Bug 1179434 (CVE-2020-29373) - VUL-1: CVE-2020-29373: kernel-source: unsafely handling of the root directory during path lookups in fs/io_uring.c
Summary: VUL-1: CVE-2020-29373: kernel-source: unsafely handling of the root directory...
Status: RESOLVED FIXED
Alias: CVE-2020-29373
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Minor
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/272438/
Whiteboard: CVSSv3.1:SUSE:CVE-2020-29373:7.7:(AV:...
Keywords:
Depends on:
Blocks: 1179779
  Show dependency treegraph
 
Reported: 2020-11-30 18:20 UTC by Robert Frohl
Modified: 2024-06-25 15:28 UTC (History)
12 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Frohl 2020-11-30 18:20:31 UTC 
CVE-2020-29373

An issue was discovered in fs/io_uring.c in the Linux kernel before 5.6. It
unsafely handles the root directory during path lookups, and thus a process
inside a mount namespace can escape to unintended filesystem locations, aka
CID-ff002b30181d.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29373
https://bugs.chromium.org/p/project-zero/issues/detail?id=2011
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29373
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ff002b30181d30cdfbca316dadd099c3ca0d739c
Comment 1 Robert Frohl 2020-11-30 18:24:42 UTC 
The patch(ff002b30181d) is talking about 5.3+ being affected, i.e.:
> Cc: stable@vger.kernel.org # 5.3+

I could not locate any relevant code in SLE15-SP2 or SLE15-SP3 and would tend to track them also as not affected.

Could someone confirm that this is a valid assumption please?
Comment 2 Jan Kara 2020-12-08 12:52:11 UTC 
I think this one actually needs a fix for SLE15-SP2 and SLE15-SP3. I've tracked down a backport of the upstream commit in 5.4-stable tree:

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.4.y&id=cac68d12c531aa3010509a5a55a5dfd18dedaa80

and AFAICT the sendmsg() / resvmsg() problem is there even in 5.3. I'll push the fix to SLE15-SP2 branch...
Comment 3 Jan Kara 2020-12-08 13:11:17 UTC 
OK, I've pushed out the fix to users/jack/SLE15-SP2/for-next. It should be automatically pulled into SLE15-SP3. All is done from my side, reassigning to the security team.
Comment 12 Swamp Workflow Management 2021-01-12 23:47:32 UTC 
SUSE-SU-2021:0096-1: An update that solves 12 vulnerabilities and has 93 fixes is now available.

Category: security (moderate)
Bug References: 1040855,1044120,1044767,1055117,1065729,1094840,1109695,1115431,1138374,1139944,1149032,1152457,1152472,1152489,1155518,1156315,1156395,1158775,1161099,1165933,1168952,1171000,1171078,1171688,1172145,1172733,1174486,1175079,1175480,1175995,1176396,1176942,1176956,1177326,1177500,1177666,1177679,1177733,1178049,1178203,1178270,1178590,1178612,1178634,1178660,1178756,1178780,1179204,1179434,1179435,1179519,1179575,1179578,1179601,1179604,1179639,1179652,1179656,1179670,1179671,1179672,1179673,1179675,1179676,1179677,1179678,1179679,1179680,1179681,1179682,1179683,1179684,1179685,1179687,1179688,1179689,1179690,1179703,1179704,1179707,1179709,1179710,1179711,1179712,1179713,1179714,1179715,1179716,1179745,1179763,1179888,1179892,1179896,1179960,1179963,1180027,1180029,1180031,1180052,1180056,1180086,1180117,1180258,1180261,1180506
CVE References: CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-11668,CVE-2020-27068,CVE-2020-27786,CVE-2020-27825,CVE-2020-27830,CVE-2020-29370,CVE-2020-29373,CVE-2020-29660,CVE-2020-29661
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP2 (src):    kernel-azure-5.3.18-18.32.1, kernel-source-azure-5.3.18-18.32.1, kernel-syms-azure-5.3.18-18.32.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 13 Swamp Workflow Management 2021-01-13 14:23:26 UTC 
SUSE-SU-2021:0108-1: An update that solves 13 vulnerabilities and has 89 fixes is now available.

Category: security (important)
Bug References: 1040855,1044120,1044767,1055117,1065729,1094840,1109695,1115431,1138374,1149032,1152457,1152472,1152489,1155518,1156315,1156395,1163727,1165933,1167657,1168952,1171000,1171078,1171688,1172145,1172733,1174486,1175079,1175480,1176396,1176942,1177326,1177500,1177666,1177679,1177733,1178049,1178203,1178270,1178612,1178660,1178780,1179107,1179204,1179419,1179434,1179435,1179519,1179575,1179604,1179652,1179656,1179670,1179671,1179672,1179673,1179675,1179676,1179677,1179678,1179679,1179680,1179681,1179682,1179683,1179684,1179685,1179687,1179688,1179689,1179690,1179703,1179704,1179707,1179709,1179710,1179711,1179712,1179713,1179714,1179715,1179716,1179745,1179763,1179888,1179892,1179896,1179960,1179963,1180027,1180029,1180031,1180052,1180056,1180086,1180117,1180258,1180261,1180349,1180506,1180541,1180559,1180566
CVE References: CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-11668,CVE-2020-27068,CVE-2020-27777,CVE-2020-27825,CVE-2020-27830,CVE-2020-29370,CVE-2020-29373,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP2 (src):    kernel-rt-5.3.18-22.1, kernel-rt_debug-5.3.18-22.1, kernel-source-rt-5.3.18-22.1, kernel-syms-rt-5.3.18-22.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 14 OBSbugzilla Bot 2021-01-13 16:24:59 UTC 
This is an autogenerated message for OBS integration:
This bug (1179434) was mentioned in
https://build.opensuse.org/request/show/862934 15.2 / kernel-source
Comment 15 Swamp Workflow Management 2021-01-14 08:22:05 UTC 
SUSE-SU-2021:0117-1: An update that solves 15 vulnerabilities and has 98 fixes is now available.

Category: security (moderate)
Bug References: 1040855,1044120,1044767,1055117,1065729,1094840,1109695,1115431,1138374,1139944,1149032,1152457,1152472,1152489,1155518,1156315,1156395,1158775,1161099,1163727,1165933,1167657,1168952,1171000,1171078,1171688,1172145,1172733,1174486,1175079,1175480,1175995,1176396,1176942,1176956,1177326,1177500,1177666,1177679,1177733,1178049,1178203,1178270,1178372,1178590,1178612,1178634,1178660,1178756,1178780,1179107,1179204,1179419,1179434,1179435,1179519,1179575,1179578,1179601,1179604,1179639,1179652,1179656,1179670,1179671,1179672,1179673,1179675,1179676,1179677,1179678,1179679,1179680,1179681,1179682,1179683,1179684,1179685,1179687,1179688,1179689,1179690,1179703,1179704,1179707,1179709,1179710,1179711,1179712,1179713,1179714,1179715,1179716,1179745,1179763,1179888,1179892,1179896,1179960,1179963,1180027,1180029,1180031,1180052,1180056,1180086,1180117,1180258,1180261,1180506,1180541,1180559,1180566
CVE References: CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-11668,CVE-2020-27068,CVE-2020-27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-27830,CVE-2020-28374,CVE-2020-29370,CVE-2020-29373,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP2 (src):    kernel-default-5.3.18-24.46.1
SUSE Linux Enterprise Module for Live Patching 15-SP2 (src):    kernel-default-5.3.18-24.46.1, kernel-livepatch-SLE15-SP2_Update_9-1-5.3.1
SUSE Linux Enterprise Module for Legacy Software 15-SP2 (src):    kernel-default-5.3.18-24.46.1
SUSE Linux Enterprise Module for Development Tools 15-SP2 (src):    kernel-docs-5.3.18-24.46.1, kernel-obs-build-5.3.18-24.46.1, kernel-preempt-5.3.18-24.46.1, kernel-source-5.3.18-24.46.1, kernel-syms-5.3.18-24.46.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    kernel-default-5.3.18-24.46.1, kernel-default-base-5.3.18-24.46.1.9.19.1, kernel-preempt-5.3.18-24.46.1, kernel-source-5.3.18-24.46.1
SUSE Linux Enterprise High Availability 15-SP2 (src):    kernel-default-5.3.18-24.46.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 16 Swamp Workflow Management 2021-01-15 02:21:35 UTC 
openSUSE-SU-2021:0060-1: An update that solves 17 vulnerabilities and has 99 fixes is now available.

Category: security (important)
Bug References: 1040855,1044120,1044767,1055117,1065729,1094840,1109695,1115431,1138374,1139944,1149032,1152457,1152472,1152489,1155518,1156315,1156395,1158775,1161099,1163727,1165933,1168952,1171000,1171078,1171688,1172145,1172733,1174486,1175079,1175389,1175480,1175995,1176396,1176846,1176942,1176956,1177326,1177500,1177666,1177679,1177733,1178049,1178203,1178270,1178372,1178590,1178612,1178634,1178660,1178756,1178780,1179107,1179204,1179419,1179434,1179435,1179519,1179575,1179578,1179601,1179604,1179639,1179652,1179656,1179670,1179671,1179672,1179673,1179675,1179676,1179677,1179678,1179679,1179680,1179681,1179682,1179683,1179684,1179685,1179687,1179688,1179689,1179690,1179703,1179704,1179707,1179709,1179710,1179711,1179712,1179713,1179714,1179715,1179716,1179745,1179763,1179878,1179888,1179892,1179896,1179960,1179963,1180027,1180029,1180031,1180052,1180056,1180086,1180117,1180258,1180261,1180506,1180541,1180559,1180566,1180773
CVE References: CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-11668,CVE-2020-25639,CVE-2020-27068,CVE-2020-27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-27830,CVE-2020-27835,CVE-2020-28374,CVE-2020-29370,CVE-2020-29373,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    kernel-debug-5.3.18-lp152.60.1, kernel-default-5.3.18-lp152.60.1, kernel-docs-5.3.18-lp152.60.1, kernel-kvmsmall-5.3.18-lp152.60.1, kernel-obs-build-5.3.18-lp152.60.1, kernel-obs-qa-5.3.18-lp152.60.1, kernel-preempt-5.3.18-lp152.60.1, kernel-source-5.3.18-lp152.60.1, kernel-syms-5.3.18-lp152.60.1
Comment 23 Swamp Workflow Management 2021-02-05 21:40:57 UTC 
openSUSE-SU-2021:0242-1: An update that solves 79 vulnerabilities and has 676 fixes is now available.

Category: security (moderate)
Bug References: 1034995,1040855,1043347,1044120,1044767,1055014,1055117,1055186,1058115,1061843,1065600,1065729,1066382,1071995,1077428,1085030,1094244,1094840,1109695,1115431,1120163,1129923,1133021,1134760,1136666,1138374,1139944,1148868,1149032,1152148,1152457,1152472,1152489,1153274,1154353,1154488,1154492,1154824,1155518,1155798,1156315,1156395,1157169,1158050,1158242,1158265,1158748,1158765,1158775,1158983,1159058,1159781,1159867,1159886,1160388,1160634,1160947,1161099,1161495,1162002,1162063,1162209,1162400,1162702,1163592,1163727,1164648,1164777,1164780,1165211,1165455,1165629,1165692,1165933,1165975,1166146,1166166,1166340,1166965,1166985,1167030,1167104,1167527,1167651,1167657,1167773,1167851,1168230,1168461,1168468,1168779,1168838,1168952,1168959,1169021,1169094,1169194,1169263,1169514,1169681,1169763,1169771,1169790,1169795,1170011,1170139,1170232,1170284,1170415,1170442,1170617,1170621,1170774,1170879,1170891,1170895,1171000,1171068,1171073,1171078,1171117,1171150,1171156,1171189,1171191,1171218,1171219,1171220,1171236,1171242,1171246,1171285,1171293,1171374,1171390,1171391,1171392,1171417,1171426,1171507,1171513,1171514,1171529,1171530,1171558,1171634,1171644,1171662,1171675,1171688,1171699,1171709,1171730,1171732,1171736,1171739,1171742,1171743,1171759,1171773,1171774,1171775,1171776,1171777,1171778,1171779,1171780,1171781,1171782,1171783,1171784,1171785,1171786,1171787,1171788,1171789,1171790,1171791,1171792,1171793,1171794,1171795,1171796,1171797,1171798,1171799,1171810,1171827,1171828,1171832,1171833,1171834,1171835,1171839,1171840,1171841,1171842,1171843,1171844,1171849,1171857,1171868,1171904,1171915,1171982,1171983,1171988,1172017,1172046,1172061,1172062,1172063,1172064,1172065,1172066,1172067,1172068,1172069,1172073,1172086,1172095,1172108,1172145,1172169,1172170,1172197,1172201,1172208,1172223,1172247,1172317,1172342,1172343,1172344,1172365,1172366,1172374,1172391,1172393,1172394,1172418,1172419,1172453,1172458,1172467,1172484,1172537,1172543,1172687,1172719,1172733,1172739,1172751,1172757,1172759,1172775,1172781,1172782,1172783,1172814,1172823,1172841,1172871,1172873,1172938,1172939,1172940,1172956,1172963,1172983,1172984,1172985,1172986,1172987,1172988,1172989,1172990,1172999,1173017,1173068,1173074,1173085,1173115,1173139,1173206,1173267,1173271,1173280,1173284,1173428,1173438,1173461,1173468,1173485,1173514,1173552,1173573,1173625,1173746,1173776,1173798,1173813,1173817,1173818,1173820,1173822,1173823,1173824,1173825,1173826,1173827,1173828,1173830,1173831,1173832,1173833,1173834,1173836,1173837,1173838,1173839,1173841,1173843,1173844,1173845,1173847,1173849,1173860,1173894,1173941,1173954,1174002,1174003,1174018,1174026,1174029,1174072,1174098,1174110,1174111,1174116,1174126,1174127,1174128,1174129,1174146,1174185,1174205,1174244,1174263,1174264,1174331,1174332,1174333,1174345,1174356,1174358,1174362,1174387,1174396,1174398,1174407,1174409,1174411,1174438,1174462,1174484,1174486,1174513,1174527,1174625,1174627,1174645,1174689,1174699,1174737,1174748,1174757,1174762,1174770,1174771,1174777,1174805,1174824,1174825,1174852,1174865,1174880,1174897,1174899,1174906,1174969,1175009,1175010,1175011,1175012,1175013,1175014,1175015,1175016,1175017,1175018,1175019,1175020,1175021,1175052,1175079,1175112,1175116,1175128,1175149,1175175,1175176,1175180,1175181,1175182,1175183,1175184,1175185,1175186,1175187,1175188,1175189,1175190,1175191,1175192,1175195,1175199,1175213,1175232,1175263,1175284,1175296,1175306,1175344,1175345,1175346,1175347,1175367,1175377,1175440,1175480,1175493,1175546,1175550,1175599,1175621,1175654,1175667,1175691,1175718,1175721,1175749,1175768,1175769,1175770,1175771,1175772,1175774,1175775,1175787,1175807,1175834,1175873,1175882,1175898,1175918,1175952,1175995,1175996,1175997,1175998,1175999,1176000,1176001,1176019,1176022,1176038,1176063,1176069,1176109,1176137,1176180,1176200,1176235,1176236,1176237,1176242,1176354,1176357,1176358,1176359,1176360,1176361,1176362,1176363,1176364,1176365,1176366,1176367,1176381,1176396,1176400,1176423,1176449,1176481,1176485,1176486,1176507,1176536,1176537,1176538,1176539,1176540,1176541,1176542,1176543,1176544,1176545,1176546,1176548,1176558,1176559,1176564,1176586,1176587,1176588,1176659,1176698,1176699,1176700,1176713,1176721,1176722,1176725,1176732,1176763,1176775,1176788,1176789,1176833,1176855,1176869,1176877,1176907,1176925,1176942,1176956,1176962,1176979,1176980,1176983,1176990,1177021,1177030,1177066,1177070,1177086,1177090,1177109,1177121,1177193,1177194,1177206,1177258,1177271,1177281,1177283,1177284,1177285,1177286,1177297,1177326,1177353,1177384,1177397,1177410,1177411,1177470,1177500,1177511,1177617,1177666,1177679,1177681,1177683,1177687,1177694,1177697,1177698,1177703,1177719,1177724,1177725,1177726,1177733,1177739,1177749,1177750,1177754,1177755,1177765,1177766,1177799,1177801,1177814,1177817,1177820,1177854,1177855,1177856,1177861,1178002,1178049,1178079,1178123,1178166,1178173,1178175,1178176,1178177,1178182,1178183,1178184,1178185,1178186,1178190,1178191,1178203,1178227,1178246,1178255,1178270,1178286,1178307,1178330,1178393,1178395,1178401,1178426,1178461,1178579,1178581,1178584,1178585,1178589,1178590,1178612,1178634,1178635,1178653,1178659,1178660,1178661,1178669,1178686,1178740,1178755,1178756,1178762,1178780,1178838,1178853,1178886,1179001,1179012,1179014,1179015,1179045,1179076,1179082,1179107,1179140,1179141,1179160,1179201,1179204,1179211,1179217,1179419,1179424,1179425,1179426,1179427,1179429,1179432,1179434,1179435,1179442,1179519,1179550,1179575,1179578,1179601,1179604,1179639,1179652,1179656,1179670,1179671,1179672,1179673,1179675,1179676,1179677,1179678,1179679,1179680,1179681,1179682,1179683,1179684,1179685,1179687,1179688,1179689,1179690,1179703,1179704,1179707,1179709,1179710,1179711,1179712,1179713,1179714,1179715,1179716,1179745,1179763,1179887,1179888,1179892,1179896,1179960,1179963,1180027,1180029,1180031,1180052,1180056,1180086,1180117,1180258,1180261,1180349,1180506,1180541,1180559,1180566,173030,744692,789311,954532,995541
CVE References: CVE-2019-19462,CVE-2019-20810,CVE-2019-20812,CVE-2020-0110,CVE-2020-0305,CVE-2020-0404,CVE-2020-0427,CVE-2020-0431,CVE-2020-0432,CVE-2020-0444,CVE-2020-0465,CVE-2020-0466,CVE-2020-0543,CVE-2020-10135,CVE-2020-10711,CVE-2020-10732,CVE-2020-10751,CVE-2020-10757,CVE-2020-10766,CVE-2020-10767,CVE-2020-10768,CVE-2020-10773,CVE-2020-10781,CVE-2020-11668,CVE-2020-12351,CVE-2020-12352,CVE-2020-12652,CVE-2020-12656,CVE-2020-12769,CVE-2020-12771,CVE-2020-12888,CVE-2020-13143,CVE-2020-13974,CVE-2020-14314,CVE-2020-14331,CVE-2020-14351,CVE-2020-14356,CVE-2020-14385,CVE-2020-14386,CVE-2020-14390,CVE-2020-14416,CVE-2020-15393,CVE-2020-15436,CVE-2020-15437,CVE-2020-15780,CVE-2020-16120,CVE-2020-16166,CVE-2020-1749,CVE-2020-24490,CVE-2020-2521,CVE-2020-25212,CVE-2020-25284,CVE-2020-25285,CVE-2020-25641,CVE-2020-25643,CVE-2020-25645,CVE-2020-25656,CVE-2020-25668,CVE-2020-25669,CVE-2020-25704,CVE-2020-25705,CVE-2020-26088,CVE-2020-27068,CVE-2020-27777,CVE-2020-27786,CVE-2020-27825,CVE-2020-27830,CVE-2020-28915,CVE-2020-28941,CVE-2020-28974,CVE-2020-29369,CVE-2020-29370,CVE-2020-29371,CVE-2020-29373,CVE-2020-29660,CVE-2020-29661,CVE-2020-36158,CVE-2020-4788,CVE-2020-8694
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    kernel-rt-5.3.18-lp152.3.5.1, kernel-rt_debug-5.3.18-lp152.3.5.1, kernel-source-rt-5.3.18-lp152.3.5.1, kernel-syms-rt-5.3.18-lp152.3.5.1
Comment 27 openQA Review 2021-03-01 10:29:06 UTC 
This is an autogenerated message for openQA integration by the openqa_review script:

This bug is still referenced in a failing openQA test: jeos-ltp-cve
http://openqa.suse.de/tests/5555735

To prevent further reminder comments one of the following options should be followed:
1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted
2. The openQA job group is moved to "Released"
3. The label in the openQA scenario is removed
Comment 28 Nicolai Stange 2021-03-01 11:30:04 UTC 
(In reply to openQA Review from comment #27)
> 
> This bug is still referenced in a failing openQA test: jeos-ltp-cve
> http://openqa.suse.de/tests/5555735

Based on the openQA report, I read it as the CVE test was failing on rpm-5.3.18-47. This kernel indeed doesn't contain suse-commit 3f561ee0fd13a1296ef495e852ff02996a4ba18a yet. But as the latter got merged into SLE15-SP3 in the meanwhile, it should only be a matter of time until this issue resolves itself.
Comment 31 OBSbugzilla Bot 2021-03-03 01:42:17 UTC 
This is an autogenerated message for OBS integration:
This bug (1179434) was mentioned in
https://build.opensuse.org/request/show/876318 15.2 / kernel-source
Comment 34 Martin Loviska 2021-03-04 10:55:31 UTC 
JFYI still fails for kernel-default-base in sle15sp2

* https://openqa.suse.de/tests/5583524#step/io_uring02/6

For kernel-default-base in sle15sp3 test cases passes

* https://openqa.suse.de/tests/5586051#step/io_uring02/6
Comment 35 Nicolai Stange 2021-03-05 11:52:39 UTC 
(In reply to Martin Loviska from comment #34)
> JFYI still fails for kernel-default-base in sle15sp2
> 
> * https://openqa.suse.de/tests/5583524#step/io_uring02/6


FWIW, this is expected, the latest released SLE15-SP2 kernel 5.3.18-24.49 doesn't include suse-commit 3f561ee0fd13a1296ef495e852ff02996a4ba18a (c.f. comment 28) yet either. The next one will, however.
Comment 37 Borislav Petkov 2021-03-12 16:33:16 UTC 
I believe this one is done from the kernel side, bouncing back.
Comment 38 openQA Review 2021-04-14 07:18:47 UTC 
This is an autogenerated message for openQA integration by the openqa_review script:

This bug is still referenced in a failing openQA test: ltp_cve_m32
https://openqa.suse.de/tests/5815655

To prevent further reminder comments one of the following options should be followed:
1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted
2. The openQA job group is moved to "Released"
3. The label in the openQA scenario is removed
Comment 39 openQA Review 2021-04-29 05:24:00 UTC 
This is an autogenerated message for openQA integration by the openqa_review script:

This bug is still referenced in a failing openQA test: ltp_cve_m32
https://openqa.suse.de/tests/5900095

To prevent further reminder comments one of the following options should be followed:
1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted
2. The openQA job group is moved to "Released"
3. The label in the openQA scenario is removed
Comment 40 Petr Vorel 2021-04-29 07:36:23 UTC 
(In reply to openQA Review from comment #39)
> This is an autogenerated message for openQA integration by the openqa_review
> script:
> 
> This bug is still referenced in a failing openQA test: ltp_cve_m32
> https://openqa.suse.de/tests/5900095

I disabled generating this report for LTP running on 32bit as we agreed with Jan Kara that 32bit specific fix d876836204897b6d7d911f942084f69a1e9d5c4d is not going to be backported (http://kerncvs.suse.de/gitweb/?p=kernel-source.git;a=commitdiff;h=87e4a94b2f72df845e39df43575c6ce5fd7f0682;hp=47c1bb02f536e11a0e68e3db1f56ad3b091a99ae)
Comment 41 Oliver Kurz 2021-05-14 06:18:01 UTC 
This is an autogenerated message for openQA integration by the openqa_review script:

This bug is still referenced in a failing openQA test: ltp_cve_m32
https://openqa.suse.de/tests/5990775

To prevent further reminder comments one of the following options should be followed:
1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted
2. The openQA job group is moved to "Released"
3. The label in the openQA scenario is removed
Comment 43 openQA Review 2021-05-31 10:46:49 UTC 
This is an autogenerated message for openQA integration by the openqa_review script:

This bug is still referenced in a failing openQA test: ltp_cve_m32
https://openqa.suse.de/tests/5990775

To prevent further reminder comments one of the following options should be followed:
1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted
2. The openQA job group is moved to "Released"
3. The label in the openQA scenario is removed
Comment 44 openQA Review 2021-06-14 14:57:04 UTC 
This is an autogenerated message for openQA integration by the openqa_review script:

This bug is still referenced in a failing openQA test: ltp_cve_m32
https://openqa.suse.de/tests/5990775

To prevent further reminder comments one of the following options should be followed:
1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted
2. The openQA job group is moved to "Released"
3. The label in the openQA scenario is removed
Comment 47 openQA Review 2021-07-06 14:25:38 UTC 
This is an autogenerated message for openQA integration by the openqa_review script:

This bug is still referenced in a failing openQA test: ltp_cve_m32
https://openqa.suse.de/tests/5990775

To prevent further reminder comments one of the following options should be followed:
1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted
2. The openQA job group is moved to "Released" or "EOL" (End-of-Life)
3. The label in the openQA scenario is removed
Comment 49 openQA Review 2021-08-27 00:13:41 UTC 
This is an autogenerated message for openQA integration by the openqa_review script:

This bug is still referenced in a failing openQA test: ltp_cve_m32
https://openqa.suse.de/tests/6888879

To prevent further reminder comments one of the following options should be followed:
1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted
2. The openQA job group is moved to "Released" or "EOL" (End-of-Life)
3. The label in the openQA scenario is removed
Comment 50 openQA Review 2021-09-10 00:36:55 UTC 
This is an autogenerated message for openQA integration by the openqa_review script:

This bug is still referenced in a failing openQA test: ltp_cve_m32
https://openqa.suse.de/tests/7059168

To prevent further reminder comments one of the following options should be followed:
1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted
2. The openQA job group is moved to "Released" or "EOL" (End-of-Life)
3. The label in the openQA scenario is removed
Comment 51 openQA Review 2021-09-24 01:16:17 UTC 
This is an autogenerated message for openQA integration by the openqa_review script:

This bug is still referenced in a failing openQA test: ltp_cve_m32
https://openqa.suse.de/tests/7198419

To prevent further reminder comments one of the following options should be followed:
1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted
2. The openQA job group is moved to "Released" or "EOL" (End-of-Life)
3. The bugref in the openQA scenario is removed or replaced, e.g. `label:wontfix:boo1234`
Comment 53 Martin Doucha 2021-09-24 08:27:14 UTC 
Reports about ltp_cve_m32 are false positives. The io_uring data structure layout differs between 32bit userspace programs and 64bit kernel so the kernel fails to process requests from the 32bit LTP test. The devs have decided not to backport the patch that adds a compatibility wrapper for this situation. See comment 40 above.
Comment 54 Borislav Petkov 2021-09-24 16:16:47 UTC 
Comment #40 says "I disabled generating this report for LTP running on 32bit" - I guess that hasn't happened yet?

In any case, if those are false positives, then not reporting them here should be good enough.

Thx.
Comment 55 Petr Vorel 2021-10-05 08:01:47 UTC 
(In reply to Borislav Petkov from comment #54)
> Comment #40 says "I disabled generating this report for LTP running on
> 32bit" - I guess that hasn't happened yet?
> 
> In any case, if those are false positives, then not reporting them here
> should be good enough.
> 
> Thx.

Sure (it requires to manually disable it on each distro / release where LTP 32 bit syscalls are run, I'll try to find all places).
Comment 57 Marcus Meissner 2022-11-01 14:33:30 UTC 
done