cve-2015-3290 in cve from ubuntu_ltp failed with B/D-i386

Bug #1837005 reported by Po-Hsu Lin on 2019-07-18
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ubuntu-kernel-tests
Undecided
Unassigned
linux (Ubuntu)
Undecided
Unassigned
Bionic
Undecided
Unassigned
Disco
Undecided
Unassigned

Bug Description

This issue was only spotted on an i386 node "pepe" with Disco kernel, passed with other arch with Disco.

On B/C i386, the CVE test was not successfully executed, failed with Resource temporarily unavailable.
Will need to verify this manually.

Test report:
<<<test_start>>>
tag=cve-2015-3290 stime=1563431630
cmdline="cve-2015-3290"
contacts=""
analysis=exit
<<<test_output>>>
incrementing stop
tst_test.c:1100: INFO: Timeout per run is 0h 03m 00s
cve-2015-3290.c:407: INFO: attempting to corrupt nested NMI stack state
cve-2015-3290.c:460: FAIL: corrupted NMI stack

Summary:
passed 0
failed 1
skipped 0
warnings 0

syslog output:
 06:33:50 pepe kernel: [ 6042.144077] LTP: starting cve-2015-3290
 06:33:50 pepe kernel: [ 6042.159521] perf: interrupt took too long (2518 > 2500), lowering kernel.perf_event_max_sample_rate to 79250
 06:33:50 pepe kernel: [ 6042.159531] show_signal: 16 callbacks suppressed
 06:33:50 pepe kernel: [ 6042.159532] traps: cve-2015-3290[7761] general protection fault ip:46c0ef sp:b7d43280 error:800
 06:33:50 pepe AutotestCrashHandler: Application cve-2015-3290, PID 7760 crashed
 06:33:50 pepe AutotestCrashHandler: Writing core files to ['/home/ubuntu/autotest/client/results/default/ubuntu_ltp.fs/debug/crash.cve-2015-3290.7760']
 06:33:50 pepe AutotestCrashHandler: Could not determine from which application core file /home/ubuntu/autotest/client/results/default/ubuntu_ltp.fs/debug/crash.cve-2015-3290.7760/core is from

ProblemType: Bug
DistroRelease: Ubuntu 19.04
Package: linux-image-5.0.0-20-generic 5.0.0-20.21
ProcVersionSignature: User Name 5.0.0-20.21-generic 5.0.8
Uname: Linux 5.0.0-20-generic i686
AlsaDevices:
 total 0
 crw-rw---- 1 root audio 116, 1 Jul 18 04:53 seq
 crw-rw---- 1 root audio 116, 33 Jul 18 04:53 timer
AplayDevices: Error: [Errno 2] No such file or directory: 'aplay': 'aplay'
ApportVersion: 2.20.10-0ubuntu27.1
Architecture: i386
ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord': 'arecord'
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
CurrentDmesg:
 [ 6042.144077] LTP: starting cve-2015-3290
 [ 6042.159521] perf: interrupt took too long (2518 > 2500), lowering kernel.perf_event_max_sample_rate to 79250
 [ 6042.159531] show_signal: 16 callbacks suppressed
 [ 6042.159532] traps: cve-2015-3290[7761] general protection fault ip:46c0ef sp:b7d43280 error:800
Date: Thu Jul 18 06:36:51 2019
IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig': 'iwconfig'
Lsusb:
 Bus 002 Device 002: ID 8087:0020 Intel Corp. Integrated Rate Matching Hub
 Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
 Bus 001 Device 003: ID 0424:2514 Standard Microsystems Corp. USB 2.0 Hub
 Bus 001 Device 002: ID 8087:0020 Intel Corp. Integrated Rate Matching Hub
 Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
MachineType: Dell Inc. PowerEdge R310
PciMultimedia:

ProcFB: 0 mgadrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.0.0-20-generic root=UUID=7b91a2b8-2e02-407e-a51d-766f6d969020 ro
RelatedPackageVersions:
 linux-restricted-modules-5.0.0-20-generic N/A
 linux-backports-modules-5.0.0-20-generic N/A
 linux-firmware 1.178.2
RfKill: Error: [Errno 2] No such file or directory: 'rfkill': 'rfkill'
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 08/17/2011
dmi.bios.vendor: Dell Inc.
dmi.bios.version: 1.8.2
dmi.board.name: 05XKKK
dmi.board.vendor: Dell Inc.
dmi.board.version: A05
dmi.chassis.type: 23
dmi.chassis.vendor: Dell Inc.
dmi.modalias: dmi:bvnDellInc.:bvr1.8.2:bd08/17/2011:svnDellInc.:pnPowerEdgeR310:pvr:rvnDellInc.:rn05XKKK:rvrA05:cvnDellInc.:ct23:cvr:
dmi.product.name: PowerEdge R310
dmi.sys.vendor: Dell Inc.

Po-Hsu Lin (cypressyew) wrote :
Po-Hsu Lin (cypressyew) wrote :

From the description of this CVE[1]:
arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64
platform improperly relies on espfix64 during nested NMI processing, which
allows local users to gain privileges by triggering an NMI within a certain
instruction window.

It looks like this is x86_64 specific.

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1837005

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
summary: - cve-2015-3290 in cve from ubuntu_ltp failed with D-i386
+ cve-2015-3290 in cve from ubuntu_ltp failed with B/D-i386
tags: added: 4.15 5.0 sru-20190701 ubuntu-ltp
Po-Hsu Lin (cypressyew) wrote :

From the test source code, it looks like this was designed for both x86_64 and i386

#if HAVE_PERF_EVENT_ATTR && (defined(__x86_64__) || defined(__i386__))

Po-Hsu Lin (cypressyew) wrote :

BTW this is causing failure to the following test, cve-2017-17053 to fail with "kernel already tainted."

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers