Okay, the reason this test (and bug 1717856) fail sporadically is that ASLR in precise for i386 has very low number of random values for vdso and shared library offsets, when ulimits are set such that unlimited stack sizes are allowed:
ubuntu@sec-precise-i386:~/tests/qrt-test-kernel-security$ uname -a Linux sec-precise-i386 3.2.0-142-generic #189-Ubuntu SMP Fri Jul 5 18:40:43 UTC 2019 i686 i686 i386 GNU/Linux ubuntu@sec-precise-i386:~/tests/qrt-test-kernel-security$ ulimit -s unlimited ubuntu@sec-precise-i386:~/tests/qrt-test-kernel-security$ ulimit -s unlimited ubuntu@sec-precise-i386:~/tests/qrt-test-kernel-security$ for ((i=0; i<10000; i++)) ; do ./kernel-security/aslr/aslr --report vdso ; done | sort | uniq -c 1273 0x40000000 8662 0x40022000 65 0x40026000 Yes, all of 3 values, and 86% of the invocations result in one value. The shared library base values are slightly better, but not much: ubuntu@sec-precise-i386:~/tests/qrt-test-kernel-security$ for ((i=0; i<10000; i++)) ; do ./kernel-security/aslr/aslr --report libs ; done | sort | uniq -c 499 0x40003d80 285 0x40016d80 566 0x40025d80 7608 0x40038d80 295 0x4003cd80 250 0x4003dd80 167 0x4003ed80 153 0x4003fd80 177 0x40040d80 Compare this with the 3.13 results: ubuntu@sec-trusty-i386:~/tests/qrt-test-kernel-security$ uname -a Linux sec-trusty-i386 3.13.0-170-generic #220-Ubuntu SMP Thu May 9 12:41:17 UTC 2019 i686 i686 i686 GNU/Linux ubuntu@sec-trusty-i386:~/tests/qrt-test-kernel-security$ ulimit -s unlimited ubuntu@sec-trusty-i386:~/tests/qrt-test-kernel-security$ ulimit -s unlimited ubuntu@sec-trusty-i386:~/tests/qrt-test-kernel-security$ for ((i=0; i<10000; i++)) ; do ./kernel-security/aslr/aslr --report vdso ; done | sort | uniq -c | wc -l 256 (output is piped into wc -l, because there are 256 distinct results.) So 8 bits of randomisation, which is not great, but better than >2. The tests were added in response to http://hmarco.org/bugs/CVE-2016-3672 -Unlimiting-the-stack-not-longer-disables-ASLR.html and fixes were applied for the 3.2.0-104.145 kernel. ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-3672 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1747630 Title: Kernel security test test_022_aslr_hardy_vdso failed on Precise i386 To manage notifications about this bug go to: https://bugs.launchpad.net/qa-regression-testing/+bug/1747630/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs