Activity log for bug #1895132

Date Who What changed Old value New value Message
2020-09-10 11:47:06 Christian Brauner bug added bug
2020-09-10 11:47:20 Christian Brauner bug added subscriber Ubuntu Containers Team
2020-09-10 11:47:31 Christian Brauner bug added subscriber Seth Forshee
2020-09-10 11:47:37 Christian Brauner linux (Ubuntu): status New Confirmed
2020-09-10 11:51:32 Christian Brauner description SRU Justification Impact: On kernels prior to 5.8 when a task is in traced state (due to audit, ptrace, or seccomp) s390x and a syscall is issued that the kernel doesn't know about s390x will not return ENOSYS in r2 but instead will return the syscall number. This breaks userspace all over the place. The following program compiled on s390x will output 500 instead of -ENOSYS: root@test:~# cat test.c #define _GNU_SOURCE #include <libgen.h> #include <errno.h> #include <fcntl.h> #include <limits.h> #include <stdint.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <sys/stat.h> #include <sys/syscall.h> #include <sys/types.h> #include <sys/wait.h> #include <unistd.h> static inline int dummy_inline_asm(void) { register long r1 asm("r1") = 500; register long r2 asm("r2") = -1; register long r3 asm("r3") = -1; register long r4 asm("r4") = -1; register long r5 asm("r5") = -1; register long __res_r2 asm("r2"); asm volatile( "svc 0\n\t" : "=d"(__res_r2) : "d"(r1), "0"(r2), "d"(r3), "d"(r4), "d"(r5) : "memory"); return (int) __res_r2; } static inline int dummy_syscall(void) { return syscall(500, -1, -1, -1, -1); } int main(int argc, char *argv[]) { printf("Uhm: %d\n", dummy_inline_asm()); printf("Uhm: %d\n", dummy_syscall()); exit(EXIT_SUCCESS); } Fix: Backport commit cd29fa798001075a554b978df3a64e6656c25794 Author: Sven Schnelle <svens@linux.ibm.com> Date: Fri Mar 6 13:18:31 2020 +0100 s390/ptrace: return -ENOSYS when invalid syscall is supplied The current code returns the syscall number which an invalid syscall number is supplied and tracing is enabled. This makes the strace testsuite fail. Signed-off-by: Sven Schnelle <svens@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com> which got released with 5.8. The commit missed to Cc stable and although I've asked Sven to include it in stable I'm not sure when or if it will show up there. Regression Potential: Limited to s390x. Test Case: The reproducer given above needs to output -ENOSYS instead of 500. SRU Justification Impact: On kernels prior to 5.8 when a task is in traced state (due to audit, ptrace, or seccomp) s390x and a syscall is issued that the kernel doesn't know about s390x will not return ENOSYS in r2 but instead will return the syscall number. This breaks userspace all over the place. The following program compiled on s390x will output 500 instead of -ENOSYS: root@test:~# cat test.c #define _GNU_SOURCE #include <libgen.h> #include <errno.h> #include <fcntl.h> #include <limits.h> #include <stdint.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <sys/stat.h> #include <sys/syscall.h> #include <sys/types.h> #include <sys/wait.h> #include <unistd.h> static inline int dummy_inline_asm(void) {         register long r1 asm("r1") = 500;         register long r2 asm("r2") = -1;         register long r3 asm("r3") = -1;         register long r4 asm("r4") = -1;         register long r5 asm("r5") = -1;         register long __res_r2 asm("r2");         asm volatile(             "svc 0\n\t"              : "=d"(__res_r2)              : "d"(r1), "0"(r2), "d"(r3), "d"(r4), "d"(r5)              : "memory");         return (int) __res_r2; } static inline int dummy_syscall(void) {         return syscall(500, -1, -1, -1, -1); } int main(int argc, char *argv[]) {         printf("Uhm: %d\n", dummy_inline_asm());         printf("Uhm: %d\n", dummy_syscall());         exit(EXIT_SUCCESS); } This breaks LXD on s390x currently completely as well as strace. Fix: Backport commit cd29fa798001075a554b978df3a64e6656c25794 Author: Sven Schnelle <svens@linux.ibm.com> Date: Fri Mar 6 13:18:31 2020 +0100     s390/ptrace: return -ENOSYS when invalid syscall is supplied     The current code returns the syscall number which an invalid     syscall number is supplied and tracing is enabled. This makes     the strace testsuite fail.     Signed-off-by: Sven Schnelle <svens@linux.ibm.com>     Signed-off-by: Vasily Gorbik <gor@linux.ibm.com> which got released with 5.8. The commit missed to Cc stable and although I've asked Sven to include it in stable I'm not sure when or if it will show up there. Regression Potential: Limited to s390x. Test Case: The reproducer given above needs to output -ENOSYS instead of 500.
2020-12-04 18:47:35 Dan Streetman bug added subscriber Dan Streetman
2020-12-05 16:17:31 Frank Heimes bug added subscriber Frank Heimes
2020-12-07 10:01:49 Stefan Bader nominated for series Ubuntu Focal
2020-12-07 10:01:49 Stefan Bader bug task added linux (Ubuntu Focal)
2020-12-07 10:02:30 Stefan Bader linux (Ubuntu Focal): importance Undecided Medium
2020-12-07 10:02:30 Stefan Bader linux (Ubuntu Focal): status New In Progress
2020-12-07 10:02:30 Stefan Bader linux (Ubuntu Focal): assignee Dan Streetman (ddstreet)
2020-12-07 10:02:39 Stefan Bader linux (Ubuntu): status Confirmed Invalid
2021-01-18 09:39:23 Stefan Bader linux (Ubuntu Focal): status In Progress Fix Committed
2021-01-18 10:21:32 Frank Heimes bug task added ubuntu-z-systems
2021-01-18 10:21:43 Frank Heimes ubuntu-z-systems: status New Fix Committed
2021-01-18 10:21:52 Frank Heimes tags s390x
2021-02-01 14:58:03 Christian Ehrhardt  bug added subscriber Christian Ehrhardt 
2021-02-01 15:07:29 Paride Legovini bug added subscriber Paride Legovini
2021-02-05 10:18:08 Ubuntu Kernel Bot tags s390x s390x verification-needed-focal
2021-02-09 21:58:55 Dan Streetman tags s390x verification-needed-focal s390x verification-done-focal
2021-02-23 16:16:31 Launchpad Janitor linux (Ubuntu Focal): status Fix Committed Fix Released
2021-02-23 16:16:31 Launchpad Janitor cve linked 2020-27777
2021-02-23 16:16:31 Launchpad Janitor cve linked 2020-29372
2021-02-23 17:05:37 Frank Heimes ubuntu-z-systems: status Fix Committed Fix Released
2021-04-21 18:30:46 Dan Streetman nominated for series Ubuntu Bionic
2021-04-21 18:30:46 Dan Streetman bug task added linux (Ubuntu Bionic)
2021-04-21 18:34:42 Dan Streetman description SRU Justification Impact: On kernels prior to 5.8 when a task is in traced state (due to audit, ptrace, or seccomp) s390x and a syscall is issued that the kernel doesn't know about s390x will not return ENOSYS in r2 but instead will return the syscall number. This breaks userspace all over the place. The following program compiled on s390x will output 500 instead of -ENOSYS: root@test:~# cat test.c #define _GNU_SOURCE #include <libgen.h> #include <errno.h> #include <fcntl.h> #include <limits.h> #include <stdint.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <sys/stat.h> #include <sys/syscall.h> #include <sys/types.h> #include <sys/wait.h> #include <unistd.h> static inline int dummy_inline_asm(void) {         register long r1 asm("r1") = 500;         register long r2 asm("r2") = -1;         register long r3 asm("r3") = -1;         register long r4 asm("r4") = -1;         register long r5 asm("r5") = -1;         register long __res_r2 asm("r2");         asm volatile(             "svc 0\n\t"              : "=d"(__res_r2)              : "d"(r1), "0"(r2), "d"(r3), "d"(r4), "d"(r5)              : "memory");         return (int) __res_r2; } static inline int dummy_syscall(void) {         return syscall(500, -1, -1, -1, -1); } int main(int argc, char *argv[]) {         printf("Uhm: %d\n", dummy_inline_asm());         printf("Uhm: %d\n", dummy_syscall());         exit(EXIT_SUCCESS); } This breaks LXD on s390x currently completely as well as strace. Fix: Backport commit cd29fa798001075a554b978df3a64e6656c25794 Author: Sven Schnelle <svens@linux.ibm.com> Date: Fri Mar 6 13:18:31 2020 +0100     s390/ptrace: return -ENOSYS when invalid syscall is supplied     The current code returns the syscall number which an invalid     syscall number is supplied and tracing is enabled. This makes     the strace testsuite fail.     Signed-off-by: Sven Schnelle <svens@linux.ibm.com>     Signed-off-by: Vasily Gorbik <gor@linux.ibm.com> which got released with 5.8. The commit missed to Cc stable and although I've asked Sven to include it in stable I'm not sure when or if it will show up there. Regression Potential: Limited to s390x. Test Case: The reproducer given above needs to output -ENOSYS instead of 500. SRU Justification Note: I marked this as affecting bionic as well, as discovered in bug 1916485. Impact: On kernels prior to 5.8 when a task is in traced state (due to audit, ptrace, or seccomp) s390x and a syscall is issued that the kernel doesn't know about s390x will not return ENOSYS in r2 but instead will return the syscall number. This breaks userspace all over the place. The following program compiled on s390x will output 500 instead of -ENOSYS: root@test:~# cat test.c #define _GNU_SOURCE #include <libgen.h> #include <errno.h> #include <fcntl.h> #include <limits.h> #include <stdint.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <sys/stat.h> #include <sys/syscall.h> #include <sys/types.h> #include <sys/wait.h> #include <unistd.h> static inline int dummy_inline_asm(void) {         register long r1 asm("r1") = 500;         register long r2 asm("r2") = -1;         register long r3 asm("r3") = -1;         register long r4 asm("r4") = -1;         register long r5 asm("r5") = -1;         register long __res_r2 asm("r2");         asm volatile(             "svc 0\n\t"              : "=d"(__res_r2)              : "d"(r1), "0"(r2), "d"(r3), "d"(r4), "d"(r5)              : "memory");         return (int) __res_r2; } static inline int dummy_syscall(void) {         return syscall(500, -1, -1, -1, -1); } int main(int argc, char *argv[]) {         printf("Uhm: %d\n", dummy_inline_asm());         printf("Uhm: %d\n", dummy_syscall());         exit(EXIT_SUCCESS); } This breaks LXD on s390x currently completely as well as strace. Fix: Backport commit cd29fa798001075a554b978df3a64e6656c25794 Author: Sven Schnelle <svens@linux.ibm.com> Date: Fri Mar 6 13:18:31 2020 +0100     s390/ptrace: return -ENOSYS when invalid syscall is supplied     The current code returns the syscall number which an invalid     syscall number is supplied and tracing is enabled. This makes     the strace testsuite fail.     Signed-off-by: Sven Schnelle <svens@linux.ibm.com>     Signed-off-by: Vasily Gorbik <gor@linux.ibm.com> which got released with 5.8. The commit missed to Cc stable and although I've asked Sven to include it in stable I'm not sure when or if it will show up there. Regression Potential: Limited to s390x. Test Case: The reproducer given above needs to output -ENOSYS instead of 500.
2021-04-22 08:06:43 Stefan Bader linux (Ubuntu Bionic): status New In Progress
2021-04-22 08:06:47 Stefan Bader linux (Ubuntu Bionic): importance Undecided Medium
2021-04-23 10:13:59 Stefan Bader linux (Ubuntu Bionic): status In Progress Fix Committed