CONFIG_ANDROID_BINDER_IPC=m is missing in the custom rolling kernels

Bug #1849493 reported by Simon Fels on 2019-10-23
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Bionic
Undecided
Unassigned
Disco
Undecided
Unassigned
Eoan
Undecided
Unassigned
linux-azure (Ubuntu)
Undecided
Marcelo Cerri
Bionic
Undecided
Unassigned
Disco
Undecided
Unassigned
Eoan
Undecided
Unassigned
linux-gcp (Ubuntu)
High
Khaled El Mously
Bionic
Undecided
Unassigned
Disco
Undecided
Unassigned
Eoan
Undecided
Unassigned

Bug Description

The rolling GCP kernel for bionic is missing CONFIG_ANDROID_BINDER_IPC=m which is enabled in the standard Ubuntu kernel since 19.04 and available through the HWE kernels in Bionic.

As we require CONFIG_ANDROID_BINDER_IPC=m for a not released product in our kernels it would be great if we can import the relevant config changes to the GCP kernel (haven't yet checked our other cloud kernels).

All relevant changes from Christian Brauner to enable binder in the Ubuntu kernel are present in the GCP kernel (see https://git.launchpad.net/~canonical-kernel/ubuntu/+source/linux-gcp/+git/bionic/log/?h=gcp-edge&qt=grep&q=brauner).

See https://kernel.ubuntu.com/git/ubuntu/ubuntu-bionic.git/commit/debian.master/config/config.common.ubuntu?h=hwe&id=a758aeb0bb0f52ccbee99f850709c57711753b33 and https://kernel.ubuntu.com/git/ubuntu/ubuntu-bionic.git/commit/debian.master/config/config.common.ubuntu?h=hwe&id=4b44b695fb5ee2f405d0ad4eda2fc2cad856414c for the relevant config changes in the Ubuntu kernel from Seth.

Terry Rudd (terrykrudd) on 2019-10-23
Changed in linux (Ubuntu):
importance: Undecided → High
status: New → Confirmed
assignee: nobody → Khaled El Mously (kmously)
Marcelo Cerri (mhcerri) on 2019-10-30
summary: - CONFIG_ANDROID_BINDER_IPC=m is missing in the GCP rolling kernel for
- bionic
+ CONFIG_ANDROID_BINDER_IPC=m is missing in the custom rolling kernels
Changed in linux-azure (Ubuntu):
assignee: nobody → Marcelo Cerri (mhcerri)
Marcelo Cerri (mhcerri) on 2019-10-30
Changed in linux-gcp (Ubuntu):
assignee: nobody → Khaled El Mously (kmously)
importance: Undecided → High
status: New → Confirmed
Changed in linux-azure (Ubuntu):
status: New → Incomplete
no longer affects: linux (Ubuntu)
no longer affects: linux (Ubuntu Bionic)
no longer affects: linux (Ubuntu Disco)
no longer affects: linux (Ubuntu Eoan)
Marcelo Cerri (mhcerri) on 2019-10-30
no longer affects: linux-azure (Ubuntu Bionic)
no longer affects: linux-azure (Ubuntu Disco)
no longer affects: linux-azure (Ubuntu Eoan)
no longer affects: linux-gcp (Ubuntu Bionic)
no longer affects: linux-gcp (Ubuntu Disco)
no longer affects: linux-gcp (Ubuntu Eoan)

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1849493

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Changed in linux (Ubuntu Bionic):
status: New → Incomplete
Changed in linux (Ubuntu Disco):
status: New → Incomplete
Changed in linux (Ubuntu Eoan):
status: New → Incomplete
Launchpad Janitor (janitor) wrote :
Download full text (39.0 KiB)

This bug was fixed in the package linux-gcp - 5.0.0-1025.26

---------------
linux-gcp (5.0.0-1025.26) disco; urgency=medium

  * CVE-2019-11135
    - [Config] gcp: Disable TSX by default when possible

  [ Ubuntu: 5.0.0-35.38 ]

  * [REGRESSION] md/raid0: cannot assemble multi-zone RAID0 with default_layout
    setting (LP: #1849682)
    - SAUCE: Fix revert "md/raid0: avoid RAID0 data corruption due to layout
      confusion."
  * refcount underflow and type confusion in shiftfs (LP: #1850867) // CVE-2019-15793
    - SAUCE: shiftfs: Correct id translation for lower fs operations
    - SAUCE: shiftfs: prevent type confusion
    - SAUCE: shiftfs: Fix refcount underflow in btrfs ioctl handling
  * CVE-2018-12207
    - kvm: Convert kvm_lock to a mutex
    - kvm: x86: Do not release the page inside mmu_set_spte()
    - KVM: x86: make FNAME(fetch) and __direct_map more similar
    - KVM: x86: remove now unneeded hugepage gfn adjustment
    - KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON
    - KVM: x86: add tracepoints around __direct_map and FNAME(fetch)
    - kvm: x86, powerpc: do not allow clearing largepages debugfs entry
    - SAUCE: KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is
      active
    - SAUCE: x86: Add ITLB_MULTIHIT bug infrastructure
    - SAUCE: kvm: mmu: ITLB_MULTIHIT mitigation
    - SAUCE: kvm: Add helper function for creating VM worker threads
    - SAUCE: kvm: x86: mmu: Recovery of shattered NX large pages
    - SAUCE: cpu/speculation: Uninline and export CPU mitigations helpers
    - SAUCE: kvm: x86: mmu: Apply global mitigations knob to ITLB_MULTIHIT
  * CVE-2019-11135
    - KVM: x86: use Intel speculation bugs and features as derived in generic x86
      code
    - x86/msr: Add the IA32_TSX_CTRL MSR
    - x86/cpu: Add a helper function x86_read_arch_cap_msr()
    - x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
    - x86/speculation/taa: Add mitigation for TSX Async Abort
    - x86/speculation/taa: Add sysfs reporting for TSX Async Abort
    - kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
    - x86/tsx: Add "auto" option to the tsx= cmdline parameter
    - x86/speculation/taa: Add documentation for TSX Async Abort
    - x86/tsx: Add config options to set tsx=on|off|auto
    - SAUCE: x86/speculation/taa: Call tsx_init()
    - [Config] Disable TSX by default when possible
  * CVE-2019-0154
    - SAUCE: drm/i915: Lower RM timeout to avoid DSI hard hangs
    - SAUCE: drm/i915/gen8+: Add RC6 CTX corruption WA
  * CVE-2019-0155
    - SAUCE: drm/i915: Rename gen7 cmdparser tables
    - SAUCE: drm/i915: Disable Secure Batches for gen6+
    - SAUCE: drm/i915: Remove Master tables from cmdparser
    - SAUCE: drm/i915: Add support for mandatory cmdparsing
    - SAUCE: drm/i915: Support ro ppgtt mapped cmdparser shadow buffers
    - SAUCE: drm/i915: Allow parsing of unsized batches
    - SAUCE: drm/i915: Add gen9 BCS cmdparsing
    - SAUCE: drm/i915/cmdparser: Use explicit goto for error paths
    - SAUCE: drm/i915/cmdparser: Add support for backward jumps
    - SAUCE: drm/i915/cmdparser: Ignore Length operands during command matching

  [ Ubuntu: 5.0.0-34.36 ]

  * disco/linux:...

Changed in linux-gcp (Ubuntu Disco):
status: New → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (39.1 KiB)

This bug was fixed in the package linux-gcp - 5.0.0-1025.26~18.04.1

---------------
linux-gcp (5.0.0-1025.26~18.04.1) bionic; urgency=medium

  [ Ubuntu: 5.0.0-1025.26 ]

  * CVE-2019-11135
    - [Config] gcp: Disable TSX by default when possible
  * [REGRESSION] md/raid0: cannot assemble multi-zone RAID0 with default_layout
    setting (LP: #1849682)
    - SAUCE: Fix revert "md/raid0: avoid RAID0 data corruption due to layout
      confusion."
  * refcount underflow and type confusion in shiftfs (LP: #1850867) // CVE-2019-15793
    - SAUCE: shiftfs: Correct id translation for lower fs operations
    - SAUCE: shiftfs: prevent type confusion
    - SAUCE: shiftfs: Fix refcount underflow in btrfs ioctl handling
  * CVE-2018-12207
    - kvm: Convert kvm_lock to a mutex
    - kvm: x86: Do not release the page inside mmu_set_spte()
    - KVM: x86: make FNAME(fetch) and __direct_map more similar
    - KVM: x86: remove now unneeded hugepage gfn adjustment
    - KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON
    - KVM: x86: add tracepoints around __direct_map and FNAME(fetch)
    - kvm: x86, powerpc: do not allow clearing largepages debugfs entry
    - SAUCE: KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is
      active
    - SAUCE: x86: Add ITLB_MULTIHIT bug infrastructure
    - SAUCE: kvm: mmu: ITLB_MULTIHIT mitigation
    - SAUCE: kvm: Add helper function for creating VM worker threads
    - SAUCE: kvm: x86: mmu: Recovery of shattered NX large pages
    - SAUCE: cpu/speculation: Uninline and export CPU mitigations helpers
    - SAUCE: kvm: x86: mmu: Apply global mitigations knob to ITLB_MULTIHIT
  * CVE-2019-11135
    - KVM: x86: use Intel speculation bugs and features as derived in generic x86
      code
    - x86/msr: Add the IA32_TSX_CTRL MSR
    - x86/cpu: Add a helper function x86_read_arch_cap_msr()
    - x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
    - x86/speculation/taa: Add mitigation for TSX Async Abort
    - x86/speculation/taa: Add sysfs reporting for TSX Async Abort
    - kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
    - x86/tsx: Add "auto" option to the tsx= cmdline parameter
    - x86/speculation/taa: Add documentation for TSX Async Abort
    - x86/tsx: Add config options to set tsx=on|off|auto
    - SAUCE: x86/speculation/taa: Call tsx_init()
    - [Config] Disable TSX by default when possible
  * CVE-2019-0154
    - SAUCE: drm/i915: Lower RM timeout to avoid DSI hard hangs
    - SAUCE: drm/i915/gen8+: Add RC6 CTX corruption WA
  * CVE-2019-0155
    - SAUCE: drm/i915: Rename gen7 cmdparser tables
    - SAUCE: drm/i915: Disable Secure Batches for gen6+
    - SAUCE: drm/i915: Remove Master tables from cmdparser
    - SAUCE: drm/i915: Add support for mandatory cmdparsing
    - SAUCE: drm/i915: Support ro ppgtt mapped cmdparser shadow buffers
    - SAUCE: drm/i915: Allow parsing of unsized batches
    - SAUCE: drm/i915: Add gen9 BCS cmdparsing
    - SAUCE: drm/i915/cmdparser: Use explicit goto for error paths
    - SAUCE: drm/i915/cmdparser: Add support for backward jumps
    - SAUCE: drm/i915/cmdparser: Ignore Length operands during command matching
  * disco/linux: <version ...

Changed in linux-gcp (Ubuntu Bionic):
status: New → Fix Released
Simon Fels (morphis) wrote :

Just checked on my bionic GCE instance today that the binder driver is now there:

ubuntu@juju-1dfb8c-4:~$ find /lib | grep binder
/lib/modules/5.0.0-1025-gcp/kernel/drivers/android/binder_linux.ko

Thanks!

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers