test_140_kernel_modules_not_tainted in kernel security test failed with 4.15 kvm kernel
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux-kvm (Ubuntu) |
Fix Released
|
Undecided
|
Po-Hsu Lin | ||
Xenial |
Fix Released
|
Undecided
|
Po-Hsu Lin | ||
Bionic |
Fix Released
|
Undecided
|
Po-Hsu Lin |
Bug Description
== Justification ==
In the Bionic KVM and Xenial KVM kernel, the CONFIG_
== Test ==
Before enabling the config, rmmod command will return:
"ERROR: Module signpost is in use"
After the config was enabled, rmmod will succeed and it will pass with this test_140_
== Fix ==
Set CONFIG_
== Regression Potential ==
Minimal.
No code changes, just one config change without disabling any other configs.
Similar to bug 1760654.
But this time the test_072_
And the test_140_
FAIL: test_140_
kernel modules are not marked with a taint flag (especially 'E' for TAINT_UNSIGNED_
-----
Traceback (most recent call last):
File "./test-
self.
AssertionError: Module 'signpost' is tainted: (OE)
If you try to remove the module after this, you will get:
$ sudo rmmod signpost
rmmod: ERROR: Module signpost is in use
And the lsmod shows:
$ lsmod | grep signpost
signpost 12288 -2
From the Internet [1], the "-2" here indicates that the CONFIG_
Which is true for the Bionic KVM kernel.
$ grep -i CONFIG_
# CONFIG_
https:/
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: linux-image-
ProcVersionSign
Uname: Linux 4.15.0-1008-kvm x86_64
NonfreeKernelMo
ApportVersion: 2.20.9-0ubuntu7
Architecture: amd64
Date: Wed Apr 25 08:35:29 2018
ProcEnviron:
TERM=xterm-
PATH=(custom, no user)
XDG_RUNTIME_
LANG=C.UTF-8
SHELL=/bin/bash
SourcePackage: linux-kvm
UpgradeStatus: No upgrade log present (probably fresh install)
description: | updated |
description: | updated |
Changed in linux-kvm (Ubuntu Xenial): | |
assignee: | nobody → Po-Hsu Lin (cypressyew) |
status: | New → Fix Committed |
Changed in linux-kvm (Ubuntu Bionic): | |
status: | In Progress → Fix Committed |
Changed in linux-kvm (Ubuntu): | |
status: | Fix Committed → Fix Released |
4.4 KVM kernel does not have this CONFIG_ MODULE_ UNLOAD enabled as well.