af_alg07 in crypto / cve-2019-8912 in cve from ubuntu_ltp failed on B-arm64

Bug #1892860 reported by Po-Hsu Lin on 2020-08-25
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ubuntu-kernel-tests
Undecided
Unassigned
linux (Ubuntu)
Undecided
Unassigned

Bug Description

Issue found on 4.15.0-114.115-generic with ARM64 node appleton-kernel and wright-kernel.

Looks like this is a new test case added 13 days ago:
https://github.com/linux-test-project/ltp/commit/fdff6139e43aa9b19f27907f6d7f2cb4765632a1#diff-8a83d6b2c6c7d74e750e3af47e3f4a79

The test will fail with:
 startup='Fri Aug 14 10:13:27 2020'
 tst_test.c:1247: INFO: Timeout per run is 0h 05m 00s
 tst_taint.c:88: CONF: Ignoring already set kernel warning taint
 ../../../include/tst_fuzzy_sync.h:507: INFO: Minimum sampling period ended
 ../../../include/tst_fuzzy_sync.h:331: INFO: loop = 1024, delay_bias = 0
 ../../../include/tst_fuzzy_sync.h:320: INFO: start_a - start_b: { avg = -2259470ns, avg_dev = 13695382ns, dev_ratio = 6.06 }
 ../../../include/tst_fuzzy_sync.h:320: INFO: end_a - start_a : { avg = 13968ns, avg_dev = 4310ns, dev_ratio = 0.31 }
 ../../../include/tst_fuzzy_sync.h:320: INFO: end_b - start_b : { avg = 15975ns, avg_dev = 50ns, dev_ratio = 0.00 }
 ../../../include/tst_fuzzy_sync.h:320: INFO: end_a - end_b : { avg = -2261477ns, avg_dev = 13699742ns, dev_ratio = 6.06 }
 ../../../include/tst_fuzzy_sync.h:320: INFO: spins : { avg = 3575095 , avg_dev = 4553 , dev_ratio = 0.00 }
 ../../../include/tst_fuzzy_sync.h:637: INFO: Exceeded execution time, requesting exit
 af_alg07.c:97: FAIL: fchownat() failed to fail, kernel may be vulnerable

 HINT: You _MAY_ be missing kernel fixes, see:

 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9060cb719e61

 HINT: You _MAY_ be vulnerable to CVE(s), see:

 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8912

 Summary:
 passed 0
 failed 1
 skipped 1
 warnings 0
 tag=af_alg07 stime=1597400007 dur=150 exit=exited stat=33 core=no cu=15051 cs=0

Po-Hsu Lin (cypressyew) on 2020-08-25
tags: added: arm64
summary: - af_alg07 in crypto from ubuntu_ltp failed on B-arm64
+ af_alg07 in crypto / cve-2019-8912 in cve from ubuntu_ltp failed on
+ B-arm64

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1892860

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Po-Hsu Lin (cypressyew) wrote :

Can be found on Focal OEM 5.6 as well.

tags: added: 5.8 focal
tags: added: 5.6
removed: 5.8
Po-Hsu Lin (cypressyew) wrote :

Still affecting AWS 4.15.0-1083.87 ARM64 (passed on AMD64)

tags: added: sru-20200831
Po-Hsu Lin (cypressyew) wrote :

It's failing with B-azure-5.4 on some instances (Standard_D48_v3 and Standard_DS15_v2) passed with Standard_F2s_v2

It seems that you *can* chown a socket, so this call just works fine. No races with close needed. So, it seems to be a bogus assumption on the part of the test.

Cascardo.

UCT mentions commits 9060cb719e61b685ec0102574e10337fa5f445ea (specific to AF_ALG) and ff7b11aa481f682e0e9711abfeb7d03f5cd612bf (all sockets).

The other commit we should care about is 6d8c50dcb029872b298eea68cc6209c866fd3e14 ("socket: close race condition between sock_close() and sockfs_setattr()").

If you have that one, you should expect ENOENT (which is what the test case expects), but only if sock_close wins the race. If it doesn't, you might still succeed at sockfs_setattr, and then we get this test failure.

Cascardo.

found on aws : 5.4.0-1026.26 : amd64 t2.small

tags: added: sru-20200921
tags: added: 5.4 aws

Spotted on Focal/azure : 5.4.0-1029.29 : amd64

tags: added: amd64 azure
Po-Hsu Lin (cypressyew) wrote :

On F-5.8, this can be found on PowerPC but not AMD64 (ARM64 not tested)

Po-Hsu Lin (cypressyew) wrote :

Still visible on F-azure 5.4.0-1032.33, but only with instance Standard_D48_v3

We might need to test this manually on this instance to see if it needs more time to run.

tags: added: sru-20201109

Found on Groovy/linux 5.8.0-31.33 ppc64el (P9)

tags: added: 5.8 groovy
tags: added: ppc64el
Po-Hsu Lin (cypressyew) wrote :

Found on B-5.4 P9 baltar as well.

Po-Hsu Lin (cypressyew) wrote :

Found on B-azure-4.15 Standard_D48_v3

Po-Hsu Lin (cypressyew) wrote :
Po-Hsu Lin (cypressyew) wrote :

Need to double check if this issue still exists on other kernel / arches

Po-Hsu Lin (cypressyew) wrote :

This bug still exist on F-oem 5.6.0-1037.41 with amd64 node glameow

tags: added: sru-20201130
Po-Hsu Lin (cypressyew) wrote :

I can see this on B-azure-fips 4.15 with instance Standard_D48_v3 only

tags: added: sru-20210104
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers