QA Regression Testing

ubuntu_qrt_kernel_security test_060_nx failed on Trusty ARM64

Bug #1712038 reported by Po-Hsu Lin
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
QA Regression Testing
Fix Released
Undecided
Steve Beattie
ubuntu-kernel-tests
Fix Released
Undecided
Unassigned
linux (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

From the error output, this bug was marked as Failed, instead of being skipped:

NX bit is working ... (skipped: ARM64 older than 4.4 has READ_IMPLIES_EXEC personality set) FAIL

FAIL: test_060_nx (__main__.KernelSecurityTest)
 NX bit is working
 ----------------------------------------------------------------------
 Traceback (most recent call last):
   File "./test-kernel-security.py", line 460, in test_060_nx
     self.assertShellExitEquals(expected, ["./nx-test", "data"])
   File "/home/ubuntu/autotest/client/tmp/ubuntu_qrt_kernel_security/src/qa-regression-testing/scripts/testlib.py", line 1134, in assertShellExitEquals
     self.assertEqual(expected, rc, msg + result + report)
 AssertionError: Got exit code -11, expected 0
 Command: './nx-test', 'data'
 Output:
 rodata:0x4010c0
 data: 0x4120a8
 bss: 0x4220c8
 brk: 0x20de1010
 rw: 0x7f833a1000
 rwx: 0x7f833a0000
 stack: 0x7fdd19bfd8
 Dump of /proc/self/maps:
 00400000-00402000 r-xp 00000000 08:02 10096524 /home/ubuntu/autotest/client/tmp/ubuntu_qrt_kernel_security/src/qa-regression-testing/scripts/kernel-security/nx/nx-test
 00411000-00412000 r--p 00001000 08:02 10096524 /home/ubuntu/autotest/client/tmp/ubuntu_qrt_kernel_security/src/qa-regression-testing/scripts/kernel-security/nx/nx-test
 00412000-00413000 rw-p 00002000 08:02 10096524 /home/ubuntu/autotest/client/tmp/ubuntu_qrt_kernel_security/src/qa-regression-testing/scripts/kernel-security/nx/nx-test
 00413000-00423000 rw-p 00000000 00:00 0
 20de1000-20e03000 rw-p 00000000 00:00 0 [heap]
 7f8320c000-7f8322c000 rw-p 00000000 00:00 0
 7f8322c000-7f8335f000 r-xp 00000000 08:02 4718846 /lib/aarch64-linux-gnu/libc-2.19.so
 7f8335f000-7f8336f000 ---p 00133000 08:02 4718846 /lib/aarch64-linux-gnu/libc-2.19.so
 7f8336f000-7f83373000 r--p 00133000 08:02 4718846 /lib/aarch64-linux-gnu/libc-2.19.so
 7f83373000-7f83375000 rw-p 00137000 08:02 4718846 /lib/aarch64-linux-gnu/libc-2.19.so
 7f83375000-7f83379000 rw-p 00000000 00:00 0
 7f83379000-7f83395000 r-xp 00000000 08:02 4718835 /lib/aarch64-linux-gnu/ld-2.19.so
 7f83399000-7f8339b000 rw-p 00000000 00:00 0
 7f833a0000-7f833a1000 rwxp 00000000 00:00 0
 7f833a1000-7f833a2000 rw-p 00000000 00:00 0
 7f833a2000-7f833a4000 r-xp 00000000 00:00 0 [vdso]
 7f833a4000-7f833a5000 r--p 0001b000 08:02 4718835 /lib/aarch64-linux-gnu/ld-2.19.so
 7f833a5000-7f833a7000 rw-p 0001c000 08:02 4718835 /lib/aarch64-linux-gnu/ld-2.19.so
 7fdd17c000-7fdd19d000 rw-p 00000000 00:00 0 [stack]
 Attempting to execute function at 0x4120a8
 If this program seg-faults, the region was enforced as non-executable...

Compared to other skipped test, it should be marked as OK, like
PR_SET_SECCOMP works ... (skipped: not available on ARM64) ok

See original description
Tags: trusty
Po-Hsu Lin (cypressyew)
summary: - ubuntu_qrt_kernel_security test_060_nx failed on arm64
+ ubuntu_qrt_kernel_security test_060_nx failed on Trusty ARM64
tags: added: trusty
description: updated
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1712038

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Po-Hsu Lin (cypressyew)
summary: - ubuntu_qrt_kernel_security test_060_nx failed on Trusty ARM64
+ ubuntu_qrt_kernel_security test_060_nx should be skipped on Trusty ARM64
description: updated
Po-Hsu Lin (cypressyew)
summary: - ubuntu_qrt_kernel_security test_060_nx should be skipped on Trusty ARM64
+ ubuntu_qrt_kernel_security test_060_nx sfailed on Trusty ARM64
summary: - ubuntu_qrt_kernel_security test_060_nx sfailed on Trusty ARM64
+ ubuntu_qrt_kernel_security test_060_nx failed on Trusty ARM64
Revision history for this message
Steve Beattie (sbeattie) wrote :

Hi Po-Hsu,

Sorry this has taken so long to get on my radar.

On a trusty arm64 system, can you report on the output of /proc/self/personality? At one point, IIRC, it was setting itself to READ_IMPLIES_EXEC, which caused the ./nx-test executions to succeed when they should have SIGSEGV'ed (exiting with return code -11/139).

For the read-implies-exec cases (nx-test-rie), stack and other data segments are marked as executable as well, so those should succeed.

I will go ahead and mark arm64 as expecting normal results non-executable data segments in QRT, and we can see what breaks there.

Thanks!

Changed in qa-regression-testing:
status: New → In Progress
assignee: nobody → Steve Beattie (sbeattie)
Revision history for this message
Po-Hsu Lin (cypressyew) wrote :

Hi Steve,
the result is:

ubuntu@ms10-34-mcdivittB0-kernel:~$ cat /proc/self/personality
00400000

ubuntu@ms10-34-mcdivittB0-kernel:~$ uname -a
Linux ms10-34-mcdivittB0-kernel 3.13.0-146-generic #195-Ubuntu SMP Tue Apr 24 14:56:21 UTC 2018 aarch64 aarch64 aarch64 GNU/Linux

Revision history for this message
Po-Hsu Lin (cypressyew) wrote :

Hi Steve,
do you need any other information for this?
Thanks

Revision history for this message
Po-Hsu Lin (cypressyew) wrote :

Looks like this issue does not exist anymore.

Tested on an ARM64 node with Trusty kernel:

  test_060_nx (__main__.KernelSecurityTest)
  NX bit is working ... (skipped: ARM64 older than 4.4 used to have READ_IMPLIES_EXEC personality set, but no longer?) ok

Changed in qa-regression-testing:
status: In Progress → Fix Released
Changed in ubuntu-kernel-tests:
status: New → Fix Released
Changed in linux (Ubuntu):
status: Incomplete → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.