[Kernel-packages] [Bug 1807686] Re: efi-lockdown patch causes -EPERM for some debugfs files even though CONFIG_LOCK_DOWN_KERNEL is not set
Bug is already Fix Released, so no further verification needed. Adjusting tags accordingly ... ** Tags removed: verification-needed-bionic ** Tags added: verification-done-bionic -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1807686 Title: efi-lockdown patch causes -EPERM for some debugfs files even though CONFIG_LOCK_DOWN_KERNEL is not set Status in Ubuntu on IBM z Systems: Fix Released Status in linux package in Ubuntu: Fix Released Status in linux source package in Cosmic: Fix Released Status in linux source package in Disco: Fix Released Bug description: == Comment: #0 - Dominik Klein - 2018-12-10 03:58:10 == There seems to be a bug in the efi-lockdown patch as applied on top of vanilla for Cosmic kernels: http://kernel.ubuntu.com/git/ubuntu/ubuntu-cosmic.git/commit/fs/debugfs/file.c?id=a1ba65da9ceae481c154bfd1a2c1550e4566d986 Also seems to be present for Disco as of today: http://kernel.ubuntu.com/git/ubuntu/ubuntu-disco.git/commit/fs/debugfs/file.c?id=a1ba65da9ceae481c154bfd1a2c1550e4566d986 The problem is that part of the patch modifies kernel behavior independently of CONFIG_LOCK_DOWN_KERNEL being set or not causing issues on two debugfs files on s390x. Vasily Gorbik has already analyzed the problem and has posted a proposed fix here: https://lkml.org/lkml/2018/11/21/634 https://lkml.org/lkml/2018/11/21/635 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1807686/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1807686] Re: efi-lockdown patch causes -EPERM for some debugfs files even though CONFIG_LOCK_DOWN_KERNEL is not set
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed- bionic'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-bionic -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1807686 Title: efi-lockdown patch causes -EPERM for some debugfs files even though CONFIG_LOCK_DOWN_KERNEL is not set Status in Ubuntu on IBM z Systems: Fix Released Status in linux package in Ubuntu: Fix Released Status in linux source package in Cosmic: Fix Released Status in linux source package in Disco: Fix Released Bug description: == Comment: #0 - Dominik Klein - 2018-12-10 03:58:10 == There seems to be a bug in the efi-lockdown patch as applied on top of vanilla for Cosmic kernels: http://kernel.ubuntu.com/git/ubuntu/ubuntu-cosmic.git/commit/fs/debugfs/file.c?id=a1ba65da9ceae481c154bfd1a2c1550e4566d986 Also seems to be present for Disco as of today: http://kernel.ubuntu.com/git/ubuntu/ubuntu-disco.git/commit/fs/debugfs/file.c?id=a1ba65da9ceae481c154bfd1a2c1550e4566d986 The problem is that part of the patch modifies kernel behavior independently of CONFIG_LOCK_DOWN_KERNEL being set or not causing issues on two debugfs files on s390x. Vasily Gorbik has already analyzed the problem and has posted a proposed fix here: https://lkml.org/lkml/2018/11/21/634 https://lkml.org/lkml/2018/11/21/635 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1807686/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1807686] Re: efi-lockdown patch causes -EPERM for some debugfs files even though CONFIG_LOCK_DOWN_KERNEL is not set
** Changed in: ubuntu-z-systems Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1807686 Title: efi-lockdown patch causes -EPERM for some debugfs files even though CONFIG_LOCK_DOWN_KERNEL is not set Status in Ubuntu on IBM z Systems: Fix Released Status in linux package in Ubuntu: Fix Released Status in linux source package in Cosmic: Fix Released Status in linux source package in Disco: Fix Released Bug description: == Comment: #0 - Dominik Klein - 2018-12-10 03:58:10 == There seems to be a bug in the efi-lockdown patch as applied on top of vanilla for Cosmic kernels: http://kernel.ubuntu.com/git/ubuntu/ubuntu-cosmic.git/commit/fs/debugfs/file.c?id=a1ba65da9ceae481c154bfd1a2c1550e4566d986 Also seems to be present for Disco as of today: http://kernel.ubuntu.com/git/ubuntu/ubuntu-disco.git/commit/fs/debugfs/file.c?id=a1ba65da9ceae481c154bfd1a2c1550e4566d986 The problem is that part of the patch modifies kernel behavior independently of CONFIG_LOCK_DOWN_KERNEL being set or not causing issues on two debugfs files on s390x. Vasily Gorbik has already analyzed the problem and has posted a proposed fix here: https://lkml.org/lkml/2018/11/21/634 https://lkml.org/lkml/2018/11/21/635 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1807686/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1807686] Re: efi-lockdown patch causes -EPERM for some debugfs files even though CONFIG_LOCK_DOWN_KERNEL is not set
This bug was fixed in the package linux - 4.19.0-12.13
---
linux (4.19.0-12.13) disco; urgency=medium
* linux: 4.19.0-12.13 -proposed tracker (LP: #1813664)
* kernel oops in bcache module (LP: #1793901)
- SAUCE: bcache: never writeback a discard operation
* Disco update: 4.19.18 upstream stable release (LP: #1813611)
- ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped
address
- mlxsw: spectrum: Disable lag port TX before removing it
- mlxsw: spectrum_switchdev: Set PVID correctly during VLAN deletion
- net: dsa: mv88x6xxx: mv88e6390 errata
- net, skbuff: do not prefer skb allocation fails early
- qmi_wwan: add MTU default to qmap network interface
- ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses
- net: clear skb->tstamp in bridge forwarding path
- netfilter: ipset: Allow matching on destination MAC address for mac and
ipmac sets
- gpio: pl061: Move irq_chip definition inside struct pl061
- drm/amd/display: Guard against null stream_state in set_crc_source
- drm/amdkfd: fix interrupt spin lock
- ixgbe: allow IPsec Tx offload in VEPA mode
- platform/x86: asus-wmi: Tell the EC the OS will handle the display off
hotkey
- e1000e: allow non-monotonic SYSTIM readings
- usb: typec: tcpm: Do not disconnect link for self powered devices
- selftests/bpf: enable (uncomment) all tests in test_libbpf.sh
- of: overlay: add missing of_node_put() after add new node to changeset
- writeback: don't decrement wb->refcnt if !wb->bdi
- serial: set suppress_bind_attrs flag only if builtin
- bpf: Allow narrow loads with offset > 0
- ALSA: oxfw: add support for APOGEE duet FireWire
- x86/mce: Fix -Wmissing-prototypes warnings
- MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur
- crypto: ecc - regularize scalar for scalar multiplication
- arm64: perf: set suppress_bind_attrs flag to true
- drm/atomic-helper: Complete fake_commit->flip_done potentially earlier
- clk: meson: meson8b: fix incorrect divider mapping in cpu_scale_table
- samples: bpf: fix: error handling regarding kprobe_events
- usb: gadget: udc: renesas_usb3: add a safety connection way for
forced_b_device
- fpga: altera-cvp: fix probing for multiple FPGAs on the bus
- selinux: always allow mounting submounts
- ASoC: pcm3168a: Don't disable pcm3168a when CONFIG_PM defined
- scsi: qedi: Check for session online before getting iSCSI TLV data.
- drm/amdgpu: Reorder uvd ring init before uvd resume
- rxe: IB_WR_REG_MR does not capture MR's iova field
- efi/libstub: Disable some warnings for x86{,_64}
- jffs2: Fix use of uninitialized delayed_work, lockdep breakage
- clk: imx: make mux parent strings const
- pstore/ram: Do not treat empty buffers as valid
- media: uvcvideo: Refactor teardown of uvc on USB disconnect
- powerpc/xmon: Fix invocation inside lock region
- powerpc/pseries/cpuidle: Fix preempt warning
- media: firewire: Fix app_info parameter type in avc_ca{,_app}_info
- ASoC: use dma_ops of parent device for acp_audio_dma
- media: venus: core: Set dma maximum segment size
- staging: erofs: fix use-after-free of on-stack `z_erofs_vle_unzip_io'
- net: call sk_dst_reset when set SO_DONTROUTE
- scsi: target: use consistent left-aligned ASCII INQUIRY data
- scsi: target/core: Make sure that target_wait_for_sess_cmds() waits long
enough
- selftests: do not macro-expand failed assertion expressions
- arm64: kasan: Increase stack size for KASAN_EXTRA
- clk: imx6q: reset exclusive gates on init
- arm64: Fix minor issues with the dcache_by_line_op macro
- bpf: relax verifier restriction on BPF_MOV | BPF_ALU
- kconfig: fix file name and line number of warn_ignored_character()
- kconfig: fix memory leak when EOF is encountered in quotation
- mmc: atmel-mci: do not assume idle after atmci_request_end
- btrfs: volumes: Make sure there is no overlap of dev extents at mount time
- btrfs: alloc_chunk: fix more DUP stripe size handling
- btrfs: fix use-after-free due to race between replace start and cancel
- btrfs: improve error handling of btrfs_add_link
- tty/serial: do not free trasnmit buffer page under port lock
- perf intel-pt: Fix error with config term "pt=0"
- perf tests ARM: Disable breakpoint tests 32-bit
- perf svghelper: Fix unchecked usage of strncpy()
- perf parse-events: Fix unchecked usage of strncpy()
- perf vendor events intel: Fix Load_Miss_Real_Latency on SKL/SKX
- netfilter: ipt_CLUSTERIP: check MAC address when duplicate config is set
- netfilter: ipt_CLUSTERIP: remove wrong WARN_ON_ONCE in netns exit routine
- netfilter: ipt_CLUSTERIP: fix deadlock in netns exit routine
- x86/topology: Use total_cpus for max logical packages calculation
- dm crypt: use u64 instead of sector_t t
[Kernel-packages] [Bug 1807686] Re: efi-lockdown patch causes -EPERM for some debugfs files even though CONFIG_LOCK_DOWN_KERNEL is not set
This bug was fixed in the package linux - 4.18.0-14.15 --- linux (4.18.0-14.15) cosmic; urgency=medium * linux: 4.18.0-14.15 -proposed tracker (LP: #1811406) * CPU hard lockup with rigorous writes to NVMe drive (LP: #1810998) - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait - blk-wbt: move disable check into get_limit() - blk-wbt: use wq_has_sleeper() for wq active check - blk-wbt: fix has-sleeper queueing check - blk-wbt: abstract out end IO completion handler - blk-wbt: improve waking of tasks * To reduce the Realtek USB cardreader power consumption (LP: #1811337) - mmc: core: Introduce MMC_CAP_SYNC_RUNTIME_PM - mmc: rtsx_usb_sdmmc: Don't runtime resume the device while changing led - mmc: rtsx_usb_sdmmc: Re-work runtime PM support - mmc: rtsx_usb_sdmmc: Re-work card detection/removal support - memstick: rtsx_usb_ms: Add missing pm_runtime_disable() in probe function - misc: rtsx_usb: Use USB remote wakeup signaling for card insertion detection - memstick: Prevent memstick host from getting runtime suspended during card detection - memstick: rtsx_usb_ms: Use ms_dev() helper - memstick: rtsx_usb_ms: Support runtime power management * Support non-strict iommu mode on arm64 (LP: #1806488) - iommu/io-pgtable-arm: Fix race handling in split_blk_unmap() - iommu/arm-smmu-v3: Implement flush_iotlb_all hook - iommu/dma: Add support for non-strict mode - iommu: Add "iommu.strict" command line option - iommu/io-pgtable-arm: Add support for non-strict mode - iommu/arm-smmu-v3: Add support for non-strict mode - iommu/io-pgtable-arm-v7s: Add support for non-strict mode - iommu/arm-smmu: Support non-strict mode * [Regression] crashkernel fails on HiSilicon D05 (LP: #1806766) - efi: honour memory reservations passed via a linux specific config table - efi/arm: libstub: add a root memreserve config table - efi: add API to reserve memory persistently across kexec reboot - irqchip/gic-v3-its: Change initialization ordering for LPIs - irqchip/gic-v3-its: Simplify LPI_PENDBASE_SZ usage - irqchip/gic-v3-its: Split property table clearing from allocation - irqchip/gic-v3-its: Move pending table allocation to init time - irqchip/gic-v3-its: Keep track of property table's PA and VA - irqchip/gic-v3-its: Allow use of pre-programmed LPI tables - irqchip/gic-v3-its: Use pre-programmed redistributor tables with kdump kernels - irqchip/gic-v3-its: Check that all RDs have the same property table - irqchip/gic-v3-its: Register LPI tables with EFI config table - irqchip/gic-v3-its: Allow use of LPI tables in reserved memory - arm64: memblock: don't permit memblock resizing until linear mapping is up - efi/arm: Defer persistent reservations until after paging_init() - efi: Permit calling efi_mem_reserve_persistent() from atomic context - efi: Prevent GICv3 WARN() by mapping the memreserve table before first use * ELAN900C:00 04F3:2844 touchscreen doesn't work (LP: #1811335) - pinctrl: cannonlake: Fix community ordering for H variant - pinctrl: cannonlake: Fix HOSTSW_OWN register offset of H variant * Add Cavium ThunderX2 SoC UNCORE PMU driver (LP: #1811200) - Documentation: perf: Add documentation for ThunderX2 PMU uncore driver - drivers/perf: Add Cavium ThunderX2 SoC UNCORE PMU driver - [Config] New config CONFIG_THUNDERX2_PMU=m * iptables connlimit allows more connections than the limit when using multiple CPUs (LP: #1811094) - netfilter: nf_conncount: don't skip eviction when age is negative * CVE-2018-16882 - KVM: Fix UAF in nested posted interrupt processing * Cannot initialize ATA disk if IDENTIFY command fails (LP: #1809046) - scsi: libsas: check the ata device status by ata_dev_enabled() * scsi: libsas: fix a race condition when smp task timeout (LP: #1808912) - scsi: libsas: fix a race condition when smp task timeout * CVE-2018-14625 - vhost/vsock: fix use-after-free in network stack callers * Fix and issue that LG I2C touchscreen stops working after reboot (LP: #1805085) - HID: i2c-hid: Disable runtime PM for LG touchscreen * Drivers: hv: vmbus: Offload the handling of channels to two workqueues (LP: #1807757) - Drivers: hv: vmbus: check the creation_status in vmbus_establish_gpadl() - Drivers: hv: vmbus: Offload the handling of channels to two workqueues * Disable LPM for Raydium Touchscreens (LP: #1802248) - USB: quirks: Add no-lpm quirk for Raydium touchscreens * Power leakage at S5 with Qualcomm Atheros QCA9377 802.11ac Wireless Network Adapter (LP: #1805607) - SAUCE: ath10k: provide reset function for QCA9377 chip * CVE-2018-19407 - KVM: X86: Fix scan ioapic use-before-initialization * Fix USB2 device wrongly detected as USB1 (LP: #1806534) - xhci: Add quirk to workaround the errata
[Kernel-packages] [Bug 1807686] Re: efi-lockdown patch causes -EPERM for some debugfs files even though CONFIG_LOCK_DOWN_KERNEL is not set
--- Comment From dominik.kl...@de.ibm.com 2019-01-15 06:42 EDT--- Just confirmed that the fix in cosmic-proposed is working: linux-image-4.18.0-13-generic - doesn't work linux-image-4.18.0-14-generic - works ** Tags removed: verification-needed-cosmic ** Tags added: verification-done-cosmic -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1807686 Title: efi-lockdown patch causes -EPERM for some debugfs files even though CONFIG_LOCK_DOWN_KERNEL is not set Status in Ubuntu on IBM z Systems: Fix Committed Status in linux package in Ubuntu: Fix Committed Status in linux source package in Cosmic: Fix Committed Status in linux source package in Disco: Fix Committed Bug description: == Comment: #0 - Dominik Klein - 2018-12-10 03:58:10 == There seems to be a bug in the efi-lockdown patch as applied on top of vanilla for Cosmic kernels: http://kernel.ubuntu.com/git/ubuntu/ubuntu-cosmic.git/commit/fs/debugfs/file.c?id=a1ba65da9ceae481c154bfd1a2c1550e4566d986 Also seems to be present for Disco as of today: http://kernel.ubuntu.com/git/ubuntu/ubuntu-disco.git/commit/fs/debugfs/file.c?id=a1ba65da9ceae481c154bfd1a2c1550e4566d986 The problem is that part of the patch modifies kernel behavior independently of CONFIG_LOCK_DOWN_KERNEL being set or not causing issues on two debugfs files on s390x. Vasily Gorbik has already analyzed the problem and has posted a proposed fix here: https://lkml.org/lkml/2018/11/21/634 https://lkml.org/lkml/2018/11/21/635 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1807686/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1807686] Re: efi-lockdown patch causes -EPERM for some debugfs files even though CONFIG_LOCK_DOWN_KERNEL is not set
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- cosmic' to 'verification-done-cosmic'. If the problem still exists, change the tag 'verification-needed-cosmic' to 'verification-failed- cosmic'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-cosmic -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1807686 Title: efi-lockdown patch causes -EPERM for some debugfs files even though CONFIG_LOCK_DOWN_KERNEL is not set Status in Ubuntu on IBM z Systems: Fix Committed Status in linux package in Ubuntu: Fix Committed Status in linux source package in Cosmic: Fix Committed Status in linux source package in Disco: Fix Committed Bug description: == Comment: #0 - Dominik Klein - 2018-12-10 03:58:10 == There seems to be a bug in the efi-lockdown patch as applied on top of vanilla for Cosmic kernels: http://kernel.ubuntu.com/git/ubuntu/ubuntu-cosmic.git/commit/fs/debugfs/file.c?id=a1ba65da9ceae481c154bfd1a2c1550e4566d986 Also seems to be present for Disco as of today: http://kernel.ubuntu.com/git/ubuntu/ubuntu-disco.git/commit/fs/debugfs/file.c?id=a1ba65da9ceae481c154bfd1a2c1550e4566d986 The problem is that part of the patch modifies kernel behavior independently of CONFIG_LOCK_DOWN_KERNEL being set or not causing issues on two debugfs files on s390x. Vasily Gorbik has already analyzed the problem and has posted a proposed fix here: https://lkml.org/lkml/2018/11/21/634 https://lkml.org/lkml/2018/11/21/635 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1807686/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1807686] Re: efi-lockdown patch causes -EPERM for some debugfs files even though CONFIG_LOCK_DOWN_KERNEL is not set
** Changed in: ubuntu-z-systems Status: Triaged => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1807686 Title: efi-lockdown patch causes -EPERM for some debugfs files even though CONFIG_LOCK_DOWN_KERNEL is not set Status in Ubuntu on IBM z Systems: Fix Committed Status in linux package in Ubuntu: Fix Committed Status in linux source package in Cosmic: Fix Committed Status in linux source package in Disco: Fix Committed Bug description: == Comment: #0 - Dominik Klein - 2018-12-10 03:58:10 == There seems to be a bug in the efi-lockdown patch as applied on top of vanilla for Cosmic kernels: http://kernel.ubuntu.com/git/ubuntu/ubuntu-cosmic.git/commit/fs/debugfs/file.c?id=a1ba65da9ceae481c154bfd1a2c1550e4566d986 Also seems to be present for Disco as of today: http://kernel.ubuntu.com/git/ubuntu/ubuntu-disco.git/commit/fs/debugfs/file.c?id=a1ba65da9ceae481c154bfd1a2c1550e4566d986 The problem is that part of the patch modifies kernel behavior independently of CONFIG_LOCK_DOWN_KERNEL being set or not causing issues on two debugfs files on s390x. Vasily Gorbik has already analyzed the problem and has posted a proposed fix here: https://lkml.org/lkml/2018/11/21/634 https://lkml.org/lkml/2018/11/21/635 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1807686/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1807686] Re: efi-lockdown patch causes -EPERM for some debugfs files even though CONFIG_LOCK_DOWN_KERNEL is not set
** Changed in: linux (Ubuntu Cosmic) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1807686 Title: efi-lockdown patch causes -EPERM for some debugfs files even though CONFIG_LOCK_DOWN_KERNEL is not set Status in Ubuntu on IBM z Systems: Triaged Status in linux package in Ubuntu: Fix Committed Status in linux source package in Cosmic: Fix Committed Status in linux source package in Disco: Fix Committed Bug description: == Comment: #0 - Dominik Klein - 2018-12-10 03:58:10 == There seems to be a bug in the efi-lockdown patch as applied on top of vanilla for Cosmic kernels: http://kernel.ubuntu.com/git/ubuntu/ubuntu-cosmic.git/commit/fs/debugfs/file.c?id=a1ba65da9ceae481c154bfd1a2c1550e4566d986 Also seems to be present for Disco as of today: http://kernel.ubuntu.com/git/ubuntu/ubuntu-disco.git/commit/fs/debugfs/file.c?id=a1ba65da9ceae481c154bfd1a2c1550e4566d986 The problem is that part of the patch modifies kernel behavior independently of CONFIG_LOCK_DOWN_KERNEL being set or not causing issues on two debugfs files on s390x. Vasily Gorbik has already analyzed the problem and has posted a proposed fix here: https://lkml.org/lkml/2018/11/21/634 https://lkml.org/lkml/2018/11/21/635 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1807686/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1807686] Re: efi-lockdown patch causes -EPERM for some debugfs files even though CONFIG_LOCK_DOWN_KERNEL is not set
** Changed in: linux (Ubuntu Disco) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1807686 Title: efi-lockdown patch causes -EPERM for some debugfs files even though CONFIG_LOCK_DOWN_KERNEL is not set Status in Ubuntu on IBM z Systems: Triaged Status in linux package in Ubuntu: Fix Committed Status in linux source package in Cosmic: In Progress Status in linux source package in Disco: Fix Committed Bug description: == Comment: #0 - Dominik Klein - 2018-12-10 03:58:10 == There seems to be a bug in the efi-lockdown patch as applied on top of vanilla for Cosmic kernels: http://kernel.ubuntu.com/git/ubuntu/ubuntu-cosmic.git/commit/fs/debugfs/file.c?id=a1ba65da9ceae481c154bfd1a2c1550e4566d986 Also seems to be present for Disco as of today: http://kernel.ubuntu.com/git/ubuntu/ubuntu-disco.git/commit/fs/debugfs/file.c?id=a1ba65da9ceae481c154bfd1a2c1550e4566d986 The problem is that part of the patch modifies kernel behavior independently of CONFIG_LOCK_DOWN_KERNEL being set or not causing issues on two debugfs files on s390x. Vasily Gorbik has already analyzed the problem and has posted a proposed fix here: https://lkml.org/lkml/2018/11/21/634 https://lkml.org/lkml/2018/11/21/635 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1807686/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1807686] Re: efi-lockdown patch causes -EPERM for some debugfs files even though CONFIG_LOCK_DOWN_KERNEL is not set
https://lists.ubuntu.com/archives/kernel-team/2019-January/097659.html -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1807686 Title: efi-lockdown patch causes -EPERM for some debugfs files even though CONFIG_LOCK_DOWN_KERNEL is not set Status in Ubuntu on IBM z Systems: Triaged Status in linux package in Ubuntu: In Progress Status in linux source package in Cosmic: In Progress Status in linux source package in Disco: In Progress Bug description: == Comment: #0 - Dominik Klein - 2018-12-10 03:58:10 == There seems to be a bug in the efi-lockdown patch as applied on top of vanilla for Cosmic kernels: http://kernel.ubuntu.com/git/ubuntu/ubuntu-cosmic.git/commit/fs/debugfs/file.c?id=a1ba65da9ceae481c154bfd1a2c1550e4566d986 Also seems to be present for Disco as of today: http://kernel.ubuntu.com/git/ubuntu/ubuntu-disco.git/commit/fs/debugfs/file.c?id=a1ba65da9ceae481c154bfd1a2c1550e4566d986 The problem is that part of the patch modifies kernel behavior independently of CONFIG_LOCK_DOWN_KERNEL being set or not causing issues on two debugfs files on s390x. Vasily Gorbik has already analyzed the problem and has posted a proposed fix here: https://lkml.org/lkml/2018/11/21/634 https://lkml.org/lkml/2018/11/21/635 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1807686/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1807686] Re: efi-lockdown patch causes -EPERM for some debugfs files even though CONFIG_LOCK_DOWN_KERNEL is not set
A bug in the pre-release version of efi-lockdown patch* applied to Cosmic and
later kernels improperly results in EPERM failures for some debugfs files.
Fixes: a1ba65da9cea ("UBUNTU: SAUCE: (efi-lockdown) debugfs: Restrict
debugfs when the kernel is locked down")
Upstream's version of this code never introduced the bug, so the fix patch
isn't upstream either.
The fix patch looks correct by inspection.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1807686
Title:
efi-lockdown patch causes -EPERM for some debugfs files even though
CONFIG_LOCK_DOWN_KERNEL is not set
Status in Ubuntu on IBM z Systems:
Triaged
Status in linux package in Ubuntu:
In Progress
Status in linux source package in Cosmic:
In Progress
Status in linux source package in Disco:
In Progress
Bug description:
== Comment: #0 - Dominik Klein - 2018-12-10
03:58:10 ==
There seems to be a bug in the efi-lockdown patch as applied on top of
vanilla for Cosmic kernels:
http://kernel.ubuntu.com/git/ubuntu/ubuntu-cosmic.git/commit/fs/debugfs/file.c?id=a1ba65da9ceae481c154bfd1a2c1550e4566d986
Also seems to be present for Disco as of today:
http://kernel.ubuntu.com/git/ubuntu/ubuntu-disco.git/commit/fs/debugfs/file.c?id=a1ba65da9ceae481c154bfd1a2c1550e4566d986
The problem is that part of the patch modifies kernel behavior
independently of CONFIG_LOCK_DOWN_KERNEL being set or not causing
issues on two debugfs files on s390x.
Vasily Gorbik has already analyzed the problem and has posted a proposed fix
here:
https://lkml.org/lkml/2018/11/21/634
https://lkml.org/lkml/2018/11/21/635
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1807686/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1807686] Re: efi-lockdown patch causes -EPERM for some debugfs files even though CONFIG_LOCK_DOWN_KERNEL is not set
** Also affects: linux (Ubuntu Disco) Importance: Undecided Assignee: Skipper Bug Screeners (skipper-screen-team) Status: In Progress ** Changed in: linux (Ubuntu Disco) Assignee: Skipper Bug Screeners (skipper-screen-team) => Kamal Mostafa (kamalmostafa) -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1807686 Title: efi-lockdown patch causes -EPERM for some debugfs files even though CONFIG_LOCK_DOWN_KERNEL is not set Status in Ubuntu on IBM z Systems: Triaged Status in linux package in Ubuntu: In Progress Status in linux source package in Cosmic: In Progress Status in linux source package in Disco: In Progress Bug description: == Comment: #0 - Dominik Klein - 2018-12-10 03:58:10 == There seems to be a bug in the efi-lockdown patch as applied on top of vanilla for Cosmic kernels: http://kernel.ubuntu.com/git/ubuntu/ubuntu-cosmic.git/commit/fs/debugfs/file.c?id=a1ba65da9ceae481c154bfd1a2c1550e4566d986 Also seems to be present for Disco as of today: http://kernel.ubuntu.com/git/ubuntu/ubuntu-disco.git/commit/fs/debugfs/file.c?id=a1ba65da9ceae481c154bfd1a2c1550e4566d986 The problem is that part of the patch modifies kernel behavior independently of CONFIG_LOCK_DOWN_KERNEL being set or not causing issues on two debugfs files on s390x. Vasily Gorbik has already analyzed the problem and has posted a proposed fix here: https://lkml.org/lkml/2018/11/21/634 https://lkml.org/lkml/2018/11/21/635 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1807686/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1807686] Re: efi-lockdown patch causes -EPERM for some debugfs files even though CONFIG_LOCK_DOWN_KERNEL is not set
** Changed in: linux (Ubuntu) Status: New => In Progress ** Also affects: linux (Ubuntu Cosmic) Importance: Undecided Status: New ** Changed in: linux (Ubuntu Cosmic) Status: New => In Progress ** Changed in: linux (Ubuntu Cosmic) Assignee: (unassigned) => Kamal Mostafa (kamalmostafa) -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1807686 Title: efi-lockdown patch causes -EPERM for some debugfs files even though CONFIG_LOCK_DOWN_KERNEL is not set Status in Ubuntu on IBM z Systems: Triaged Status in linux package in Ubuntu: In Progress Status in linux source package in Cosmic: In Progress Status in linux source package in Disco: In Progress Bug description: == Comment: #0 - Dominik Klein - 2018-12-10 03:58:10 == There seems to be a bug in the efi-lockdown patch as applied on top of vanilla for Cosmic kernels: http://kernel.ubuntu.com/git/ubuntu/ubuntu-cosmic.git/commit/fs/debugfs/file.c?id=a1ba65da9ceae481c154bfd1a2c1550e4566d986 Also seems to be present for Disco as of today: http://kernel.ubuntu.com/git/ubuntu/ubuntu-disco.git/commit/fs/debugfs/file.c?id=a1ba65da9ceae481c154bfd1a2c1550e4566d986 The problem is that part of the patch modifies kernel behavior independently of CONFIG_LOCK_DOWN_KERNEL being set or not causing issues on two debugfs files on s390x. Vasily Gorbik has already analyzed the problem and has posted a proposed fix here: https://lkml.org/lkml/2018/11/21/634 https://lkml.org/lkml/2018/11/21/635 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1807686/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1807686] Re: efi-lockdown patch causes -EPERM for some debugfs files even though CONFIG_LOCK_DOWN_KERNEL is not set
** Package changed: kernel-package (Ubuntu) => linux (Ubuntu) ** Also affects: ubuntu-z-systems Importance: Undecided Status: New ** Changed in: ubuntu-z-systems Status: New => Triaged ** Changed in: ubuntu-z-systems Importance: Undecided => High ** Changed in: ubuntu-z-systems Assignee: (unassigned) => Canonical Kernel Team (canonical-kernel-team) -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1807686 Title: efi-lockdown patch causes -EPERM for some debugfs files even though CONFIG_LOCK_DOWN_KERNEL is not set Status in Ubuntu on IBM z Systems: Triaged Status in linux package in Ubuntu: New Bug description: == Comment: #0 - Dominik Klein - 2018-12-10 03:58:10 == There seems to be a bug in the efi-lockdown patch as applied on top of vanilla for Cosmic kernels: http://kernel.ubuntu.com/git/ubuntu/ubuntu-cosmic.git/commit/fs/debugfs/file.c?id=a1ba65da9ceae481c154bfd1a2c1550e4566d986 Also seems to be present for Disco as of today: http://kernel.ubuntu.com/git/ubuntu/ubuntu-disco.git/commit/fs/debugfs/file.c?id=a1ba65da9ceae481c154bfd1a2c1550e4566d986 The problem is that part of the patch modifies kernel behavior independently of CONFIG_LOCK_DOWN_KERNEL being set or not causing issues on two debugfs files on s390x. Vasily Gorbik has already analyzed the problem and has posted a proposed fix here: https://lkml.org/lkml/2018/11/21/634 https://lkml.org/lkml/2018/11/21/635 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1807686/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
