Re: [Kernel-packages] [Bug 1827884] Re: Boot problems after upgrade to kernel 4.15.0-48 (18.04.2LTS/i386)

2019-06-07 Thread Tyler Hicks
On 2019-06-07 17:32:04, Thomas Lenarz wrote: > Boot switch "nopti" solves the problem as well on Asus X51R (Laptop). > However, I think it is not a final solution, cause its Processor Celeron M > 520 is on the vulnerability list. It most definitely isn't a final solution. However, the i386 PTI

Re: [Kernel-packages] [Bug 1827884] Re: Boot problems after upgrade to kernel 4.15.0-48 (18.04.2LTS/i386)

2019-06-07 Thread Tyler Hicks
On 2019-06-07 16:11:07, Brad Evans wrote: > The nopti switch is working for me with 4.15.0-51-generic. > > I think possibly the mitigations=off was not working for me because I > positioned it at the wrong part (the end) of the linux arguments list. The 'mitigations=off' option wasn't working

[Kernel-packages] [Bug 1827884] Re: Boot problems after upgrade to kernel 4.15.0-48 (18.04.2LTS/i386)

2019-06-07 Thread Tyler Hicks
Hello - The 'mitigations=off' option is not the best workaround as it disables all CPU mitigations. Since this bug is about 4.15.0-48.51 and i386 installations, the bug is most likely caused by the addition of Page Table Isolation (PTI) for i386. It landed in the aforementioned kernel release.

Re: [Kernel-packages] [Bug 1829620] Re: intel-microcode on ASUS makes kernel stuck during loading initramfs on bionic-updates, bionic-security

2019-05-22 Thread Tyler Hicks
On 2019-05-22 17:13:02, Mark wrote: > > This may be a bug in how the kernel is loading the microcode > > can you review the liquorix patches? Their kernel boots with said > microcode. I compared the arch/x86/ source code directories in the liquorix and Ubuntu kernels. While there are a large

[Kernel-packages] [Bug 1829620] Re: intel-microcode on ASUS makes kernel stuck during loading initramfs on bionic-updates, bionic-security

2019-05-22 Thread Tyler Hicks
I was able to speak with folks at Intel about this and got some good info from them: * To avoid confusion, we need to be clear that the i7-8565U is a Whiskey Lake processor (*not* a Kaby Lake) -

Re: [Kernel-packages] [Bug 1829620] Re: intel-microcode on ASUS makes kernel stuck during loading initramfs on bionic-updates, bionic-security

2019-05-21 Thread Tyler Hicks
On 2019-05-21 07:14:52, Mark wrote: > Is this two separate bugs? > One that mds=on mitigation fails with the new microcode on any kernel, > the other that microcode in my HW (ASUS, Kaby lake) fails to load on ubuntu > kernels? Possibly but a single bug is sufficient from Ubuntu's standpoint at

Re: [Kernel-packages] [Bug 1829620] Re: intel-microcode on ASUS makes kernel stuck during loading initramfs on bionic-updates, bionic-security

2019-05-21 Thread Tyler Hicks
On 2019-05-21 05:37:09, Mark wrote: > Actually, is the microcode loaded at all? > > # cat /sys/devices/system/cpu/cpu0/microcode/version > cat: /sys/devices/system/cpu/cpu0/microcode/version: No such file or > directory That's odd. Try replacing cpu0 with cpu* to see if a version file exists

Re: [Kernel-packages] [Bug 1829620] Re: intel-microcode on ASUS makes kernel stuck during loading initramfs on bionic-updates, bionic-security

2019-05-20 Thread Tyler Hicks
On 2019-05-21 05:28:18, Mark wrote: > > If that doesn't work, can you try to boot with 'mitigations=off' > > passed on the kernel command line? > > on the other hand, mitigations=off did cut it! > I guess now we're to find which of the mitigations is causing it? Do > you have a hint? Which are

[Kernel-packages] [Bug 1829620] Re: intel-microcode on ASUS makes kernel stuck during loading initramfs on bionic-updates, bionic-security

2019-05-20 Thread Tyler Hicks
Mark, one more request for now. You say that you can boot up a non- Ubuntu kernel with the problematic microcode. Can you boot up one of those kernels and then verify the microcode revision with the following command: $ sudo cat /sys/devices/system/cpu/cpu0/microcode/version Please paste the

[Kernel-packages] [Bug 1829255] Re: Sever performance degradation after updating to 5.0.0-15 due to mds mitigation

2019-05-20 Thread Tyler Hicks
I'll point out that munbi is seeing this hit using the following CPU sig and microcode revision: sig=0x306c3, pf=0x10, revision=0x27 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu.

[Kernel-packages] [Bug 1829255] Re: Sever performance degradation after updating to 5.0.0-15 due to mds mitigation

2019-05-20 Thread Tyler Hicks
Hello and thanks for the bug report. We hate to hear that you're seeing such a performance hit on your application when the MDS mitigations are enabled. Unfortunately, we are simply following Intel's recommendations[1] for mitigating MDS attacks. The kernel changes are relatively simple and the

[Kernel-packages] [Bug 1829620] Re: intel-microcode on ASUS makes kernel stuck during loading initramfs on bionic-updates, bionic-security

2019-05-20 Thread Tyler Hicks
Mark, thanks for all the testing. Unfortunately, I asked Steve to have you try the wrong 'mds=' option. Can you try to boot with the latest Ubuntu kernel, with the problematic microcode, using 'mds=off' on the kernel command line? (Note that it is 'off' instead of 'no') If that doesn't work, can

[Kernel-packages] [Bug 1743792] Re: kernel panic on ioctl(TUNSETIFF) with a dev name with '/'

2019-05-16 Thread Tyler Hicks
For anyone coming here for information on CVE-2018-7191, 0ad646c81b2182f7fa67ec0c8c825e0ee165696d is the fix for the CVE and 5c25f65fd1e42685f7ccd80e0621829c105785d9 is a bugfix for the fix. The other commit mentioned, 93161922c658c714715686cd0cf69b090cb9bf1d, is unrelated to CVE-2018-7191. --

[Kernel-packages] [Bug 1827040] Re: Misbehaviour of iptables 'timestart' parameter in Ubuntu 19.04

2019-05-03 Thread Tyler Hicks
Hello Peret - To test the kernel that I built, you need to install the linux-modules, linux-modules-extra and linux-image-unsigned .deb packages and then reboot. After rebooting, run 'cat /proc/version_signature' and ensure that "lp1827040.1" is included in the output. Then try your iptables

[Kernel-packages] [Bug 1827040] Re: Misbehaviour of iptables 'timestart' parameter in Ubuntu 19.04

2019-05-02 Thread Tyler Hicks
Hi Peret - Thanks for the bug report. I was browsing through the kernel commit log and I think this bug may already be fixed by the following commit: commit 916f6efae62305796e012e7c3a7884a267cbacbf Author: Florian Westphal Date: Wed Apr 17 02:17:23 2019 +0200 netfilter: never get/set

[Kernel-packages] [Bug 1826385] Re: ftrace in ubuntu_kernel_selftests hang with Cosmic kernel

2019-04-25 Thread Tyler Hicks
I was able to verify that deleting ftrace/test.d/kprobe/multiple_kprobes.tc allows the remaining ftrace selftests (from the cosmic kernel tree) to pass. That suggests that the "Register/unregister many kprobe events" (multiple_kprobes.tc) test is the test that puts the system into a bad state. --

[Kernel-packages] [Bug 1801574] Re: [cosmic] ipoib ping with large message size failed

2019-04-18 Thread Tyler Hicks
) and run command [2]. Is there open Launchpad on it? [1] commit 77a24c313d21e3765b04d90521e9228a9bb6e332 Author: Tyler Hicks Date: Fri Aug 3 21:53:15 2018 + Revert "net: increase fragment memory usage limits" This reve

[Kernel-packages] [Bug 1825280] Re: test_520_config_random_trust_cpu in ubuntu_qrt_kernel_security failed with 5.0 kernel

2019-04-18 Thread Tyler Hicks
Bionic linux-hwe-edge 5.0.0-13.14~18.04.1 has this config option set. Rerunning this test against that kernel will result in a passing test. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu.

[Kernel-packages] [Bug 1825280] Re: test_520_config_random_trust_cpu in ubuntu_qrt_kernel_security failed with 5.0 kernel

2019-04-18 Thread Tyler Hicks
This shouldn't be a blocker to release the B-hwe-edge kernel but it is something that we'll want to fix in that kernel's config soon. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1825280

[Kernel-packages] [Bug 1825108] Re: test_260_config_PTI in ubuntu_qrt_kernel_security failed with 4.15 i386

2019-04-17 Thread Tyler Hicks
Fix: https://git.launchpad.net/qa-regression- testing/commit/?id=b5f561affe4eb739c5b01b88569618d59ae6f664 ** Changed in: qa-regression-testing Status: In Progress => Fix Released ** Changed in: ubuntu-kernel-tests Status: New => Fix Released -- You received this bug notification

[Kernel-packages] [Bug 1825108] Re: test_260_config_PTI in ubuntu_qrt_kernel_security failed with 4.15 i386

2019-04-17 Thread Tyler Hicks
** Changed in: qa-regression-testing Status: Triaged => In Progress ** Changed in: qa-regression-testing Importance: Undecided => High -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu.

[Kernel-packages] [Bug 1825108] Re: test_260_config_PTI in ubuntu_qrt_kernel_security failed with 4.15 i386

2019-04-17 Thread Tyler Hicks
New => Triaged ** Changed in: qa-regression-testing Assignee: (unassigned) => Tyler Hicks (tyhicks) -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1825108 Title: test_260_c

[Kernel-packages] [Bug 1824812] Re: apparmor does not start in Disco LXD containers

2019-04-15 Thread Tyler Hicks
When running a test kernel with Christian's patch, the dir-seek test case passes: $ ./dir-seek PASS: orig_count (9) == new_count (9) Unfortunately, I can't be sure that apparmor policy is loaded correctly when creating a new LXD container due to the apparmor portion of this bug report.

[Kernel-packages] [Bug 1824812] Re: apparmor does not start in Disco LXD containers

2019-04-15 Thread Tyler Hicks
I was able to narrow down this apparmor_parser error to shiftfs: AppArmor parser error for /etc/apparmor.d/sbin.dhclient in /etc/apparmor.d/tunables/home at line 25: Could not process include directory '/etc/apparmor.d/tunables/home.d' in 'tunables/home.d' The problem stems from shiftfs not

[Kernel-packages] [Bug 1824812] Re: apparmor does not start in Disco LXD containers

2019-04-15 Thread Tyler Hicks
I noticed that confinement inside of LXD containers works fine when shiftfs is disabled: $ sudo rmmod shiftfs $ sudo mv /lib/modules/5.0.0-11-generic/kernel/fs/shiftfs.ko . $ sudo systemctl restart snap.lxd.daemon $ lxc launch ubuntu-daily:d noshift Creating noshift Starting

[Kernel-packages] [Bug 1824306] Re: test_530_config_binfmt_aout in ubuntu_qrt_kernel_security failed

2019-04-14 Thread Tyler Hicks
** Changed in: qa-regression-testing Assignee: (unassigned) => Tyler Hicks (tyhicks) ** Changed in: ubuntu-kernel-tests Assignee: (unassigned) => Tyler Hicks (tyhicks) -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to

[Kernel-packages] [Bug 1824306] Re: test_530_config_binfmt_aout in ubuntu_qrt_kernel_security failed

2019-04-12 Thread Tyler Hicks
I messed up when writing the test and forgot to consider that CONFIG_BINFMT_AOUT is specific to i386. I've fixed that in QRT: https://git.launchpad.net/qa-regression- testing/commit/?id=6e659984b07987dd24acf5872d408afafbdb6510 I'm going to mark this bug as invalid since those test failures

[Kernel-packages] [Bug 1818552] Re: disable a.out support

2019-04-08 Thread Tyler Hicks
Adjusting the grep a little to focus on Cosmic, Bionic, and Xenial and to only match CONFIG_BINFMT_AOUT, I get this: $ grep -rl BINFMT_AOUT=[ym] {cosmic,bionic,xenial} | grep -v -e lowlatency -e generic xenial/linux-hwe/4.8.0-49.52~16.04.1/armel-config.flavour.omap4

[Kernel-packages] [Bug 1818552] Re: disable a.out support

2019-04-08 Thread Tyler Hicks
Another thing to note is that CONFIG_HAVE_AOUT=y does not indicate that the a.out binfmt handler is enabled but the grep output in the bug description does include those matches. For example, the file xenial /linux-flo/3.4.0-5.23/armhf-config.flavour.flo has these lines: CONFIG_HAVE_AOUT=y #

[Kernel-packages] [Bug 1818552] Re: disable a.out support

2019-04-08 Thread Tyler Hicks
The output from Seth's grep (in the bug description) is a little misleading because the archival of kernel configs on kernel.ubuntu.com is buggy. It is including kernel configs of the generic, lowlatency, etc., kernels in the directories of the derivative kernels. For example, these config files

Re: [Kernel-packages] [Bug 1658219] Re: flock not mediated by 'k'

2019-04-03 Thread Tyler Hicks
On 2019-04-03 03:06:09, thighland wrote: > I encountered this issue on xenial after updating to Azure's 4.15 kernel > for testing. We started encountering an apparmor deny which doesn't > happen on the latest 4.4 kernel. I had missed setting the k flag for a > policy, and everything worked on the

[Kernel-packages] [Bug 1786139] Re: [GLK/CLX] Enhanced IBRS

2019-03-29 Thread Tyler Hicks
Disco is based on a 5.0 upstream kernel so it has enhanced IBRS support. ** Changed in: linux (Ubuntu Disco) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu.

[Kernel-packages] [Bug 1816756] Re: squashfs hardening

2019-03-28 Thread Tyler Hicks
The libreoffice and chromium snaps continued to work just fine after upgrading to the xenial and bionic -proposed kernels that contain the squashfs hardening patches. Verification is complete. ** Tags removed: verification-needed-bionic verification-needed-xenial ** Tags added:

[Kernel-packages] [Bug 1815259] Re: BPF: kernel pointer leak to unprivileged userspace

2019-03-28 Thread Tyler Hicks
The "check subtraction on pointers for unpriv" test from test_verifier succeeds when running under the kernel from bionic-proposed. In fact, all tests in test_verifier pass. Verification is complete. ** Tags removed: verification-needed-bionic ** Tags added: verification-done-bionic -- You

[Kernel-packages] [Bug 1821053] Re: [disco] [5.0.0-7.8] can't mount guest cifs share

2019-03-25 Thread Tyler Hicks
Thanks for all your work on this! I've submitted the fixes to be included in the Disco kernel: https://lists.ubuntu.com/archives/kernel-team/2019-March/099491.html -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu.

[Kernel-packages] [Bug 1821053] Re: [disco] [5.0.0-7.8] can't mount guest cifs share

2019-03-25 Thread Tyler Hicks
** Changed in: linux (Ubuntu) Assignee: (unassigned) => Tyler Hicks (tyhicks) ** Changed in: linux (Ubuntu) Importance: Undecided => High ** Changed in: linux (Ubuntu) Status: Confirmed => In Progress -- You received this bug notification because you are a member

[Kernel-packages] [Bug 1801574] Re: [cosmic] ipoib ping with large message size failed

2019-03-21 Thread Tyler Hicks
) and run command [2]. Is there open Launchpad on it? [1] commit 77a24c313d21e3765b04d90521e9228a9bb6e332 Author: Tyler Hicks Date: Fri Aug 3 21:53:15 2018 + Revert "net: increase fragment memory usage limits" This reve

[Kernel-packages] [Bug 1821053] Re: [disco] [5.0.0-7.8] can't mount guest cifs share

2019-03-21 Thread Tyler Hicks
I built you a another test kernel with that patch here: https://people.canonical.com/~tyhicks/disco-cifs.2/ Thanks for testing! -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1821053

[Kernel-packages] [Bug 1821053] Re: [disco] [5.0.0-7.8] can't mount guest cifs share

2019-03-20 Thread Tyler Hicks
I built you a test kernel with that patch here: https://people.canonical.com/~tyhicks/disco-cifs.1/ Let us know if it fixes the problem. Thanks! ** Changed in: linux (Ubuntu) Status: Incomplete => Confirmed -- You received this bug notification because you are a member of Kernel

[Kernel-packages] [Bug 1818552] Re: disable a.out support

2019-03-12 Thread Tyler Hicks
This thread sheds more light on why it is a good idea to disable a.out support: https://lore.kernel.org/lkml/cag48ez1rvd5mq_pb6eygqesazhpqz765oazysope0kpqfze...@mail.gmail.com/ Specifically, the coredump support is broken/buggy and that's addressed in this patch:

[Kernel-packages] [Bug 1818552] Re: disable a.out support

2019-03-12 Thread Tyler Hicks
** Also affects: linux (Ubuntu Disco) Importance: Undecided Status: Confirmed ** Also affects: linux (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Cosmic)

Re: [Kernel-packages] [Bug 1762672] Re: TPM intermittently fails after cold-boot

2019-02-26 Thread Tyler Hicks
On 2019-02-25 22:44:17, Tony Espy wrote: > So it looks like we landed this just in time for the new SRU cycle, > which means we're looking at a tentative release to proposed on Mar 25. > Does that sound right? Yes, that's correct according to the SRU cycle announcement here:

Re: [Kernel-packages] [Bug 1762672] Re: TPM intermittently fails after cold-boot

2019-02-25 Thread Tyler Hicks
On 2019-02-22 17:02:23, Tony Espy wrote: > Just curious as to why this is now FixCommitted? Has Tyler's back-port > landed in git for the next OEM and/or mainline kernel SRU release? Khaled has applied my backport to the Bionic tree. linux-oem will soon inherit it (within the same SRU cycle). --

[Kernel-packages] [Bug 1816756] Re: squashfs hardening

2019-02-20 Thread Tyler Hicks
Bionic: https://lists.ubuntu.com/archives/kernel-team/2019-February/098532.html Xenial: https://lists.ubuntu.com/archives/kernel-team/2019-February/098538.html ** Also affects: linux (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Xenial) Importance:

[Kernel-packages] [Bug 1816756] [NEW] squashfs hardening

2019-02-20 Thread Tyler Hicks
Public bug reported: [Impact] There are a number of recent squashfs hardening fixes in the upstream kernel. They don't have CVE number assigned but it would be good to backport the fixes to harden our kernel against malicious squashfs images. They would harden Ubuntu kernels against potentially

[Kernel-packages] [Bug 1762672] Re: TPM on Dell XPS 13 stopped working after upgrade to 18.04

2019-02-13 Thread Tyler Hicks
/lp1762672-tpm.1/ Thanks! ** Changed in: linux (Ubuntu) Status: Triaged => Fix Released ** Changed in: linux (Ubuntu Bionic) Status: Triaged => In Progress ** Changed in: linux (Ubuntu Bionic) Assignee: (unassigned) => Tyler Hicks (tyhicks) -- You received this bug not

[Kernel-packages] [Bug 1815259] [NEW] BPF: kernel pointer leak to unprivileged userspace

2019-02-08 Thread Tyler Hicks
n Potential] The change could cause a regression in an unprivileged process that is using eBPF. I suspect that this is unlikely. The alternative is to leave a potential security hole open. ** Affects: linux (Ubuntu) Importance: Medium Assignee: Tyler Hicks (tyhicks) Status: F

[Kernel-packages] [Bug 1652101] Re: Can't create nested AppArmor namespaces

2019-01-16 Thread Tyler Hicks
** Also affects: apparmor Importance: Undecided Status: New ** Changed in: apparmor Status: New => Confirmed ** Changed in: apparmor Importance: Undecided => Medium -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to

[Kernel-packages] [Bug 1811692] Re: udev coldplug will interrupt makedumpfile

2019-01-15 Thread Tyler Hicks
** Also affects: makedumpfile (Ubuntu Disco) Importance: High Assignee: Thadeu Lima de Souza Cascardo (cascardo) Status: In Progress -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to makedumpfile in Ubuntu.

[Kernel-packages] [Bug 1793458] Re: Overlayfs in user namespace leaks directory content of inaccessible directories

2018-11-27 Thread Tyler Hicks
I've verified the fix in 4.18.0-12.13-generic from cosmic-proposed. ** Tags removed: verification-needed-cosmic ** Tags added: verification-done-cosmic -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu.

[Kernel-packages] [Bug 1786139] Re: [GLK/CLX] Enhanced IBRS

2018-11-27 Thread Tyler Hicks
I've verified the [Test Case] for older processors that do not support Enhanced IBRS. I've asked Intel if they'd be able to verify the this fix on the latest processors that support Enhanced IBRS but I don't feel like that should be a blocker. ** Tags removed: verification-needed-bionic

[Kernel-packages] [Bug 1784501] Re: libvirtd is unable to configure bridge devices inside of LXD containers

2018-11-27 Thread Tyler Hicks
I've verified [Test Case] using 4.15.0-42.45-generic. ** Tags removed: verification-needed-bionic ** Tags added: verification-done-bionic -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu.

Re: [Kernel-packages] [Bug 1793458] Re: Overlayfs in user namespace leaks directory content of inaccessible directories

2018-11-19 Thread Tyler Hicks
On 2018-11-19 18:14:43, Philipp Wendler wrote: > I hope that this is all just a misunderstanding and the message does not > apply to security problems. In this case please consider changing the > message or improving the process such that this confusion will be > avoided for future reports. Hi

[Kernel-packages] [Bug 1789161] Re: Bypass of mount visibility through userns + mount propagation

2018-11-12 Thread Tyler Hicks
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1789161 Title: Bypass of mount visibility through userns + mount

[Kernel-packages] [Bug 1801924] Re: CVE-2018-18955: nested user namespaces with more than five extents incorrectly grant privileges over inode

2018-11-12 Thread Tyler Hicks
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1801924 Title: CVE-2018-18955: nested user namespaces with more than

[Kernel-packages] [Bug 1784501] Re: libvirtd is unable to configure bridge devices inside of LXD containers

2018-10-30 Thread Tyler Hicks
Bionic SRU: https://lists.ubuntu.com/archives/kernel- team/2018-October/096335.html -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1784501 Title: libvirtd is unable to configure bridge

[Kernel-packages] [Bug 1784501] Re: libvirtd is unable to configure bridge devices inside of LXD containers

2018-10-30 Thread Tyler Hicks
** Description changed: + [Impact] + libvirtd cannot properly configure the default bridge device when installed inside of unprivileged LXD containers. 'systemctl status libvirtd' shows the following error: - error : virNetDevBridgeSet:140 : Unable to set bridge virbr0 +   error :

[Kernel-packages] [Bug 1784501] Re: libvirtd is unable to configure bridge devices inside of LXD containers

2018-10-30 Thread Tyler Hicks
** Changed in: linux (Ubuntu Bionic) Assignee: (unassigned) => Tyler Hicks (tyhicks) ** Changed in: linux (Ubuntu Bionic) Status: Triaged => In Progress -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu.

[Kernel-packages] [Bug 1798863] Re: 18.10 kernel does not appear to validate kernel module signatures correctly

2018-10-25 Thread Tyler Hicks
I need to make a correction to the last sentence of my last comment. Signature verification is performed but the result is effectively ignored due to the configuration options mentioned earlier in that comment. -- You received this bug notification because you are a member of Kernel Packages,

[Kernel-packages] [Bug 1798863] Re: 18.10 kernel does not appear to validate kernel module signatures correctly

2018-10-25 Thread Tyler Hicks
I've requested a CVE for this issue. I wanted to provide some more context as other Linux distributions will likely be reading this bug report once the CVE assignment occurs. This flaw is introduced by certain configuration options in combination with this out-of-tree patch from the Lockdown

[Kernel-packages] [Bug 1786139] Re: [GLK/CLX] Enhanced IBRS

2018-10-19 Thread Tyler Hicks
** Description changed: Description: + + [Impact] Future Intel CPU's like Cascade Lake and GLK+ support Enhanced IBRS. Enhanced IBRS is a H/W mitigation technique for Spectre V2 bug. So, it's important for us to make sure that all the OSV's are using this feature. The patch that

[Kernel-packages] [Bug 1798897] Re: Linux: insufficient shootdown for paging-structure caches

2018-10-19 Thread Tyler Hicks
** Description changed: https://bugs.chromium.org/p/project-zero/issues/detail?id=1633 + + [Impact] + + Paging structure caches are not always flushed as part of a TLB + shootdown operation on x86. + + [Test Case] + + Ideally, we'd be able to use the test case described in the Project Zero

[Kernel-packages] [Bug 1798897] Re: Linux: insufficient shootdown for paging-structure caches

2018-10-19 Thread Tyler Hicks
This issue is already fixed in the Cosmic kernel (which means that "D" is also fixed). The Bionic kernel needs these patches: db7ddef301128dad394f1c0f77027f86ee9a4edb ("mm: move tlb_table_flush to tlb_flush_mmu_free") a6f572084fbee8b30f91465f4a085d7a90901c57 ("mm/tlb: Remove tlb_remove_table()

[Kernel-packages] [Bug 1798897] [NEW] Linux: insufficient shootdown for paging-structure caches

2018-10-19 Thread Tyler Hicks
Public bug reported: https://bugs.chromium.org/p/project-zero/issues/detail?id=1633 ** Affects: linux (Ubuntu) Importance: High Status: Fix Released ** Affects: linux (Ubuntu Bionic) Importance: High Assignee: Tyler Hicks (tyhicks) Status: In Progress

[Kernel-packages] [Bug 1786139] Re: [GLK/CLX] Enhanced IBRS

2018-10-19 Thread Tyler Hicks
tu Cosmic) Status: Incomplete => In Progress ** Changed in: linux (Ubuntu Dd-series) Status: New => In Progress ** Changed in: linux (Ubuntu Dd-series) Assignee: (unassigned) => Tyler Hicks (tyhicks) ** Changed in: linux (Ubuntu Cosmic) Assignee: (unassigned) =>

[Kernel-packages] [Bug 1786139] Re: [GLK/CLX] Enhanced IBRS

2018-10-19 Thread Tyler Hicks
** Also affects: linux (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1786139 Title: [GLK/CLX] Enhanced IBRS Status in intel:

[Kernel-packages] [Bug 1793458] Re: Overlayfs in user namespace leaks directory content of inaccessible directories

2018-10-19 Thread Tyler Hicks
Dd-series) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Cosmic) Importance: High Assignee: Tyler Hicks (tyhicks) Status: In Progress ** Changed in: linux (Ubuntu Bionic) Status: New => In Progress ** Changed in: linux (Ubuntu Bionic) Importan

[Kernel-packages] [Bug 1793458] Re: Overlayfs in user namespace leaks directory content of inaccessible directories

2018-10-19 Thread Tyler Hicks
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1793458 Title: Overlayfs in user namespace leaks directory content of

Re: [Kernel-packages] [Bug 1788563] Re: L1TF mitigation not effective in some CPU and RAM combinations

2018-09-21 Thread Tyler Hicks
On 2018-09-20 15:38:55, alex wrote: > Do you have any ETA for Xenial fixed release ? The kernels containing this fix are scheduled to be published during the week of October 1st. If you need the fix more quickly, it is possible to use the kernel from xenial-proposed as mentioned in comment 11.

[Kernel-packages] [Bug 1788563] Re: L1TF mitigation not effective in some CPU and RAM combinations

2018-09-14 Thread Tyler Hicks
I've changed the tag from verification-needed-trusty to verified-done- trusty based on comment 15. Thanks for the testing! ** Tags removed: verification-needed-trusty ** Tags added: verification-done-trusty -- You received this bug notification because you are a member of Kernel Packages, which

[Kernel-packages] [Bug 1765653] Re: directory-concurrent.sh.ext4 in ubuntu_ecryptfs failed on Atrful and Bionic ThunderX ARM64

2018-09-14 Thread Tyler Hicks
** Changed in: ecryptfs Assignee: (unassigned) => Tyler Hicks (tyhicks) ** Changed in: ecryptfs Status: New => Triaged -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1

[Kernel-packages] [Bug 1724785] Re: SSD Advisory – Linux Kernel AF_PACKET Use-After-Free

2018-09-12 Thread Tyler Hicks
This bug has been fixed for quite some time: https://usn.ubuntu.com/usn/usn-3485-1 https://usn.ubuntu.com/usn/usn-3485-2 https://usn.ubuntu.com/usn/usn-3487-1 https://usn.ubuntu.com/usn/usn-3485-3 https://usn.ubuntu.com/usn/usn-3754-1 Closing the bug report. ** Changed in: linux (Ubuntu)

[Kernel-packages] [Bug 1787258] Re: 3.13.0-155.205 Kernel Panic - divide by zero

2018-09-12 Thread Tyler Hicks
** Changed in: linux (Ubuntu) Status: Confirmed => Invalid -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1787258 Title: 3.13.0-155.205 Kernel Panic - divide by zero Status in

[Kernel-packages] [Bug 1788563] Re: L1TF mitigation not effective in some CPU and RAM combinations

2018-09-10 Thread Tyler Hicks
** Summary changed: - L1TF mitigation not effective + L1TF mitigation not effective in some CPU and RAM combinations ** Description changed: == SRU Justification == This regression has been reported in multiple bugs and affects Trust, Xenial and Bionic. All releases need different

[Kernel-packages] [Bug 1788563] Re: L1TF mitigation not effective

2018-09-07 Thread Tyler Hicks
I built Xenial and Trusty test kernels with those commits backported: https://people.canonical.com/~tyhicks/lp1788563/xenial/ https://people.canonical.com/~tyhicks/lp1788563/trusty/ Please test the kernels and see if it resolves the bug for you. See the comment above for details on installing

[Kernel-packages] [Bug 1784501] Re: libvirtd is unable to configure bridge devices inside of LXD containers

2018-08-24 Thread Tyler Hicks
@mpontillo would you mind testing with the libvirt that's in the release pocket of Bionic? https://launchpad.net/ubuntu/+source/libvirt/4.0.0-1ubuntu8 That would help tell us if libvirt has had an SRU that changed this behavior in the short time that Bionic has been released. -- You received

[Kernel-packages] [Bug 1784501] Re: libvirtd is unable to configure bridge devices inside of LXD containers

2018-08-23 Thread Tyler Hicks
@mpontillo Bionic has always suffered from this bug. The patch set has only been backport to Cosmic and the fixes have not yet been backported to Bionic. Have you, by chance, recently reconfigured your container to be an unprivileged container when it was previously a privileged container? (I

[Kernel-packages] [Bug 1779923] Re: other users' coredumps can be read via setgid directory and killpriv bypass

2018-08-21 Thread Tyler Hicks
@jannh you can ignore the request in comment #12 to verify the fixes in the -proposed kernels. Thanks again for bringing this to our attention. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu.

[Kernel-packages] [Bug 1779923] Re: other users' coredumps can be read via setgid directory and killpriv bypass

2018-08-21 Thread Tyler Hicks
I've verified the fix by testing the following kernels: 4.17.0-7.8-generic 4.15.0-33.36-generic 4.4.0-134.160-generic 3.13.0-157.207-generic ** Tags removed: verification-needed-bionic verification-needed-trusty verification-needed-xenial ** Tags added: verification-done-bionic

[Kernel-packages] [Bug 1787251] Re: No sound devices after booting 4.15.0-32-generic

2018-08-20 Thread Tyler Hicks
Dean and I decided last week that this is most likely a bug in the unattended-upgrades code. I'm marking the Bionic linux task as invalid since it doesn't look like a bug in the kernel packaging. ** Changed in: linux (Ubuntu Bionic) Status: New => Invalid -- You received this bug

[Kernel-packages] [Bug 1787251] Re: No sound devices after booting 4.15.0-32-generic

2018-08-16 Thread Tyler Hicks
Dean has confirmed that his audio is working fine after installing linux-image-generic, which pulled in linux-modules- extra-4.15.0-32-generic. Therefore, no kernel code changes are required. I also don't believe that it is a kernel packaging bug that caused linux-image-generic and

[Kernel-packages] [Bug 1787251] Re: No sound devices after booting 4.15.0-32-generic

2018-08-16 Thread Tyler Hicks
We were able to determine the cause for the loss of sound while working together in IRC. When unattended-upgrades installed the new kernel, the linux-image-generic and linux-modules-extra-4.15.0-32-generic packages were removed shortly after: Start-Date: 2018-08-15 06:18:14 Commandline:

[Kernel-packages] [Bug 1787251] Re: No sound devices after booting 4.15.0-32-generic

2018-08-15 Thread Tyler Hicks
@Dean I'm still pretty stumped about this bug. Nothing in the changes seem very relevant. Could you attach the files resulting from the following two commands? $ lsinitramfs -l /boot/initrd.img-4.15.0-31-generic > /tmp/lsinitramfs-31.txt $ lsinitramfs -l /boot/initrd.img-4.15.0-32-generic >

[Kernel-packages] [Bug 1787258] Re: 3.13.0-155.205 Kernel Panic - divide by zero

2018-08-15 Thread Tyler Hicks
** Description changed: + [Impact] + + Booting the 3.13.0-155.205 generic kernel on a m3 AWS ec2 instance + results in a kernel panic during boot. + + [Test Case] + + Boot with the 3.13.0-155.205 kernel on an m3 instance and verify that it + panics on boot. + + Boot a patched kernel on an m3

[Kernel-packages] [Bug 1787258] Re: 3.13.0-155.205 Kernel Panic - divide by zero

2018-08-15 Thread Tyler Hicks
Agreed, it is not a dupe of bug #1787127. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1787258 Title: 3.13.0-155.205 Kernel Panic - divide by zero Status in linux package in Ubuntu:

[Kernel-packages] [Bug 1787258] Re: 3.13.0-155.205 Kernel Panic - divide by zero

2018-08-15 Thread Tyler Hicks
*** This bug is a duplicate of bug 1787127 *** https://bugs.launchpad.net/bugs/1787127 In comparing the Xenial and Trusty backports for L1TF, I noticed that Trusty is missing this patch: https://git.kernel.org/linus/56402d63eefe22179f7311a51ff2094731420406 I've cherry-picked the commit

[Kernel-packages] [Bug 1787258] Re: 3.13.0-155.205 Kernel Panic - divide by zero

2018-08-15 Thread Tyler Hicks
*** This bug is a duplicate of bug 1787127 *** https://bugs.launchpad.net/bugs/1787127 ** Changed in: linux (Ubuntu Trusty) Assignee: (unassigned) => Tyler Hicks (tyhicks) -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to li

[Kernel-packages] [Bug 1787251] Re: No sound devices after booting 4.15.0-32-generic

2018-08-15 Thread Tyler Hicks
Cosmic is not currently affected. It hasn't received the changes that were introduced into the 4.15.0-32.35-generic kernel. ** Changed in: linux (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux

[Kernel-packages] [Bug 1787251] Re: No sound devices after booting 4.15.0-32-generic

2018-08-15 Thread Tyler Hicks
tus: Confirmed => New ** Changed in: linux (Ubuntu) Assignee: (unassigned) => Tyler Hicks (tyhicks) ** Also affects: linux (Ubuntu Bionic) Importance: Undecided Status: New ** Changed in: linux (Ubuntu Bionic) Assignee: (unassigned) => Tyler Hicks (tyhicks) ** Chang

[Kernel-packages] [Bug 1787251] Re: No sound devices after booting 4.15.0-32-generic

2018-08-15 Thread Tyler Hicks
I see this change when comparing the CurrentDmesg.txt files: -xhci_hcd :00:14.0: Host supports USB 3.0 SuperSpeed The -32 kernel doesn't emit that message so maybe USB 3.0 isn't working correctly and causes audio devices to not show up? -- You received this bug notification because you

[Kernel-packages] [Bug 1787251] Re: No sound devices after booting 4.15.0-32-generic

2018-08-15 Thread Tyler Hicks
Comparing the AlsaInfo.txt files shows that /proc/asound/* files do not exist when running under the -32 kernel. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1787251 Title: No sound

[Kernel-packages] [Bug 1787246] Re: kernel regression in 3.13.0-155, "java: Corrupted page table..."

2018-08-15 Thread Tyler Hicks
*** This bug is a duplicate of bug 1787127 *** https://bugs.launchpad.net/bugs/1787127 ** This bug has been marked a duplicate of bug 1787127 java Corrupted page table -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in

[Kernel-packages] [Bug 1787191] Re: Crash due to BUG: Bad page map in process X & BUG: Bad rss-counter state X

2018-08-15 Thread Tyler Hicks
*** This bug is a duplicate of bug 1787127 *** https://bugs.launchpad.net/bugs/1787127 ** This bug has been marked a duplicate of bug 1787127 java Corrupted page table -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in

[Kernel-packages] [Bug 1784501] Re: libvirtd is unable to configure bridge devices inside of LXD containers

2018-07-30 Thread Tyler Hicks
Patches submitted for inclusion in Ubuntu Cosmic: https://lists.ubuntu.com/archives/kernel-team/2018-July/094426.html -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1784501 Title:

[Kernel-packages] [Bug 1784501] [NEW] libvirtd is unable to configure bridge devices inside of LXD containers

2018-07-30 Thread Tyler Hicks
(Ubuntu) Importance: Medium Assignee: Tyler Hicks (tyhicks) Status: In Progress -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1784501 Title: libvirtd is unable

[Kernel-packages] [Bug 1783651] Re: Please enable CONFIG_PAGE_POISONING

2018-07-25 Thread Tyler Hicks
I've taken a quick look and I believe that the current upstream code matches Kees' description. Kees didn't mention it but I suspect that he also wants CONFIG_PAGE_POISONING_NO_SANITY to be 'n' where possible when CONFIG_HIBERNATION isn't selected. -- You received this bug notification because

[Kernel-packages] [Bug 1736804] Re: No tcp_keepalive_time in LXD container

2018-07-24 Thread Tyler Hicks
The reporter states in the linuxcontainers.org discussion and in this bug description that he's not using an Ubuntu kernel. This is fixed in Ubuntu 18.04 and will soon be available in Ubuntu 16.04 via the hardware enablement kernel. I'm marking this Xenial task as Won't Fix in regards to its 4.4

[Kernel-packages] [Bug 1736804] Re: No tcp_keepalive_time in LXD container

2018-07-24 Thread Tyler Hicks
The commit mentioned in comment #4 has been upstream since kernel v4.5. Marking the main linux task as fix released. ** Changed in: linux (Ubuntu) Status: Incomplete => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to

[Kernel-packages] [Bug 1779923] Re: other users' coredumps can be read via setgid directory and killpriv bypass

2018-07-16 Thread Tyler Hicks
I don't think the Security or Foundations teams plan to make any changes in Whoopsie so I'm marking these tasks as invalid. ** Changed in: whoopsie (Ubuntu Trusty) Status: New => Invalid ** Changed in: whoopsie (Ubuntu Xenial) Status: New => Invalid ** Changed in: whoopsie (Ubuntu

[Kernel-packages] [Bug 1779923] Re: other users' coredumps can be read via setgid directory and killpriv bypass

2018-07-16 Thread Tyler Hicks
New => In Progress ** Changed in: linux (Ubuntu) Assignee: (unassigned) => Tyler Hicks (tyhicks) ** Also affects: linux (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: whoopsie (Ubuntu Trusty) Importance: Undecided Status: New ** Also affec

  1   2   3   4   >