| 2018-04-02 16:59:11 |
Po-Hsu Lin |
bug |
|
|
added bug |
| 2018-04-02 17:00:32 |
Po-Hsu Lin |
bug task added |
|
qa-regression-testing |
|
| 2018-04-02 17:00:46 |
Po-Hsu Lin |
bug task added |
|
linux (Ubuntu) |
|
| 2018-04-02 17:00:54 |
Po-Hsu Lin |
nominated for series |
|
Ubuntu Xenial |
|
| 2018-04-02 17:30:07 |
Ubuntu Kernel Bot |
linux (Ubuntu): status |
New |
Incomplete |
|
| 2018-04-03 17:00:11 |
Joseph Salisbury |
bug task added |
|
linux (Ubuntu Xenial) |
|
| 2018-04-03 17:00:11 |
Joseph Salisbury |
bug task added |
|
linux-kvm (Ubuntu Xenial) |
|
| 2018-04-17 00:27:23 |
Steve Beattie |
linux-kvm (Ubuntu Xenial): status |
New |
Invalid |
|
| 2018-04-17 00:27:28 |
Steve Beattie |
linux (Ubuntu Xenial): status |
New |
Invalid |
|
| 2018-04-17 00:27:32 |
Steve Beattie |
linux (Ubuntu): status |
Incomplete |
Invalid |
|
| 2018-04-17 00:27:39 |
Steve Beattie |
qa-regression-testing: status |
New |
Fix Released |
|
| 2018-04-17 00:36:27 |
Steve Beattie |
linux-kvm (Ubuntu): status |
New |
Fix Released |
|
| 2018-05-04 06:41:53 |
Po-Hsu Lin |
qa-regression-testing: status |
Fix Released |
Confirmed |
|
| 2018-05-04 19:40:19 |
Steve Beattie |
linux (Ubuntu Xenial): status |
Invalid |
Confirmed |
|
| 2018-05-04 19:40:25 |
Steve Beattie |
qa-regression-testing: status |
Confirmed |
Fix Released |
|
| 2018-05-07 04:32:41 |
Po-Hsu Lin |
linux-kvm (Ubuntu Xenial): status |
Invalid |
In Progress |
|
| 2018-05-07 04:32:46 |
Po-Hsu Lin |
linux-kvm (Ubuntu): status |
Fix Released |
In Progress |
|
| 2018-05-07 04:33:04 |
Po-Hsu Lin |
linux (Ubuntu Xenial): status |
Confirmed |
Invalid |
|
| 2018-05-07 04:33:08 |
Po-Hsu Lin |
linux-kvm (Ubuntu Xenial): assignee |
|
Po-Hsu Lin (cypressyew) |
|
| 2018-05-07 04:34:08 |
Po-Hsu Lin |
linux-kvm (Ubuntu): assignee |
|
Po-Hsu Lin (cypressyew) |
|
| 2018-05-07 06:26:50 |
Po-Hsu Lin |
description |
The test failed with:
FAIL: test_072_config_debug_rodata (__main__.KernelSecurityTest)
CONFIG_DEBUG_RODATA/CONFIG_STRICT_KERNEL_RWX enabled
----------------------------------------------------------------------
Traceback (most recent call last):
File "./test-kernel-security.py", line 642, in test_072_config_debug_rodata
self.assertEqual(self._test_config(option), expected)
AssertionError: False != True
Steps to reproduce:
Deploy the node with Xenial 4.4 kernel, install linux-kvm
sudo apt-get install python-minimal
git clone --depth=1 git://kernel.ubuntu.com/ubuntu/autotest-client-tests -b master-next
git clone --depth=1 git://kernel.ubuntu.com/ubuntu/autotest
rm -fr autotest/client/tests
ln -sf ~/autotest-client-tests autotest/client/tests
AUTOTEST_PATH=/home/ubuntu/autotest sudo -E autotest/client/autotest-local --verbose autotest/client/tests/ubuntu_qrt_kernel_security/control
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: linux-image-4.4.0-1019-kvm 4.4.0-1019.24
ProcVersionSignature: User Name 4.4.0-1019.24-kvm 4.4.98
Uname: Linux 4.4.0-1019-kvm x86_64
NonfreeKernelModules: signpost
ApportVersion: 2.20.1-0ubuntu2.15
Architecture: amd64
Date: Mon Apr 2 16:54:36 2018
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: linux-kvm
UpgradeStatus: No upgrade log present (probably fresh install) |
== Justification ==
In Xenial KVM kernel, the CONFIG_DEBUG_KERNEL is enabled, security team would like to see CONFIG_DEBUG_RODATA to be enabled as well.
In such case, the kernel can pass the test_072_config_debug_rodata check in the qa-regression-testing test uite.
== Test ==
Before enabling the config the test_072_config_debug_rodata test from qa-regression-testing will fail. After that, the test will pass.
A test kernel with CONFIG_DEBUG_RODATA enabled in Xenial KVM could be found here:
http://people.canonical.com/~phlin/kernel/lp-1766832/
== Fix ==
Enable the CONFIG_DEBUG_RODATA.
Some other configs were enabled just for skipping the interaction during the compilation.
== Regression Potential ==
Minimal.
No code changes, just one config enabled without disabling any other configs.
The test failed with:
FAIL: test_072_config_debug_rodata (__main__.KernelSecurityTest)
CONFIG_DEBUG_RODATA/CONFIG_STRICT_KERNEL_RWX enabled
----------------------------------------------------------------------
Traceback (most recent call last):
File "./test-kernel-security.py", line 642, in test_072_config_debug_rodata
self.assertEqual(self._test_config(option), expected)
AssertionError: False != True
Steps to reproduce:
Deploy the node with Xenial 4.4 kernel, install linux-kvm
sudo apt-get install python-minimal
git clone --depth=1 git://kernel.ubuntu.com/ubuntu/autotest-client-tests -b master-next
git clone --depth=1 git://kernel.ubuntu.com/ubuntu/autotest
rm -fr autotest/client/tests
ln -sf ~/autotest-client-tests autotest/client/tests
AUTOTEST_PATH=/home/ubuntu/autotest sudo -E autotest/client/autotest-local --verbose autotest/client/tests/ubuntu_qrt_kernel_security/control
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: linux-image-4.4.0-1019-kvm 4.4.0-1019.24
ProcVersionSignature: User Name 4.4.0-1019.24-kvm 4.4.98
Uname: Linux 4.4.0-1019-kvm x86_64
NonfreeKernelModules: signpost
ApportVersion: 2.20.1-0ubuntu2.15
Architecture: amd64
Date: Mon Apr 2 16:54:36 2018
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: linux-kvm
UpgradeStatus: No upgrade log present (probably fresh install) |
|
| 2018-05-07 07:16:26 |
Po-Hsu Lin |
description |
== Justification ==
In Xenial KVM kernel, the CONFIG_DEBUG_KERNEL is enabled, security team would like to see CONFIG_DEBUG_RODATA to be enabled as well.
In such case, the kernel can pass the test_072_config_debug_rodata check in the qa-regression-testing test uite.
== Test ==
Before enabling the config the test_072_config_debug_rodata test from qa-regression-testing will fail. After that, the test will pass.
A test kernel with CONFIG_DEBUG_RODATA enabled in Xenial KVM could be found here:
http://people.canonical.com/~phlin/kernel/lp-1766832/
== Fix ==
Enable the CONFIG_DEBUG_RODATA.
Some other configs were enabled just for skipping the interaction during the compilation.
== Regression Potential ==
Minimal.
No code changes, just one config enabled without disabling any other configs.
The test failed with:
FAIL: test_072_config_debug_rodata (__main__.KernelSecurityTest)
CONFIG_DEBUG_RODATA/CONFIG_STRICT_KERNEL_RWX enabled
----------------------------------------------------------------------
Traceback (most recent call last):
File "./test-kernel-security.py", line 642, in test_072_config_debug_rodata
self.assertEqual(self._test_config(option), expected)
AssertionError: False != True
Steps to reproduce:
Deploy the node with Xenial 4.4 kernel, install linux-kvm
sudo apt-get install python-minimal
git clone --depth=1 git://kernel.ubuntu.com/ubuntu/autotest-client-tests -b master-next
git clone --depth=1 git://kernel.ubuntu.com/ubuntu/autotest
rm -fr autotest/client/tests
ln -sf ~/autotest-client-tests autotest/client/tests
AUTOTEST_PATH=/home/ubuntu/autotest sudo -E autotest/client/autotest-local --verbose autotest/client/tests/ubuntu_qrt_kernel_security/control
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: linux-image-4.4.0-1019-kvm 4.4.0-1019.24
ProcVersionSignature: User Name 4.4.0-1019.24-kvm 4.4.98
Uname: Linux 4.4.0-1019-kvm x86_64
NonfreeKernelModules: signpost
ApportVersion: 2.20.1-0ubuntu2.15
Architecture: amd64
Date: Mon Apr 2 16:54:36 2018
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: linux-kvm
UpgradeStatus: No upgrade log present (probably fresh install) |
== Justification ==
In Xenial KVM kernel, the CONFIG_DEBUG_KERNEL is enabled, security team would like to see CONFIG_DEBUG_RODATA to be enabled as well.
== Test ==
Before enabling the config the test_072_config_debug_rodata test from qa-regression-testing will fail. After that, the test will pass.
A test kernel with CONFIG_DEBUG_RODATA enabled in Xenial KVM could be found here:
http://people.canonical.com/~phlin/kernel/lp-1766832/
== Fix ==
Enable the CONFIG_DEBUG_RODATA.
Some other configs were enabled just for skipping the interaction during the compilation.
== Regression Potential ==
Minimal.
No code changes, just one config enabled without disabling any other configs.
The test failed with:
FAIL: test_072_config_debug_rodata (__main__.KernelSecurityTest)
CONFIG_DEBUG_RODATA/CONFIG_STRICT_KERNEL_RWX enabled
----------------------------------------------------------------------
Traceback (most recent call last):
File "./test-kernel-security.py", line 642, in test_072_config_debug_rodata
self.assertEqual(self._test_config(option), expected)
AssertionError: False != True
Steps to reproduce:
Deploy the node with Xenial 4.4 kernel, install linux-kvm
sudo apt-get install python-minimal
git clone --depth=1 git://kernel.ubuntu.com/ubuntu/autotest-client-tests -b master-next
git clone --depth=1 git://kernel.ubuntu.com/ubuntu/autotest
rm -fr autotest/client/tests
ln -sf ~/autotest-client-tests autotest/client/tests
AUTOTEST_PATH=/home/ubuntu/autotest sudo -E autotest/client/autotest-local --verbose autotest/client/tests/ubuntu_qrt_kernel_security/control
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: linux-image-4.4.0-1019-kvm 4.4.0-1019.24
ProcVersionSignature: User Name 4.4.0-1019.24-kvm 4.4.98
Uname: Linux 4.4.0-1019-kvm x86_64
NonfreeKernelModules: signpost
ApportVersion: 2.20.1-0ubuntu2.15
Architecture: amd64
Date: Mon Apr 2 16:54:36 2018
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: linux-kvm
UpgradeStatus: No upgrade log present (probably fresh install) |
|
| 2018-05-07 07:17:29 |
Po-Hsu Lin |
description |
== Justification ==
In Xenial KVM kernel, the CONFIG_DEBUG_KERNEL is enabled, security team would like to see CONFIG_DEBUG_RODATA to be enabled as well.
== Test ==
Before enabling the config the test_072_config_debug_rodata test from qa-regression-testing will fail. After that, the test will pass.
A test kernel with CONFIG_DEBUG_RODATA enabled in Xenial KVM could be found here:
http://people.canonical.com/~phlin/kernel/lp-1766832/
== Fix ==
Enable the CONFIG_DEBUG_RODATA.
Some other configs were enabled just for skipping the interaction during the compilation.
== Regression Potential ==
Minimal.
No code changes, just one config enabled without disabling any other configs.
The test failed with:
FAIL: test_072_config_debug_rodata (__main__.KernelSecurityTest)
CONFIG_DEBUG_RODATA/CONFIG_STRICT_KERNEL_RWX enabled
----------------------------------------------------------------------
Traceback (most recent call last):
File "./test-kernel-security.py", line 642, in test_072_config_debug_rodata
self.assertEqual(self._test_config(option), expected)
AssertionError: False != True
Steps to reproduce:
Deploy the node with Xenial 4.4 kernel, install linux-kvm
sudo apt-get install python-minimal
git clone --depth=1 git://kernel.ubuntu.com/ubuntu/autotest-client-tests -b master-next
git clone --depth=1 git://kernel.ubuntu.com/ubuntu/autotest
rm -fr autotest/client/tests
ln -sf ~/autotest-client-tests autotest/client/tests
AUTOTEST_PATH=/home/ubuntu/autotest sudo -E autotest/client/autotest-local --verbose autotest/client/tests/ubuntu_qrt_kernel_security/control
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: linux-image-4.4.0-1019-kvm 4.4.0-1019.24
ProcVersionSignature: User Name 4.4.0-1019.24-kvm 4.4.98
Uname: Linux 4.4.0-1019-kvm x86_64
NonfreeKernelModules: signpost
ApportVersion: 2.20.1-0ubuntu2.15
Architecture: amd64
Date: Mon Apr 2 16:54:36 2018
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: linux-kvm
UpgradeStatus: No upgrade log present (probably fresh install) |
== Justification ==
In Xenial KVM kernel, the CONFIG_DEBUG_KERNEL is enabled, security team would like to see CONFIG_DEBUG_RODATA to be enabled as well.
== Test ==
Before enabling the config the test_072_config_debug_rodata test from qa-regression-testing will fail. After that, the test will pass.
A test kernel with CONFIG_DEBUG_RODATA enabled in Xenial KVM could be found here:
http://people.canonical.com/~phlin/kernel/lp-1760643/
== Fix ==
Enable the CONFIG_DEBUG_RODATA.
Some other configs were enabled just for skipping the interaction during the compilation.
== Regression Potential ==
Minimal.
No code changes, just one config enabled without disabling any other configs.
The test failed with:
FAIL: test_072_config_debug_rodata (__main__.KernelSecurityTest)
CONFIG_DEBUG_RODATA/CONFIG_STRICT_KERNEL_RWX enabled
----------------------------------------------------------------------
Traceback (most recent call last):
File "./test-kernel-security.py", line 642, in test_072_config_debug_rodata
self.assertEqual(self._test_config(option), expected)
AssertionError: False != True
Steps to reproduce:
Deploy the node with Xenial 4.4 kernel, install linux-kvm
sudo apt-get install python-minimal
git clone --depth=1 git://kernel.ubuntu.com/ubuntu/autotest-client-tests -b master-next
git clone --depth=1 git://kernel.ubuntu.com/ubuntu/autotest
rm -fr autotest/client/tests
ln -sf ~/autotest-client-tests autotest/client/tests
AUTOTEST_PATH=/home/ubuntu/autotest sudo -E autotest/client/autotest-local --verbose autotest/client/tests/ubuntu_qrt_kernel_security/control
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: linux-image-4.4.0-1019-kvm 4.4.0-1019.24
ProcVersionSignature: User Name 4.4.0-1019.24-kvm 4.4.98
Uname: Linux 4.4.0-1019-kvm x86_64
NonfreeKernelModules: signpost
ApportVersion: 2.20.1-0ubuntu2.15
Architecture: amd64
Date: Mon Apr 2 16:54:36 2018
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: linux-kvm
UpgradeStatus: No upgrade log present (probably fresh install) |
|
| 2018-05-23 15:10:06 |
Stefan Bader |
linux-kvm (Ubuntu Xenial): status |
In Progress |
Fix Committed |
|
| 2018-06-01 12:02:14 |
Po-Hsu Lin |
bug task added |
|
ubuntu-kernel-tests |
|
| 2018-06-01 12:02:38 |
Po-Hsu Lin |
ubuntu-kernel-tests: assignee |
|
Po-Hsu Lin (cypressyew) |
|
| 2018-06-01 12:02:43 |
Po-Hsu Lin |
ubuntu-kernel-tests: status |
New |
In Progress |
|
| 2018-06-11 15:26:06 |
Launchpad Janitor |
linux-kvm (Ubuntu Xenial): status |
Fix Committed |
Fix Released |
|
| 2018-06-11 15:26:06 |
Launchpad Janitor |
cve linked |
|
2017-5715 |
|
| 2018-06-11 15:26:06 |
Launchpad Janitor |
cve linked |
|
2017-5753 |
|
| 2018-06-11 15:26:06 |
Launchpad Janitor |
cve linked |
|
2018-3639 |
|
| 2018-06-11 15:26:06 |
Launchpad Janitor |
cve linked |
|
2018-8087 |
|
| 2018-06-11 15:26:06 |
Launchpad Janitor |
linux-kvm (Ubuntu Xenial): status |
Fix Committed |
Fix Released |
|
| 2018-06-13 03:03:59 |
Po-Hsu Lin |
ubuntu-kernel-tests: status |
In Progress |
Fix Released |
|
| 2018-06-13 03:04:01 |
Po-Hsu Lin |
linux-kvm (Ubuntu): status |
In Progress |
Fix Released |
|
