| Message ID | 20240111100636.1897637-1-pvorel@suse.cz |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [1/1] keyctl05: Improve the dns_res_payload for boundary testing | expand |
Hi, I'm sorry, this was supposed to be marked as v2. Replacing https://lore.kernel.org/ltp/48efcb1293a682182fc5db23f01be7af2889e26c.1704949719.git.pengfei.xu@intel.com/ Kind regards, Petr
Hi! > NOTE: I would wait with this to at least v6.8-rc2. Ideally it should be > released, when the commit reaches any stable tree or when v6.8 is released. What is the status here? Shall we include this for the January stable release? Did the kernel patch got backported to stable kernels allready?
> Hi! > > NOTE: I would wait with this to at least v6.8-rc2. Ideally it should be > > released, when the commit reaches any stable tree or when v6.8 is released. > What is the status here? Shall we include this for the January stable > release? Did the kernel patch got backported to stable kernels allready? I guess the question was to David (and I prefer him to clarify). I see patches backported to stable already, e.g. for 6.6.x stable: $ git show afc360e8a1256acb7579a6f5b6f2c30b85b39301 commit afc360e8a1256acb7579a6f5b6f2c30b85b39301 Author: David Howells <dhowells@redhat.com> Date: Sat Dec 9 00:41:55 2023 +0000 keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry [ Upstream commit 39299bdd2546688d92ed9db4948f6219ca1b9542 ] ... $ git tag --contains afc360e8a1256acb7579a6f5b6f2c30b85b39301 v6.6.10 v6.6.11 v6.6.12 v6.6.9 And Greg had it in his stable-queue [1]: $ git grep -l 39299bdd2546688d92ed9db4948f6219ca1b9542 releases/5.10.206/keys-dns-allow-key-types-eg.-dns-to-be-reclaimed-imm.patch releases/5.15.146/keys-dns-allow-key-types-eg.-dns-to-be-reclaimed-imm.patch releases/6.1.70/keys-dns-allow-key-types-eg.-dns-to-be-reclaimed-imm.patch releases/6.6.9/keys-dns-allow-key-types-eg.-dns-to-be-reclaimed-imm.patch (Although it fixes the original addition of the module in 1a4240f4764a from v2.6.36-rc1, it was probably unportable to 5.4.x and 4.19.x.) => I guess we can merge even the fix itself has not been released yet (there is not even v6.8-rc1, but I suppose it will be tagged before we release LTP). Credit for the Edward, who suggested to fix keyctl05.c [2]: The reason for the failure of add_key() is that the length of the incoming data is 5, which is less than sizeof(*v1), so keyctl05.c failed. Suggest modifying keyctl05.c to increase the length of the incoming data to 6 bytes or more. Suggested-by: Edward Adam Davis <eadavis@qq.com> Kind regards, Petr [1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/ [2] https://lore.kernel.org/all/tencent_CF4FEF0D9B25A08DD7920E5D93DDBC194E07@qq.com/ Kind regards, Petr
Hi Cyril, David, > > Hi! > > > NOTE: I would wait with this to at least v6.8-rc2. Ideally it should be > > > released, when the commit reaches any stable tree or when v6.8 is released. > > What is the status here? Shall we include this for the January stable > > release? Did the kernel patch got backported to stable kernels allready? > I guess the question was to David (and I prefer him to clarify). > I see patches backported to stable already, e.g. for 6.6.x stable: > $ git show afc360e8a1256acb7579a6f5b6f2c30b85b39301 > commit afc360e8a1256acb7579a6f5b6f2c30b85b39301 > Author: David Howells <dhowells@redhat.com> > Date: Sat Dec 9 00:41:55 2023 +0000 > keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry > [ Upstream commit 39299bdd2546688d92ed9db4948f6219ca1b9542 ] > ... I'm sorry I checked a different commit, we're talking about acc657692aed ("keys, dns: Fix size check of V1 server-list header") v6.8-rc1 is out, with this commit. I see it's already prepared in stable queue for 6.7 by Sasha [1] and somebody already asked to add it to 6.1 and 6.6, where it's needed (I verified test fails without it). I guess we can merge now to get it to the upcoming release. Kind regards, Petr [1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-6.7/keys-dns-fix-size-check-of-v1-server-list-header.patch [2] https://lore.kernel.org/stable/CA+icZUUc_0M_6JU3dZzVqrUUrWJceY1uD8dO2yFMCwtHtkaa_Q@mail.gmail.com/
diff --git a/testcases/kernel/syscalls/keyctl/keyctl05.c b/testcases/kernel/syscalls/keyctl/keyctl05.c index f0e09fe5d..0c01fa034 100644 --- a/testcases/kernel/syscalls/keyctl/keyctl05.c +++ b/testcases/kernel/syscalls/keyctl/keyctl05.c @@ -201,11 +201,12 @@ static void do_test(unsigned int i) /* * We need to pass check in dns_resolver_preparse(), * give it dummy server list request. - * From v6.7-rc8 commit 1997b3cb4217b09e49659b634c94da47f0340409: - * the incoming data for add_key syscall should be larger than 6 bytes, - * because struct dns_server_list_v1_header without body is 6 bytes. + * From v6.8-rc1 commit acc657692aed438e9931438f8c923b2b107aebf9: + * the incoming data for add_key() sysdall should be not less than 6 + * bytes, because struct dns_server_list_v1_header is 6 bytes. + * The minimum payload will be tested here for boundary testing. */ - static char dns_res_payload[] = { 0x00, 0x00, 0x01, 0xff, 0x00, 0x00, 0x00 }; + static char dns_res_payload[] = { 0x00, 0x00, 0x01, 0xff, 0x00, 0x00 }; switch (i) { case 0: @@ -229,6 +230,7 @@ static struct tst_test test = { .forks_child = 1, .tags = (const struct tst_tag[]) { {"linux-git", "63a0b0509e70"}, + {"linux-git", "acc657692aed"}, {} } };