[Kernel-packages] [Bug 1863562] Re: Restrict xmon to read-only-mode if kernel is locked down
** Changed in: ubuntu-power-systems Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1863562 Title: Restrict xmon to read-only-mode if kernel is locked down Status in The Ubuntu-power-systems project: Fix Released Status in linux package in Ubuntu: Fix Released Bug description: This is a spin off of LP 1855668 (see comment #11 there:) Please could you pick up (in addition to the issue still pending) commit 69393cb03ccd ("powerpc/xmon: Restrict when kernel is locked down"). From the pull-request that included it, the commit does the following: - A change to xmon (our crash handler / pseudo-debugger) to restrict it to read-only mode when the kernel is lockdown'ed, otherwise it's trivial to drop into xmon and modify kernel data, such as the lockdown state. To exploit this you'd need to boot with command line including 'xmon=rw', as xmon isn't read-write by default on the Focal kernel, but that's not exactly a challenge. I have used this to drop down from lockdown=confidentiality to lockdown=none on 5.4.0-14-generic #17-Ubuntu To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1863562/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1863562] Re: Restrict xmon to read-only-mode if kernel is locked down
This bug was fixed in the package linux - 5.4.0-18.22 --- linux (5.4.0-18.22) focal; urgency=medium * focal/linux: 5.4.0-18.22 -proposed tracker (LP: #1866488) * Packaging resync (LP: #1786013) - [Packaging] resync getabis - [Packaging] update helper scripts * Add sysfs attribute to show remapped NVMe (LP: #1863621) - SAUCE: ata: ahci: Add sysfs attribute to show remapped NVMe device count * [20.04 FEAT] Compression improvements in Linux kernel (LP: #1830208) - lib/zlib: add s390 hardware support for kernel zlib_deflate - s390/boot: rename HEAP_SIZE due to name collision - lib/zlib: add s390 hardware support for kernel zlib_inflate - s390/boot: add dfltcc= kernel command line parameter - lib/zlib: add zlib_deflate_dfltcc_enabled() function - btrfs: use larger zlib buffer for s390 hardware compression - [Config] Introducing s390x specific kernel config option CONFIG_ZLIB_DFLTCC * [UBUNTU 20.04] s390x/pci: increase CONFIG_PCI_NR_FUNCTIONS to 512 in kernel config (LP: #1866056) - [Config] Increase CONFIG_PCI_NR_FUNCTIONS from 64 to 512 starting with focal on s390x * CONFIG_IP_MROUTE_MULTIPLE_TABLES is not set (LP: #1865332) - [Config] CONFIG_IP_MROUTE_MULTIPLE_TABLES=y * Dell XPS 13 9300 Intel 1650S wifi [34f0:1651] fails to load firmware (LP: #1865962) - iwlwifi: remove IWL_DEVICE_22560/IWL_DEVICE_FAMILY_22560 - iwlwifi: 22000: fix some indentation - iwlwifi: pcie: rx: use rxq queue_size instead of constant - iwlwifi: allocate more receive buffers for HE devices - iwlwifi: remove some outdated iwl22000 configurations - iwlwifi: assume the driver_data is a trans_cfg, but allow full cfg * [FOCAL][REGRESSION] Intel Gen 9 brightness cannot be controlled (LP: #1861521) - Revert "USUNTU: SAUCE: drm/i915: Force DPCD backlight mode on Dell Precision 4K sku" - Revert "UBUNTU: SAUCE: drm/i915: Force DPCD backlight mode on X1 Extreme 2nd Gen 4K AMOLED panel" - SAUCE: drm/dp: Introduce EDID-based quirks - SAUCE: drm/i915: Force DPCD backlight mode on X1 Extreme 2nd Gen 4K AMOLED panel - SAUCE: drm/i915: Force DPCD backlight mode for some Dell CML 2020 panels * [20.04 FEAT] Enable proper kprobes on ftrace support (LP: #1865858) - s390/ftrace: save traced function caller - s390: support KPROBES_ON_FTRACE * alsa/sof: load different firmware on different platforms (LP: #1857409) - ASoC: SOF: Intel: hda: use fallback for firmware name - ASoC: Intel: acpi-match: split CNL tables in three - ASoC: SOF: Intel: Fix CFL and CML FW nocodec binary names. * [UBUNTU 20.04] Enable CONFIG_NET_SWITCHDEV in kernel config for s390x starting with focal (LP: #1865452) - [Config] Enable CONFIG_NET_SWITCHDEV in kernel config for s390x starting with focal * Focal update: v5.4.24 upstream stable release (LP: #1866333) - io_uring: grab ->fs as part of async offload - EDAC: skx_common: downgrade message importance on missing PCI device - net: dsa: b53: Ensure the default VID is untagged - net: fib_rules: Correctly set table field when table number exceeds 8 bits - net: macb: ensure interface is not suspended on at91rm9200 - net: mscc: fix in frame extraction - net: phy: restore mdio regs in the iproc mdio driver - net: sched: correct flower port blocking - net/tls: Fix to avoid gettig invalid tls record - nfc: pn544: Fix occasional HW initialization failure - qede: Fix race between rdma destroy workqueue and link change event - Revert "net: dev: introduce support for sch BYPASS for lockless qdisc" - udp: rehash on disconnect - sctp: move the format error check out of __sctp_sf_do_9_1_abort - bnxt_en: Improve device shutdown method. - bnxt_en: Issue PCIe FLR in kdump kernel to cleanup pending DMAs. - bonding: add missing netdev_update_lockdep_key() - net: export netdev_next_lower_dev_rcu() - bonding: fix lockdep warning in bond_get_stats() - ipv6: Fix route replacement with dev-only route - ipv6: Fix nlmsg_flags when splitting a multipath route - ipmi:ssif: Handle a possible NULL pointer reference - drm/msm: Set dma maximum segment size for mdss - sched/core: Don't skip remote tick for idle CPUs - timers/nohz: Update NOHZ load in remote tick - sched/fair: Prevent unlimited runtime on throttled group - dax: pass NOWAIT flag to iomap_apply - mac80211: consider more elements in parsing CRC - cfg80211: check wiphy driver existence for drvinfo report - s390/zcrypt: fix card and queue total counter wrap - qmi_wwan: re-add DW5821e pre-production variant - qmi_wwan: unconditionally reject 2 ep interfaces - NFSv4: Fix races between open and dentry revalidation - perf/smmuv3: Use platform_get_irq_optional() for wired interrupt - perf/x86/intel: Add Elkhart Lake support - perf/x86/cstate: Add Tremont
[Kernel-packages] [Bug 1863562] Re: Restrict xmon to read-only-mode if kernel is locked down
** Tags removed: verification-needed-focal ** Tags added: verification-done-focal -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1863562 Title: Restrict xmon to read-only-mode if kernel is locked down Status in The Ubuntu-power-systems project: Fix Committed Status in linux package in Ubuntu: Fix Committed Bug description: This is a spin off of LP 1855668 (see comment #11 there:) Please could you pick up (in addition to the issue still pending) commit 69393cb03ccd ("powerpc/xmon: Restrict when kernel is locked down"). From the pull-request that included it, the commit does the following: - A change to xmon (our crash handler / pseudo-debugger) to restrict it to read-only mode when the kernel is lockdown'ed, otherwise it's trivial to drop into xmon and modify kernel data, such as the lockdown state. To exploit this you'd need to boot with command line including 'xmon=rw', as xmon isn't read-write by default on the Focal kernel, but that's not exactly a challenge. I have used this to drop down from lockdown=confidentiality to lockdown=none on 5.4.0-14-generic #17-Ubuntu To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1863562/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1863562] Re: Restrict xmon to read-only-mode if kernel is locked down
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-focal -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1863562 Title: Restrict xmon to read-only-mode if kernel is locked down Status in The Ubuntu-power-systems project: Fix Committed Status in linux package in Ubuntu: Fix Committed Bug description: This is a spin off of LP 1855668 (see comment #11 there:) Please could you pick up (in addition to the issue still pending) commit 69393cb03ccd ("powerpc/xmon: Restrict when kernel is locked down"). From the pull-request that included it, the commit does the following: - A change to xmon (our crash handler / pseudo-debugger) to restrict it to read-only mode when the kernel is lockdown'ed, otherwise it's trivial to drop into xmon and modify kernel data, such as the lockdown state. To exploit this you'd need to boot with command line including 'xmon=rw', as xmon isn't read-write by default on the Focal kernel, but that's not exactly a challenge. I have used this to drop down from lockdown=confidentiality to lockdown=none on 5.4.0-14-generic #17-Ubuntu To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1863562/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1863562] Re: Restrict xmon to read-only-mode if kernel is locked down
Request moved to Applied - changing to Fix Committed. ** Changed in: linux (Ubuntu) Status: In Progress => Fix Committed ** Changed in: ubuntu-power-systems Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1863562 Title: Restrict xmon to read-only-mode if kernel is locked down Status in The Ubuntu-power-systems project: Fix Committed Status in linux package in Ubuntu: Fix Committed Bug description: This is a spin off of LP 1855668 (see comment #11 there:) Please could you pick up (in addition to the issue still pending) commit 69393cb03ccd ("powerpc/xmon: Restrict when kernel is locked down"). From the pull-request that included it, the commit does the following: - A change to xmon (our crash handler / pseudo-debugger) to restrict it to read-only mode when the kernel is lockdown'ed, otherwise it's trivial to drop into xmon and modify kernel data, such as the lockdown state. To exploit this you'd need to boot with command line including 'xmon=rw', as xmon isn't read-write by default on the Focal kernel, but that's not exactly a challenge. I have used this to drop down from lockdown=confidentiality to lockdown=none on 5.4.0-14-generic #17-Ubuntu To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1863562/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1863562] Re: Restrict xmon to read-only-mode if kernel is locked down
Patch request submitted: https://lists.ubuntu.com/archives/kernel-team/2020-February/thread.html#107526 changing status to 'In Progress'. ** Changed in: ubuntu-power-systems Status: Triaged => In Progress ** Changed in: linux (Ubuntu) Status: Triaged => In Progress -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1863562 Title: Restrict xmon to read-only-mode if kernel is locked down Status in The Ubuntu-power-systems project: In Progress Status in linux package in Ubuntu: In Progress Bug description: This is a spin off of LP 1855668 (see comment #11 there:) Please could you pick up (in addition to the issue still pending) commit 69393cb03ccd ("powerpc/xmon: Restrict when kernel is locked down"). From the pull-request that included it, the commit does the following: - A change to xmon (our crash handler / pseudo-debugger) to restrict it to read-only mode when the kernel is lockdown'ed, otherwise it's trivial to drop into xmon and modify kernel data, such as the lockdown state. To exploit this you'd need to boot with command line including 'xmon=rw', as xmon isn't read-write by default on the Focal kernel, but that's not exactly a challenge. I have used this to drop down from lockdown=confidentiality to lockdown=none on 5.4.0-14-generic #17-Ubuntu To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1863562/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1863562] Re: Restrict xmon to read-only-mode if kernel is locked down
** Summary changed: - Restrict ppc64el xmon to read-only-mode if kernel is locked down + Restrict xmon to read-only-mode if kernel is locked down -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1863562 Title: Restrict xmon to read-only-mode if kernel is locked down Status in The Ubuntu-power-systems project: Triaged Status in linux package in Ubuntu: Triaged Bug description: This is a spin off of LP 1855668 (see comment #11 there:) Please could you pick up (in addition to the issue still pending) commit 69393cb03ccd ("powerpc/xmon: Restrict when kernel is locked down"). From the pull-request that included it, the commit does the following: - A change to xmon (our crash handler / pseudo-debugger) to restrict it to read-only mode when the kernel is lockdown'ed, otherwise it's trivial to drop into xmon and modify kernel data, such as the lockdown state. To exploit this you'd need to boot with command line including 'xmon=rw', as xmon isn't read-write by default on the Focal kernel, but that's not exactly a challenge. I have used this to drop down from lockdown=confidentiality to lockdown=none on 5.4.0-14-generic #17-Ubuntu To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1863562/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp