module intel_sgx appears to be blacklisted by the kernel.

Bug #1862201 reported by Bruce Campbell
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
linux-azure (Ubuntu)
Fix Released
Undecided
Unassigned
Xenial
Fix Released
Undecided
Unassigned
Bionic
Fix Released
Undecided
Marcelo Cerri
Eoan
Fix Released
Undecided
Unassigned
Focal
Fix Released
Undecided
Unassigned

Bug Description

In the linux-0azure kernel 5.0.0.1029 the intel_Sgx driver has become blacklisted. The directories /etc/modlprobe.d and /etc/module_load.d

 systemctl status systemd-modules-load.service

indicates the driver is blacklisted
azureuser@brcamp-oe-ubu2:~/Projects/Azure-Compute-OpenEnclave-SecureRepro$ systemctl status systemd-modules-load.service
● systemd-modules-load.service - Load Kernel Modules
   Loaded: loaded (/lib/systemd/system/systemd-modules-load.service; static; vendor preset: enabled)
   Active: active (exited) since Tue 2020-02-04 19:42:29 UTC; 1 day 20h ago
     Docs: man:systemd-modules-load.service(8)
           man:modules-load.d(5)
  Process: 490 ExecStart=/lib/systemd/systemd-modules-load (code=exited, status=0/SUCCESS)
 Main PID: 490 (code=exited, status=0/SUCCESS)

This is affecting azure customers.

Tags: linux-azure
Revision history for this message
Joshua R. Poulson (jrp) wrote :

Looks like it is blacklisted in /lib/modprobe.d/blacklist_linux-azure_5.0.0-1029-azure.conf

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in linux-azure (Ubuntu):
status: New → Confirmed
Marcelo Cerri (mhcerri)
Changed in linux-azure (Ubuntu Bionic):
status: New → In Progress
assignee: nobody → Marcelo Cerri (mhcerri)
Changed in linux-azure (Ubuntu Eoan):
status: New → In Progress
Changed in linux-azure (Ubuntu Xenial):
status: New → In Progress
Changed in linux-azure (Ubuntu Bionic):
status: In Progress → Fix Committed
Revision history for this message
Marcelo Cerri (mhcerri) wrote :

The fix for bionic:linux-azure is already committed and an official build was already triggered on the Canonical Kernel Team PPA.

An unofficial test build is also available at https://kernel.ubuntu.com/~mhcerri/azure/lp1862201/ (with a tarball with the debian packages available at https://kernel.ubuntu.com/~mhcerri/azure/lp1862201/linux-azure_5.0.0-1031.33_debs.tar.gz).

The solution was to revert the blacklist entry from the current version and divert to another location the .conf files from older kernels that blacklisted sgx. That means means it's necessary to install the new version and manually load the sgx module or reboot the system.

The changes are available at: https://git.launchpad.net/~canonical-kernel/ubuntu/+source/linux-azure/+git/bionic/log/?h=master-next

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-azure - 5.0.0-1031.33

---------------
linux-azure (5.0.0-1031.33) bionic; urgency=medium

  * bionic/linux-azure: 5.0.0-1031.33 -proposed tracker (LP: #1862239)

  * module intel_sgx appears to be blacklisted by the kernel. (LP: #1862201)
    - Revert "UBUNTU: [Packaging] linux-azure: Prevent intel_sgx from being
      automatically loaded"
    - [Packaging] linux-azure: Divert conf files blacklisting intel_sgx

  * Packaging resync (LP: #1786013)
    - [Packaging] update update.conf

 -- Marcelo Henrique Cerri <email address hidden> Thu, 06 Feb 2020 18:41:04 -0300

Changed in linux-azure (Ubuntu Bionic):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-azure - 5.3.0-1012.13

---------------
linux-azure (5.3.0-1012.13) eoan; urgency=medium

  * eoan/linux-azure: 5.3.0-1012.13 -proposed tracker (LP: #1862350)

  * module intel_sgx appears to be blacklisted by the kernel. (LP: #1862201)
    - Revert "UBUNTU: [Packaging] linux-azure: Prevent intel_sgx from being
      automatically loaded"
    - [Packaging] linux-azure: Divert conf files blacklisting intel_sgx

 -- Marcelo Henrique Cerri <email address hidden> Fri, 07 Feb 2020 11:46:51 -0300

Changed in linux-azure (Ubuntu Eoan):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-azure - 4.15.0-1069.74

---------------
linux-azure (4.15.0-1069.74) xenial; urgency=medium

  * xenial/linux-azure: 4.15.0-1069.74 -proposed tracker (LP: #1862355)

  * module intel_sgx appears to be blacklisted by the kernel. (LP: #1862201)
    - Revert "UBUNTU: [Packaging] linux-azure: Prevent intel_sgx from being
      automatically loaded"
    - [Packaging] linux-azure: Divert conf files blacklisting intel_sgx

 -- Marcelo Henrique Cerri <email address hidden> Fri, 07 Feb 2020 13:09:00 -0300

Changed in linux-azure (Ubuntu Xenial):
status: In Progress → Fix Released
Marcelo Cerri (mhcerri)
Changed in linux-azure (Ubuntu Focal):
status: Confirmed → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-azure - 5.4.0-1022.22

---------------
linux-azure (5.4.0-1022.22) focal; urgency=medium

  * focal/linux-azure: 5.4.0-1022.22 -proposed tracker (LP: #1887060)

  [ Ubuntu: 5.4.0-42.46 ]

  * focal/linux: 5.4.0-42.46 -proposed tracker (LP: #1887069)
  * linux 4.15.0-109-generic network DoS regression vs -108 (LP: #1886668)
    - SAUCE: Revert "netprio_cgroup: Fix unlimited memory leak of v2 cgroups"

linux-azure (5.4.0-1021.21) focal; urgency=medium

  * focal/linux-azure: 5.4.0-1021.21 -proposed tracker (LP: #1885845)

  * module intel_sgx appears to be blacklisted by the kernel. (LP: #1862201)
    - Revert "UBUNTU: [Packaging] linux-azure: Prevent intel_sgx from being
      automatically loaded"
    - [Packaging] linux-azure: Divert conf files blacklisting intel_sgx

  * Add XDP support to hv_netvsc driver (LP: #1877654)
    - hv_netvsc: Add XDP support
    - hv_netvsc: Update document for XDP support
    - hv_netvsc: Fix XDP refcnt for synthetic and VF NICs

  * Request to include two NUMA related commits in Azure kernels (LP: #1880975)
    - PCI: hv: Decouple the func definition in hv_dr_state from VSP message
    - PCI: hv: Add support for protocol 1.3 and support PCI_BUS_RELATIONS2

  [ Ubuntu: 5.4.0-41.45 ]

  * focal/linux: 5.4.0-41.45 -proposed tracker (LP: #1885855)
  * Packaging resync (LP: #1786013)
    - update dkms package versions
  * CVE-2019-19642
    - kernel/relay.c: handle alloc_percpu returning NULL in relay_open
  * CVE-2019-16089
    - SAUCE: nbd_genl_status: null check for nla_nest_start
  * CVE-2020-11935
    - aufs: do not call i_readcount_inc()
  * ip_defrag.sh in net from ubuntu_kernel_selftests failed with 5.0 / 5.3 / 5.4
    kernel (LP: #1826848)
    - selftests: net: ip_defrag: ignore EPERM
  * Update lockdown patches (LP: #1884159)
    - SAUCE: acpi: disallow loading configfs acpi tables when locked down
  * seccomp_bpf fails on powerpc (LP: #1885757)
    - SAUCE: selftests/seccomp: fix ptrace tests on powerpc
  * Introduce the new NVIDIA 418-server and 440-server series, and update the
    current NVIDIA drivers (LP: #1881137)
    - [packaging] add signed modules for the 418-server and the 440-server
      flavours

 -- Khalid Elmously <email address hidden> Fri, 10 Jul 2020 01:51:58 -0400

Changed in linux-azure (Ubuntu Focal):
status: Fix Committed → Fix Released
Changed in linux-azure (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.