From patchwork Tue Aug 25 16:07:34 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Martin Doucha X-Patchwork-Id: 1351159 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.linux.it (client-ip=213.254.12.146; helo=picard.linux.it; envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=suse.cz Received: from picard.linux.it (picard.linux.it [213.254.12.146]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BbYn54VH1z9sSP for ; Wed, 26 Aug 2020 02:08:09 +1000 (AEST) Received: from picard.linux.it (localhost [IPv6:::1]) by picard.linux.it (Postfix) with ESMTP id 1DE773C2EC6 for ; Tue, 25 Aug 2020 18:08:07 +0200 (CEST) X-Original-To: ltp@lists.linux.it Delivered-To: ltp@picard.linux.it Received: from in-6.smtp.seeweb.it (in-6.smtp.seeweb.it [IPv6:2001:4b78:1:20::6]) by picard.linux.it (Postfix) with ESMTP id EABF33C13D8 for ; Tue, 25 Aug 2020 18:07:37 +0200 (CEST) Received: from mx2.suse.de (mx2.suse.de [195.135.220.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by in-6.smtp.seeweb.it (Postfix) with ESMTPS id 416A21400B62 for ; Tue, 25 Aug 2020 18:07:37 +0200 (CEST) Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id 58AB0B5A2 for ; Tue, 25 Aug 2020 16:08:07 +0000 (UTC) From: Martin Doucha To: ltp@lists.linux.it Date: Tue, 25 Aug 2020 18:07:34 +0200 Message-Id: <20200825160735.24602-4-mdoucha@suse.cz> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200825160735.24602-1-mdoucha@suse.cz> References: <20200825160735.24602-1-mdoucha@suse.cz> MIME-Version: 1.0 X-Virus-Scanned: clamav-milter 0.102.4 at in-6.smtp.seeweb.it X-Virus-Status: Clean X-Spam-Status: No, score=0.0 required=7.0 tests=SPF_HELO_NONE,SPF_PASS autolearn=disabled version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on in-6.smtp.seeweb.it Subject: [LTP] [PATCH v2 3/4] ioctl_sg01: Pollute free memory in setup X-BeenThere: ltp@lists.linux.it X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux Test Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it Sender: "ltp" The test wasn't reliable if most of available memory was full of zeroes. Pollute free memory to increase the chance of detecting data leak. Signed-off-by: Martin Doucha Reviewed-by: Petr Vorel --- Changes since v1: - Split patch - Use tst_pollute_memory() instead of allocating and pre-polluting a fixed-size block of memory in setup(). testcases/kernel/syscalls/ioctl/ioctl_sg01.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/testcases/kernel/syscalls/ioctl/ioctl_sg01.c b/testcases/kernel/syscalls/ioctl/ioctl_sg01.c index daaa96be5..8c9fd0dae 100644 --- a/testcases/kernel/syscalls/ioctl/ioctl_sg01.c +++ b/testcases/kernel/syscalls/ioctl/ioctl_sg01.c @@ -7,9 +7,7 @@ * CVE-2018-1000204 * * Test ioctl(SG_IO) and check that kernel doesn't leak data. Requires - * a read-accessible SCSI-compatible device (e.g. SATA disk). Running oom* - * test program before this one may increase the chance of successfully - * reproducing the bug. + * a read-accessible generic SCSI device (e.g. a DVD drive). * * Leak fixed in: * @@ -29,8 +27,9 @@ #include #include #include "tst_test.h" +#include "tst_memutils.h" -#define BUF_SIZE 128 * 4096 +#define BUF_SIZE (128 * 4096) #define CMD_SIZE 6 static int devfd = -1; @@ -80,6 +79,10 @@ static void setup(void) tst_brk(TCONF, "Could not find any usable SCSI device"); tst_res(TINFO, "Found SCSI device %s", devpath); + + /* Pollute some memory to avoid false negatives */ + tst_pollute_memory(0, 0x42); + devfd = SAFE_OPEN(devpath, O_RDONLY); query.interface_id = 'S'; query.dxfer_direction = SG_DXFER_FROM_DEV;