From patchwork Mon May 12 10:05:07 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ricardo_B=2E_Marli=C3=A8re?= X-Patchwork-Id: 2084288 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=lists.linux.it header.i=@lists.linux.it header.a=rsa-sha256 header.s=picard header.b=fZ9sKHnw; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=suse.com header.i=@suse.com header.a=rsa-sha256 header.s=google header.b=JKd2Tk35; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.linux.it (client-ip=2001:1418:10:5::2; helo=picard.linux.it; envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it; receiver=patchwork.ozlabs.org) Received: from picard.linux.it (picard.linux.it [IPv6:2001:1418:10:5::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4ZwwFv48DTz1yXB for ; Mon, 12 May 2025 20:05:07 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=lists.linux.it; i=@lists.linux.it; q=dns/txt; s=picard; t=1747044321; h=date : mime-version : message-id : to : subject : list-id : list-unsubscribe : list-archive : list-post : list-help : list-subscribe : from : reply-to : cc : content-type : content-transfer-encoding : sender : from; bh=An2RSQMmPcbMJBvK9MX7Jd1GbhAtsYZ+vR/IFDUvU+0=; b=fZ9sKHnwG7SrBZj/4xmkJuN2euetmt7N5c0mF55+mueYC9yqFjszxJpUmxX9eGS49UZKm vcb+SPG7PRrsyeAQpHlehvkGEN0fF9oWMNE2pL25c8mPvCV4Ke2sT10R1JjALfNlzO/mjuJ w6plG7L91wir5W16IGU2DF+0cA4WBj0= Received: from picard.linux.it (localhost [IPv6:::1]) by picard.linux.it (Postfix) with ESMTP id F20913CC2A6 for ; Mon, 12 May 2025 12:05:20 +0200 (CEST) X-Original-To: ltp@lists.linux.it Delivered-To: ltp@picard.linux.it Received: from in-5.smtp.seeweb.it (in-5.smtp.seeweb.it [217.194.8.5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1)) (No client certificate requested) by picard.linux.it (Postfix) with ESMTPS id 8A6033CBCD4 for ; Mon, 12 May 2025 12:05:17 +0200 (CEST) Received: from mail-wr1-x42e.google.com (mail-wr1-x42e.google.com [IPv6:2a00:1450:4864:20::42e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by in-5.smtp.seeweb.it (Postfix) with ESMTPS id 9F7AF60070D for ; Mon, 12 May 2025 12:05:16 +0200 (CEST) Received: by mail-wr1-x42e.google.com with SMTP id ffacd0b85a97d-3a0b9625735so2148017f8f.2 for ; Mon, 12 May 2025 03:05:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=google; t=1747044316; x=1747649116; darn=lists.linux.it; h=cc:to:message-id:content-transfer-encoding:mime-version:subject :date:from:from:to:cc:subject:date:message-id:reply-to; bh=aeXYS71bPLx4EaYmMsnFeLyhRk6vX255wRcOd9ScPEg=; b=JKd2Tk35sXj5jOSWSkWJKI92CgrMzCaeXLsG4jXqIM5j+CNDOhfbRfrNoyHuOfa9jx AkBiDENiPWe536JpGnSiNJKUVwq1HPFP642EeEye4OQB1agCxVyxaZJZts4Mz3ntzY18 YhO1lNpN+F3IpkT4cRxKVzL/sBIT+2EDjq2k1V5Tu4lxbIQECF9QrF4dJA/6DHm80UdP 47JcHE71EjRPw/GdDBe4zOJ+TIMdbxGXL+smymULZ6TJo5i6S1i899Bdr7ZG+d9NVs05 F0y9586aY6lDGCljz5KZX+hysC2VeHkNwYr1WmRU7d6KOqSIAy88gMOVf87uXPxp14IY XcyQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1747044316; x=1747649116; h=cc:to:message-id:content-transfer-encoding:mime-version:subject :date:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=aeXYS71bPLx4EaYmMsnFeLyhRk6vX255wRcOd9ScPEg=; b=ljVChWon3k2nsq8asWuE3WCHM6XFGUdsnyI058vTfvwxQzve5fCkSgSv/NDOukwHsp 2TD2HhzM3mC4eFvA7BaAOt91iWGzTLAxpGyQmFxZVCwBccXSlXFJ7GFHJTThZSfB/CEd ncR5EdPR9mu5UNt4Z8GqBgwKxLEtL9WffErnI6rDULC4hQYErOiwDCH74ICPXqC7UXcq 9hzo7yy54emcUGGDLEwZNAMyOPyUftyObHyJeh83wuF6F9/Cxmp6OgaY6Mj9AJvGlnLE P59TXiGPs0yDA/9HdEwQZi4FqTDOQZbZ2IdlLUyW/r8jf9+73PZnzYVQdOxuAEqho+8B 0Pww== X-Gm-Message-State: AOJu0YwudPjiMUadjqQN3P3wEh42w9Y4sGRS3kYVGoTd6pX3Eecb90Wj JOYsF5inD9RPBQjKL1yus9iZTfIsZ6j1HrBWEdbxxchPA+0AD54iv28Bbm3WwWA= X-Gm-Gg: ASbGncvnPVWTVOYfb3+V7tDYIawX0oyThI0KGX5GI8coGbd5OM5gKhMKNldLQIHe/nj maQE6cn2iVj8hl+svguyCex/ZbwmzGHhcnrTurxpc44zxxPkXO+dBfy/Vk//9LnEEIZYlOigw/4 OdPVu13iex5uE8n/9/7kIooQ3hL28TPPlL1Hg1L/1CwkqVcb0Ux1gHunBcQtXhMeYMecJoSpbOx k/mKLy2+jVq+YhtV1asEJK6mlV5X/NFPKIrrw/KYmn1HExcPm97rKqnF5QXes6+WBVzIR0imd6a 6lHj2kcNZASyHgF21Hj8Su9p2xrAepyTXSS9DT+txGErgtp1AA== X-Google-Smtp-Source: AGHT+IGxazwJu5y8it4J8kgTcc+UI3Yhiy7qKSO8Tu7PMSQP5KEnBknhgOLxyhh7+xT6GvQ4fOD4ZA== X-Received: by 2002:a05:6000:1a8c:b0:3a0:ad33:c1b3 with SMTP id ffacd0b85a97d-3a1f6422047mr9873377f8f.3.1747044315977; Mon, 12 May 2025 03:05:15 -0700 (PDT) Received: from localhost ([177.45.162.169]) by smtp.gmail.com with UTF8SMTPSA id 71dfb90a1353d-52c536fcc07sm5346355e0c.1.2025.05.12.03.05.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 12 May 2025 03:05:15 -0700 (PDT) Date: Mon, 12 May 2025 07:05:07 -0300 MIME-Version: 1.0 Message-Id: <20250512-fixes-modify_ldt-v2-1-eaef5577e44e@suse.com> X-B4-Tracking: v=1; b=H4sIANLHIWgC/32OUQ6CMBBEr2L222qpItEv72GIKe0Cm0hrdpFIC He35QB+vmTezCwgyIQCt90CjBMJxZDA7Hfgehs6VOQTg9Gm1KWuVEtfFDVET+38fPlRYeNa742 t/ElD0t6MWyZZjzpxYwVVwza4PhdFpo7CcbAyIud8TzJGnrcHU5GtP2NToQpVaWsu13OedXf5C B5cHKBe1/UH6ZseJs8AAAA= X-Change-ID: 20250507-fixes-modify_ldt-ebcfdd2a7d30 To: Linux Test Project X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=2687; i=rbm@suse.com; h=from:subject:message-id; bh=Higyb7gpFBKfoO6t4pXNFleu83ptP2z4QxnE3cOoLbI=; b=owEBbQKS/ZANAwAIAckLinxjhlimAcsmYgBoIcfYIpvh6lII9uFXSEmw58gFOObmQCZvHuUt3 snA7p26nb6JAjMEAAEIAB0WIQQDCo6eQk7jwGVXh+HJC4p8Y4ZYpgUCaCHH2AAKCRDJC4p8Y4ZY pt30D/wO6RCwMFjBKGmSDX91BF8nKzH50c8syYRgkOLlLpt6ZkulJ5daqGux1p9VeS7zYhHhZ4E jisvg77bq9vNjinbalgDl2fhBAjzzbyJBe3XdtxFfMIWSOtwMoSuu2hyWvl4HVb6ChXf5pr/K/7 1zDugkxOe2Ehf76E4IWYQB5aSCX8Ygkum4wxgm6ZTQe73LwPNmoxyN4mnoS2qyOppPcmBfbLdWH 4YIYbvGK+QD9Zv8VXea5aTxVPVCl/KRgRMoz8tQpeMcyepMuXdZC73sW2W00vfOd6hWJKbeqMd7 YfyZ2avSl1xlgnAmdMh2A4+fAWRSd9Wai/Lv25v4zupQncOfyT/IPgg5Wxjf4ExytFrb7HBAa85 NzZ6AVMxejRk5ZWIKKyjT+ZUinbWaCLE/3QFzNb9xaar6qdunwk9a8kK1DYmhSHZbNjiP+4Y32n U0B811lYdFgm1BE/5ZVnUmq2z+F4Z2isaoXTWQLYroFKShmXTiBAAwsR9WsvgCsaAREAA39/jvI TAG/zxK2bJjI0W7ebWzUzaFwoz/sHLQdywZFVuFdWiXwZVmGNCagy/824boih/I2zY6D54531ZW xD4Y6dqvjhIMw1DD5/GovcUwngEGWoERtAVsrjNDvHWU8hy+DUbaXZ+C+suiA3tEw6KmKhdFOLE b+UurxfcrjtZCqA== X-Developer-Key: i=rbm@suse.com; a=openpgp; fpr=030A8E9E424EE3C0655787E1C90B8A7C638658A6 X-Spam-Status: No, score=0.1 required=7.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS shortcircuit=no autolearn=disabled version=4.0.1 X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-25) on in-5.smtp.seeweb.it X-Virus-Scanned: clamav-milter 1.0.7 at in-5.smtp.seeweb.it X-Virus-Status: Clean Subject: [LTP] [PATCH v2] ldt.h: Add workaround for x86_64 X-BeenThere: ltp@lists.linux.it X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux Test Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: =?utf-8?q?Ricardo_B=2E_Marli=C3=A8re_via_ltp?= From: =?utf-8?q?Ricardo_B=2E_Marli=C3=A8re?= Reply-To: =?utf-8?q?Ricardo_B=2E_Marli=C3=A8re?= Cc: =?utf-8?q?Ricardo_B=2E_Marli=C3=A8re?= Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it Sender: "ltp" From: Ricardo B. Marlière The commit be0aaca2f742 ("syscalls/modify_ldt: Add lapi/ldt.h") left behind an important factor of modify_ldt(): the kernel intentionally casts the return value to unsigned int. This was handled in testcases/cve/cve-2015-3290.c but was removed. Add it back to the relevant file. Reported-by: Martin Doucha Signed-off-by: Ricardo B. Marlière Reviewed-by: Martin Doucha --- Changes in v2: - Added TBROK for any ret != 0 in modify_ldt call in cve-2015-3290.c - Link to v1: https://lore.kernel.org/r/20250507-fixes-modify_ldt-v1-1-70a2694cfddc@suse.com --- include/lapi/ldt.h | 22 +++++++++++++++++++++- testcases/cve/cve-2015-3290.c | 8 +++++++- 2 files changed, 28 insertions(+), 2 deletions(-) --- base-commit: b070a5692e035ec12c3d3c7a7e9e97c270fd4d7d change-id: 20250507-fixes-modify_ldt-ebcfdd2a7d30 Best regards, diff --git a/include/lapi/ldt.h b/include/lapi/ldt.h index 6b5a2d59cb41bfc24eb5ac26c3d47d49fb8ff78f..173321dd9ac34ba87eff0eee960635f30d878991 100644 --- a/include/lapi/ldt.h +++ b/include/lapi/ldt.h @@ -31,7 +31,27 @@ struct user_desc { static inline int modify_ldt(int func, const struct user_desc *ptr, unsigned long bytecount) { - return tst_syscall(__NR_modify_ldt, func, ptr, bytecount); + long rval; + + errno = 0; + rval = tst_syscall(__NR_modify_ldt, func, ptr, bytecount); + +#ifdef __x86_64__ + /* + * The kernel intentionally casts modify_ldt() return value + * to unsigned int to prevent sign extension to 64 bits. This may + * result in syscall() returning the value as is instead of setting + * errno and returning -1. + */ + if (rval > 0 && (int)rval < 0) { + tst_res(TINFO, + "WARNING: Libc mishandled modify_ldt() return value"); + errno = -(int)errno; + rval = -1; + } +#endif /* __x86_64__ */ + + return rval; } static inline int safe_modify_ldt(const char *file, const int lineno, int func, diff --git a/testcases/cve/cve-2015-3290.c b/testcases/cve/cve-2015-3290.c index 8ec1d53bbb5a9f3e7761d39855d34f593e118a28..e70742acc87c39088953e02f16146b7b58a75fd1 100644 --- a/testcases/cve/cve-2015-3290.c +++ b/testcases/cve/cve-2015-3290.c @@ -197,7 +197,13 @@ static void set_ldt(void) .useable = 0 }; - SAFE_MODIFY_LDT(1, &data_desc, sizeof(data_desc)); + TEST(modify_ldt(1, &data_desc, sizeof(data_desc))); + if (TST_RET == -1 && TST_ERR == EINVAL) { + tst_brk(TCONF | TTERRNO, + "modify_ldt: 16-bit data segments are probably disabled"); + } else if (TST_RET != 0) { + tst_brk(TBROK | TTERRNO, "modify_ldt"); + } } static void try_corrupt_stack(unsigned short *orig_ss)