ubuntu-kernel-tests

/proc/self/stack does not exist in kvm kernel, causing failures in kernel security test

Bug #1805105 reported by Po-Hsu Lin on 2018-11-26

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	QA Regression Testing	Fix Released	Undecided	Unassigned
	ubuntu-kernel-tests	Fix Released	Undecided	Unassigned

Bug Description

Linux larry 4.18.0-1005-kvm #5-Ubuntu SMP Thu Nov 15 20:22:03 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

# ls /proc/self/stack
ls: cannot access '/proc/self/stack': No such file or directory

Thus:
FAIL: test_095_kernel_symbols_missing_proc_self_stack (__main__.KernelSecurityTest)
kernel addresses in /proc/self/stack are zeroed out
----------------------------------------------------------------------
Traceback (most recent call last):
File "./test-kernel-security.py", line 1352, in test_095_kernel_symbols_missing_proc_self_stack
self._check_pK_files(self._095_kernel_symbols_missing_proc_self_stack, expected=expected)
File "./test-kernel-security.py", line 1199, in _check_pK_files
test_function(expected_restricted)
File "./test-kernel-security.py", line 1296, in _095_kernel_symbols_missing_proc_self_stack
'/proc/self/stack does not exist')
AssertionError: /proc/self/stack does not exist

Tags:

Po-Hsu Lin (cypressyew) on 2018-11-26

tags:

added: bionic cosmic

Revision history for this message

Po-Hsu Lin (cypressyew) wrote on 2018-11-26:

I think it's the config was not enabled on all the KVM kernels:
# CONFIG_STACKTRACE is not set

This issue should be fixed in the QRT test suite.

tags:	added: xenial
summary:	- /proc/self/stack is gone in kvm kernel, causing failures in kernel + /proc/self/stack does not exist kvm kernel, causing failures in kernel security test
summary:	- /proc/self/stack does not exist kvm kernel, causing failures in kernel - security test + /proc/self/stack does not exist in kvm kernel, causing failures in + kernel security test

Revision history for this message

Colin Ian King (colin-king) wrote on 2018-11-26:

..or perhaps enable that config option for those kernels?

Revision history for this message

Po-Hsu Lin (cypressyew) wrote on 2018-11-27:

Yeah that would be another option for maintainer to decide. Not sure if we will this debug feature for KVM kernels.

Revision history for this message

Steve Beattie (sbeattie) wrote on 2018-11-27:

Regardless of whether the linux-kvm maintainer decides to enable this option, the test should not fail if the option is disabled. I'll fix qrt to check for CONFIG_STACKTRACE.

Thanks!

Revision history for this message

Steve Beattie (sbeattie) wrote on 2018-11-27:

The qa-regression-testing side of things is fixed in commit https://git.launchpad.net/qa-regression-testing/commit/?id=b5cea2f0466f932a86fe31ac3a3ff51dcb99c95e .

Thanks!

Changed in qa-regression-testing:
status:	New → Fix Released

Revision history for this message

Thadeu Lima de Souza Cascardo (cascardo) wrote on 2018-11-27:

By the way, on 4.19, this is now only readable by root. So, now returns EACCESS when user tries to read it.

$ cat /proc/self/stack
cat: /proc/self/stack: Permission denied

f8a00cef17206ecd1b30d3d9f99e10d9fa707aa7 proc: restrict kernel stack dumps to root

Changed in linux (Ubuntu Xenial):
status:	New → Invalid
Changed in linux (Ubuntu Bionic):
status:	New → Invalid

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2018-11-27: Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1805105

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status:	New → Incomplete
Changed in linux (Ubuntu Cosmic):
status:	New → Incomplete

Po-Hsu Lin (cypressyew) on 2018-12-03

no longer affects:

linux (Ubuntu)

Revision history for this message

Po-Hsu Lin (cypressyew) wrote on 2018-12-03:

On a second thought
As this test has been corrected to cope with a kernel without CONFIG_STACKTRACE enabled.
I think this should be enough to close this bug.

If we ever need a discussion / tracking bug for enabling CONFIG_STACKTRACE or not, we can have a new bug for it.

I will close this bug.
Thanks!

Changed in ubuntu-kernel-tests:
status:	New → Fix Released

Po-Hsu Lin (cypressyew) on 2018-12-03

no longer affects:

linux-kvm (Ubuntu)

Po-Hsu Lin (cypressyew) on 2019-01-08

no longer affects:	linux-kvm (Ubuntu Disco)
no longer affects:	linux-kvm (Ubuntu Cosmic)
no longer affects:	linux-kvm (Ubuntu Bionic)
no longer affects:	linux-kvm (Ubuntu Xenial)
no longer affects:	linux (Ubuntu Disco)
no longer affects:	linux (Ubuntu Xenial)
no longer affects:	linux (Ubuntu Cosmic)
no longer affects:	linux (Ubuntu Bionic)

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.