** Description changed:
+ == SRU Justification ==
+ Security team requires the SCHED_STACK_END_CHECK config to be enabled
+ on all of our kernel.
+
+ The test_380_config_sched_stack_end_check test from q-r-t will fail on
+ all the KVM kernels.
+
+ Copied from the config help text:
+ This option checks for a stack overrun on calls to schedule(). If the
+ stack end location is found to be over written always panic as the
+ content of the corrupted region can no longer be trusted. This is to
+ ensure no erroneous behaviour occurs which could result in data
+ corruption or a sporadic crash at a later stage once the region is
+ examined. The runtime overhead introduced is minimal.
+
+ == Test ==
+ This issue case be verified with the test_380_config_sched_stack_end_check
test from q-r-t, the test will pass with the patched kernel.
+
+ == Regression Potential ==
+ Low, the introduced runtime overhead is minimal, and it's already enabled in
the generic kernel.
+
+
+ == Original Bug report ==
The test_380_config_sched_stack_end_check test failed on the Bionic
KVM kernel
- FAIL: test_380_config_sched_stack_end_check
(__main__.KernelSecurityConfigTest)
- Ensure SCHED_STACK_END_CHECK is set
- ----------------------------------------------------------------------
- Traceback (most recent call last):
- File "./test-kernel-security.py", line 2628, in
test_380_config_sched_stack_end_check
- self.assertKernelConfig('SCHED_STACK_END_CHECK', expected)
- File "./test-kernel-security.py", line 207, in assertKernelConfig
- self.assertKernelConfigSet(name)
- File "./test-kernel-security.py", line 194, in assertKernelConfigSet
- '%s option was expected to be set in the kernel config' % name)
- AssertionError: SCHED_STACK_END_CHECK option was expected to be set in
the kernel config
+ FAIL: test_380_config_sched_stack_end_check
(__main__.KernelSecurityConfigTest)
+ Ensure SCHED_STACK_END_CHECK is set
+ ----------------------------------------------------------------------
+ Traceback (most recent call last):
+ File "./test-kernel-security.py", line 2628, in
test_380_config_sched_stack_end_check
+ self.assertKernelConfig('SCHED_STACK_END_CHECK', expected)
+ File "./test-kernel-security.py", line 207, in assertKernelConfig
+ self.assertKernelConfigSet(name)
+ File "./test-kernel-security.py", line 194, in assertKernelConfigSet
+ '%s option was expected to be set in the kernel config' % name)
+ AssertionError: SCHED_STACK_END_CHECK option was expected to be set in the
kernel config
+
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: linux-image-4.15.0-1028-kvm 4.15.0-1028.28
ProcVersionSignature: User Name 4.15.0-1028.28-kvm 4.15.18
Uname: Linux 4.15.0-1028-kvm x86_64
ApportVersion: 2.20.9-0ubuntu7.5
Architecture: amd64
Date: Thu Jan 17 06:44:41 2019
SourcePackage: linux-kvm
UpgradeStatus: No upgrade log present (probably fresh install)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1812159
Title:
q-r-t security test wants SCHED_STACK_END_CHECK to be enabled in KVM
kernels
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1812159/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
