A bug in the pre-release version of efi-lockdown patch* applied to Cosmic and
later kernels improperly results in EPERM failures for some debugfs files.
Fixes: a1ba65da9cea ("UBUNTU: SAUCE: (efi-lockdown) debugfs: Restrict
debugfs when the kernel is locked down")
Upstream's version of this code never introduced the bug, so the fix patch
isn't upstream either.
The fix patch looks correct by inspection.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1807686
Title:
efi-lockdown patch causes -EPERM for some debugfs files even though
CONFIG_LOCK_DOWN_KERNEL is not set
Status in Ubuntu on IBM z Systems:
Triaged
Status in linux package in Ubuntu:
In Progress
Status in linux source package in Cosmic:
In Progress
Status in linux source package in Disco:
In Progress
Bug description:
== Comment: #0 - Dominik Klein <dominik.kl...@de.ibm.com> - 2018-12-10
03:58:10 ==
There seems to be a bug in the efi-lockdown patch as applied on top of
vanilla for Cosmic kernels:
http://kernel.ubuntu.com/git/ubuntu/ubuntu-cosmic.git/commit/fs/debugfs/file.c?id=a1ba65da9ceae481c154bfd1a2c1550e4566d986
Also seems to be present for Disco as of today:
http://kernel.ubuntu.com/git/ubuntu/ubuntu-disco.git/commit/fs/debugfs/file.c?id=a1ba65da9ceae481c154bfd1a2c1550e4566d986
The problem is that part of the patch modifies kernel behavior
independently of CONFIG_LOCK_DOWN_KERNEL being set or not causing
issues on two debugfs files on s390x.
Vasily Gorbik has already analyzed the problem and has posted a proposed fix
here:
https://lkml.org/lkml/2018/11/21/634
https://lkml.org/lkml/2018/11/21/635
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1807686/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
