q-r-t security test wants SCHED_STACK_END_CHECK to be enabled in KVM kernels

Bug #1812159 reported by Po-Hsu Lin on 2019-01-17
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ubuntu-kernel-tests
Undecided
Unassigned
linux-kvm (Ubuntu)
Undecided
Unassigned
Xenial
Undecided
Unassigned
Bionic
Undecided
Unassigned
Cosmic
Undecided
Unassigned

Bug Description

The test_380_config_sched_stack_end_check test failed on the Bionic
KVM kernel

 FAIL: test_380_config_sched_stack_end_check (__main__.KernelSecurityConfigTest)
 Ensure SCHED_STACK_END_CHECK is set
 ----------------------------------------------------------------------
 Traceback (most recent call last):
 File "./test-kernel-security.py", line 2628, in test_380_config_sched_stack_end_check
 self.assertKernelConfig('SCHED_STACK_END_CHECK', expected)
 File "./test-kernel-security.py", line 207, in assertKernelConfig
 self.assertKernelConfigSet(name)
 File "./test-kernel-security.py", line 194, in assertKernelConfigSet
 '%s option was expected to be set in the kernel config' % name)
 AssertionError: SCHED_STACK_END_CHECK option was expected to be set in the kernel config

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: linux-image-4.15.0-1028-kvm 4.15.0-1028.28
ProcVersionSignature: User Name 4.15.0-1028.28-kvm 4.15.18
Uname: Linux 4.15.0-1028-kvm x86_64
ApportVersion: 2.20.9-0ubuntu7.5
Architecture: amd64
Date: Thu Jan 17 06:44:41 2019
SourcePackage: linux-kvm
UpgradeStatus: No upgrade log present (probably fresh install)

Po-Hsu Lin (cypressyew) wrote :
Po-Hsu Lin (cypressyew) wrote :

This option checks for a stack overrun on calls to schedule(). If the stack end location is found to be over written always panic as the content of the corrupted region can no longer be trusted. This is to ensure no erroneous behaviour occurs which could result in data corruption or a sporadic crash at a later stage once the region is examined. The runtime overhead introduced is minimal.

Ref: https://cateee.net/lkddb/web-lkddb/SCHED_STACK_END_CHECK.html

Looks like this is debug related, not sure if we want this on KVM kernels.

This testcase also fails on linux-kvm for Cosmic.

Po-Hsu Lin (cypressyew) wrote :

Found on X-KVM as well.

tags: added: cosmic xenial
summary: - SCHED_STACK_END_CHECK should be enabled in B-kvm
+ q-r-t security test says SCHED_STACK_END_CHECK should be enabled in
+ B-kvm
summary: - q-r-t security test says SCHED_STACK_END_CHECK should be enabled in
- B-kvm
+ q-r-t security test wants SCHED_STACK_END_CHECK to be enabled in KVM
+ kernels
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers