user_notification_basic in seccomp of ubuntu_kernel_selftest failed on Bionic-5.0 Kernels
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ubuntu-kernel-tests |
Fix Released
|
Undecided
|
Unassigned | ||
linux (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Bionic |
Invalid
|
Undecided
|
Unassigned | ||
Disco |
Won't Fix
|
Medium
|
Thadeu Lima de Souza Cascardo | ||
Eoan |
Fix Released
|
Medium
|
Thadeu Lima de Souza Cascardo | ||
linux-aws (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Bionic |
Invalid
|
Undecided
|
Unassigned | ||
Disco |
Won't Fix
|
Undecided
|
Unassigned | ||
Eoan |
Fix Released
|
Undecided
|
Unassigned | ||
linux-gcp (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Bionic |
Invalid
|
Undecided
|
Unassigned | ||
Disco |
Won't Fix
|
Undecided
|
Unassigned | ||
Eoan |
Fix Released
|
Undecided
|
Unassigned | ||
linux-signed-oracle-5.0 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Bionic |
Invalid
|
Undecided
|
Unassigned | ||
Disco |
Won't Fix
|
Undecided
|
Unassigned | ||
Eoan |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
[Impact]
Running seccomp kernel selftests will fail.
[Test case]
Run linux/tools/
On failure:
seccomp_
seccomp_
global.
[ FAIL ] global.
On success:
[ RUN ] global.
[ OK ] global.
[Regression potential]
The test is checking that the given structure which the kernel will write to is all zeroes. It's doing it because it wants userspace to have the possibility in the future to give data there indicating support for an extension that might be developed in the future. As the test is there right now, not applying the breaking uABI fix might cause us to miss applications that would break in future kernels. As the backport for that is prone for more regression potential, we are deciding to revert the new test.
=======
Issue found on Oracle Bionic 5.0 (oracle : 5.0.0-1011.16 : amd64)
[ RUN ] global.
seccomp_
seccomp_
global.
[ FAIL ] global.
This cannot be reproduced with the kselftest in older kernel, probably a test case issue.
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: linux-image-
ProcVersionSign
Uname: Linux 5.0.0-1011-oracle x86_64
ApportVersion: 2.20.9-0ubuntu7.10
Architecture: amd64
Date: Mon Feb 10 05:17:54 2020
ProcEnviron:
TERM=xterm-
PATH=(custom, no user)
XDG_RUNTIME_
LANG=C.UTF-8
SHELL=/bin/bash
SourcePackage: linux-signed-
UpgradeStatus: No upgrade log present (probably fresh install)
CVE References
tags: | added: sru-20200217 |
tags: | added: azure |
Changed in linux (Ubuntu Eoan): | |
assignee: | nobody → Thadeu Lima de Souza Cascardo (cascardo) |
importance: | Undecided → Medium |
status: | New → Confirmed |
description: | updated |
description: | updated |
Changed in linux (Ubuntu Disco): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Eoan): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Disco): | |
status: | Fix Committed → Won't Fix |
Changed in linux-aws (Ubuntu Disco): | |
status: | New → Won't Fix |
Changed in linux-gcp (Ubuntu Disco): | |
status: | New → Won't Fix |
Changed in linux-signed-oracle-5.0 (Ubuntu Disco): | |
status: | New → Won't Fix |
Changed in linux-aws (Ubuntu Bionic): | |
status: | New → Invalid |
Changed in ubuntu-kernel-tests: | |
status: | Triaged → Fix Released |
Changed in linux-gcp (Ubuntu Bionic): | |
status: | New → Invalid |
Changed in linux-gcp (Ubuntu): | |
status: | New → Invalid |
Changed in linux-signed-oracle-5.0 (Ubuntu Bionic): | |
status: | New → Invalid |
Changed in linux-signed-oracle-5.0 (Ubuntu): | |
status: | New → Invalid |
Changed in linux-aws (Ubuntu): | |
status: | New → Invalid |
A quick bisect shows this is the cause: 8a980eb6423ff5b 5ebae8db7d is the first bad commit 8a980eb6423ff5b 5ebae8db7d
98618307e42790d
commit 98618307e42790d
Author: Sargun Dhillon <email address hidden>
Date: Mon Dec 30 12:38:11 2019 -0800
selftests/ seccomp: Catch garbage on SECCOMP_ IOCTL_NOTIF_ RECV
BugLink: https:/ /bugs.launchpad .net/bugs/ 1860799
commit e4ab5ccc357b978 999328fadae164e 098c26fa40 upstream.
This adds logic to the user_notificati on_basic test to set a member
of struct seccomp_notif to an invalid value to ensure that the kernel
returns EINVAL if any of the struct seccomp_notif members are set to
invalid values.
Signed-off-by: Sargun Dhillon <email address hidden>
Suggested-by: Christian Brauner <email address hidden>
Link: https://<email address hidden>
Fixes: 6a21cc50f0c7 ("seccomp: add a return code to trap to userspace")
Cc: <email address hidden>
Signed-off-by: Kees Cook <email address hidden>
Signed-off-by: Greg Kroah-Hartman <email address hidden>
Signed-off-by: Kamal Mostafa <email address hidden>
Signed-off-by: Khalid Elmously <email address hidden>
The test will pass with this patch reverted.
However as this patch ensures we have a correct return value EINVAL, so it means this might be a kernel issue.