A bug in the pre-release version of efi-lockdown patch* applied to Cosmic and later kernels improperly results in EPERM failures for some debugfs files.
Fixes: a1ba65da9cea ("UBUNTU: SAUCE: (efi-lockdown) debugfs: Restrict debugfs when the kernel is locked down") Upstream's version of this code never introduced the bug, so the fix patch isn't upstream either. The fix patch looks correct by inspection. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1807686 Title: efi-lockdown patch causes -EPERM for some debugfs files even though CONFIG_LOCK_DOWN_KERNEL is not set Status in Ubuntu on IBM z Systems: Triaged Status in linux package in Ubuntu: In Progress Status in linux source package in Cosmic: In Progress Status in linux source package in Disco: In Progress Bug description: == Comment: #0 - Dominik Klein <dominik.kl...@de.ibm.com> - 2018-12-10 03:58:10 == There seems to be a bug in the efi-lockdown patch as applied on top of vanilla for Cosmic kernels: http://kernel.ubuntu.com/git/ubuntu/ubuntu-cosmic.git/commit/fs/debugfs/file.c?id=a1ba65da9ceae481c154bfd1a2c1550e4566d986 Also seems to be present for Disco as of today: http://kernel.ubuntu.com/git/ubuntu/ubuntu-disco.git/commit/fs/debugfs/file.c?id=a1ba65da9ceae481c154bfd1a2c1550e4566d986 The problem is that part of the patch modifies kernel behavior independently of CONFIG_LOCK_DOWN_KERNEL being set or not causing issues on two debugfs files on s390x. Vasily Gorbik has already analyzed the problem and has posted a proposed fix here: https://lkml.org/lkml/2018/11/21/634 https://lkml.org/lkml/2018/11/21/635 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1807686/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp