On Wed, Jan 16, 2019 at 10:58 AM Guenter Roeck <linux@xxxxxxxxxxxx> wrote:
>
> If CONFIG_SECCOMP=n, /proc/self/status includes an empty line. This causes
> the iotop application to bail out with an error message.
>
> File "/usr/local/lib64/python2.7/site-packages/iotop/data.py", line 196,
> in parse_proc_pid_status
> key, value = line.split(':\t', 1)
> ValueError: need more than 1 value to unpack
>
> The problem is seen in v4.9.y but not upstream because commit af884cd4a5ae6
> ("proc: report no_new_privs state") has not been backported to v4.9.y.
> The backport of commit fae1fa0fc6cc ("proc: Provide details on speculation
> flaw mitigations") tried to address the resulting differences but was
> wrong, introducing the problem.
>
> Fixes: 51ef9af2a35b ("proc: Provide details on speculation flaw mitigations")
> Cc: Kees Cook <keescook@xxxxxxxxxxxx>
> Cc: Gwendal Grignou <gwendal@xxxxxxxxxxxx>
> Signed-off-by: Guenter Roeck <linux@xxxxxxxxxxxx>
Acked-by: Kees Cook <keescook@xxxxxxxxxxxx>
-Kees
> ---
> This patch only applies to v4.9.y. v4.4.y also needs to be fixed (see
> https://www.spinics.net/lists/stable/msg279131.html), but the fix
> is slightly different. v4.14.y and later are not affected.
>
> fs/proc/array.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/fs/proc/array.c b/fs/proc/array.c
> index 94f83e74db24..712b44c63701 100644
> --- a/fs/proc/array.c
> +++ b/fs/proc/array.c
> @@ -346,8 +346,9 @@ static inline void task_seccomp(struct seq_file *m, struct task_struct *p)
> {
> #ifdef CONFIG_SECCOMP
> seq_put_decimal_ull(m, "Seccomp:\t", p->seccomp.mode);
> + seq_putc(m, '\n');
> #endif
> - seq_printf(m, "\nSpeculation_Store_Bypass:\t");
> + seq_printf(m, "Speculation_Store_Bypass:\t");
> switch (arch_prctl_spec_ctrl_get(p, PR_SPEC_STORE_BYPASS)) {
> case -EINVAL:
> seq_printf(m, "unknown");
> --
> 2.7.4
>
--
Kees Cook
