */

Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : Status changed to Confirmed

This change was made by a bot.

Changed in linux (Ubuntu):
status: New → Confirmed
Po-Hsu Lin (cypressyew)
Changed in ubuntu-kernel-tests:
status: New → In Progress
Changed in linux (Ubuntu):
status: Confirmed → In Progress
Changed in ubuntu-kernel-tests:
assignee: nobody → Po-Hsu Lin (cypressyew)
Changed in linux (Ubuntu):
assignee: nobody → Po-Hsu Lin (cypressyew)
Po-Hsu Lin (cypressyew)
summary: - getxattr05 in ubuntu_ltp_syscalls failed with T
+ xattr length returned by vfs_getxattr() is not correct in Trusty kernel
Po-Hsu Lin (cypressyew)
description: updated
description: updated
Po-Hsu Lin (cypressyew)
description: updated
description: updated
Stefan Bader (smb)
Changed in linux (Ubuntu):
status: In Progress → Fix Released
Po-Hsu Lin (cypressyew)
Changed in ubuntu-kernel-tests:
importance: Undecided → Medium
Changed in linux (Ubuntu):
importance: Undecided → Medium
Changed in linux (Ubuntu Trusty):
importance: Undecided → Medium
Stefan Bader (smb)
Changed in linux (Ubuntu Trusty):
status: New → Fix Committed
Revision history for this message
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-trusty' to 'verification-done-trusty'. If the problem still exists, change the tag 'verification-needed-trusty' to 'verification-failed-trusty'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-trusty
Revision history for this message
Po-Hsu Lin (cypressyew) wrote :

The getxattr05 test can pass with this kernel, thanks

tags: added: verification-done-trusty
removed: verification-needed-trusty
Changed in ubuntu-kernel-tests:
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 3.13.0-162.212

---------------
linux (3.13.0-162.212) trusty; urgency=medium

  * linux: 3.13.0-162.212 -proposed tracker (LP: #1799399)

  * packet socket panic in Trusty 3.13.0-157 and later (LP: #1800254)
    - SAUCE: (no-up) net/packet: fix erroneous dev_add_pack usage in fanout

  * Cleanup Meltdown/Spectre implementation (LP: #1779848)
    - x86/Documentation: Add PTI description
    - Revert "x86/cpu/AMD: Make the LFENCE instruction serialized"
    - x86/cpu/AMD: Make LFENCE a serializing instruction
    - x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC
    - x86/pti: Document fix wrong index
    - x86/nospec: Fix header guards names
    - x86/bugs: Drop one "mitigation" from dmesg
    - x86/spectre: Check CONFIG_RETPOLINE in command line parser
    - x86/spectre: Simplify spectre_v2 command line parsing
    - x86/spectre: Fix an error message
    - SAUCE: x86/cpufeatures: Reorder spectre-related feature bits
    - x86/cpufeatures: Add AMD feature bits for Speculation Control
    - SAUCE: x86/msr: Fix formatting of msr-index.h
    - SAUCE: x86/msr: Rename MSR spec control feature bits
    - x86/pti: Mark constant arrays as __initconst
    - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support
    - x86/cpufeatures: Clean up Spectre v2 related CPUID flags
    - x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
    - SAUCE: x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP
    - SAUCE: x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS
    - x86/speculation: Use IBRS if available before calling into firmware
    - x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP
    - SAUCE: x86/bugs: Fix re-use of SPEC_CTRL MSR boot value
    - SAUCE: Move SSBD feature detection to common code
    - SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code
    - SAUCE: x86/speculation: Query individual feature flags when reloading
      microcode
    - xen: Add xen_arch_suspend()
    - x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend
    - SAUCE: x86/pti: Evaluate X86_BUG_CPU_MELTDOWN when pti=auto
    - SAUCE: x86/speculation: Make use of indirect_branch_prediction_barrier()
    - SAUCE: x86/speculation: Cleanup IBPB runtime control handling
    - SAUCE: x86/speculation: Cleanup IBRS runtime control handling

  * CVE-2016-9588
    - kvm: nVMX: Allow L1 to intercept software exceptions (#BP and #OF)

  * CVE-2017-16649
    - net: cdc_ether: fix divide by 0 on bad descriptors

  * CVE-2018-9363
    - Bluetooth: hidp: buffer overflow in hidp_process_report

  * CVE-2017-13168
    - scsi: sg: mitigate read/write abuse

  * xattr length returned by vfs_getxattr() is not correct in Trusty kernel
    (LP: #1798013)
    - getxattr: use correct xattr length

  * CVE-2018-16658
    - cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status

 -- Stefan Bader <email address hidden> Mon, 29 Oct 2018 11:31:15 +0100

Changed in linux (Ubuntu Trusty):
status: Fix Committed → Fix Released
Brad Figg (brad-figg)
tags: added: cscc
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.