linux from security may force reboots without complete dkms modules
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
acpi-call (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned | ||
apt (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
backport-iwlwifi-dkms (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned | ||
bcmwl (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned | ||
dahdi-linux (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned | ||
dkms (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
dm-writeboost (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned | ||
evdi (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned | ||
gost-crypto (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned | ||
iptables-netflow (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned | ||
liblzf (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned | ||
lime-forensics (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned | ||
linux (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
linux-meta (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
lttng-modules (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned | ||
nvidia-graphics-drivers-340 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned | ||
openafs (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned | ||
oss4 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned | ||
r8168 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned | ||
rtl8812au (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned | ||
sysdig (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned | ||
unattended-upgrades (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
update-manager (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
v4l2loopback (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned | ||
virtualbox (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned | ||
virtualbox-hwe (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned | ||
zfs-linux (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Whilst discussing
We have noticed a reference to somebody not having working backport-
However, kernel meta switch was pushed to security pocket, but the dkms modules are all in -updates only.
This may result in people automatically installing the new kernel with unatanded upgrades; dkms modules failing to build; and a reboot required flag left on disk.
At this point launching update manager will not offer to install dkms modules from updates, and will guide the users to reboot..... which will then cause them to boot the new kernel without the dkms modules that might be providing networking for them.
Should dkms modules SRUs always getting published into -security pocket, as well as the -updates pocket?
Should linux maintainer scripts prevent touching reboot required flag if any dkms modules fail to build?
Should apt / unattanded-upgrades / update-manager always update dkms modules with kernels?
Changed in linux (Ubuntu): | |
status: | Incomplete → Confirmed |
Changed in acpi-call (Ubuntu): | |
status: | New → Fix Released |
Changed in backport-iwlwifi-dkms (Ubuntu): | |
status: | New → Fix Released |
Changed in zfs-linux (Ubuntu): | |
status: | New → Fix Released |
Changed in virtualbox-hwe (Ubuntu): | |
status: | New → Fix Released |
Changed in virtualbox (Ubuntu): | |
status: | New → Fix Released |
Changed in v4l2loopback (Ubuntu): | |
status: | New → Fix Released |
Changed in sysdig (Ubuntu): | |
status: | New → Fix Released |
Changed in rtl8812au (Ubuntu): | |
status: | New → Fix Released |
Changed in r8168 (Ubuntu): | |
status: | New → Fix Released |
Changed in oss4 (Ubuntu): | |
status: | New → Fix Released |
Changed in nvidia-graphics-drivers-340 (Ubuntu): | |
status: | New → Fix Released |
Changed in lttng-modules (Ubuntu): | |
status: | New → Fix Released |
Changed in lime-forensics (Ubuntu): | |
status: | New → Fix Released |
Changed in liblzf (Ubuntu): | |
status: | New → Fix Released |
Changed in iptables-netflow (Ubuntu): | |
status: | New → Fix Released |
Changed in gost-crypto (Ubuntu): | |
status: | New → Fix Released |
Changed in evdi (Ubuntu): | |
status: | New → Fix Released |
Changed in dm-writeboost (Ubuntu): | |
status: | New → Fix Released |
Changed in dahdi-linux (Ubuntu): | |
status: | New → Fix Released |
Changed in bcmwl (Ubuntu): | |
status: | New → Fix Released |
tags: |
added: verification-done verification-done-focal removed: verification-needed verification-needed-focal |
Changed in openafs (Ubuntu): | |
status: | New → Confirmed |
I agree this sounds like an undesirable scenario. I think all dkms packages should get built in -security as part of the SRU process to prevent this sort of thing from happening in the future.
Do we do test rebuilds of all the dkms modules before switching the kernel meta package to a new upstream version?