linux ADT test failure with linux/4.4.0-207.239 - ubuntu_qrt_kernel_security.test-kernel-security.py
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Xenial |
Fix Released
|
Medium
|
Kleber Sacilotto de Souza |
Bug Description
[Impact]
The backport of upstream commit ad67b74d2469d9b
The failing testcases are:
test_095_
test_095_
test_095_
test_300_
The '095' testcases expect the addresses read by a regular user to be zeroed out and test '300' expects the default address for 'startup_64' to be 'ffffffff81000000' for non-kaslr kernels (<4.15). The applied backport leaks what the address 0x0 hashes to on the /proc interfaces instead of the expected values.
Examples:
$ head /proc/kallsyms
00000000b845aaf2 A irq_stack_union
00000000b845aaf2 A __per_cpu_start
00000000b845aaf2 A __per_cpu_
00000000b845aaf2 A vector_irq
00000000b845aaf2 A unsafe_
00000000b845aaf2 A cpu_debug_store
00000000b845aaf2 A cpu_tss
00000000b845aaf2 A exception_stacks
00000000b845aaf2 A gdt_page
00000000b845aaf2 A espfix_waddr
$ sudo head /proc/kallsyms
00000000b845aaf2 A irq_stack_union
00000000b845aaf2 A __per_cpu_start
00000000b845aaf2 A __per_cpu_
00000000cd84b193 A vector_irq
00000000f271a77b A unsafe_
00000000b451cc91 A cpu_debug_store
00000000108c2558 A cpu_tss
000000001484be48 A exception_stacks
000000000a1b6bc6 A gdt_page
00000000f38c128a A espfix_waddr
$ sudo grep -w startup_64 /proc/kallsyms
0000000028c44c50 T startup_64
[Fix]
For the backport to work as expected, we would likely need to backport the following commits as well:
57e734423add vsprintf: refactor %pK code out of pointer()
ef0010a30935 vsprintf: don't use 'restricted_
However, this could introduce other regressions as there are several corner cases in this code path.
Given that the CVEs which are fixed by this patch are all low or negligible, the best solution seems to be to revert this patch altogether.
[Test]
Run ubuntu_
[Where problems could occur]
Reverting this patch can't introduce any regression as it would return the code to the previous state, however it would keep the kernel vulnerable to these CVEs.
[Additional Info]
Testing failed on:
amd64: https:/
i386: https:/
ppc64el: https:/
s390x: https:/
CVE References
Changed in linux (Ubuntu): | |
status: | New → Invalid |
Changed in linux (Ubuntu Xenial): | |
status: | New → Triaged |
importance: | Undecided → Medium |
assignee: | nobody → Kleber Sacilotto de Souza (kleber-souza) |
description: | updated |
summary: |
- linux/4.4.0-207.239 ADT test failure with linux/4.4.0-207.239 + linux ADT test failure with linux/4.4.0-207.239 - + ubuntu_qrt_kernel_security.test-kernel-security.py |
Changed in linux (Ubuntu Xenial): | |
status: | Triaged → In Progress |
Changed in linux (Ubuntu Xenial): | |
status: | In Progress → Fix Committed |
tags: | added: kernel-adt-failure |
tags: | added: xenial |
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification- needed- xenial' to 'verification- done-xenial' . If the problem still exists, change the tag 'verification- needed- xenial' to 'verification- failed- xenial' .
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/ /wiki.ubuntu. com/Testing/ EnableProposed for documentation how to enable and use -proposed. Thank you!