[Bug 1766774] Re: test_190_config_kernel_fortify in kernel security test failed with 4.15 KVM kernel
** Changed in: ubuntu-kernel-tests Status: Fix Committed => Fix Released ** Changed in: linux-kvm (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1766774 Title: test_190_config_kernel_fortify in kernel security test failed with 4.15 KVM kernel To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1766774/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1766774] Re: test_190_config_kernel_fortify in kernel security test failed with 4.15 KVM kernel
This bug was fixed in the package linux-kvm - 4.15.0-1016.16 --- linux-kvm (4.15.0-1016.16) bionic; urgency=medium * linux-kvm: 4.15.0-1016.16 -proposed tracker (LP: #1782180) [ Ubuntu: 4.15.0-29.31 ] * linux: 4.15.0-29.31 -proposed tracker (LP: #1782173) * [SRU Bionic][Cosmic] kernel panic in ipmi_ssif at msg_done_handler (LP: #116) - ipmi_ssif: Fix kernel panic at msg_done_handler * Update to ocxl driver for 18.04.1 (LP: #1775786) - misc: ocxl: use put_device() instead of device_unregister() - powerpc: Add TIDR CPU feature for POWER9 - powerpc: Use TIDR CPU feature to control TIDR allocation - powerpc: use task_pid_nr() for TID allocation - ocxl: Rename pnv_ocxl_spa_remove_pe to clarify it's action - ocxl: Expose the thread_id needed for wait on POWER9 - ocxl: Add an IOCTL so userspace knows what OCXL features are available - ocxl: Document new OCXL IOCTLs - ocxl: Fix missing unlock on error in afu_ioctl_enable_p9_wait() * Critical upstream bugfix missing in Ubuntu 18.04 - frequent Xorg crash after suspend (LP: #1776887) - ocxl: Document the OCXL_IOCTL_GET_METADATA IOCTL * Hard LOCKUP observed on stressing Ubuntu 18 04 (LP: #1777194) - powerpc: use NMI IPI for smp_send_stop - powerpc: Fix smp_send_stop NMI IPI handling * IPL: ppc64_cpu --frequency hang with INFO: rcu_sched detected stalls on CPUs/tasks on w34 and wsbmc016 with 920.1714.20170330n (LP: #1773964) - rtc: opal: Fix OPAL RTC driver OPAL_BUSY loops * [Regression] EXT4-fs error (device sda2): ext4_validate_block_bitmap:383: comm stress-ng: bg 4705: bad block bitmap checksum (LP: #1781709) - SAUCE: Revert "UBUNTU: SAUCE: ext4: fix ext4_validate_inode_bitmap: comm stress-ng: Corrupt inode bitmap" - SAUCE: ext4: check for allocation block validity with block group locked [ Ubuntu: 4.15.0-28.30 ] * linux: 4.15.0-28.30 -proposed tracker (LP: #1781433) * Cannot set MTU higher than 1500 in Xen instance (LP: #1781413) - xen-netfront: Fix mismatched rtnl_unlock - xen-netfront: Update features after registering netdev linux-kvm (4.15.0-1015.15) bionic; urgency=medium * linux-kvm: 4.15.0-1015.15 -proposed tracker (LP: #1781068) [ Ubuntu: 4.15.0-27.29 ] * linux: 4.15.0-27.29 -proposed tracker (LP: #1781062) * [Regression] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:99: comm stress-ng: Corrupt inode bitmap (LP: #1780137) - SAUCE: ext4: fix ext4_validate_inode_bitmap: comm stress-ng: Corrupt inode bitmap linux-kvm (4.15.0-1014.14) bionic; urgency=medium * linux-kvm: 4.15.0-1014.14 -proposed tracker (LP: #1780119) [ Ubuntu: 4.15.0-26.28 ] * linux: 4.15.0-26.28 -proposed tracker (LP: #1780112) * failure to boot with linux-image-4.15.0-24-generic (LP: #1779827) // Cloud- init causes potentially huge boot delays with 4.15 kernels (LP: #1780062) - random: Make getrandom() ready earlier linux-kvm (4.15.0-1013.13) bionic; urgency=medium * linux-kvm: 4.15.0-1013.13 -proposed tracker (LP: #1779363) * test_190_config_kernel_fortify in kernel security test failed with 4.15 KVM kernel (LP: #1766774) - [Config]: enable CONFIG_FORTIFY_SOURCE * test_250_config_security_perf_events_restrict in kernel security test failed with 4.15 KVM kernel (LP: #1766780) - [Config]: enable CONFIG_SECURITY_PERF_EVENTS_RESTRICT * kata-containers: enable memory hotplug (LP: #1777127) - kvm: [Config] Enable memory hotplug * kata-containers: Cannot open root device "pmem0p1" (LP: #1761854) - kvm: [Config] Enable ACPI NVDIMM * kata-containers: netlink protocol not supported (LP: #1761856) - kvm: [Config] Enable IP set and netfilter [ Ubuntu: 4.15.0-25.27 ] * linux: 4.15.0-25.27 -proposed tracker (LP: #1779354) * hisi_sas_v3_hw: internal task abort: timeout and not done. (LP: #136) - scsi: hisi_sas: Update a couple of register settings for v3 hw * hisi_sas: Add missing PHY spinlock init (LP: #134) - scsi: hisi_sas: Add missing PHY spinlock init * hisi_sas: improve read performance by pre-allocating slot DMA buffers (LP: #127) - scsi: hisi_sas: use dma_zalloc_coherent() - scsi: hisi_sas: Use dmam_alloc_coherent() - scsi: hisi_sas: Pre-allocate slot DMA buffers * hisi_sas: Failures during host reset (LP: #1777696) - scsi: hisi_sas: Only process broadcast change in phy_bcast_v3_hw() - scsi: hisi_sas: Fix the conflict between dev gone and host reset - scsi: hisi_sas: Adjust task reject period during host reset - scsi: hisi_sas: Add a flag to filter PHY events during reset - scsi: hisi_sas: Release all remaining resources in clear nexus ha * Fake SAS addresses for SATA disks on HiSilicon D05 are non-unique (LP: #1776750) - scsi: hisi_sas: make SAS address of SATA disks unique * Vcs-Git header on bionic linux source package points to zesty git tree (LP: #1766055) -
[Bug 1766774] Re: test_190_config_kernel_fortify in kernel security test failed with 4.15 KVM kernel
** Changed in: linux-kvm (Ubuntu Bionic) Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1766774 Title: test_190_config_kernel_fortify in kernel security test failed with 4.15 KVM kernel To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1766774/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1766774] Re: test_190_config_kernel_fortify in kernel security test failed with 4.15 KVM kernel
** Also affects: linux-kvm (Ubuntu Bionic) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1766774 Title: test_190_config_kernel_fortify in kernel security test failed with 4.15 KVM kernel To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1766774/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1766774] Re: test_190_config_kernel_fortify in kernel security test failed with 4.15 KVM kernel
** Changed in: ubuntu-kernel-tests Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1766774 Title: test_190_config_kernel_fortify in kernel security test failed with 4.15 KVM kernel To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1766774/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1766774] Re: test_190_config_kernel_fortify in kernel security test failed with 4.15 KVM kernel
** Changed in: linux-kvm (Ubuntu) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1766774 Title: test_190_config_kernel_fortify in kernel security test failed with 4.15 KVM kernel To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1766774/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1766774] Re: test_190_config_kernel_fortify in kernel security test failed with 4.15 KVM kernel
** Description changed: == Justification == In the Bionic KVM kernel, the CONFIG_FORTIFY_SOURCE and CONFIG_SECURITY_PERF_EVENTS_RESTRICT were not set, they need to be enabled to meet the security team's requirement. == Test == Before enabling the config, test case test_190_config_kernel_fortify and test_250_config_security_perf_events_restrict will fail in the kernel security testsuite for the kernel SRU regression test. It will pass with these two patches applied, tested on a KVM node. == Fix == Set CONFIG_SECURITY_PERF_EVENTS_RESTRICT to "y". Set CONFIG_FORTIFY_SOURCE to "y". == Regression Potential == Minimal. - No code changes, just two config change without disabling any other configs. + No code changes, just two config changes without disabling any other configs. BugLink: https://bugs.launchpad.net/bugs/1766780 BugLink: https://bugs.launchpad.net/bugs/1766774 -- Test test_190_config_kernel_fortify from the kernel security test suite failed with 4.15.0-1008 KVM kernel. == FAIL: test_190_config_kernel_fortify (__main__.KernelSecurityTest) Ensure CONFIG_FORTIFY_SOURCE is set -- Traceback (most recent call last): File "./test-kernel-security.py", line 2186, in test_190_config_kernel_fortify self.assertTrue(self._test_config(config_name)) AssertionError: False is not true The CONFIG_FORTIFY_SOURCE is not set. $ cat /boot/config-4.15.0-1008-kvm | grep CONFIG_FORTIFY_SOURCE # CONFIG_FORTIFY_SOURCE is not set ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: linux-image-4.15.0-1008-kvm 4.15.0-1008.8 ProcVersionSignature: User Name 4.15.0-1008.8-kvm 4.15.17 Uname: Linux 4.15.0-1008-kvm x86_64 NonfreeKernelModules: signpost ApportVersion: 2.20.9-0ubuntu7 Architecture: amd64 Date: Wed Apr 25 04:28:13 2018 ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=C.UTF-8 SHELL=/bin/bash SourcePackage: linux-kvm UpgradeStatus: No upgrade log present (probably fresh install) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1766774 Title: test_190_config_kernel_fortify in kernel security test failed with 4.15 KVM kernel To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1766774/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1766774] Re: test_190_config_kernel_fortify in kernel security test failed with 4.15 KVM kernel
A test kernel could be found here (along with the patch for bug 1766780: http://people.canonical.com/~phlin/kernel/lp-1766774-1766780/ ** No longer affects: qa-regression-testing ** Changed in: ubuntu-kernel-tests Assignee: (unassigned) => Po-Hsu Lin (cypressyew) ** Changed in: linux-kvm (Ubuntu) Assignee: (unassigned) => Po-Hsu Lin (cypressyew) ** Changed in: ubuntu-kernel-tests Status: New => In Progress ** Changed in: linux-kvm (Ubuntu) Status: New => In Progress ** Description changed: + == Justification == + In the Bionic KVM kernel, the CONFIG_FORTIFY_SOURCE and + CONFIG_SECURITY_PERF_EVENTS_RESTRICT were not set, they need to be enabled to + meet the security team's requirement. + + == Test == + Before enabling the config, test case test_190_config_kernel_fortify and + test_250_config_security_perf_events_restrict will fail in the kernel + security testsuite for the kernel SRU regression test. + + It will pass with these two patches applied, tested on a KVM node. + + == Fix == + Set CONFIG_SECURITY_PERF_EVENTS_RESTRICT to "y". + Set CONFIG_FORTIFY_SOURCE to "y". + + == Regression Potential == + Minimal. + No code changes, just two config change without disabling any other configs. + + Test test_190_config_kernel_fortify from the kernel security test suite failed with 4.15.0-1008 KVM kernel. - == - FAIL: test_190_config_kernel_fortify (__main__.KernelSecurityTest) - Ensure CONFIG_FORTIFY_SOURCE is set - -- - Traceback (most recent call last): - File "./test-kernel-security.py", line 2186, in test_190_config_kernel_fortify - self.assertTrue(self._test_config(config_name)) - AssertionError: False is not true - + == + FAIL: test_190_config_kernel_fortify (__main__.KernelSecurityTest) + Ensure CONFIG_FORTIFY_SOURCE is set + -- + Traceback (most recent call last): + File "./test-kernel-security.py", line 2186, in test_190_config_kernel_fortify + self.assertTrue(self._test_config(config_name)) + AssertionError: False is not true The CONFIG_FORTIFY_SOURCE is not set. $ cat /boot/config-4.15.0-1008-kvm | grep CONFIG_FORTIFY_SOURCE # CONFIG_FORTIFY_SOURCE is not set ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: linux-image-4.15.0-1008-kvm 4.15.0-1008.8 ProcVersionSignature: User Name 4.15.0-1008.8-kvm 4.15.17 Uname: Linux 4.15.0-1008-kvm x86_64 NonfreeKernelModules: signpost ApportVersion: 2.20.9-0ubuntu7 Architecture: amd64 Date: Wed Apr 25 04:28:13 2018 ProcEnviron: - TERM=xterm-256color - PATH=(custom, no user) - XDG_RUNTIME_DIR= - LANG=C.UTF-8 - SHELL=/bin/bash + TERM=xterm-256color + PATH=(custom, no user) + XDG_RUNTIME_DIR= + LANG=C.UTF-8 + SHELL=/bin/bash SourcePackage: linux-kvm UpgradeStatus: No upgrade log present (probably fresh install) ** Description changed: == Justification == In the Bionic KVM kernel, the CONFIG_FORTIFY_SOURCE and CONFIG_SECURITY_PERF_EVENTS_RESTRICT were not set, they need to be enabled to meet the security team's requirement. == Test == Before enabling the config, test case test_190_config_kernel_fortify and test_250_config_security_perf_events_restrict will fail in the kernel security testsuite for the kernel SRU regression test. It will pass with these two patches applied, tested on a KVM node. == Fix == Set CONFIG_SECURITY_PERF_EVENTS_RESTRICT to "y". Set CONFIG_FORTIFY_SOURCE to "y". == Regression Potential == Minimal. No code changes, just two config change without disabling any other configs. - Test test_190_config_kernel_fortify from the kernel security test suite - failed with 4.15.0-1008 KVM kernel. + -- + Test test_190_config_kernel_fortify from the kernel security test suite failed with 4.15.0-1008 KVM kernel. == FAIL: test_190_config_kernel_fortify (__main__.KernelSecurityTest) Ensure CONFIG_FORTIFY_SOURCE is set -- Traceback (most recent call last): File "./test-kernel-security.py", line 2186, in test_190_config_kernel_fortify self.assertTrue(self._test_config(config_name)) AssertionError: False is not true The CONFIG_FORTIFY_SOURCE is not set. $ cat /boot/config-4.15.0-1008-kvm | grep CONFIG_FORTIFY_SOURCE # CONFIG_FORTIFY_SOURCE is not set ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: linux-image-4.15.0-1008-kvm 4.15.0-1008.8 ProcVersionSignature: User Name 4.15.0-1008.8-kvm 4.15.17 Uname: Linux 4.15.0-1008-kvm x86_64 NonfreeKernelModules:
[Bug 1766774] Re: test_190_config_kernel_fortify in kernel security test failed with 4.15 KVM kernel
** Also affects: ubuntu-kernel-tests Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1766774 Title: test_190_config_kernel_fortify in kernel security test failed with 4.15 KVM kernel To manage notifications about this bug go to: https://bugs.launchpad.net/qa-regression-testing/+bug/1766774/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs