Ubuntu
linux package

[Ubuntu16.10]KV4.8: kernel livepatch config options are not set

Bug #1626983 reported by bugproxy
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
Undecided
Tim Gardner
Yakkety
Fix Released
Undecided
Tim Gardner

Bug Description

---Problem Description---
Kernel LivePatch config options are not set

---uname output---
Linux HostName 4.8.0-11-generic #12-Ubuntu SMP Sat Sep 17 19:58:16 UTC 2016 ppc64le ppc64le ppc64le GNU/Linux

Machine Type = 8348-21C

---Debugger---
A debugger is not configured

---Steps to Reproduce---
 Check for the following config options in the config file of 4.8.0 kernel version.
CONFIG_HAVE_LIVEPATCH=Y
CONFIG_LIVEPATCH=Y

# grep LIVEPATCH /boot/config-4.8.0-11-generic
#

Contact Information = <email address hidden>

Stack trace output:
 no

Oops output:
 no

System Dump Info:
  The system is not configured to capture a system dump.

*Additional Instructions for <email address hidden>:
-Attach sysctl -a output output to the bug.

CVE References

bugproxy (bugproxy)
tags: added: architecture-ppc64le bugnameltc-146670 severity-critical targetmilestone-inin1610
Changed in ubuntu:
assignee: nobody → Taco Screen team (taco-screen-team)
affects: ubuntu → kernel-package (Ubuntu)
Revision history for this message
Dimitri John Ledkov (xnox) wrote :

Please file bug reports without a package name, or with a correct package name.

"kernel-package" is unsupported, universe package of built scripts.

Do you actually mean package "linux" for the linux kernel?

Could the bugproxy please blacklist "kernel-package" as a source package name? It is never the right one, as that one is not supported =)

Revision history for this message
Dimitri John Ledkov (xnox) wrote :

Has https://github.com/dynup/kpatch livepatch creation toolchain been ported to ppc64le as well?

without the tooling that is able to create loadable live patches, enabling livepatch config is probably not useful at all.

affects: kernel-package (Ubuntu) → linux (Ubuntu)
Revision history for this message
Tim Gardner (timg-tpi) wrote :

UBUNTU: [Config] CONFIG_KALLSYMS_ALL=y

Changed in linux (Ubuntu Yakkety):
assignee: Taco Screen team (taco-screen-team) → Tim Gardner (timg-tpi)
status: New → Fix Committed
Revision history for this message
bugproxy (bugproxy) wrote : Comment bridged from LTC Bugzilla

------- Comment From <email address hidden> 2016-10-03 04:03 EDT-------
(In reply to comment #5)
> UBUNTU: [Config] CONFIG_KALLSYMS_ALL=y

any timeline on which ubuntu 16.10 daily build will have following config options in the config file of 4.8.0 kernel version.
CONFIG_HAVE_LIVEPATCH=Y
CONFIG_LIVEPATCH=Y

Revision history for this message
Tim Gardner (timg-tpi) wrote :

I believe the livepatch configs were enabled as of Ubuntu-4.8.0-17.19

bugproxy (bugproxy)
tags: removed: bugnameltc-146670 severity-critical
bugproxy (bugproxy)
tags: added: bugnameltc-146670 severity-critical
Revision history for this message
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2016-10-06 07:08 EDT-------
(In reply to comment #7)
> I believe the livepatch configs were enabled as of Ubuntu-4.8.0-17.19

Checked with the latest i.e. 4.8.0-19-generic and NOT seeing the live patch config options

# grep -i live /boot/config-4.8.0-19-generic
#

Revision history for this message
Tim Gardner (timg-tpi) wrote :

debian.master/config/config.common.ubuntu:CONFIG_HAVE_LIVEPATCH=y
debian.master/config/config.common.ubuntu:CONFIG_LIVEPATCH=y

Live patching is a common setting. If it doesn't exist in the installed config, then it is because live patching is not supported on that architecture.

bugproxy (bugproxy)
tags: added: severity-medium
removed: severity-critical
Revision history for this message
Tim Gardner (timg-tpi) wrote :

Live patching for powerpc/ppc64el also requires CONFIG_MPROFILE_KERNEL=y and CONFIG_DISABLE_MPROFILE_KERNEL=n

https://lists.ubuntu.com/archives/kernel-team/2016-October/080297.html

Changed in linux (Ubuntu Yakkety):
status: Fix Committed → In Progress
Tim Gardner (timg-tpi)
Changed in linux (Ubuntu Yakkety):
status: In Progress → Fix Committed
Revision history for this message
Seth Forshee (sforshee) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-yakkety' to 'verification-done-yakkety'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-yakkety
Revision history for this message
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2016-10-19 01:53 EDT-------
Installed kernel version 4.8.0-25 from proposed repository
Could see live patch config options are enabled in the kernel config file.

# grep -i live config-4.8.0-25-generic
CONFIG_HAVE_LIVEPATCH=y
CONFIG_LIVEPATCH=y

I will proceed further to start my testing of live patch feature.

Thanks!!

Tim Gardner (timg-tpi)
tags: added: verification-done-yakkety
removed: verification-needed-yakkety
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (3.4 KiB)

This bug was fixed in the package linux - 4.8.0-27.29

---------------
linux (4.8.0-27.29) yakkety; urgency=low

  [ Seth Forshee ]

  * Release Tracking Bug
    - LP: #1635377

  * proc_keys_show crash when reading /proc/keys (LP: #1634496)
    - SAUCE: KEYS: ensure xbuf is large enough to fix buffer overflow in
      proc_keys_show (LP: #1634496)

  * Revert "If zone is so small that watermarks are the same, stop zone balance"
    in yakkety (LP: #1632894)
    - Revert "UBUNTU: SAUCE: (no-up) If zone is so small that watermarks are the
      same, stop zone balance."

  * lts-yakkety 4.8 cannot mount lvm raid1 (LP: #1631298)
    - SAUCE: (no-up) dm raid: fix compat_features validation

  * kswapd0 100% CPU usage (LP: #1518457)
    - SAUCE: (no-up) If zone is so small that watermarks are the same, stop zone
      balance.

  * [Trusty->Yakkety] powerpc/64: Fix incorrect return value from
    __copy_tofrom_user (LP: #1632462)
    - SAUCE: (no-up) powerpc/64: Fix incorrect return value from
      __copy_tofrom_user

  * Ubuntu 16.10: Oops panic in move_page_tables/page_remove_rmap after running
    memory_stress_ng. (LP: #1628976)
    - SAUCE: (no-up) powerpc/pseries: Fix stack corruption in htpe code

  * Paths not failed properly when unmapping virtual FC ports in VIOS (using
    ibmvfc) (LP: #1632116)
    - scsi: ibmvfc: Fix I/O hang when port is not mapped

  * [Ubuntu16.10]KV4.8: kernel livepatch config options are not set
    (LP: #1626983)
    - [Config] Enable live patching on powerpc/ppc64el

  * CONFIG_AUFS_XATTR is not set (LP: #1557776)
    - [Config] CONFIG_AUFS_XATTR=y

  * Yakkety update to 4.8.1 stable release (LP: #1632445)
    - arm64: debug: avoid resetting stepping state machine when TIF_SINGLESTEP
    - Using BUG_ON() as an assert() is _never_ acceptable
    - usb: misc: legousbtower: Fix NULL pointer deference
    - Staging: fbtft: Fix bug in fbtft-core
    - usb: usbip: vudc: fix left shift overflow
    - USB: serial: cp210x: Add ID for a Juniper console
    - Revert "usbtmc: convert to devm_kzalloc"
    - ALSA: hda - Adding one more ALC255 pin definition for headset problem
    - ALSA: hda - Fix headset mic detection problem for several Dell laptops
    - ALSA: hda - Add the top speaker pin config for HP Spectre x360
    - Linux 4.8.1

  * PSL data cache should be flushed before resetting CAPI adapter
    (LP: #1632049)
    - cxl: Flush PSL cache before resetting the adapter

  * thunder nic: avoid link delays due to RX_PACKET_DIS (LP: #1630038)
    - net: thunderx: Don't set RX_PACKET_DIS while initializing

  * crypto/vmx/p8_ghash memory corruption (LP: #1630970)
    - crypto: ghash-generic - move common definitions to a new header file
    - crypto: vmx - Fix memory corruption caused by p8_ghash
    - crypto: vmx - Ensure ghash-generic is enabled

  * arm64: SPCR console not autodetected (LP: #1630311)
    - of/serial: move earlycon early_param handling to serial
    - [Config] CONFIG_ACPI_SPCR_TABLE=y
    - ACPI: parse SPCR and enable matching console
    - ARM64: ACPI: enable ACPI_SPCR_TABLE
    - serial: pl011: add console matching function

  * include/linux/security.h header syntax error with !CONFIG_SECURITYFS
...

Read more...

Changed in linux (Ubuntu Yakkety):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 4.8.0-30.32

---------------
linux (4.8.0-30.32) yakkety; urgency=low

  * CVE-2016-8655 (LP: #1646318)
    - packet: fix race condition in packet_set_ring

 -- Brad Figg <email address hidden> Thu, 01 Dec 2016 08:02:53 -0800

Changed in linux (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.