QA Regression Testing

test_032_dev_kmem from ubuntu_qrt_kernel_security failed on Oracular (Permission denied)

Bug #2083819 reported by Po-Hsu Lin
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
QA Regression Testing
New
Undecided
Unassigned
ubuntu-kernel-tests
New
Undecided
Unassigned

Bug Description

Issue found on Openstack amd64/arm64/ppc64el with Oracular since 6.11.0-5.5 in d2024.08.12.

It's worthy to note that with 6.11.0-4.4, only ARM64 has failed with this test, AMD64 and PPC64EL are good.

The test is expecting return code 6 (No such device), but we got 13 (Permission denied) here on Oracular.

Test log:
 Running 'python3 ./test-kernel-security.py -v KernelSecurityTest.test_032_dev_kmem'
 Running test: './test-kernel-security.py' distro: 'Ubuntu 24.10' kernel: '6.11.0-8.8 (Ubuntu 6.11.0-8.8-generic 6.11.0)' arch: 'amd64' init: 'systemd' uid: 0/0 SUDO_USER: 'ubuntu')
 test_032_dev_kmem (__main__.KernelSecurityTest.test_032_dev_kmem)
 /dev/kmem not available ... FAIL

 ======================================================================
 FAIL: test_032_dev_kmem (__main__.KernelSecurityTest.test_032_dev_kmem)
 /dev/kmem not available
 ----------------------------------------------------------------------
 Traceback (most recent call last):
   File "/home/ubuntu/autotest/client/tmp/ubuntu_qrt_kernel_security/src/qa-regression-testing/scripts/./test-kernel-security.py", line 375, in test_032_dev_kmem
     self.assertShellExitEquals(expected, ["./errno-read.py", kmem, '4096'])
   File "/home/ubuntu/autotest/client/tmp/ubuntu_qrt_kernel_security/src/qa-regression-testing/scripts/testlib.py", line 1332, in assertShellExitEquals
     self.assertEqual(expected, rc, msg + result + report)
 AssertionError: 6 != 13 : Got exit code 13, expected 6
 Command: './errno-read.py', '/tmp/kmem-y9brst6e/kmem', '4096'
 Output:
 /tmp/kmem-y9brst6e/kmem: Permission denied

 ----------------------------------------------------------------------
 Ran 1 test in 0.046s

 FAILED (failures=1)

See original description
Po-Hsu Lin (cypressyew)
description: updated
Revision history for this message
Koichiro Den (koichiroden) wrote :

Oracular ships systemd 256 and /tmp/ is now by default a tmpfs. [1]

  On Oracular:
    $ findmnt --target /tmp/
    TARGET SOURCE FSTYPE OPTIONS
    /tmp tmpfs tmpfs rw,nosuid,nodev,size=6123876k,nr_inodes=1048576,inode64
  On Noble:
    $ findmnt --target /tmp
    TARGET
      SOURCE FSTYPE OPTIONS
    / /dev/vda1 ext4 rw,relatime,discard,errors=remount-ro,commit=30

test_032_dev_kmem runs mknod(2) to create a character device file under /tmp.
Because of the difference, on Oracular, openat(2) (by errno-read.py) returns earlier with errno 13 (Permission denied), while errno 6 (No such device) is expected.

-> vfs_open()
   [...]
   -> may_open()
     -> may_open_dev() returns 0 because of MNT_NODEV
        return -EACCES

The whole point of test_032_dev_kmem is I think to test ubuntu policy (CONFIG_DEVKMEM=n for many years before bbcd53c96071 ("drivers/char: remove /dev/kmem for good")):

-> vfs_open()
   [...]
   -> chrdev_open()
     -> memory_open()
       -> devlist[2 /*kmem*/] is empty so return -ENXIO

I'll propose an update (fix) for test_032_dev_kmem to qa-regression-testing.

[1] https://git.launchpad.net/ubuntu/+source/systemd/tree/debian/NEWS?h=ce0abd32d7d3a&id=ce0abd32d7d3a920a7728a21a1977749db2e3776

Revision history for this message
Seth Arnold (seth-arnold) wrote :

Nice, the change makes sense to me.

Have you had a chance to test it on a variety of previous releases, too, to make sure that the test still works for older systems?

I'm surprised about the "It's worthy to note that with 6.11.0-4.4, only ARM64 has failed with this test" listed in the description. Is that a realistic assessment of the issue, or was that an initial understanding that has since been shown to be incorrect?

Thanks

Revision history for this message
Koichiro Den (koichiroden) wrote (last edit ):

Thanks for the comment.

I tested only on my local VM (Oracular,Noble,Jammy,Focal,Bionic,Xenial all amd64).

I think it was just an initial observation. My guess is that it was just because systemd was upgraded to 256 only on the ARM64 test machine back then. @cypressyew, if you have any idea, please leave a comment.
In SRU testing for Oracular 6.11.0-11.11, the same pattern of failure was observed on amd64/arm64/s390x.

Revision history for this message
Po-Hsu Lin (cypressyew) wrote :

Hi,

Looking back into our test history at hand from this point, for this ubuntu_qrt_kernel_security ran on our openstack cloud, we can observe that:
* 6.11.0-4.4 + Test suite HEAD SHA1: bf11077d
  - Test passed on AMD64 and PPC64EL with: /dev/kmem not available ... ok
  - Test failed on ARM64, ARM64-64k with: /tmp/kmem-..../kmem: Permission denied
* 6.11.0-5.5 + Test suite HEAD SHA1: bf11077d
  - Test failed on AMD64, ARM64, PPC64EL with: /tmp/kmem-..../kmem: Permission denied
* 6.11.0-7.7 + Test suite HEAD SHA1: 0ba379b5
  - Test failed on AMD64, ARM64, PPC64EL with: /tmp/kmem-..../kmem: Permission denied
* 6.11.0-9.9 + Test suite HEAD SHA1: 4f547131
  - Test failed on AMD64, ARM64, PPC64EL with: /tmp/kmem-..../kmem: Permission denied

So I think you can say that is our initial understanding from that time being, and it is incorrect shown to be incorrect on this point.

HTH
Thanks!

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.