Hi Naresh, On 06/27/2017 02:40 AM, Naresh Kamboju wrote: > selftest capabilities test failed on linux mainline and linux-next and > PASS on linux-4.4.70+ > Tested on HiKey ARM64 Development board. > > A bug reported in Linaro bug tracking system, > LKFT: Capabilities test_execve fail Wrong effective state AT_SECURE is not set > https://bugs.linaro.org/show_bug.cgi?id=2947 > > Please guide me to debug the reason for failure. > Kernel config link, > https://pastebin.com/P1uYmdMG > > Linux version 4.12.0-rc7-00004-gda8b14e (buildslave@x86-64-08) (gcc > version 6.2.1 20161016 (Linaro GCC 6.2-2016.11) ) #1 SMP PREEMPT Mon > Jun 26 20:04:35 UTC 2017 > > Linux version 4.12.0-rc7-next-20170627 (buildslave@x86-64-07) (gcc > version 6.2.1 20161016 (Linaro GCC 6.2-2016.11)) #1 SMP PREEMPT Tue > Jun 27 06:33:39 UTC 2017 > > LAVA job id: > https://lkft.validation.linaro.org/scheduler/job/4397#L1412 > > Running tests in capabilities > ======================================== > [OK] Capabilities after execve were correct > [OK] Capabilities after execve were correct > [OK] Capabilities after execve were correct > [OK] Capabilities after execve were correct > [FAIL] Wrong effective state (AT_SECURE is not set) > [OK] Capabilities after execve were correct > [FAIL] Wrong ambient state (AT_SECURE is not set) > [FAIL] Wrong ambient state (AT_SECURE is not set) > [RUN] +++ Tests with uid == 0 +++ > [NOTE] Using global UIDs for tests > [RUN] Root => ep > [OK] Child succeeded > [OK] Check cap_ambient manipulation rules > [OK] PR_CAP_AMBIENT_RAISE failed on non-inheritable cap > [OK] PR_CAP_AMBIENT_RAISE failed on non-permitted cap > [OK] PR_CAP_AMBIENT_RAISE worked > [OK] Basic manipulation appears to work > [RUN] Root +i => eip > [OK] Child succeeded > [RUN] UID 0 +ia => eipa > [OK] Child succeeded > [RUN] Root +ia, suidroot => eipa > [OK] Child succeeded Okay the following appears to be the first difference between the runs on the mainline and 4.4.74 When udi != 0 case, these tests fail. Could it be that there are security related changes to this area and the tests need updates? Kees/Andy: Do you have any insight thanks, -- Shuah ------------------------------------ > [RUN] Root +ia, suidnonroot => ip > [FAIL] Child failed > [RUN] Root +ia, sgidroot => eipa > [OK] Child succeeded > [FAIL] Child failed > [RUN] Root +ia, sgidnonroot => eip > [FAIL] Child failed ------------------------------------- > [OK] Capabilities after execve were correct > [OK] Capabilities after execve were correct > [OK] Capabilities after execve were correct > [FAIL] Wrong effective state (AT_SECURE is not set) > [FAIL] Child failed > [FAIL] Child failed > selftests: test_execve [FAIL] > > capabilities test PASS on Linux-4.4.70+. > > Running tests in capabilities > ======================================== > case: step_after_suspend_test > definition: 1_kselftest > result: skip > [OK] Capabilities after execve were correct > [OK] Capabilities after execve were correct > [OK] Capabilities after execve were correct > [OK] Capabilities after execve were correct > [OK] Capabilities after execve were correct > [OK] Capabilities after execve were correct > [OK] Capabilities after execve were correct > [OK] Capabilities after execve were correct > [RUN] +++ Tests with uid == 0 +++ > [NOTE] Using global UIDs for tests > [RUN] Root => ep > [OK] Child succeeded > [OK] Check cap_ambient manipulation rules > [OK] PR_CAP_AMBIENT_RAISE failed on non-inheritable cap > [OK] PR_CAP_AMBIENT_RAISE failed on non-permitted cap > [OK] PR_CAP_AMBIENT_RAISE worked > [OK] Basic manipulation appears to work > [RUN] Root +i => eip > [OK] Child succeeded > [RUN] UID 0 +ia => eipa > [OK] Child succeeded > [RUN] Root +ia, suidroot => eipa > [OK] Child succeeded > [RUN] Root +ia, suidnonroot => ip > [OK] Child succeeded > [RUN] Root +ia, sgidroot => eipa > [OK] Child succeeded > [OK] Child succeeded > [RUN] Root +ia, sgidnonroot => eip > [OK] Child succeeded > [OK] Capabilities after execve were correct > [OK] Capabilities after execve were correct > [OK] Capabilities after execve were correct > [OK] Capabilities after execve were correct > [OK] Child succeeded > [OK] Child succeeded > selftests: test_execve [PASS] > > Thanks and best regards, > Naresh Kamboju > -- To unsubscribe from this list: send the line "unsubscribe linux-kselftest" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
