[Bug 1855338] Re: CONFIG_IO_STRICT_DEVMEM should be enabled
*** This bug is a duplicate of bug 1959384 *** https://bugs.launchpad.net/bugs/1959384 ** This bug has been marked a duplicate of bug 1959384 CONFIG_IO_STRICT_DEVMEM could be enabled -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1855338 Title: CONFIG_IO_STRICT_DEVMEM should be enabled To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1855338/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1855338] Re: CONFIG_IO_STRICT_DEVMEM should be enabled
This bug was fixed in the package linux - 5.8.0-16.17
---
linux (5.8.0-16.17) groovy; urgency=medium
* groovy/linux: 5.8.0-16.17 -proposed tracker (LP: #1891233)
* Miscellaneous Ubuntu changes
- hio -- Update to use bio_{start,end}_io_acct with 5.8+
- Enable hio driver
- [Packaging] Temporarily disable building doc package contents
linux (5.8.0-15.16) groovy; urgency=medium
* groovy/linux: 5.8.0-15.16 -proposed tracker (LP: #1891177)
* Miscellaneous Ubuntu changes
- SAUCE: Documentation: import error c_funcptr_sig_re, c_sig_re (sphinx-
doc/sphinx@0f49e30c)
linux (5.8.0-14.15) groovy; urgency=medium
* groovy/linux: 5.8.0-14.15 -proposed tracker (LP: #1891085)
* Packaging resync (LP: #1786013)
- [Packaging] update helper scripts
* msg_zerocopy.sh in net from ubuntu_kernel_selftests failed (LP: #1812620)
- selftests/net: relax cpu affinity requirement in msg_zerocopy test
* Fix missing HDMI/DP Audio on an HP Desktop (LP: #1890441)
- ALSA: hda/hdmi: Add quirk to force connectivity
* Add initial audio support for Lenovo ThinkStation P620 (LP: #1890317)
- ALSA: usb-audio: Add support for Lenovo ThinkStation P620
* Fix IOMMU error on AMD Radeon Pro W5700 (LP: #1890306)
- PCI: Mark AMD Navi10 GPU rev 0x00 ATS as broken
* Enlarge hisi_sec2 capability (LP: #1890222)
- crypto: hisilicon - update SEC driver module parameter
* Miscellaneous Ubuntu changes
- [Config] Re-enable signing for ppc64el
-- Seth Forshee Tue, 11 Aug 2020 15:32:58
-0500
** Changed in: linux (Ubuntu)
Status: Triaged => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1855338
Title:
CONFIG_IO_STRICT_DEVMEM should be enabled
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1855338/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1855338] Re: CONFIG_IO_STRICT_DEVMEM should be enabled
This change was applied during the Focal development cycle but then reverted pending performance testing results. That performance testing work was never finished and I'm no longer working on this bug. ** Changed in: linux (Ubuntu) Status: Fix Committed => Triaged ** Changed in: linux (Ubuntu) Assignee: Tyler Hicks (tyhicks) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1855338 Title: CONFIG_IO_STRICT_DEVMEM should be enabled To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1855338/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1855338] Re: CONFIG_IO_STRICT_DEVMEM should be enabled
The problem is still there in Ubuntu 20.04/focal: $ grep CONFIG_IO_STRICT_DEVMEM /boot/config-5.* /boot/config-5.4.0-21-generic:# CONFIG_IO_STRICT_DEVMEM is not set /boot/config-5.4.0-21-lowlatency:# CONFIG_IO_STRICT_DEVMEM is not set /boot/config-5.6.3-050603-generic:# CONFIG_IO_STRICT_DEVMEM is not set Committing a fix is good, but releasing it is even better :>. ** Tags added: focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1855338 Title: CONFIG_IO_STRICT_DEVMEM should be enabled To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1855338/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1855338] Re: CONFIG_IO_STRICT_DEVMEM should be enabled
** Changed in: linux (Ubuntu) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1855338 Title: CONFIG_IO_STRICT_DEVMEM should be enabled To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1855338/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1855338] Re: CONFIG_IO_STRICT_DEVMEM should be enabled
** Description changed: - + We should enable CONFIG_IO_STRICT_DEVMEM to restrict userspace access of + active io-memory ranges. + + This could impact kernel debugability. In that case, you may reboot with + iomem=relaxed on the kernel commandline to override this setting. + + + This config option is recommended by the Kernel Self Protection Project[1] and a 2019 study performed by Capsule 8 shows that it is enabled in many other major distro kernels[2]. + + [1] https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings + [2] https://capsule8.com/blog/millions-of-binaries-later-a-look-into-linux-hardening-in-the-wild/ -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1855338 Title: CONFIG_IO_STRICT_DEVMEM should be enabled To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1855338/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
