test_250_config_security_perf_events_restrict in kernel security test failed with 4.15 KVM kernel
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | ubuntu-kernel-tests |
Undecided
|
Po-Hsu Lin | ||
| | linux-kvm (Ubuntu) |
Undecided
|
Po-Hsu Lin | ||
| | Bionic |
Undecided
|
Unassigned | ||
Bug Description
== Justification ==
In the Bionic KVM kernel, the CONFIG_
CONFIG_
meet the security team's requirement.
== Test ==
Before enabling the config, test case test_190_
test_250_
security testsuite for the kernel SRU regression test.
It will pass with these two patches applied, tested on a KVM node.
== Fix ==
Set CONFIG_
Set CONFIG_
== Regression Potential ==
Minimal.
No code changes, just two config changes without disabling any other configs.
BugLink: https:/
BugLink: https:/
-------
test_250_
FAIL: test_250_
Ensure CONFIG_
-----
Traceback (most recent call last):
File "./test-
self.
AssertionError: True != False
The CONFIG_
$ cat /boot/config-
# CONFIG_
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: linux-image-
ProcVersionSign
Uname: Linux 4.15.0-1008-kvm x86_64
NonfreeKernelMo
ApportVersion: 2.20.9-0ubuntu7
Architecture: amd64
Date: Wed Apr 25 04:41:49 2018
ProcEnviron:
TERM=xterm-
PATH=(custom, no user)
XDG_RUNTIME_
LANG=C.UTF-8
SHELL=/bin/bash
SourcePackage: linux-kvm
UpgradeStatus: No upgrade log present (probably fresh install)
| Po-Hsu Lin (cypressyew) wrote : | #1 |
| Changed in linux-kvm (Ubuntu): | |
| assignee: | nobody → Po-Hsu Lin (cypressyew) |
| Changed in ubuntu-kernel-tests: | |
| assignee: | nobody → Po-Hsu Lin (cypressyew) |
| no longer affects: | qa-regression-testing |
| Changed in ubuntu-kernel-tests: | |
| status: | New → In Progress |
| Changed in linux-kvm (Ubuntu): | |
| status: | New → In Progress |
| description: | updated |
| Changed in linux-kvm (Ubuntu): | |
| status: | In Progress → Fix Committed |
| Changed in ubuntu-kernel-tests: | |
| status: | In Progress → Fix Committed |
| Changed in linux-kvm (Ubuntu Bionic): | |
| status: | New → Fix Committed |
| Changed in ubuntu-kernel-tests: | |
| status: | Fix Committed → Fix Released |
| Launchpad Janitor (janitor) wrote : | #3 |
This bug was fixed in the package linux-kvm - 4.15.0-1016.16
---------------
linux-kvm (4.15.0-1016.16) bionic; urgency=medium
* linux-kvm: 4.15.0-1016.16 -proposed tracker (LP: #1782180)
[ Ubuntu: 4.15.0-29.31 ]
* linux: 4.15.0-29.31 -proposed tracker (LP: #1782173)
* [SRU Bionic][Cosmic] kernel panic in ipmi_ssif at msg_done_handler
(LP: #1777716)
- ipmi_ssif: Fix kernel panic at msg_done_handler
* Update to ocxl driver for 18.04.1 (LP: #1775786)
- misc: ocxl: use put_device() instead of device_unregister()
- powerpc: Add TIDR CPU feature for POWER9
- powerpc: Use TIDR CPU feature to control TIDR allocation
- powerpc: use task_pid_nr() for TID allocation
- ocxl: Rename pnv_ocxl_
- ocxl: Expose the thread_id needed for wait on POWER9
- ocxl: Add an IOCTL so userspace knows what OCXL features are available
- ocxl: Document new OCXL IOCTLs
- ocxl: Fix missing unlock on error in afu_ioctl_
* Critical upstream bugfix missing in Ubuntu 18.04 - frequent Xorg crash after
suspend (LP: #1776887)
- ocxl: Document the OCXL_IOCTL_
* Hard LOCKUP observed on stressing Ubuntu 18 04 (LP: #1777194)
- powerpc: use NMI IPI for smp_send_stop
- powerpc: Fix smp_send_stop NMI IPI handling
* IPL: ppc64_cpu --frequency hang with INFO: rcu_sched detected stalls on
CPUs/tasks on w34 and wsbmc016 with 920.1714.20170330n (LP: #1773964)
- rtc: opal: Fix OPAL RTC driver OPAL_BUSY loops
* [Regression] EXT4-fs error (device sda2): ext4_validate_
comm stress-ng: bg 4705: bad block bitmap checksum (LP: #1781709)
- SAUCE: Revert "UBUNTU: SAUCE: ext4: fix ext4_validate_
stress-ng: Corrupt inode bitmap"
- SAUCE: ext4: check for allocation block validity with block group locked
[ Ubuntu: 4.15.0-28.30 ]
* linux: 4.15.0-28.30 -proposed tracker (LP: #1781433)
* Cannot set MTU higher than 1500 in Xen instance (LP: #1781413)
- xen-netfront: Fix mismatched rtnl_unlock
- xen-netfront: Update features after registering netdev
linux-kvm (4.15.0-1015.15) bionic; urgency=medium
* linux-kvm: 4.15.0-1015.15 -proposed tracker (LP: #1781068)
[ Ubuntu: 4.15.0-27.29 ]
* linux: 4.15.0-27.29 -proposed tracker (LP: #1781062)
* [Regression] EXT4-fs error (device sda1): ext4_validate_
comm stress-ng: Corrupt inode bitmap (LP: #1780137)
- SAUCE: ext4: fix ext4_validate_
bitmap
linux-kvm (4.15.0-1014.14) bionic; urgency=medium
* linux-kvm: 4.15.0-1014.14 -proposed tracker (LP: #1780119)
[ Ubuntu: 4.15.0-26.28 ]
* linux: 4.15.0-26.28 -proposed tracker (LP: #1780112)
* failure to boot with linux-image-
init causes potentially huge boot delays with 4.15 kernels (LP: #1780062)
- random: Make getrandom() ready earlier
linux-kvm (4.15.0-1013.13) bionic; urgency=medium
* linux-kvm: 4.15.0-1013.13 -proposed tracker (LP: #1779363)
* test_190_
kernel (LP: #1766774)
...
| Changed in linux-kvm (Ubuntu Bionic): | |
| status: | Fix Committed → Fix Released |
| Launchpad Janitor (janitor) wrote : | #4 |
This bug was fixed in the package linux-kvm - 4.15.0-1020.20
---------------
linux-kvm (4.15.0-1020.20) bionic; urgency=medium
* linux-kvm: 4.15.0-1020.20 -proposed tracker (LP: #1787158)
* DEBUG_WX is not set in Bionic KVM kernel (LP: #1782721)
- kvm: [Config] enable CONFIG_DEBUG_WX
* test_182_
KVM kernel (LP: #1766777)
- usercopy: Do not select BUG with HARDENED_USERCOPY
- kvm: [Config] Enable CONFIG_
[ Ubuntu: 4.15.0-33.36 ]
* linux: 4.15.0-33.36 -proposed tracker (LP: #1787149)
* RTNL assertion failure on ipvlan (LP: #1776927)
- ipvlan: drop ipv6 dependency
- ipvlan: use per device spinlock to protect addrs list updates
- SAUCE: fix warning from "ipvlan: drop ipv6 dependency"
* ubuntu_bpf_jit test failed on Bionic s390x systems (LP: #1753941)
- test_bpf: flag tests that cannot be jited on s390
* HDMI/DP audio can't work on the laptop of Dell Latitude 5495 (LP: #1782689)
- drm/nouveau: fix nouveau_
- drm/radeon: fix radeon_
- drm/amdgpu: fix amdgpu_
- platform/x86: apple-gmux: fix gmux_get_
- ALSA: hda: use PCI_BASE_
- vga_switcheroo: set audio client id according to bound GPU id
* locking sockets broken due to missing AppArmor socket mediation patches
(LP: #1780227)
- UBUNTU SAUCE: apparmor: fix apparmor mediating locking non-fs, unix sockets
* Update2 for ocxl driver (LP: #1781436)
- ocxl: Fix page fault handler in case of fault on dying process
* netns: unable to follow an interface that moves to another netns
(LP: #1774225)
- net: core: Expose number of link up/down transitions
- dev: always advertise the new nsid when the netns iface changes
- dev: advertise the new ifindex when the netns iface changes
* [Bionic] Disk IO hangs when using BFQ as io scheduler (LP: #1780066)
- block, bfq: fix occurrences of request finish method's old name
- block, bfq: remove batches of confusing ifdefs
- block, bfq: add requeue-request hook
* HP ProBook 455 G5 needs mute-led-gpio fixup (LP: #1781763)
- ALSA: hda: add mute led support for HP ProBook 455 G5
* [Bionic] bug fixes to improve stability of the ThunderX2 i2c driver
(LP: #1781476)
- i2c: xlp9xx: Fix issue seen when updating receive length
- i2c: xlp9xx: Make sure the transfer size is not more than
I2C_
* x86/kvm: fix LAPIC timer drift when guest uses periodic mode (LP: #1778486)
- x86/kvm: fix LAPIC timer drift when guest uses periodic mode
* Please include ax88179_178a and r8152 modules in d-i udeb (LP: #1771823)
- [Config:] d-i: Add ax88179_178a and r8152 to nic-modules
* Nvidia fails after switching its mode (LP: #1778658)
- PCI: Restore config space on runtime resume despite being unbound
* Kernel error "task zfs:pid blocked for more than 120 seconds" (LP: #1781364)
- SAUCE: (noup) zfs to 0.7.5-1ubuntu16.3
* CVE-2018-12232
- PATCH 1/1] socket: cl...
| Changed in linux-kvm (Ubuntu): | |
| status: | Fix Committed → Fix Released |
A test kernel could be found here (along with the patch for bug 1766774:
http://