Bug 2143636

Summary: [RHEL9] ndctl test suites security.sh failed
Product: Red Hat Enterprise Linux 9 Reporter: Zhang Yi <yizhan>
Component: ndctlAssignee: Jeff Moyer <jmoyer>
Status: ASSIGNED --- QA Contact: Zhang Yi <yizhan>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 9.2CC: bgurney, cwei, jmoyer
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Zhang Yi 2022-11-17 13:04:53 UTC 
Description of problem:
[RHEL9] ndctl test suites security.sh failed

Version-Release number of selected component (if applicable):
ndctl-71.1-8.el9.src.rpm
kernel-5.14.0-194.el9

How reproducible:
100%

Steps to Reproduce:
1. run ndctl test suite
2.
3.

Actual results:


Expected results:


Additional info:
beaker job: https://beaker.engineering.redhat.com/jobs/7248425


+ masterkey=nvdimm-master
+ masterpath=/etc/ndctl/keys/nvdimm-master.blob
+ backup_key=0
+ backup_handle=0
++ dirname /root/rpmbuild/BUILD/ndctl-71.1/test/security.sh
+ . /root/rpmbuild/BUILD/ndctl-71.1/test/common
++ '[' -z /root/rpmbuild/BUILD/ndctl-71.1/build/ndctl/ndctl ']'
++ '[' -z /root/rpmbuild/BUILD/ndctl-71.1/build/daxctl/daxctl ']'
++ '[' -z ']'
++ '[' -f ../cxl/cxl ']'
++ '[' -f ./cxl/cxl ']'
++ '[' -x ./cxl/cxl ']'
++ export CXL=./cxl/cxl
++ CXL=./cxl/cxl
++ '[' -z /root/rpmbuild/BUILD/ndctl-71.1/build/test ']'
++ NFIT_TEST_BUS0=nfit_test.0
++ NFIT_TEST_BUS1=nfit_test.1
++ ACPI_BUS=ACPI.NFIT
++ E820_BUS=e820
+ trap 'err $LINENO' ERR
+ check_min_kver 5.0
+ local ver=5.0
++ uname -r
+ : 5.14.0-194.el9.x86_64
+ '[' -n 5.0 ']'
++ echo -e '5.0\n5.14.0-194.el9.x86_64'
++ sort -V
++ head -1
+ [[ 5.0 == \5\.\0 ]]
++ keyctl show
++ grep -Eo '_uid.[0-9]+'
++ head -1
++ cut -d. -f2-
+ uid=
+ '[' '' -ne 0 ']'
/root/rpmbuild/BUILD/ndctl-71.1/test/security.sh: line 245: [: : integer expression expected
+ modprobe nfit_test
+ setup
+ /root/rpmbuild/BUILD/ndctl-71.1/build/ndctl/ndctl disable-region -b nfit_test.0 all
disabled 2 regions
+ check_prereq keyctl
+ command -v keyctl
+ rc=1
+ detect
++ /root/rpmbuild/BUILD/ndctl-71.1/build/ndctl/ndctl list -b nfit_test.0 -D
++ jq -r '.[0].dev'
+ dev=nmem1
+ '[' -n nmem1 ']'
++ /root/rpmbuild/BUILD/ndctl-71.1/build/ndctl/ndctl list -b nfit_test.0 -D
++ jq -r '.[0].id'
+ id=cdab-0a-07e0-feffffff
+ '[' -n cdab-0a-07e0-feffffff ']'
+ test_cleanup
+ keyctl search @u encrypted nvdimm:cdab-0a-07e0-feffffff
keyctl_search: Required key not available
+ keyctl search @u user nvdimm-master
keyctl_search: Required key not available
++ hostname
+ '[' -f /etc/ndctl/keys/nvdimm_cdab-0a-07e0-feffffff_storageqe-40.sqe.lab.eng.bos.redhat.com.blob ']'
+ setup_keys
+ '[' '!' -d /etc/ndctl/keys ']'
+ '[' -f /etc/ndctl/keys/nvdimm-master.blob ']'
+ '[' -f /etc/ndctl/keys/tpm.handle ']'
+ dd if=/dev/urandom bs=1 count=32
+ keyctl padd user nvdimm-master @u
++ keyctl search @u user nvdimm-master
+ keyctl pipe 416513477
keyctl_read_alloc: Permission denied
++ err 47
+++ basename /root/rpmbuild/BUILD/ndctl-71.1/test/security.sh
++ echo test/security.sh: failed at line 47
++ '[' -n '' ']'
++ exit 1
------------------------------------------------------------------------------


Summary of Failures:

23/23 ndctl:ndctl / security.sh            FAIL             0.19s   exit status 1
Comment 1 Jeff Moyer 2022-11-18 15:16:14 UTC 
++ keyctl show
++ grep -Eo '_uid.[0-9]+'
++ head -1
++ cut -d. -f2-
+ uid=
+ '[' '' -ne 0 ']'
/root/rpmbuild/BUILD/ndctl-71.1/test/security.sh: line 245: [: : integer expression expected

That's odd.  It looks like there isn't a session keyring.  Has the test environment changed?
Comment 2 Jeff Moyer 2022-11-18 22:41:56 UTC 
I tested kernel-5.14.0-198.el9 locally, and security.sh passes.

You could try running 'keyctl session; keyctl link @u @s' before kicking off the tests.
Comment 9 Jeff Moyer 2022-11-22 14:18:51 UTC 
We ran into a similar problem in RHEL 8, where the user keyring was not linked into the session keyring.  See this comment for an explanation of why this happens: https://bugzilla.redhat.com/show_bug.cgi?id=1736748#c4

Is the test harness running as a systemd service?

Anyway, I think the most robust way to run the test is to ensure that:
1) there is a session keyring and
2) the user keyring is linked in to the session keyring
before running the tests.

I will propose a patch for the test harness upstream.
Comment 11 Zhang Yi 2022-11-22 16:56:34 UTC 
(In reply to Jeff Moyer from comment #9)
> We ran into a similar problem in RHEL 8, where the user keyring was not
> linked into the session keyring.  See this comment for an explanation of why
> this happens: https://bugzilla.redhat.com/show_bug.cgi?id=1736748#c4
> 
> Is the test harness running as a systemd service?

Yes, the test harness is restraint.

https://github.com/restraint-harness/restraint

> 
> Anyway, I think the most robust way to run the test is to ensure that:
> 1) there is a session keyring and
> 2) the user keyring is linked in to the session keyring
> before running the tests.
> 
> I will propose a patch for the test harness upstream.

Thanks