linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Shuah Khan <shuah@kernel.org>
To: Kees Cook <keescook@chromium.org>,
	Andy Lutomirski <luto@kernel.org>,
	Sumit Semwal <sumit.semwal@linaro.org>
Cc: Brian Norris <computersforpeace@gmail.com>,
	"Luis R. Rodriguez" <mcgrof@kernel.org>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	LKML <linux-kernel@vger.kernel.org>,
	"# 3.4.x" <stable@vger.kernel.org>,
	"open list:KERNEL SELFTEST FRAMEWORK" 
	<linux-kselftest@vger.kernel.org>,
	Shuah Khan <shuahkh@osg.samsung.com>,
	Shuah Khan <shuah@kernel.org>
Subject: Re: seccomp ptrace selftest failures with 4.4-stable [Was: Re: LTS testing with latest kselftests - some failures]
Date: Thu, 22 Jun 2017 13:06:22 -0600	[thread overview]
Message-ID: <1ce2d820-3479-2d65-14e1-b60cd93bd055@kernel.org> (raw)
In-Reply-To: <CAGXu5jKDq9PmHOyooRrUXBE-iRbh4CR5B-QYVi=Gp1tOFPP_3g@mail.gmail.com>

On 06/22/2017 11:50 AM, Kees Cook wrote:
> On Thu, Jun 22, 2017 at 10:49 AM, Andy Lutomirski <luto@kernel.org> wrote:
>> On Thu, Jun 22, 2017 at 10:09 AM, Shuah Khan <shuah@kernel.org> wrote:
>>> On 06/22/2017 10:53 AM, Kees Cook wrote:
>>>> On Thu, Jun 22, 2017 at 9:18 AM, Sumit Semwal <sumit.semwal@linaro.org> wrote:
>>>>> Hi Kees, Andy,
>>>>>
>>>>> On 15 June 2017 at 23:26, Sumit Semwal <sumit.semwal@linaro.org> wrote:
>>>>>> 3. 'seccomp ptrace hole closure' patches got added in 4.7 [3] -
>>>>>> feature and test together.
>>>>>> - This one also seems like a security hole being closed, and the
>>>>>> 'feature' could be a candidate for stable backports, but Arnd tried
>>>>>> that, and it was quite non-trivial. So perhaps  we'll need some help
>>>>>> from the subsystem developers here.
>>>>>
>>>>> Could you please help us sort this out? Our goal is to help Greg with
>>>>> testing stable kernels, and currently the seccomp tests fail due to
>>>>> missing feature (seccomp ptrace hole closure) getting tested via
>>>>> latest kselftest.
>>>>>
>>>>> If you feel the feature isn't a stable candidate, then could you
>>>>> please help make the test degrade gracefully in its absence?

In some cases, it is not easy to degrade and/or check for a feature.
Probably several security features could fall in this bucket.

>>>>
>>>> I don't really want to have that change be a backport -- it's quite
>>>> invasive across multiple architectures.

Agreed. The same test for kernel applies to tests as well. If a kernel
feature can't be back-ported, the test for that feature will fall in the
same bucket. It shouldn't be back-ported.

>>>>
>>>> I would say just add a kernel version check to the test. This is
>>>> probably not the only selftest that will need such things. :)
>>>
>>> Adding release checks to selftests is going to problematic for maintenance.
>>> Tests should fail gracefully if feature isn't supported in older kernels.
>>>
>>> Several tests do that now and please find a way to check for dependencies
>>> and feature availability and fail the test gracefully. If there is a test
>>> that can't do that for some reason, we can discuss it, but as a general
>>> rule, I don't want to see kselftest patches that check release.
>>
>> If a future kernel inadvertently loses the new feature and degrades to
>> the behavior of old kernels, that would be a serious bug and should be
>> caught.

Agreed. If I understand you correctly, by not testing stable kernels
with their own selftests, some serious bugs could go undetected.

> 
> Right. I really think stable kernels should be tested with their own
> selftests. If some test is needed in a stable kernel it should be
> backported to that stable kernel.

Correct. This is always a safe option. There might be cases that even
prevent tests being built, especially if a new feature adds new fields
to an existing structure.

It appears in some cases, users want to run newer tests on older kernels.
Some tests can clearly detect feature support using module presence and/or
Kconfig enabled or disabled. These are conditions even on a kernel that
supports a new module or new config option. The kernel the test is running
on might not have the feature enabled or module might not be present. In
these cases, it would be easier to detect and skip the test.

However, some features aren't so easy. For example:

- a new flag is added to a syscall, and new test is added. It might not
  be easy to detect that.
- We might have some tests that can't detect and skip.

Based on this discussion, it is probably accurate to say:

1. It is recommended that selftests from the same release be run on the
   kernel.
2. Selftests from newer kernels will run on older kernels, user should
   understand the risks such as some tests might fail and might not
   detect feature degradation related bugs.
3. Selftests will fail gracefully on older releases if at all possible.

Sumit!

1. What are the reasons for testing older kernel with selftests from
   newer kernels? What are the benefits you see for doing so?
   
   I am looking to understand the need/reasons for this use-case. In our
   previous discussion on this subject, I did say, you should be able to
   do so with some exceptions.

2. Do you test kernels with the selftests from the same release?

3. Do you find testing with newer selftests to be useful?

thanks,
-- Shuah

  reply	other threads:[~2017-06-22 19:06 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-06-22 16:18 seccomp ptrace selftest failures with 4.4-stable [Was: Re: LTS testing with latest kselftests - some failures] Sumit Semwal
2017-06-22 16:53 ` Kees Cook
2017-06-22 17:09   ` Shuah Khan
2017-06-22 17:49     ` Andy Lutomirski
2017-06-22 17:50       ` Kees Cook
2017-06-22 19:06         ` Shuah Khan [this message]
2017-06-22 19:48           ` Tom Gall
2017-06-22 20:23             ` Shuah Khan
2017-06-23  4:02               ` Sumit Semwal
2017-06-23 15:36                 ` Shuah Khan
2017-06-23 19:03             ` Shuah Khan
2017-06-23 19:44               ` Tom Gall
2017-06-23  1:52         ` Greg Kroah-Hartman
2017-06-23  2:40           ` Andy Lutomirski
2017-06-23  4:05             ` Kees Cook
2017-06-24  0:34             ` Luis R. Rodriguez
2017-06-24  4:45               ` Greg Kroah-Hartman
2017-06-26 21:44                 ` Luis R. Rodriguez
2017-06-24  4:43             ` Greg Kroah-Hartman
2017-07-05 14:59               ` Sumit Semwal

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1ce2d820-3479-2d65-14e1-b60cd93bd055@kernel.org \
    --to=shuah@kernel.org \
    --cc=computersforpeace@gmail.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=keescook@chromium.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-kselftest@vger.kernel.org \
    --cc=luto@kernel.org \
    --cc=mcgrof@kernel.org \
    --cc=shuahkh@osg.samsung.com \
    --cc=stable@vger.kernel.org \
    --cc=sumit.semwal@linaro.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).