This bug was fixed in the package linux-kvm - 4.15.0-1016.16
---------------
linux-kvm (4.15.0-1016.16) bionic; urgency=medium
* linux-kvm: 4.15.0-1016.16 -proposed tracker (LP: #1782180)
[ Ubuntu: 4.15.0-29.31 ]
* linux: 4.15.0-29.31 -proposed tracker (LP: #1782173)
* [SRU Bionic][Cosmic] kernel panic in ipmi_ssif at msg_done_handler
(LP: #1777716)
- ipmi_ssif: Fix kernel panic at msg_done_handler
* Update to ocxl driver for 18.04.1 (LP: #1775786)
- misc: ocxl: use put_device() instead of device_unregister()
- powerpc: Add TIDR CPU feature for POWER9
- powerpc: Use TIDR CPU feature to control TIDR allocation
- powerpc: use task_pid_nr() for TID allocation
- ocxl: Rename pnv_ocxl_spa_remove_pe to clarify it's action
- ocxl: Expose the thread_id needed for wait on POWER9
- ocxl: Add an IOCTL so userspace knows what OCXL features are available
- ocxl: Document new OCXL IOCTLs
- ocxl: Fix missing unlock on error in afu_ioctl_enable_p9_wait()
* Critical upstream bugfix missing in Ubuntu 18.04 - frequent Xorg crash after
suspend (LP: #1776887)
- ocxl: Document the OCXL_IOCTL_GET_METADATA IOCTL
* Hard LOCKUP observed on stressing Ubuntu 18 04 (LP: #1777194)
- powerpc: use NMI IPI for smp_send_stop
- powerpc: Fix smp_send_stop NMI IPI handling
* IPL: ppc64_cpu --frequency hang with INFO: rcu_sched detected stalls on
CPUs/tasks on w34 and wsbmc016 with 920.1714.20170330n (LP: #1773964)
- rtc: opal: Fix OPAL RTC driver OPAL_BUSY loops
* [Regression] EXT4-fs error (device sda2): ext4_validate_block_bitmap:383:
comm stress-ng: bg 4705: bad block bitmap checksum (LP: #1781709)
- SAUCE: Revert "UBUNTU: SAUCE: ext4: fix ext4_validate_inode_bitmap: comm
stress-ng: Corrupt inode bitmap"
- SAUCE: ext4: check for allocation block validity with block group locked
[ Ubuntu: 4.15.0-28.30 ]
* linux: 4.15.0-28.30 -proposed tracker (LP: #1781433)
* Cannot set MTU higher than 1500 in Xen instance (LP: #1781413)
- xen-netfront: Fix mismatched rtnl_unlock
- xen-netfront: Update features after registering netdev
linux-kvm (4.15.0-1015.15) bionic; urgency=medium
* linux-kvm: 4.15.0-1015.15 -proposed tracker (LP: #1781068)
[ Ubuntu: 4.15.0-27.29 ]
* linux: 4.15.0-27.29 -proposed tracker (LP: #1781062)
* [Regression] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:99:
comm stress-ng: Corrupt inode bitmap (LP: #1780137)
- SAUCE: ext4: fix ext4_validate_inode_bitmap: comm stress-ng: Corrupt inode
bitmap
linux-kvm (4.15.0-1014.14) bionic; urgency=medium
* linux-kvm: 4.15.0-1014.14 -proposed tracker (LP: #1780119)
[ Ubuntu: 4.15.0-26.28 ]
* linux: 4.15.0-26.28 -proposed tracker (LP: #1780112)
* failure to boot with linux-image-4.15.0-24-generic (LP: #1779827) // Cloud-
init causes potentially huge boot delays with 4.15 kernels (LP: #1780062)
- random: Make getrandom() ready earlier
linux-kvm (4.15.0-1013.13) bionic; urgency=medium
* linux-kvm: 4.15.0-1013.13 -proposed tracker (LP: #1779363)
* test_190_config_kernel_fortify in kernel security test failed with 4.15 KVM
kernel (LP: #1766774)
- [Config]: enable CONFIG_FORTIFY_SOURCE
* test_250_config_security_perf_events_restrict in kernel security test failed
with 4.15 KVM kernel (LP: #1766780)
- [Config]: enable CONFIG_SECURITY_PERF_EVENTS_RESTRICT
* kata-containers: enable memory hotplug (LP: #1777127)
- kvm: [Config] Enable memory hotplug
* kata-containers: Cannot open root device "pmem0p1" (LP: #1761854)
- kvm: [Config] Enable ACPI NVDIMM
* kata-containers: netlink protocol not supported (LP: #1761856)
- kvm: [Config] Enable IP set and netfilter
[ Ubuntu: 4.15.0-25.27 ]
* linux: 4.15.0-25.27 -proposed tracker (LP: #1779354)
* hisi_sas_v3_hw: internal task abort: timeout and not done. (LP: #1777736)
- scsi: hisi_sas: Update a couple of register settings for v3 hw
* hisi_sas: Add missing PHY spinlock init (LP: #1777734)
- scsi: hisi_sas: Add missing PHY spinlock init
* hisi_sas: improve read performance by pre-allocating slot DMA buffers
(LP: #1777727)
- scsi: hisi_sas: use dma_zalloc_coherent()
- scsi: hisi_sas: Use dmam_alloc_coherent()
- scsi: hisi_sas: Pre-allocate slot DMA buffers
* hisi_sas: Failures during host reset (LP: #1777696)
- scsi: hisi_sas: Only process broadcast change in phy_bcast_v3_hw()
- scsi: hisi_sas: Fix the conflict between dev gone and host reset
- scsi: hisi_sas: Adjust task reject period during host reset
- scsi: hisi_sas: Add a flag to filter PHY events during reset
- scsi: hisi_sas: Release all remaining resources in clear nexus ha
* Fake SAS addresses for SATA disks on HiSilicon D05 are non-unique
(LP: #1776750)
- scsi: hisi_sas: make SAS address of SATA disks unique
* Vcs-Git header on bionic linux source package points to zesty git tree
(LP: #1766055)
- [Packaging]: Update Vcs-Git
* large KVM instances run out of IRQ routes (LP: #1778261)
- SAUCE: kvm -- increase KVM_MAX_IRQ_ROUTES to 2048 on x86
-- Khalid Elmously <[email protected]> Wed, 18 Jul 2018
02:00:02 +0000
** Changed in: linux-kvm (Ubuntu Bionic)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/1766774
Title:
test_190_config_kernel_fortify in kernel security test failed with
4.15 KVM kernel
Status in ubuntu-kernel-tests:
Fix Committed
Status in linux-kvm package in Ubuntu:
Fix Committed
Status in linux-kvm source package in Bionic:
Fix Released
Bug description:
== Justification ==
In the Bionic KVM kernel, the CONFIG_FORTIFY_SOURCE and
CONFIG_SECURITY_PERF_EVENTS_RESTRICT were not set, they need to be enabled to
meet the security team's requirement.
== Test ==
Before enabling the config, test case test_190_config_kernel_fortify and
test_250_config_security_perf_events_restrict will fail in the kernel
security testsuite for the kernel SRU regression test.
It will pass with these two patches applied, tested on a KVM node.
== Fix ==
Set CONFIG_SECURITY_PERF_EVENTS_RESTRICT to "y".
Set CONFIG_FORTIFY_SOURCE to "y".
== Regression Potential ==
Minimal.
No code changes, just two config changes without disabling any other configs.
BugLink: https://bugs.launchpad.net/bugs/1766780
BugLink: https://bugs.launchpad.net/bugs/1766774
--------------------------------------------------
Test test_190_config_kernel_fortify from the kernel security test suite
failed with 4.15.0-1008 KVM kernel.
======================================================================
FAIL: test_190_config_kernel_fortify (__main__.KernelSecurityTest)
Ensure CONFIG_FORTIFY_SOURCE is set
----------------------------------------------------------------------
Traceback (most recent call last):
File "./test-kernel-security.py", line 2186, in
test_190_config_kernel_fortify
self.assertTrue(self._test_config(config_name))
AssertionError: False is not true
The CONFIG_FORTIFY_SOURCE is not set.
$ cat /boot/config-4.15.0-1008-kvm | grep CONFIG_FORTIFY_SOURCE
# CONFIG_FORTIFY_SOURCE is not set
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: linux-image-4.15.0-1008-kvm 4.15.0-1008.8
ProcVersionSignature: User Name 4.15.0-1008.8-kvm 4.15.17
Uname: Linux 4.15.0-1008-kvm x86_64
NonfreeKernelModules: signpost
ApportVersion: 2.20.9-0ubuntu7
Architecture: amd64
Date: Wed Apr 25 04:28:13 2018
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=C.UTF-8
SHELL=/bin/bash
SourcePackage: linux-kvm
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1766774/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
