canonical-ubuntu-qa team mailing list archive

Thread
Date

[Bug 2072457] [NEW] ubuntu_32_on_64 and ubuntu_qrt_kernel_security failed on Google N2D due to 32-bit emulation disabled

To: canonical-ubuntu-qa@xxxxxxxxxxxxxxxxxxx
From: Po-Hsu Lin <2072457@xxxxxxxxxxxxxxxxxx>
Date: Mon, 08 Jul 2024 02:44:17 -0000
Reply-to: Bug 2072457 <2072457@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Public bug reported:

Issue found on Google N2D instances since sru-20240429

Test:
 ubuntu_32_on_64
 ubuntu_qrt_kernel_security
   - KernelSecurityTest.test_020_aslr_dapper_stack
   - KernelSecurityTest.test_022_aslr_hardy_text
   - KernelSecurityTest.test_022_aslr_hardy_vdso
   - KernelSecurityTest.test_022_aslr_intrepid_brk
   - KernelSecurityTest.test_023_aslr_wily_pie
   - KernelSecurityTest.test_381_compat_alloc_userspace
   - KernelNonSecurityTest.test_10_bad_syscall_returns_ENOSYS

This is because of commit b82a8dbd3, one of the fixes for
CVE-2024-25744. This CVE describes vulnerability exhibits in
confidential computing VMs, and it affects 4.15 and after. Unfortunately
it is very hard to backport to older kernels so we took the suggestion
of a upstream maintainer and simply disabled the IA32_EMULATION which
mitigates the issue. (Thanks to Magali and Yuxuan for the information)

** Affects: ubuntu-kernel-tests
     Importance: Undecided
         Status: New


** Tags: gcp sru-20240429 ubuntu-32-on-64 ubuntu-qrt-kernel-security

-- 
You received this bug notification because you are a member of Canonical
Platform QA Team, which is subscribed to ubuntu-kernel-tests.
https://bugs.launchpad.net/bugs/2072457

Title:
  ubuntu_32_on_64 and ubuntu_qrt_kernel_security failed on Google N2D
  due to 32-bit emulation disabled

Status in ubuntu-kernel-tests:
  New

Bug description:
  Issue found on Google N2D instances since sru-20240429

  Test:
   ubuntu_32_on_64
   ubuntu_qrt_kernel_security
     - KernelSecurityTest.test_020_aslr_dapper_stack
     - KernelSecurityTest.test_022_aslr_hardy_text
     - KernelSecurityTest.test_022_aslr_hardy_vdso
     - KernelSecurityTest.test_022_aslr_intrepid_brk
     - KernelSecurityTest.test_023_aslr_wily_pie
     - KernelSecurityTest.test_381_compat_alloc_userspace
     - KernelNonSecurityTest.test_10_bad_syscall_returns_ENOSYS

  This is because of commit b82a8dbd3, one of the fixes for
  CVE-2024-25744. This CVE describes vulnerability exhibits in
  confidential computing VMs, and it affects 4.15 and after.
  Unfortunately it is very hard to backport to older kernels so we took
  the suggestion of a upstream maintainer and simply disabled the
  IA32_EMULATION which mitigates the issue. (Thanks to Magali and Yuxuan
  for the information)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/2072457/+subscriptions

Follow ups

[Bug 2072457] Re: ubuntu_32_on_64 and ubuntu_qrt_kernel_security failed on Google N2D due to 32-bit emulation disabled
From: Po-Hsu Lin, 2024-07-08
[Bug 2072457] Re: ubuntu_32_on_64 and ubuntu_qrt_kernel_security failed on Google N2D due to 32-bit emulation disabled
From: Po-Hsu Lin, 2024-07-08
[Bug 2072457] Re: ubuntu_32_on_64 and ubuntu_qrt_kernel_security failed on Google N2D due to 32-bit emulation disabled
From: Po-Hsu Lin, 2024-07-08