xfrm_policy.sh in net from ubuntu_kernel_selftests passed with failed sub-cases

Bug #1909647 reported by Po-Hsu Lin
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ubuntu-kernel-tests
Fix Released
Undecided
Po-Hsu Lin
linux (Ubuntu)
Fix Released
Undecided
Unassigned
Bionic
Invalid
Undecided
Unassigned
Focal
Fix Released
Undecided
Unassigned
Groovy
Fix Released
Undecided
Po-Hsu Lin
Hirsute
Fix Released
Undecided
Unassigned
linux-oem-5.6 (Ubuntu)
Invalid
Undecided
Unassigned
Bionic
Invalid
Undecided
Unassigned
Focal
Fix Released
Undecided
Po-Hsu Lin
Groovy
Invalid
Undecided
Unassigned
Hirsute
Invalid
Undecided
Unassigned

Bug Description

[Impact]
Even with failed cases reported in the xfrm_policy.sh test, the overall result is still "PASS"
$ sudo ./xfrm_policy.sh
 # selftests: net: xfrm_policy.sh
 # PASS: policy before exception matches
 # FAIL: expected ping to .254 to fail (exceptions)
 # PASS: direct policy matches (exceptions)
 # PASS: policy matches (exceptions)
 # FAIL: expected ping to .254 to fail (exceptions and block policies)
 # PASS: direct policy matches (exceptions and block policies)
 # PASS: policy matches (exceptions and block policies)
 # FAIL: expected ping to .254 to fail (exceptions and block policies after hresh changes)
 # PASS: direct policy matches (exceptions and block policies after hresh changes)
 # PASS: policy matches (exceptions and block policies after hresh changes)
 # FAIL: expected ping to .254 to fail (exceptions and block policies after hthresh change in ns3)
 # PASS: direct policy matches (exceptions and block policies after hthresh change in ns3)
 # PASS: policy matches (exceptions and block policies after hthresh change in ns3)
 # FAIL: expected ping to .254 to fail (exceptions and block policies after htresh change to normal)
 # PASS: direct policy matches (exceptions and block policies after htresh change to normal)
 # PASS: policy matches (exceptions and block policies after htresh change to normal)
 # PASS: policies with repeated htresh change
 ok 12 selftests: net: xfrm_policy.sh
$ echo $?
0

This is because of the variable "lret" in check_xfrm() is not a local variable, and it looks like it will override the one in check_exceptions() thus making the return value become 0 for the passed test case after the failed one.

[Fix]
* f6e9ceb7a7fc32 (" selftests: xfrm: fix test return value override issue in xfrm_policy.sh")

Focal kernel got this patch via stable update, and we don't have this test in Bionic. Only Groovy and OEM-5.6 are affected.

This patch can be cherry-picked into all of the affected kernels.

[Test]
Run the xfrm_policy.sh test, if there is any failed case the final result will not be 0.

[Regression Potential]
This change is just for testing tools, it's unlikely to affect real kernel functionality. However it's expected to generate failures in our test report as it's reflecting the real test result.

Po-Hsu Lin (cypressyew)
Changed in ubuntu-kernel-tests:
status: New → In Progress
assignee: nobody → Po-Hsu Lin (cypressyew)
tags: added: sru-20201130
tags: added: ubuntu-kernel-selftests
Po-Hsu Lin (cypressyew)
Changed in linux-oem-5.6 (Ubuntu Bionic):
status: New → Invalid
Changed in linux-oem-5.6 (Ubuntu Groovy):
status: New → Invalid
Changed in linux-oem-5.6 (Ubuntu Hirsute):
status: New → Invalid
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1909647

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Changed in linux (Ubuntu Bionic):
status: New → Incomplete
Changed in linux (Ubuntu Focal):
status: New → Incomplete
Changed in linux (Ubuntu Groovy):
status: New → Incomplete
Po-Hsu Lin (cypressyew)
Changed in linux (Ubuntu Focal):
status: Incomplete → Fix Released
Changed in linux (Ubuntu Bionic):
status: Incomplete → Invalid
Changed in linux (Ubuntu Groovy):
assignee: nobody → Po-Hsu Lin (cypressyew)
status: Incomplete → In Progress
Changed in linux (Ubuntu Hirsute):
status: Incomplete → Fix Released
Po-Hsu Lin (cypressyew)
Changed in linux-oem-5.6 (Ubuntu Focal):
assignee: nobody → Po-Hsu Lin (cypressyew)
status: New → In Progress
Revision history for this message
Po-Hsu Lin (cypressyew) wrote :
Po-Hsu Lin (cypressyew)
description: updated
Po-Hsu Lin (cypressyew)
description: updated
tags: added: groovy
Changed in linux (Ubuntu Groovy):
status: In Progress → Fix Committed
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-groovy' to 'verification-done-groovy'. If the problem still exists, change the tag 'verification-needed-groovy' to 'verification-failed-groovy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-groovy
Revision history for this message
Po-Hsu Lin (cypressyew) wrote :

This test fails on Groovy as expected now:
 # selftests: net: xfrm_policy.sh
 # PASS: policy before exception matches
 # FAIL: expected ping to .254 to fail (exceptions)
 # PASS: direct policy matches (exceptions)
 # PASS: policy matches (exceptions)
 # FAIL: expected ping to .254 to fail (exceptions and block policies)
 # PASS: direct policy matches (exceptions and block policies)
 # PASS: policy matches (exceptions and block policies)
 # FAIL: expected ping to .254 to fail (exceptions and block policies after hresh changes)
 # PASS: direct policy matches (exceptions and block policies after hresh changes)
 # PASS: policy matches (exceptions and block policies after hresh changes)
 # FAIL: expected ping to .254 to fail (exceptions and block policies after hthresh change in ns3)
 # PASS: direct policy matches (exceptions and block policies after hthresh change in ns3)
 # PASS: policy matches (exceptions and block policies after hthresh change in ns3)
 # FAIL: expected ping to .254 to fail (exceptions and block policies after htresh change to normal)
 # PASS: direct policy matches (exceptions and block policies after htresh change to normal)
 # PASS: policy matches (exceptions and block policies after htresh change to normal)
 # PASS: policies with repeated htresh change
 # PASS: policies inserted in random order
 not ok 12 selftests: net: xfrm_policy.sh # exit=1

tags: added: verification-done-groovy
removed: verification-needed-groovy
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-focal
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (28.3 KiB)

This bug was fixed in the package linux - 5.8.0-49.55

---------------
linux (5.8.0-49.55) groovy; urgency=medium

  * groovy/linux: 5.8.0-49.55 -proposed tracker (LP: #1921053)

  * selftests: bpf verifier fails after sanitize_ptr_alu fixes (LP: #1920995)
    - bpf: Simplify alu_limit masking for pointer arithmetic
    - bpf: Add sanity check for upper ptr_limit
    - bpf, selftests: Fix up some test_verifier cases for unprivileged

  * Packaging resync (LP: #1786013)
    - update dkms package versions

  * improper memcg accounting causes NULL pointer derefs (LP: #1918668)
    - SAUCE: Revert "mm: memcg/slab: optimize objcg stock draining"

  * kernel: Enable CONFIG_BPF_LSM on Ubuntu (LP: #1905975)
    - [Config] Enable CONFIG_BPF_LSM

  * Groovy update: upstream stable patchset 2021-03-10 (LP: #1918516)
    - gpio: mvebu: fix pwm .get_state period calculation
    - HID: wacom: Correct NULL dereference on AES pen proximity
    - media: v4l2-subdev.h: BIT() is not available in userspace
    - RDMA/vmw_pvrdma: Fix network_hdr_type reported in WC
    - kernel/io_uring: cancel io_uring before task works
    - io_uring: dont kill fasync under completion_lock
    - objtool: Don't fail on missing symbol table
    - mm/page_alloc: add a missing mm_page_alloc_zone_locked() tracepoint
    - mm: fix a race on nr_swap_pages
    - tools: Factor HOSTCC, HOSTLD, HOSTAR definitions
    - iwlwifi: provide gso_type to GSO packets
    - tty: avoid using vfs_iocb_iter_write() for redirected console writes
    - ACPI: sysfs: Prefer "compatible" modalias
    - kernel: kexec: remove the lock operation of system_transition_mutex
    - ALSA: hda/realtek: Enable headset of ASUS B1400CEPE with ALC256
    - ALSA: hda/via: Apply the workaround generically for Clevo machines
    - parisc: Enable -mlong-calls gcc option by default when !CONFIG_MODULES
    - media: cec: add stm32 driver
    - media: hantro: Fix reset_raw_fmt initialization
    - media: rc: fix timeout handling after switch to microsecond durations
    - media: rc: ite-cir: fix min_timeout calculation
    - media: rc: ensure that uevent can be read directly after rc device register
    - ARM: dts: tbs2910: rename MMC node aliases
    - ARM: dts: ux500: Reserve memory carveouts
    - ARM: dts: imx6qdl-gw52xx: fix duplicate regulator naming
    - wext: fix NULL-ptr-dereference with cfg80211's lack of commit()
    - ASoC: AMD Renoir - refine DMI entries for some Lenovo products
    - drm/i915: Always flush the active worker before returning from the wait
    - drm/i915/gt: Always try to reserve GGTT address 0x0
    - drivers/nouveau/kms/nv50-: Reject format modifiers for cursor planes
    - net: usb: qmi_wwan: added support for Thales Cinterion PLSx3 modem family
    - s390: uv: Fix sysfs max number of VCPUs reporting
    - s390/vfio-ap: No need to disable IRQ after queue reset
    - PM: hibernate: flush swap writer after marking
    - x86/entry: Emit a symbol for register restoring thunk
    - efi/apple-properties: Reinstate support for boolean properties
    - drivers: soc: atmel: Avoid calling at91_soc_init on non AT91 SoCs
    - drivers: soc: atmel: add null entry at the end of at91_soc_allowed_list[]
   ...

Changed in linux (Ubuntu Groovy):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-oem-5.6 - 5.6.0-1053.57

---------------
linux-oem-5.6 (5.6.0-1053.57) focal; urgency=medium

  * focal/linux-oem-5.6: 5.6.0-1053.57 -proposed tracker (LP: #1921042)

  * Packaging resync (LP: #1786013)
    - update dkms package versions

  * LRMv4: switch to signing nvidia modules via the Ubuntu Modules signing key
    (LP: #1918134)
    - [Packaging] sync dkms-build et al from LRMv4

  * CVE-2021-29154
    - SAUCE: bpf, x86: Validate computation of branch displacements for x86-64
    - SAUCE: bpf, x86: Validate computation of branch displacements for x86-32

  * xfrm_policy.sh in net from ubuntu_kernel_selftests passed with failed sub-
    cases (LP: #1909647)
    - selftests: xfrm: fix test return value override issue in xfrm_policy.sh

  * ip_defrag.sh in net from ubuntu_kernel_selftests failed with exit code 255
    on F-oem-5.6 (LP: #1919147)
    - selftests: net: ip_defrag: modprobe missing nf_defrag_ipv6 support

  * l2tp.sh from net in ubuntu_kernel_selftests cause dmesg flooded with
    "unregister_netdevice: waiting for eth0 to become free. Usage count = 1" on
    F-OEM-5.6 (LP: #1919277)
    - l2tp: remove skb_dst_set() from l2tp_xmit_skb()

  * CVE-2020-0466
    - epoll: Keep a reference on files added to the check list
    - do_epoll_ctl(): clean the failure exits up a bit
    - fix regression in "epoll: Keep a reference on files added to the check list"

  * CVE-2021-3178
    - nfsd4: readdirplus shouldn't return parent of export

  * CVE-2020-25285
    - mm/hugetlb: fix a race between hugetlb sysctl handlers

  * CVE-020-10781
    - Revert "zram: convert remaining CLASS_ATTR() to CLASS_ATTR_RO()"

  * CVE-2020-14351
    - perf/core: Fix race in the perf_mmap_close() function

  * CVE-2020-25669
    - Input: sunkbd - avoid use-after-free in teardown paths

  * CVE-2020-14390
    - fbcon: remove soft scrollback code

  * CVE-2021-3411
    - x86/kprobes: Fix optprobe to detect INT3 padding correctly

  * CVE-2020-0423
    - binder: fix UAF when releasing todo list

  * CVE-2020-27830
    - speakup: Reject setting the speakup line discipline outside of speakup

  * CVE-2020-0465
    - HID: core: Correctly handle ReportSize being zero
    - HID: core: Sanitize event code and type when mapping input

  * CVE-2020-25645
    - geneve: add transport ports in route lookup for geneve

  * CVE-2021-20194
    - bpf, cgroup: Fix optlen WARN_ON_ONCE toctou
    - bpf, cgroup: Fix problematic bounds check

  * CVE-2020-36158
    - mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start

 -- Stefan Bader <email address hidden> Fri, 09 Apr 2021 16:43:44 +0200

Changed in linux-oem-5.6 (Ubuntu Focal):
status: In Progress → Fix Released
Po-Hsu Lin (cypressyew)
Changed in ubuntu-kernel-tests:
status: In Progress → Fix Released
tags: added: verification-done-focal
removed: verification-needed-focal
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.