q-r-t security test wants SCHED_STACK_END_CHECK to be enabled in KVM kernels

Bug #1812159 reported by Po-Hsu Lin on 2019-01-17
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ubuntu-kernel-tests
Undecided
Po-Hsu Lin
linux-kvm (Ubuntu)
Undecided
Po-Hsu Lin
Xenial
Undecided
Po-Hsu Lin
Bionic
Undecided
Po-Hsu Lin
Cosmic
Undecided
Po-Hsu Lin
Disco
Undecided
Po-Hsu Lin

Bug Description

== SRU Justification ==
Security team requires the SCHED_STACK_END_CHECK config to be enabled
on all of our kernel.

The test_380_config_sched_stack_end_check test from q-r-t will fail on all the KVM kernels.

Copied from the config help text:
This option checks for a stack overrun on calls to schedule(). If the
stack end location is found to be over written always panic as the
content of the corrupted region can no longer be trusted. This is to
ensure no erroneous behaviour occurs which could result in data
corruption or a sporadic crash at a later stage once the region is
examined. The runtime overhead introduced is minimal.

== Test ==
Test kernels could be found here:
https://people.canonical.com/~phlin/kernel/lp-1812159-kvm-sched-check/
This issue case be verified with the test_380_config_sched_stack_end_check test from q-r-t, the test will pass with the patched kernel.

== Regression Potential ==
Low, the introduced runtime overhead is minimal, and it's already enabled in the generic kernel.

== Original Bug report ==
The test_380_config_sched_stack_end_check test failed on the Bionic
KVM kernel

 FAIL: test_380_config_sched_stack_end_check (__main__.KernelSecurityConfigTest)
 Ensure SCHED_STACK_END_CHECK is set
 ----------------------------------------------------------------------
 Traceback (most recent call last):
 File "./test-kernel-security.py", line 2628, in test_380_config_sched_stack_end_check
 self.assertKernelConfig('SCHED_STACK_END_CHECK', expected)
 File "./test-kernel-security.py", line 207, in assertKernelConfig
 self.assertKernelConfigSet(name)
 File "./test-kernel-security.py", line 194, in assertKernelConfigSet
 '%s option was expected to be set in the kernel config' % name)
 AssertionError: SCHED_STACK_END_CHECK option was expected to be set in the kernel config

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: linux-image-4.15.0-1028-kvm 4.15.0-1028.28
ProcVersionSignature: User Name 4.15.0-1028.28-kvm 4.15.18
Uname: Linux 4.15.0-1028-kvm x86_64
ApportVersion: 2.20.9-0ubuntu7.5
Architecture: amd64
Date: Thu Jan 17 06:44:41 2019
SourcePackage: linux-kvm
UpgradeStatus: No upgrade log present (probably fresh install)

Po-Hsu Lin (cypressyew) wrote :
Po-Hsu Lin (cypressyew) wrote :

This option checks for a stack overrun on calls to schedule(). If the stack end location is found to be over written always panic as the content of the corrupted region can no longer be trusted. This is to ensure no erroneous behaviour occurs which could result in data corruption or a sporadic crash at a later stage once the region is examined. The runtime overhead introduced is minimal.

Ref: https://cateee.net/lkddb/web-lkddb/SCHED_STACK_END_CHECK.html

Looks like this is debug related, not sure if we want this on KVM kernels.

This testcase also fails on linux-kvm for Cosmic.

Po-Hsu Lin (cypressyew) wrote :

Found on X-KVM as well.

tags: added: cosmic xenial
summary: - SCHED_STACK_END_CHECK should be enabled in B-kvm
+ q-r-t security test says SCHED_STACK_END_CHECK should be enabled in
+ B-kvm
summary: - q-r-t security test says SCHED_STACK_END_CHECK should be enabled in
- B-kvm
+ q-r-t security test wants SCHED_STACK_END_CHECK to be enabled in KVM
+ kernels
Po-Hsu Lin (cypressyew) on 2019-06-06
Changed in ubuntu-kernel-tests:
assignee: nobody → Po-Hsu Lin (cypressyew)
Changed in linux-kvm (Ubuntu):
assignee: nobody → Po-Hsu Lin (cypressyew)
Changed in linux-kvm (Ubuntu Xenial):
assignee: nobody → Po-Hsu Lin (cypressyew)
Changed in linux-kvm (Ubuntu Bionic):
assignee: nobody → Po-Hsu Lin (cypressyew)
Changed in linux-kvm (Ubuntu Cosmic):
assignee: nobody → Po-Hsu Lin (cypressyew)
Changed in linux-kvm (Ubuntu Disco):
assignee: nobody → Po-Hsu Lin (cypressyew)
Changed in linux-kvm (Ubuntu Xenial):
status: New → In Progress
Changed in linux-kvm (Ubuntu Bionic):
status: New → In Progress
Changed in ubuntu-kernel-tests:
status: New → In Progress
Changed in linux-kvm (Ubuntu Cosmic):
status: New → In Progress
Changed in linux-kvm (Ubuntu Disco):
status: New → In Progress
Changed in linux-kvm (Ubuntu):
status: New → In Progress
Po-Hsu Lin (cypressyew) on 2019-06-06
description: updated
Po-Hsu Lin (cypressyew) on 2019-06-06
description: updated
Po-Hsu Lin (cypressyew) on 2019-06-24
tags: added: ubuntu-qrt-kernel-security
tags: added: linux-kvm
Changed in linux-kvm (Ubuntu Xenial):
status: In Progress → Fix Committed
Changed in linux-kvm (Ubuntu Bionic):
status: In Progress → Fix Committed
Changed in linux-kvm (Ubuntu Cosmic):
status: In Progress → Fix Committed
Changed in linux-kvm (Ubuntu Disco):
status: In Progress → Fix Committed
Steve Beattie (sbeattie) wrote :

I can confirm that the SCHED_STACK_END_CHECK config option has been enabled in the linux-kvm kernel 4.4.0-1052.59 for xenial, 4.15.0-1039.39 for bionic, and 5.0.0-1011.12 for disco. Thanks!

tags: added: verification-done-bionic verification-done-disco verification-failed-xenial
tags: added: verification-done-xenial
removed: verification-failed-xenial
Po-Hsu Lin (cypressyew) on 2019-07-19
Changed in ubuntu-kernel-tests:
status: In Progress → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (11.6 KiB)

This bug was fixed in the package linux-kvm - 4.15.0-1039.39

---------------
linux-kvm (4.15.0-1039.39) bionic; urgency=medium

  * linux-kvm: 4.15.0-1039.39 -proposed tracker (LP: #1834940)

  * q-r-t security test wants SCHED_STACK_END_CHECK to be enabled in KVM kernels
    (LP: #1812159)
    - [Config]: enable SCHED_STACK_END_CHECK

  * test_410_config_lock_down_kernel in ubuntu_kernel_security test failed on
    B/C/D KVM (LP: #1811981)
    - [Config]: enable CONFIG_LOCK_DOWN_KERNEL

  [ Ubuntu: 4.15.0-55.60 ]

  * linux: 4.15.0-55.60 -proposed tracker (LP: #1834954)
  * Request backport of ceph commits into bionic (LP: #1834235)
    - ceph: use atomic_t for ceph_inode_info::i_shared_gen
    - ceph: define argument structure for handle_cap_grant
    - ceph: flush pending works before shutdown super
    - ceph: send cap releases more aggressively
    - ceph: single workqueue for inode related works
    - ceph: avoid dereferencing invalid pointer during cached readdir
    - ceph: quota: add initial infrastructure to support cephfs quotas
    - ceph: quota: support for ceph.quota.max_files
    - ceph: quota: don't allow cross-quota renames
    - ceph: fix root quota realm check
    - ceph: quota: support for ceph.quota.max_bytes
    - ceph: quota: update MDS when max_bytes is approaching
    - ceph: quota: add counter for snaprealms with quota
    - ceph: avoid iput_final() while holding mutex or in dispatch thread
  * QCA9377 isn't being recognized sometimes (LP: #1757218)
    - SAUCE: USB: Disable USB2 LPM at shutdown
  * hns: fix ICMP6 neighbor solicitation messages discard problem (LP: #1833140)
    - net: hns: fix ICMP6 neighbor solicitation messages discard problem
    - net: hns: fix unsigned comparison to less than zero
  * Fix occasional boot time crash in hns driver (LP: #1833138)
    - net: hns: Fix probabilistic memory overwrite when HNS driver initialized
  * use-after-free in hns_nic_net_xmit_hw (LP: #1833136)
    - net: hns: fix KASAN: use-after-free in hns_nic_net_xmit_hw()
  * hns: attempt to restart autoneg when disabled should report error
    (LP: #1833147)
    - net: hns: Restart autoneg need return failed when autoneg off
  * systemd 237-3ubuntu10.14 ADT test failure on Bionic ppc64el (test-seccomp)
    (LP: #1821625)
    - powerpc: sys_pkey_alloc() and sys_pkey_free() system calls
    - powerpc: sys_pkey_mprotect() system call
  * [UBUNTU] pkey: Indicate old mkvp only if old and curr. mkvp are different
    (LP: #1832625)
    - pkey: Indicate old mkvp only if old and current mkvp are different
  * [UBUNTU] kernel: Fix gcm-aes-s390 wrong scatter-gather list processing
    (LP: #1832623)
    - s390/crypto: fix gcm-aes-s390 selftest failures
  * System crashes on hot adding a core with drmgr command (4.15.0-48-generic)
    (LP: #1833716)
    - powerpc/numa: improve control of topology updates
    - powerpc/numa: document topology_updates_enabled, disable by default
  * Kernel modules generated incorrectly when system is localized to a non-
    English language (LP: #1828084)
    - scripts: override locale from environment when running recordmcount.pl
  * [UBUNTU] kernel: Fix wrong dispatching for control domain CPRBs
  ...

Changed in linux-kvm (Ubuntu Bionic):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (58.0 KiB)

This bug was fixed in the package linux-kvm - 5.0.0-1011.12

---------------
linux-kvm (5.0.0-1011.12) disco; urgency=medium

  * linux-kvm: 5.0.0-1011.12 -proposed tracker (LP: #1834892)

  * q-r-t security test wants SCHED_STACK_END_CHECK to be enabled in KVM kernels
    (LP: #1812159)
    - [Config]: enable SCHED_STACK_END_CHECK

  * PAGE_POISONING / PAGE_POISONING_NO_SANITY / PAGE_POISONING_ZERO option was
    expected to be set in C-KVM (LP: #1812624)
    - [Config]: enable PAGE_POISONING, PAGE_POISONING_NO_SANITY,
      PAGE_POISONING_ZERO

  * test_410_config_lock_down_kernel in ubuntu_kernel_security test failed on
    B/C/D KVM (LP: #1811981)
    - [Config]: enable CONFIG_LOCK_DOWN_KERNEL

  [ Ubuntu: 5.0.0-21.22 ]

  * linux: 5.0.0-21.22 -proposed tracker (LP: #1834902)
  * Disco update: 5.0.15 upstream stable release (LP: #1834529)
    - net: stmmac: Use bfsize1 in ndesc_init_rx_desc
    - Drivers: hv: vmbus: Remove the undesired put_cpu_ptr() in hv_synic_cleanup()
    - ubsan: Fix nasty -Wbuiltin-declaration-mismatch GCC-9 warnings
    - staging: greybus: power_supply: fix prop-descriptor request size
    - staging: wilc1000: Avoid GFP_KERNEL allocation from atomic context.
    - staging: most: cdev: fix chrdev_region leak in mod_exit
    - staging: most: sound: pass correct device when creating a sound card
    - ASoC: tlv320aic3x: fix reset gpio reference counting
    - ASoC: hdmi-codec: fix S/PDIF DAI
    - ASoC: stm32: sai: fix iec958 controls indexation
    - ASoC: stm32: sai: fix exposed capabilities in spdif mode
    - ASoC: stm32: sai: fix race condition in irq handler
    - ASoC:soc-pcm:fix a codec fixup issue in TDM case
    - ASoC:hdac_hda:use correct format to setup hda codec
    - ASoC:intel:skl:fix a simultaneous playback & capture issue on hda platform
    - ASoC: dpcm: prevent snd_soc_dpcm use after free
    - ASoC: nau8824: fix the issue of the widget with prefix name
    - ASoC: nau8810: fix the issue of widget with prefixed name
    - ASoC: samsung: odroid: Fix clock configuration for 44100 sample rate
    - ASoC: rt5682: Check JD status when system resume
    - ASoC: rt5682: fix jack type detection issue
    - ASoC: rt5682: recording has no sound after booting
    - ASoC: wm_adsp: Add locking to wm_adsp2_bus_error
    - clk: meson-gxbb: round the vdec dividers to closest
    - ASoC: stm32: dfsdm: manage multiple prepare
    - ASoC: stm32: dfsdm: fix debugfs warnings on entry creation
    - ASoC: cs4270: Set auto-increment bit for register writes
    - ASoC: dapm: Fix NULL pointer dereference in snd_soc_dapm_free_kcontrol
    - drm/omap: hdmi4_cec: Fix CEC clock handling for PM
    - IB/hfi1: Clear the IOWAIT pending bits when QP is put into error state
    - IB/hfi1: Eliminate opcode tests on mr deref
    - IB/hfi1: Fix the allocation of RSM table
    - MIPS: KGDB: fix kgdb support for SMP platforms.
    - ASoC: tlv320aic32x4: Fix Common Pins
    - drm/mediatek: Fix an error code in mtk_hdmi_dt_parse_pdata()
    - perf/x86/intel: Fix handling of wakeup_events for multi-entry PEBS
    - perf/x86/intel: Initialize TFA MSR
    - linux/kernel.h: Use parentheses around argument in u64_to_user_ptr()
    - iov_iter: F...

Changed in linux-kvm (Ubuntu Disco):
status: Fix Committed → Fix Released
Changed in linux-kvm (Ubuntu):
status: In Progress → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (30.5 KiB)

This bug was fixed in the package linux-kvm - 4.4.0-1052.59

---------------
linux-kvm (4.4.0-1052.59) xenial; urgency=medium

  * linux-kvm: 4.4.0-1052.59 -proposed tracker (LP: #1834909)

  * Xenial update: 4.4.180 upstream stable release (LP: #1830176)
    - [Config]: enable CONFIG_SCHED_SMT

  * q-r-t security test wants SCHED_STACK_END_CHECK to be enabled in KVM kernels
    (LP: #1812159)
    - [Config]: enable SCHED_STACK_END_CHECK

  [ Ubuntu: 4.4.0-155.182 ]

  * linux: 4.4.0-155.182 -proposed tracker (LP: #1834918)
  * Geneve tunnels don't work when ipv6 is disabled (LP: #1794232)
    - geneve: correctly handle ipv6.disable module parameter
  * Kernel modules generated incorrectly when system is localized to a non-
    English language (LP: #1828084)
    - scripts: override locale from environment when running recordmcount.pl
  * Handle overflow in proc_get_long of sysctl (LP: #1833935)
    - sysctl: handle overflow in proc_get_long
  * Xenial update: 4.4.181 upstream stable release (LP: #1832661)
    - x86/speculation/mds: Revert CPU buffer clear on double fault exit
    - x86/speculation/mds: Improve CPU buffer clear documentation
    - ARM: exynos: Fix a leaked reference by adding missing of_node_put
    - crypto: vmx - fix copy-paste error in CTR mode
    - crypto: crct10dif-generic - fix use via crypto_shash_digest()
    - crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest()
    - ALSA: usb-audio: Fix a memory leak bug
    - ALSA: hda/hdmi - Consider eld_valid when reporting jack event
    - ALSA: hda/realtek - EAPD turn on later
    - ASoC: max98090: Fix restore of DAPM Muxes
    - ASoC: RT5677-SPI: Disable 16Bit SPI Transfers
    - mm/mincore.c: make mincore() more conservative
    - ocfs2: fix ocfs2 read inode data panic in ocfs2_iget
    - mfd: da9063: Fix OTP control register names to match datasheets for
      DA9063/63L
    - tty/vt: fix write/write race in ioctl(KDSKBSENT) handler
    - ext4: actually request zeroing of inode table after grow
    - ext4: fix ext4_show_options for file systems w/o journal
    - Btrfs: do not start a transaction at iterate_extent_inodes()
    - bcache: fix a race between cache register and cacheset unregister
    - bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim()
    - ipmi:ssif: compare block number correctly for multi-part return messages
    - crypto: gcm - Fix error return code in crypto_gcm_create_common()
    - crypto: gcm - fix incompatibility between "gcm" and "gcm_base"
    - crypto: chacha20poly1305 - set cra_name correctly
    - crypto: salsa20 - don't access already-freed walk.iv
    - crypto: arm/aes-neonbs - don't access already-freed walk.iv
    - writeback: synchronize sync(2) against cgroup writeback membership switches
    - fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going
      into workqueue when umount
    - ALSA: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug
    - KVM: x86: Skip EFER vs. guest CPUID checks for host-initiated writes
    - net: avoid weird emergency message
    - net/mlx4_core: Change the error print to info print
    - ppp: deflate: Fix possible crash in deflate_init
    - tipc:...

Changed in linux-kvm (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers