Ubuntu
linux package

test_260_config_PTI in ubuntu_qrt_kernel_security failed with 4.15 i386

Bug #1825108 reported by Po-Hsu Lin
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
QA Regression Testing
Fix Released
High
Tyler Hicks
ubuntu-kernel-tests
Fix Released
Undecided
Unassigned
linux (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

Test failed with 4.15 i386 kernel, didn't see this on other arches

FAIL: test_260_config_PTI (__main__.KernelSecurityConfigTest)
Ensure kernel page table isolation is set appropriately
----------------------------------------------------------------------
Traceback (most recent call last):
  File "./test-kernel-security.py", line 2566, in test_260_config_PTI
    self.assertKernelConfig('PAGE_TABLE_ISOLATION', expected)
  File "./test-kernel-security.py", line 210, in assertKernelConfig
    self.assertKernelConfigUnset(name)
  File "./test-kernel-security.py", line 201, in assertKernelConfigUnset
    '%s option was expected to be unset in the kernel config' % name)
AssertionError: PAGE_TABLE_ISOLATION option was expected to be unset in the kernel config

CVE References

Revision history for this message
Po-Hsu Lin (cypressyew) wrote :

    def test_260_config_PTI(self):
        '''Ensure kernel page table isolation is set appropriately'''

        expected = True
        archs = ['amd64']
        if self.kernel_at_least('4.19'):
            archs += ['i386']
        if self.dpkg_arch not in archs:
            self._skipped("KPTI only in amd64 and i386 (4.19 and later)")
            expected = False
        self.assertKernelConfig('PAGE_TABLE_ISOLATION', expected)

The last change to this test seems to be in Jan. this year.

Revision history for this message
Po-Hsu Lin (cypressyew) wrote :

I think this has something to do with the recent change patch for CVE:
    [SRU][Bionic][PULL] Fix for CVE-2017-5754 (i386)

Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1825108

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Revision history for this message
Tyler Hicks (tyhicks) wrote :

QRT does need to be updated now that Bionic has received the CVE-2017-5754 mitigations for i386. I can update QRT.

(There is no kernel bug to fix from this failure)

Changed in linux (Ubuntu):
status: Incomplete → Invalid
Changed in qa-regression-testing:
status: New → Triaged
assignee: nobody → Tyler Hicks (tyhicks)
Tyler Hicks (tyhicks)
Changed in qa-regression-testing:
status: Triaged → In Progress
importance: Undecided → High
Revision history for this message
Tyler Hicks (tyhicks) wrote :

Fix: https://git.launchpad.net/qa-regression-testing/commit/?id=b5f561affe4eb739c5b01b88569618d59ae6f664

Changed in qa-regression-testing:
assignee: Tyler Hicks (tyhicks) → nobody
status: In Progress → Fix Released
Changed in ubuntu-kernel-tests:
status: New → Fix Released
Changed in qa-regression-testing:
assignee: nobody → Tyler Hicks (tyhicks)
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.