New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
keyctl03 / keyctl05 / keyctl07 failed with Ubuntu 3.13 when running together #409
Comments
Well this looks like the quota for maximal numbers of keys is set too low. The keyctl02 test adds and revokes keys in a loop and it temporarily increases the quota while it runs. So I suppose that there are pending revocations once the test exits and because the quota is set back to the original value at the end of the test, there possibly is more keys created on the system than the maximal quota at that point. I do see several possible solutions to this. We can change the keyctl02 to loop in the cleanup, with a small usleep() until it happens to create a key. Another option, which is more robust, is to change all the keyctl test to retry, after short usleep(), if the call failed with EDQUOT. |
Agreed, this looks like a race on kernels that don't have this commit: We could also check /proc/keys for ltptestkey. Or add KEYCTL_INVALIDATE for each key we created, which should garbage collect them immediately. |
Scratch last suggestion, invalidate doen't work for revoked keys. |
"loop in the cleanup, with a small usleep() until it happens to create a key" - but this won't tell you that all revoked keys have been garbage collected. What if we set gc_delay to 1 second, sleep and then restore gc_delay? |
@jstancek If we loop in the cleanup after we restored the quota until we happen to create key it should get us to a state where there is less keys on the system than the quota is, the rest of the tests use up to two keys, which should be fine. On the other hand the default expiration is five minutes, if I'm reading kernel source correctly, that is way too much. Looking at gc_delay it looks like it could be even set to 0, but I do not thinkg that this would trigger intermediate action, the sysctl handler has only generic proc_dointvec_minmax handler and it looks like it would be taken into an account only the next time the key gc is triggered see linux/security/keys/gc.c. |
These 3 test cases, keyctl03 / keyctl05 / keyctl07, will fail with Ubuntu Trusty 3.13 kernel if running altogether with the syscalls test suite (
./runltp -f syscalls
) or with the keyctl pattern (./runltp -s keyctl
)They will fail with the following error messages respectively:
If you run them one-by-one, none of them will fail.
https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1798045
The text was updated successfully, but these errors were encountered: