Ubuntu
linux-kvm package

DEBUG_WX is expected to be unset for X-KVM kernel

Bug #1788338 reported by Po-Hsu Lin
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
QA Regression Testing
Fix Released
Undecided
Unassigned
ubuntu-kernel-tests
Fix Released
Undecided
Unassigned
linux-kvm (Ubuntu)
Invalid
Undecided
Unassigned
Nominated for Xenial by Po-Hsu Lin

Bug Description

It looks like this config is expected to be unset for X-KVM kernel

  FAIL: test_330_config_debug_wx (__main__.KernelSecurityConfigTest)
  Ensure DEBUG_WX is set
  ----------------------------------------------------------------------
  Traceback (most recent call last):
    File "./test-kernel-security.py", line 2546, in test_330_config_debug_wx
      self.assertKernelConfig('DEBUG_WX', expected)
    File "./test-kernel-security.py", line 209, in assertKernelConfig
      self.assertKernelConfigUnset(name)
    File "./test-kernel-security.py", line 200, in assertKernelConfigUnset
      '%s option was expected to be unset in the kernel config' % name)
  AssertionError: DEBUG_WX option was expected to be unset in the kernel config

As in the qrt code:
    def test_330_config_debug_wx(self):
        '''Ensure DEBUG_WX is set'''

        expected = True
        if not (self.dpkg_arch in ['amd64', 'i386', 'arm64']):
            self._skipped("DEBUG_WX is an x86 and arm64 arch feature only")
            expected = False
        elif not self.kernel_at_least('4.13'):
            self._skipped('CONFIG_DEBUG_WX added/enabled in 4.13 and newer')
            expected = False
        self.assertKernelConfig('DEBUG_WX', expected)

However, the upstream commit (e1a58320a38dfa72be48a0f1a3a92273663ba6db) to introduce this config can be found in Xenial kernel as well. Maybe we should consider to change this from the test case.

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: linux-image-4.4.0-1032-kvm 4.4.0-1032.38
ProcVersionSignature: User Name 4.4.0-1032.38-kvm 4.4.140
Uname: Linux 4.4.0-1032-kvm x86_64
ApportVersion: 2.20.1-0ubuntu2.18
Architecture: amd64
Date: Wed Aug 22 04:43:41 2018
SourcePackage: linux-kvm
UpgradeStatus: No upgrade log present (probably fresh install)

Related branches

~cypressyew/qa-regression-testing:330-fix
Ubuntu Security Team: Pending requested
Diff: 122 lines (+58/-22)
3 files modified
scripts/test-kernel-security.py (+2/-2)
scripts/test-openjdk.py (+16/-20)
scripts/test-openjdk11.py (+40/-0)
Revision history for this message
Po-Hsu Lin (cypressyew) wrote :
Revision history for this message
Po-Hsu Lin (cypressyew) wrote :

I have created a MP to change the requirement from 4.13 to 4.4.

Patch tested wit X-kvm kernel, and it can pass as expected.

Revision history for this message
Steve Beattie (sbeattie) wrote :

Hi Po-Hsu,

Thanks, I hadn't realized the DEBUG_WX check had been backported to the 4.4 kernel. The security team will consider whether it should be enabled for the generic kernel in xenial, but for the time being, I've merged your fix into QRT, modifying it to expect DEBUG_WX for only 4.4 linux-kvm kernels, and 4.15+ elsewhere. This was commit https://git.launchpad.net/qa-regression-testing/commit/?id=46cee41c216eb98fd3e802befe856ec4c4123553 .

Thanks!

Changed in qa-regression-testing:
status: New → Fix Released
Changed in linux-kvm (Ubuntu):
status: New → Invalid
Po-Hsu Lin (cypressyew)
Changed in ubuntu-kernel-tests:
status: New → Fix Released
Revision history for this message
Po-Hsu Lin (cypressyew) wrote :

Mark this as fix-released for kernel testing, the test works as expected on both generic / kvm kernel.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.