[Kernel-packages] [Bug 1766780] Re: test_250_config_security_perf_events_restrict in kernel security test failed with 4.15 KVM kernel
This bug was fixed in the package linux-kvm - 4.15.0-1020.20 --- linux-kvm (4.15.0-1020.20) bionic; urgency=medium * linux-kvm: 4.15.0-1020.20 -proposed tracker (LP: #1787158) * DEBUG_WX is not set in Bionic KVM kernel (LP: #1782721) - kvm: [Config] enable CONFIG_DEBUG_WX * test_182_config_hardened_usercopy in kernel security test failed with 4.15 KVM kernel (LP: #1766777) - usercopy: Do not select BUG with HARDENED_USERCOPY - kvm: [Config] Enable CONFIG_HARDENED_USERCOPY [ Ubuntu: 4.15.0-33.36 ] * linux: 4.15.0-33.36 -proposed tracker (LP: #1787149) * RTNL assertion failure on ipvlan (LP: #1776927) - ipvlan: drop ipv6 dependency - ipvlan: use per device spinlock to protect addrs list updates - SAUCE: fix warning from "ipvlan: drop ipv6 dependency" * ubuntu_bpf_jit test failed on Bionic s390x systems (LP: #1753941) - test_bpf: flag tests that cannot be jited on s390 * HDMI/DP audio can't work on the laptop of Dell Latitude 5495 (LP: #1782689) - drm/nouveau: fix nouveau_dsm_get_client_id()'s return type - drm/radeon: fix radeon_atpx_get_client_id()'s return type - drm/amdgpu: fix amdgpu_atpx_get_client_id()'s return type - platform/x86: apple-gmux: fix gmux_get_client_id()'s return type - ALSA: hda: use PCI_BASE_CLASS_DISPLAY to replace PCI_CLASS_DISPLAY_VGA - vga_switcheroo: set audio client id according to bound GPU id * locking sockets broken due to missing AppArmor socket mediation patches (LP: #1780227) - UBUNTU SAUCE: apparmor: fix apparmor mediating locking non-fs, unix sockets * Update2 for ocxl driver (LP: #1781436) - ocxl: Fix page fault handler in case of fault on dying process * netns: unable to follow an interface that moves to another netns (LP: #1774225) - net: core: Expose number of link up/down transitions - dev: always advertise the new nsid when the netns iface changes - dev: advertise the new ifindex when the netns iface changes * [Bionic] Disk IO hangs when using BFQ as io scheduler (LP: #1780066) - block, bfq: fix occurrences of request finish method's old name - block, bfq: remove batches of confusing ifdefs - block, bfq: add requeue-request hook * HP ProBook 455 G5 needs mute-led-gpio fixup (LP: #1781763) - ALSA: hda: add mute led support for HP ProBook 455 G5 * [Bionic] bug fixes to improve stability of the ThunderX2 i2c driver (LP: #1781476) - i2c: xlp9xx: Fix issue seen when updating receive length - i2c: xlp9xx: Make sure the transfer size is not more than I2C_SMBUS_BLOCK_SIZE * x86/kvm: fix LAPIC timer drift when guest uses periodic mode (LP: #1778486) - x86/kvm: fix LAPIC timer drift when guest uses periodic mode * Please include ax88179_178a and r8152 modules in d-i udeb (LP: #1771823) - [Config:] d-i: Add ax88179_178a and r8152 to nic-modules * Nvidia fails after switching its mode (LP: #1778658) - PCI: Restore config space on runtime resume despite being unbound * Kernel error "task zfs:pid blocked for more than 120 seconds" (LP: #1781364) - SAUCE: (noup) zfs to 0.7.5-1ubuntu16.3 * CVE-2018-12232 - PATCH 1/1] socket: close race condition between sock_close() and sockfs_setattr() * CVE-2018-10323 - xfs: set format back to extents if xfs_bmap_extents_to_btree * change front mic location for more lenovo m7/8/9xx machines (LP: #1781316) - ALSA: hda/realtek - Fix the problem of two front mics on more machines - ALSA: hda/realtek - two more lenovo models need fixup of MIC_LOCATION * Cephfs + fscache: unable to handle kernel NULL pointer dereference at IP: jbd2__journal_start+0x22/0x1f0 (LP: #1783246) - ceph: track read contexts in ceph_file_info * Touchpad of ThinkPad P52 failed to work with message "lost sync at byte" (LP: #1779802) - Input: elantech - fix V4 report decoding for module with middle key - Input: elantech - enable middle button of touchpads on ThinkPad P52 * xhci_hcd :00:14.0: Root hub is not suspended (LP: #1779823) - usb: xhci: dbc: Fix lockdep warning - usb: xhci: dbc: Don't decrement runtime PM counter if DBC is not started * CVE-2018-13406 - video: uvesafb: Fix integer overflow in allocation * CVE-2018-10840 - ext4: correctly handle a zero-length xattr with a non-zero e_value_offs * CVE-2018-11412 - ext4: do not allow external inodes for inline data * CVE-2018-10881 - ext4: clear i_data in ext4_inode_info when removing inline data * CVE-2018-12233 - jfs: Fix inconsistency between memory allocation and ea_buf->max_size * CVE-2018-12904 - kvm: nVMX: Enforce cpl=0 for VMX instructions * Error parsing PCC subspaces from PCCT (LP: #1528684) - mailbox: PCC: erroneous error message when parsing ACPI PCCT * CVE-2018-13094 - xfs: don't call xfs_da_shrink_inode with NULL bp * other users' coredumps can be read via setgid directory and killpriv bypass
[Kernel-packages] [Bug 1766780] Re: test_250_config_security_perf_events_restrict in kernel security test failed with 4.15 KVM kernel
This bug was fixed in the package linux-kvm - 4.15.0-1016.16 --- linux-kvm (4.15.0-1016.16) bionic; urgency=medium * linux-kvm: 4.15.0-1016.16 -proposed tracker (LP: #1782180) [ Ubuntu: 4.15.0-29.31 ] * linux: 4.15.0-29.31 -proposed tracker (LP: #1782173) * [SRU Bionic][Cosmic] kernel panic in ipmi_ssif at msg_done_handler (LP: #116) - ipmi_ssif: Fix kernel panic at msg_done_handler * Update to ocxl driver for 18.04.1 (LP: #1775786) - misc: ocxl: use put_device() instead of device_unregister() - powerpc: Add TIDR CPU feature for POWER9 - powerpc: Use TIDR CPU feature to control TIDR allocation - powerpc: use task_pid_nr() for TID allocation - ocxl: Rename pnv_ocxl_spa_remove_pe to clarify it's action - ocxl: Expose the thread_id needed for wait on POWER9 - ocxl: Add an IOCTL so userspace knows what OCXL features are available - ocxl: Document new OCXL IOCTLs - ocxl: Fix missing unlock on error in afu_ioctl_enable_p9_wait() * Critical upstream bugfix missing in Ubuntu 18.04 - frequent Xorg crash after suspend (LP: #1776887) - ocxl: Document the OCXL_IOCTL_GET_METADATA IOCTL * Hard LOCKUP observed on stressing Ubuntu 18 04 (LP: #1777194) - powerpc: use NMI IPI for smp_send_stop - powerpc: Fix smp_send_stop NMI IPI handling * IPL: ppc64_cpu --frequency hang with INFO: rcu_sched detected stalls on CPUs/tasks on w34 and wsbmc016 with 920.1714.20170330n (LP: #1773964) - rtc: opal: Fix OPAL RTC driver OPAL_BUSY loops * [Regression] EXT4-fs error (device sda2): ext4_validate_block_bitmap:383: comm stress-ng: bg 4705: bad block bitmap checksum (LP: #1781709) - SAUCE: Revert "UBUNTU: SAUCE: ext4: fix ext4_validate_inode_bitmap: comm stress-ng: Corrupt inode bitmap" - SAUCE: ext4: check for allocation block validity with block group locked [ Ubuntu: 4.15.0-28.30 ] * linux: 4.15.0-28.30 -proposed tracker (LP: #1781433) * Cannot set MTU higher than 1500 in Xen instance (LP: #1781413) - xen-netfront: Fix mismatched rtnl_unlock - xen-netfront: Update features after registering netdev linux-kvm (4.15.0-1015.15) bionic; urgency=medium * linux-kvm: 4.15.0-1015.15 -proposed tracker (LP: #1781068) [ Ubuntu: 4.15.0-27.29 ] * linux: 4.15.0-27.29 -proposed tracker (LP: #1781062) * [Regression] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:99: comm stress-ng: Corrupt inode bitmap (LP: #1780137) - SAUCE: ext4: fix ext4_validate_inode_bitmap: comm stress-ng: Corrupt inode bitmap linux-kvm (4.15.0-1014.14) bionic; urgency=medium * linux-kvm: 4.15.0-1014.14 -proposed tracker (LP: #1780119) [ Ubuntu: 4.15.0-26.28 ] * linux: 4.15.0-26.28 -proposed tracker (LP: #1780112) * failure to boot with linux-image-4.15.0-24-generic (LP: #1779827) // Cloud- init causes potentially huge boot delays with 4.15 kernels (LP: #1780062) - random: Make getrandom() ready earlier linux-kvm (4.15.0-1013.13) bionic; urgency=medium * linux-kvm: 4.15.0-1013.13 -proposed tracker (LP: #1779363) * test_190_config_kernel_fortify in kernel security test failed with 4.15 KVM kernel (LP: #1766774) - [Config]: enable CONFIG_FORTIFY_SOURCE * test_250_config_security_perf_events_restrict in kernel security test failed with 4.15 KVM kernel (LP: #1766780) - [Config]: enable CONFIG_SECURITY_PERF_EVENTS_RESTRICT * kata-containers: enable memory hotplug (LP: #1777127) - kvm: [Config] Enable memory hotplug * kata-containers: Cannot open root device "pmem0p1" (LP: #1761854) - kvm: [Config] Enable ACPI NVDIMM * kata-containers: netlink protocol not supported (LP: #1761856) - kvm: [Config] Enable IP set and netfilter [ Ubuntu: 4.15.0-25.27 ] * linux: 4.15.0-25.27 -proposed tracker (LP: #1779354) * hisi_sas_v3_hw: internal task abort: timeout and not done. (LP: #136) - scsi: hisi_sas: Update a couple of register settings for v3 hw * hisi_sas: Add missing PHY spinlock init (LP: #134) - scsi: hisi_sas: Add missing PHY spinlock init * hisi_sas: improve read performance by pre-allocating slot DMA buffers (LP: #127) - scsi: hisi_sas: use dma_zalloc_coherent() - scsi: hisi_sas: Use dmam_alloc_coherent() - scsi: hisi_sas: Pre-allocate slot DMA buffers * hisi_sas: Failures during host reset (LP: #1777696) - scsi: hisi_sas: Only process broadcast change in phy_bcast_v3_hw() - scsi: hisi_sas: Fix the conflict between dev gone and host reset - scsi: hisi_sas: Adjust task reject period during host reset - scsi: hisi_sas: Add a flag to filter PHY events during reset - scsi: hisi_sas: Release all remaining resources in clear nexus ha * Fake SAS addresses for SATA disks on HiSilicon D05 are non-unique (LP: #1776750) - scsi: hisi_sas: make SAS address of SATA disks unique * Vcs-Git header on bionic linux source package points to zesty git tree (LP: #1766055) -
[Kernel-packages] [Bug 1766780] Re: test_250_config_security_perf_events_restrict in kernel security test failed with 4.15 KVM kernel
** Changed in: ubuntu-kernel-tests Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-kvm in Ubuntu. https://bugs.launchpad.net/bugs/1766780 Title: test_250_config_security_perf_events_restrict in kernel security test failed with 4.15 KVM kernel Status in ubuntu-kernel-tests: Fix Released Status in linux-kvm package in Ubuntu: Fix Committed Status in linux-kvm source package in Bionic: Fix Committed Bug description: == Justification == In the Bionic KVM kernel, the CONFIG_FORTIFY_SOURCE and CONFIG_SECURITY_PERF_EVENTS_RESTRICT were not set, they need to be enabled to meet the security team's requirement. == Test == Before enabling the config, test case test_190_config_kernel_fortify and test_250_config_security_perf_events_restrict will fail in the kernel security testsuite for the kernel SRU regression test. It will pass with these two patches applied, tested on a KVM node. == Fix == Set CONFIG_SECURITY_PERF_EVENTS_RESTRICT to "y". Set CONFIG_FORTIFY_SOURCE to "y". == Regression Potential == Minimal. No code changes, just two config changes without disabling any other configs. BugLink: https://bugs.launchpad.net/bugs/1766780 BugLink: https://bugs.launchpad.net/bugs/1766774 -- test_250_config_security_perf_events_restrict from the kernel security test suite failed with 4.15.0-1008 KVM kernel. FAIL: test_250_config_security_perf_events_restrict (__main__.KernelSecurityTest) Ensure CONFIG_SECURITY_PERF_EVENTS_RESTRICT is set -- Traceback (most recent call last): File "./test-kernel-security.py", line 2313, in test_250_config_security_perf_events_restrict self.assertEqual(expected, self._test_config(config_name)) AssertionError: True != False The CONFIG_SECURITY_PERF_EVENTS_RESTRICT is not set. $ cat /boot/config-4.15.0-1008-kvm | grep CONFIG_SECURITY_PERF_EVENTS_RESTRICT # CONFIG_SECURITY_PERF_EVENTS_RESTRICT is not set ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: linux-image-4.15.0-1008-kvm 4.15.0-1008.8 ProcVersionSignature: User Name 4.15.0-1008.8-kvm 4.15.17 Uname: Linux 4.15.0-1008-kvm x86_64 NonfreeKernelModules: signpost ApportVersion: 2.20.9-0ubuntu7 Architecture: amd64 Date: Wed Apr 25 04:41:49 2018 ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=C.UTF-8 SHELL=/bin/bash SourcePackage: linux-kvm UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1766780/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1766780] Re: test_250_config_security_perf_events_restrict in kernel security test failed with 4.15 KVM kernel
** Changed in: linux-kvm (Ubuntu Bionic) Status: New => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-kvm in Ubuntu. https://bugs.launchpad.net/bugs/1766780 Title: test_250_config_security_perf_events_restrict in kernel security test failed with 4.15 KVM kernel Status in ubuntu-kernel-tests: Fix Committed Status in linux-kvm package in Ubuntu: Fix Committed Status in linux-kvm source package in Bionic: Fix Committed Bug description: == Justification == In the Bionic KVM kernel, the CONFIG_FORTIFY_SOURCE and CONFIG_SECURITY_PERF_EVENTS_RESTRICT were not set, they need to be enabled to meet the security team's requirement. == Test == Before enabling the config, test case test_190_config_kernel_fortify and test_250_config_security_perf_events_restrict will fail in the kernel security testsuite for the kernel SRU regression test. It will pass with these two patches applied, tested on a KVM node. == Fix == Set CONFIG_SECURITY_PERF_EVENTS_RESTRICT to "y". Set CONFIG_FORTIFY_SOURCE to "y". == Regression Potential == Minimal. No code changes, just two config changes without disabling any other configs. BugLink: https://bugs.launchpad.net/bugs/1766780 BugLink: https://bugs.launchpad.net/bugs/1766774 -- test_250_config_security_perf_events_restrict from the kernel security test suite failed with 4.15.0-1008 KVM kernel. FAIL: test_250_config_security_perf_events_restrict (__main__.KernelSecurityTest) Ensure CONFIG_SECURITY_PERF_EVENTS_RESTRICT is set -- Traceback (most recent call last): File "./test-kernel-security.py", line 2313, in test_250_config_security_perf_events_restrict self.assertEqual(expected, self._test_config(config_name)) AssertionError: True != False The CONFIG_SECURITY_PERF_EVENTS_RESTRICT is not set. $ cat /boot/config-4.15.0-1008-kvm | grep CONFIG_SECURITY_PERF_EVENTS_RESTRICT # CONFIG_SECURITY_PERF_EVENTS_RESTRICT is not set ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: linux-image-4.15.0-1008-kvm 4.15.0-1008.8 ProcVersionSignature: User Name 4.15.0-1008.8-kvm 4.15.17 Uname: Linux 4.15.0-1008-kvm x86_64 NonfreeKernelModules: signpost ApportVersion: 2.20.9-0ubuntu7 Architecture: amd64 Date: Wed Apr 25 04:41:49 2018 ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=C.UTF-8 SHELL=/bin/bash SourcePackage: linux-kvm UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1766780/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1766780] Re: test_250_config_security_perf_events_restrict in kernel security test failed with 4.15 KVM kernel
** Also affects: linux-kvm (Ubuntu Bionic) Importance: Undecided Status: New -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-kvm in Ubuntu. https://bugs.launchpad.net/bugs/1766780 Title: test_250_config_security_perf_events_restrict in kernel security test failed with 4.15 KVM kernel Status in ubuntu-kernel-tests: Fix Committed Status in linux-kvm package in Ubuntu: Fix Committed Status in linux-kvm source package in Bionic: New Bug description: == Justification == In the Bionic KVM kernel, the CONFIG_FORTIFY_SOURCE and CONFIG_SECURITY_PERF_EVENTS_RESTRICT were not set, they need to be enabled to meet the security team's requirement. == Test == Before enabling the config, test case test_190_config_kernel_fortify and test_250_config_security_perf_events_restrict will fail in the kernel security testsuite for the kernel SRU regression test. It will pass with these two patches applied, tested on a KVM node. == Fix == Set CONFIG_SECURITY_PERF_EVENTS_RESTRICT to "y". Set CONFIG_FORTIFY_SOURCE to "y". == Regression Potential == Minimal. No code changes, just two config changes without disabling any other configs. BugLink: https://bugs.launchpad.net/bugs/1766780 BugLink: https://bugs.launchpad.net/bugs/1766774 -- test_250_config_security_perf_events_restrict from the kernel security test suite failed with 4.15.0-1008 KVM kernel. FAIL: test_250_config_security_perf_events_restrict (__main__.KernelSecurityTest) Ensure CONFIG_SECURITY_PERF_EVENTS_RESTRICT is set -- Traceback (most recent call last): File "./test-kernel-security.py", line 2313, in test_250_config_security_perf_events_restrict self.assertEqual(expected, self._test_config(config_name)) AssertionError: True != False The CONFIG_SECURITY_PERF_EVENTS_RESTRICT is not set. $ cat /boot/config-4.15.0-1008-kvm | grep CONFIG_SECURITY_PERF_EVENTS_RESTRICT # CONFIG_SECURITY_PERF_EVENTS_RESTRICT is not set ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: linux-image-4.15.0-1008-kvm 4.15.0-1008.8 ProcVersionSignature: User Name 4.15.0-1008.8-kvm 4.15.17 Uname: Linux 4.15.0-1008-kvm x86_64 NonfreeKernelModules: signpost ApportVersion: 2.20.9-0ubuntu7 Architecture: amd64 Date: Wed Apr 25 04:41:49 2018 ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=C.UTF-8 SHELL=/bin/bash SourcePackage: linux-kvm UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1766780/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1766780] Re: test_250_config_security_perf_events_restrict in kernel security test failed with 4.15 KVM kernel
** Changed in: ubuntu-kernel-tests Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-kvm in Ubuntu. https://bugs.launchpad.net/bugs/1766780 Title: test_250_config_security_perf_events_restrict in kernel security test failed with 4.15 KVM kernel Status in ubuntu-kernel-tests: Fix Committed Status in linux-kvm package in Ubuntu: Fix Committed Bug description: == Justification == In the Bionic KVM kernel, the CONFIG_FORTIFY_SOURCE and CONFIG_SECURITY_PERF_EVENTS_RESTRICT were not set, they need to be enabled to meet the security team's requirement. == Test == Before enabling the config, test case test_190_config_kernel_fortify and test_250_config_security_perf_events_restrict will fail in the kernel security testsuite for the kernel SRU regression test. It will pass with these two patches applied, tested on a KVM node. == Fix == Set CONFIG_SECURITY_PERF_EVENTS_RESTRICT to "y". Set CONFIG_FORTIFY_SOURCE to "y". == Regression Potential == Minimal. No code changes, just two config changes without disabling any other configs. BugLink: https://bugs.launchpad.net/bugs/1766780 BugLink: https://bugs.launchpad.net/bugs/1766774 -- test_250_config_security_perf_events_restrict from the kernel security test suite failed with 4.15.0-1008 KVM kernel. FAIL: test_250_config_security_perf_events_restrict (__main__.KernelSecurityTest) Ensure CONFIG_SECURITY_PERF_EVENTS_RESTRICT is set -- Traceback (most recent call last): File "./test-kernel-security.py", line 2313, in test_250_config_security_perf_events_restrict self.assertEqual(expected, self._test_config(config_name)) AssertionError: True != False The CONFIG_SECURITY_PERF_EVENTS_RESTRICT is not set. $ cat /boot/config-4.15.0-1008-kvm | grep CONFIG_SECURITY_PERF_EVENTS_RESTRICT # CONFIG_SECURITY_PERF_EVENTS_RESTRICT is not set ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: linux-image-4.15.0-1008-kvm 4.15.0-1008.8 ProcVersionSignature: User Name 4.15.0-1008.8-kvm 4.15.17 Uname: Linux 4.15.0-1008-kvm x86_64 NonfreeKernelModules: signpost ApportVersion: 2.20.9-0ubuntu7 Architecture: amd64 Date: Wed Apr 25 04:41:49 2018 ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=C.UTF-8 SHELL=/bin/bash SourcePackage: linux-kvm UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1766780/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1766780] Re: test_250_config_security_perf_events_restrict in kernel security test failed with 4.15 KVM kernel
** Changed in: linux-kvm (Ubuntu) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-kvm in Ubuntu. https://bugs.launchpad.net/bugs/1766780 Title: test_250_config_security_perf_events_restrict in kernel security test failed with 4.15 KVM kernel Status in ubuntu-kernel-tests: In Progress Status in linux-kvm package in Ubuntu: Fix Committed Bug description: == Justification == In the Bionic KVM kernel, the CONFIG_FORTIFY_SOURCE and CONFIG_SECURITY_PERF_EVENTS_RESTRICT were not set, they need to be enabled to meet the security team's requirement. == Test == Before enabling the config, test case test_190_config_kernel_fortify and test_250_config_security_perf_events_restrict will fail in the kernel security testsuite for the kernel SRU regression test. It will pass with these two patches applied, tested on a KVM node. == Fix == Set CONFIG_SECURITY_PERF_EVENTS_RESTRICT to "y". Set CONFIG_FORTIFY_SOURCE to "y". == Regression Potential == Minimal. No code changes, just two config changes without disabling any other configs. BugLink: https://bugs.launchpad.net/bugs/1766780 BugLink: https://bugs.launchpad.net/bugs/1766774 -- test_250_config_security_perf_events_restrict from the kernel security test suite failed with 4.15.0-1008 KVM kernel. FAIL: test_250_config_security_perf_events_restrict (__main__.KernelSecurityTest) Ensure CONFIG_SECURITY_PERF_EVENTS_RESTRICT is set -- Traceback (most recent call last): File "./test-kernel-security.py", line 2313, in test_250_config_security_perf_events_restrict self.assertEqual(expected, self._test_config(config_name)) AssertionError: True != False The CONFIG_SECURITY_PERF_EVENTS_RESTRICT is not set. $ cat /boot/config-4.15.0-1008-kvm | grep CONFIG_SECURITY_PERF_EVENTS_RESTRICT # CONFIG_SECURITY_PERF_EVENTS_RESTRICT is not set ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: linux-image-4.15.0-1008-kvm 4.15.0-1008.8 ProcVersionSignature: User Name 4.15.0-1008.8-kvm 4.15.17 Uname: Linux 4.15.0-1008-kvm x86_64 NonfreeKernelModules: signpost ApportVersion: 2.20.9-0ubuntu7 Architecture: amd64 Date: Wed Apr 25 04:41:49 2018 ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=C.UTF-8 SHELL=/bin/bash SourcePackage: linux-kvm UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1766780/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1766780] Re: test_250_config_security_perf_events_restrict in kernel security test failed with 4.15 KVM kernel
** Description changed: == Justification == In the Bionic KVM kernel, the CONFIG_FORTIFY_SOURCE and CONFIG_SECURITY_PERF_EVENTS_RESTRICT were not set, they need to be enabled to meet the security team's requirement. == Test == Before enabling the config, test case test_190_config_kernel_fortify and test_250_config_security_perf_events_restrict will fail in the kernel security testsuite for the kernel SRU regression test. It will pass with these two patches applied, tested on a KVM node. == Fix == Set CONFIG_SECURITY_PERF_EVENTS_RESTRICT to "y". Set CONFIG_FORTIFY_SOURCE to "y". == Regression Potential == Minimal. - No code changes, just two config change without disabling any other configs. + No code changes, just two config changes without disabling any other configs. BugLink: https://bugs.launchpad.net/bugs/1766780 BugLink: https://bugs.launchpad.net/bugs/1766774 -- test_250_config_security_perf_events_restrict from the kernel security test suite failed with 4.15.0-1008 KVM kernel. FAIL: test_250_config_security_perf_events_restrict (__main__.KernelSecurityTest) Ensure CONFIG_SECURITY_PERF_EVENTS_RESTRICT is set -- Traceback (most recent call last): File "./test-kernel-security.py", line 2313, in test_250_config_security_perf_events_restrict self.assertEqual(expected, self._test_config(config_name)) AssertionError: True != False The CONFIG_SECURITY_PERF_EVENTS_RESTRICT is not set. $ cat /boot/config-4.15.0-1008-kvm | grep CONFIG_SECURITY_PERF_EVENTS_RESTRICT # CONFIG_SECURITY_PERF_EVENTS_RESTRICT is not set ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: linux-image-4.15.0-1008-kvm 4.15.0-1008.8 ProcVersionSignature: User Name 4.15.0-1008.8-kvm 4.15.17 Uname: Linux 4.15.0-1008-kvm x86_64 NonfreeKernelModules: signpost ApportVersion: 2.20.9-0ubuntu7 Architecture: amd64 Date: Wed Apr 25 04:41:49 2018 ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=C.UTF-8 SHELL=/bin/bash SourcePackage: linux-kvm UpgradeStatus: No upgrade log present (probably fresh install) -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-kvm in Ubuntu. https://bugs.launchpad.net/bugs/1766780 Title: test_250_config_security_perf_events_restrict in kernel security test failed with 4.15 KVM kernel Status in ubuntu-kernel-tests: In Progress Status in linux-kvm package in Ubuntu: In Progress Bug description: == Justification == In the Bionic KVM kernel, the CONFIG_FORTIFY_SOURCE and CONFIG_SECURITY_PERF_EVENTS_RESTRICT were not set, they need to be enabled to meet the security team's requirement. == Test == Before enabling the config, test case test_190_config_kernel_fortify and test_250_config_security_perf_events_restrict will fail in the kernel security testsuite for the kernel SRU regression test. It will pass with these two patches applied, tested on a KVM node. == Fix == Set CONFIG_SECURITY_PERF_EVENTS_RESTRICT to "y". Set CONFIG_FORTIFY_SOURCE to "y". == Regression Potential == Minimal. No code changes, just two config changes without disabling any other configs. BugLink: https://bugs.launchpad.net/bugs/1766780 BugLink: https://bugs.launchpad.net/bugs/1766774 -- test_250_config_security_perf_events_restrict from the kernel security test suite failed with 4.15.0-1008 KVM kernel. FAIL: test_250_config_security_perf_events_restrict (__main__.KernelSecurityTest) Ensure CONFIG_SECURITY_PERF_EVENTS_RESTRICT is set -- Traceback (most recent call last): File "./test-kernel-security.py", line 2313, in test_250_config_security_perf_events_restrict self.assertEqual(expected, self._test_config(config_name)) AssertionError: True != False The CONFIG_SECURITY_PERF_EVENTS_RESTRICT is not set. $ cat /boot/config-4.15.0-1008-kvm | grep CONFIG_SECURITY_PERF_EVENTS_RESTRICT # CONFIG_SECURITY_PERF_EVENTS_RESTRICT is not set ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: linux-image-4.15.0-1008-kvm 4.15.0-1008.8 ProcVersionSignature: User Name 4.15.0-1008.8-kvm 4.15.17 Uname: Linux 4.15.0-1008-kvm x86_64 NonfreeKernelModules: signpost ApportVersion: 2.20.9-0ubuntu7 Architecture: amd64 Date: Wed Apr 25 04:41:49 2018 ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=C.UTF-8 SHELL=/bin/bash SourcePackage: linux-kvm UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1766780/+subscriptions -- Mailing list:
[Kernel-packages] [Bug 1766780] Re: test_250_config_security_perf_events_restrict in kernel security test failed with 4.15 KVM kernel
A test kernel could be found here (along with the patch for bug 1766774: http://people.canonical.com/~phlin/kernel/lp-1766774-1766780/ ** Description changed: - test_250_config_security_perf_events_restrict from the kernel security - test suite failed with 4.15.0-1008 KVM kernel. + == Justification == + In the Bionic KVM kernel, the CONFIG_FORTIFY_SOURCE and + CONFIG_SECURITY_PERF_EVENTS_RESTRICT were not set, they need to be enabled to + meet the security team's requirement. - FAIL: test_250_config_security_perf_events_restrict (__main__.KernelSecurityTest) - Ensure CONFIG_SECURITY_PERF_EVENTS_RESTRICT is set - -- - Traceback (most recent call last): - File "./test-kernel-security.py", line 2313, in test_250_config_security_perf_events_restrict - self.assertEqual(expected, self._test_config(config_name)) - AssertionError: True != False + == Test == + Before enabling the config, test case test_190_config_kernel_fortify and + test_250_config_security_perf_events_restrict will fail in the kernel + security testsuite for the kernel SRU regression test. + + It will pass with these two patches applied, tested on a KVM node. + + == Fix == + Set CONFIG_SECURITY_PERF_EVENTS_RESTRICT to "y". + Set CONFIG_FORTIFY_SOURCE to "y". + + == Regression Potential == + Minimal. + No code changes, just two config change without disabling any other configs. + + + test_250_config_security_perf_events_restrict from the kernel security test suite failed with 4.15.0-1008 KVM kernel. + + FAIL: test_250_config_security_perf_events_restrict (__main__.KernelSecurityTest) + Ensure CONFIG_SECURITY_PERF_EVENTS_RESTRICT is set + -- + Traceback (most recent call last): + File "./test-kernel-security.py", line 2313, in test_250_config_security_perf_events_restrict + self.assertEqual(expected, self._test_config(config_name)) + AssertionError: True != False The CONFIG_SECURITY_PERF_EVENTS_RESTRICT is not set. $ cat /boot/config-4.15.0-1008-kvm | grep CONFIG_SECURITY_PERF_EVENTS_RESTRICT # CONFIG_SECURITY_PERF_EVENTS_RESTRICT is not set ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: linux-image-4.15.0-1008-kvm 4.15.0-1008.8 ProcVersionSignature: User Name 4.15.0-1008.8-kvm 4.15.17 Uname: Linux 4.15.0-1008-kvm x86_64 NonfreeKernelModules: signpost ApportVersion: 2.20.9-0ubuntu7 Architecture: amd64 Date: Wed Apr 25 04:41:49 2018 ProcEnviron: - TERM=xterm-256color - PATH=(custom, no user) - XDG_RUNTIME_DIR= - LANG=C.UTF-8 - SHELL=/bin/bash + TERM=xterm-256color + PATH=(custom, no user) + XDG_RUNTIME_DIR= + LANG=C.UTF-8 + SHELL=/bin/bash SourcePackage: linux-kvm UpgradeStatus: No upgrade log present (probably fresh install) ** Description changed: == Justification == In the Bionic KVM kernel, the CONFIG_FORTIFY_SOURCE and CONFIG_SECURITY_PERF_EVENTS_RESTRICT were not set, they need to be enabled to meet the security team's requirement. == Test == Before enabling the config, test case test_190_config_kernel_fortify and test_250_config_security_perf_events_restrict will fail in the kernel security testsuite for the kernel SRU regression test. It will pass with these two patches applied, tested on a KVM node. == Fix == Set CONFIG_SECURITY_PERF_EVENTS_RESTRICT to "y". Set CONFIG_FORTIFY_SOURCE to "y". == Regression Potential == Minimal. No code changes, just two config change without disabling any other configs. + -- test_250_config_security_perf_events_restrict from the kernel security test suite failed with 4.15.0-1008 KVM kernel. FAIL: test_250_config_security_perf_events_restrict (__main__.KernelSecurityTest) Ensure CONFIG_SECURITY_PERF_EVENTS_RESTRICT is set -- Traceback (most recent call last): File "./test-kernel-security.py", line 2313, in test_250_config_security_perf_events_restrict self.assertEqual(expected, self._test_config(config_name)) AssertionError: True != False The CONFIG_SECURITY_PERF_EVENTS_RESTRICT is not set. $ cat /boot/config-4.15.0-1008-kvm | grep CONFIG_SECURITY_PERF_EVENTS_RESTRICT # CONFIG_SECURITY_PERF_EVENTS_RESTRICT is not set ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: linux-image-4.15.0-1008-kvm 4.15.0-1008.8 ProcVersionSignature: User Name 4.15.0-1008.8-kvm 4.15.17 Uname: Linux 4.15.0-1008-kvm x86_64 NonfreeKernelModules: signpost ApportVersion: 2.20.9-0ubuntu7 Architecture: amd64 Date: Wed Apr 25 04:41:49 2018 ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=C.UTF-8 SHELL=/bin/bash SourcePackage: linux-kvm UpgradeStatus: No upgrade log present (probably fresh install) ** Description
[Kernel-packages] [Bug 1766780] Re: test_250_config_security_perf_events_restrict in kernel security test failed with 4.15 KVM kernel
** Changed in: linux-kvm (Ubuntu) Assignee: (unassigned) => Po-Hsu Lin (cypressyew) ** Changed in: ubuntu-kernel-tests Assignee: (unassigned) => Po-Hsu Lin (cypressyew) ** No longer affects: qa-regression-testing ** Changed in: ubuntu-kernel-tests Status: New => In Progress ** Changed in: linux-kvm (Ubuntu) Status: New => In Progress -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-kvm in Ubuntu. https://bugs.launchpad.net/bugs/1766780 Title: test_250_config_security_perf_events_restrict in kernel security test failed with 4.15 KVM kernel Status in ubuntu-kernel-tests: In Progress Status in linux-kvm package in Ubuntu: In Progress Bug description: test_250_config_security_perf_events_restrict from the kernel security test suite failed with 4.15.0-1008 KVM kernel. FAIL: test_250_config_security_perf_events_restrict (__main__.KernelSecurityTest) Ensure CONFIG_SECURITY_PERF_EVENTS_RESTRICT is set -- Traceback (most recent call last): File "./test-kernel-security.py", line 2313, in test_250_config_security_perf_events_restrict self.assertEqual(expected, self._test_config(config_name)) AssertionError: True != False The CONFIG_SECURITY_PERF_EVENTS_RESTRICT is not set. $ cat /boot/config-4.15.0-1008-kvm | grep CONFIG_SECURITY_PERF_EVENTS_RESTRICT # CONFIG_SECURITY_PERF_EVENTS_RESTRICT is not set ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: linux-image-4.15.0-1008-kvm 4.15.0-1008.8 ProcVersionSignature: User Name 4.15.0-1008.8-kvm 4.15.17 Uname: Linux 4.15.0-1008-kvm x86_64 NonfreeKernelModules: signpost ApportVersion: 2.20.9-0ubuntu7 Architecture: amd64 Date: Wed Apr 25 04:41:49 2018 ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=C.UTF-8 SHELL=/bin/bash SourcePackage: linux-kvm UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1766780/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1766780] Re: test_250_config_security_perf_events_restrict in kernel security test failed with 4.15 KVM kernel
** Also affects: ubuntu-kernel-tests Importance: Undecided Status: New -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-kvm in Ubuntu. https://bugs.launchpad.net/bugs/1766780 Title: test_250_config_security_perf_events_restrict in kernel security test failed with 4.15 KVM kernel Status in QA Regression Testing: New Status in ubuntu-kernel-tests: New Status in linux-kvm package in Ubuntu: New Bug description: test_250_config_security_perf_events_restrict from the kernel security test suite failed with 4.15.0-1008 KVM kernel. FAIL: test_250_config_security_perf_events_restrict (__main__.KernelSecurityTest) Ensure CONFIG_SECURITY_PERF_EVENTS_RESTRICT is set -- Traceback (most recent call last): File "./test-kernel-security.py", line 2313, in test_250_config_security_perf_events_restrict self.assertEqual(expected, self._test_config(config_name)) AssertionError: True != False The CONFIG_SECURITY_PERF_EVENTS_RESTRICT is not set. $ cat /boot/config-4.15.0-1008-kvm | grep CONFIG_SECURITY_PERF_EVENTS_RESTRICT # CONFIG_SECURITY_PERF_EVENTS_RESTRICT is not set ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: linux-image-4.15.0-1008-kvm 4.15.0-1008.8 ProcVersionSignature: User Name 4.15.0-1008.8-kvm 4.15.17 Uname: Linux 4.15.0-1008-kvm x86_64 NonfreeKernelModules: signpost ApportVersion: 2.20.9-0ubuntu7 Architecture: amd64 Date: Wed Apr 25 04:41:49 2018 ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=C.UTF-8 SHELL=/bin/bash SourcePackage: linux-kvm UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/qa-regression-testing/+bug/1766780/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
