1218087 – LTP: glibc syscall wrapper function access the invalid pointer lead crash in 32-bit compatibility mode

Bug 1218087 - LTP: glibc syscall wrapper function access the invalid pointer lead crash in 32-bit compatibility mode

Summary: LTP: glibc syscall wrapper function access the invalid pointer lead crash in...

Status:	RESOLVED INVALID
Duplicates (1):	1226427 (view as bug list)

Alias:	None

Product:	PUBLIC SUSE Linux Enterprise Server 15 SP6
Classification:	openSUSE
Component:	Kernel (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P1 - Urgent Severity: Normal
Target Milestone:	---
Assignee:	Kernel Bugs
QA Contact:

URL:	https://openqa.suse.de/tests/13021758...
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2023-12-15 07:54 UTC by WEI GAO
Modified:	2024-06-17 12:15 UTC (History)
CC List:	3 users (show)

See Also:	1218753
Found By:	openQA
Services Priority:
Business Priority:
Blocker:	Yes
Marketing QA Status:	---
IT Deployment:	---

Flags:	petr.vorel: needinfo? (swayammitra.tripathy)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description WEI GAO 2023-12-15 07:54:53 UTC

NOTE: this issue similar to https://bugzilla.suse.com/show_bug.cgi?id=1217134 and i suppose we DO NOT need a fix. I just use this issue to flag LTP openqa failed case for 15sp6.


## Openqa failed test suite link:
openQA test in scenario sle-15-SP6-Online-x86_64-ltp_syscalls_m32@64bit fails in
[recvmmsg01](https://openqa.suse.de/tests/13021758/modules/recvmmsg01/steps/7)

Run the LTP system call tests in 32-bit compatibility mode (failures are usually less serious than failures on regular ltp_syscalls).

following LTP cases all impact by this issue:
recvmmsg01/mq_timedreceive01/mq_timedsend01/sigtimedwait01

## Root cause
LTP case create a bad address(timeout) with no access permission and give it recvmmsg function, new version glibc(2.38) will handle this parameter instead of directly deliver to kernel, so when glibc start access this bad address(timeout), a SIGSEGV will happen.  


LTP code part:
timeout = mmap(0, 1, PROT_NONE, MAP_PRIVATE | MAP_ANONYMOUS, 0, 0);
recvmmsg(*tc->fd, *tc->msg_vec, VLEN, 0, timeout)

Glibc part:
struct __timespec64 ts64, *pts64 = NULL;
if (timeout != NULL)
    {
      ts64 = valid_timespec_to_timespec64 (*timeout); <<<<<<<<
      pts64 = &ts64;

Comment 2 Swayammitra Tripathy 2024-01-08 14:14:50 UTC

It will be retest with next snapshot

Comment 3 Swayammitra Tripathy 2024-01-29 16:10:05 UTC

Can be closed after Beta3 Release

Comment 4 Swayammitra Tripathy 2024-02-19 10:18:52 UTC

It seems this issue is not able to reproduce , no further action by the reporter .

Comment 5 Petr Vorel 2024-05-15 08:00:39 UTC

First, this issue is still reproducible on both latest 15-SP6 [1] (we marked here is as WONTFIX, is that correct?) and latest KOTD [2] (on all 4 syscalls). Shouldn't be reopened or changed resolution to WONTFIX?

Also it fails on current Tumbleweed [3] (kernel 6.8.9), which suggests it's not fixed in mainline. Shell I open a separate bug for Tumbleweed?

[1] https://openqa.suse.de/tests/14306484#step/mq_timedreceive01/8
[2] https://openqa.suse.de/tests/14296269#step/mq_timedreceive01/8
[3] https://openqa.opensuse.org/tests/4188022#step/mq_timedreceive01/8

Comment 6 WEI GAO 2024-06-17 12:15:26 UTC

*** Bug 1226427 has been marked as a duplicate of this bug. ***