group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #24272
[Bug 1760648] Re: test_072_config_strict_devmem in kernel security test failed with 4.4/4.15 kvm
This bug was fixed in the package linux-kvm - 4.4.0-1027.32
---------------
linux-kvm (4.4.0-1027.32) xenial; urgency=medium
* linux-kvm: 4.4.0-1027.32 -proposed tracker (LP: #1772964)
* Xenial update to 4.4.129 stable release (LP: #1768429)
- [Config] Remove ARCH_HWEIGHT_CFLAGS
* test_140_kernel_modules_not_tainted in kernel security test failed with 4.15
kvm kernel (LP: #1766832)
- kvm: [config] enable CONFIG_MODULE_UNLOAD
* test_072_config_debug_set_module_ronx in kernel security test failed with
4.4 X-kvm (LP: #1760646)
- kvm: [config] enable CONFIG_DEBUG_SET_MODULE_RONX
* test_151_sysctl_disables_bpf_unpriv_userns in kernel security test failed
with 4.4/4.15 kvm (LP: #1760656)
- kvm: [config] enable BPF_SYSCALL
* test_077_config_security_ipsec in kernel security test failed with 4.4/4.15
kvm (LP: #1760653)
- kvm: [config] enable ipsec configs
* test_072_config_strict_devmem in kernel security test failed with 4.4/4.15
kvm (LP: #1760648) // test_072_strict_devmem in kernel security test failed
with 4.4/4.15 kvm (LP: #1760649)
- kvm: [config] enable DEVMEM
* test_076_config_security_acl_ext4 in kernel security test failed with
4.4/4.15 kvm (LP: #1760652) // test_160_setattr_CVE_2015_1350 in kernel
security test failed with 4.4/4.15 kvm (LP: #1760657)
- kvm: [config] enable POSIX_ACL, XATTR, FS_SECURITY for all filesystems
* test_074_config_security_default_mmap_min_addr in kernel security test
failed with 4.4/4.15 kvm (LP: #1760650)
- kvm: [config] DEFAULT_MMAP_MIN_ADDR=65536
* test_072_config_debug_rodata in kernel security test failed with 4.4 X-kvm
(LP: #1760643)
- [Config] enable CONFIG_DEBUG_RODATA
[ Ubuntu: 4.4.0-128.154 ]
* linux: 4.4.0-128.154 -proposed tracker (LP: #1772960)
* CVE-2018-3639 (x86)
- x86/cpu: Make alternative_msr_write work for 32-bit code
- x86/bugs: Fix the parameters alignment and missing void
- KVM: SVM: Move spec control call after restore of GS
- x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP
- x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS
- x86/cpufeatures: Disentangle SSBD enumeration
- x86/cpu/AMD: Fix erratum 1076 (CPB bit)
- x86/cpufeatures: Add FEATURE_ZEN
- x86/speculation: Handle HT correctly on AMD
- x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL
- x86/speculation: Add virtualized speculative store bypass disable support
- x86/speculation: Rework speculative_store_bypass_update()
- x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host}
- x86/bugs: Expose x86_spec_ctrl_base directly
- x86/bugs: Remove x86_spec_ctrl_set()
- x86/bugs: Rework spec_ctrl base and mask logic
- x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG
- KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD
- x86/bugs: Rename SSBD_NO to SSB_NO
- KVM: VMX: Expose SSBD properly to guests.
* [i915_bpo] Fix flickering issue after panel change (LP: #1770565)
- drm/i915: Fix iboost setting for DDI with 4 lanes on SKL
- drm/i915: Name the "iboost bit"
- drm/i915: Program iboost settings for HDMI/DVI on SKL
- drm/i915: Move bxt_ddi_vswing_sequence() call into intel_ddi_pre_enable()
for HDMI
- drm/i915: Explicitly use ddi buf trans entry 9 for hdmi
- drm/i915: Split DP/eDP/FDI and HDMI/DVI DDI buffer programming apart
- drm/i915: Get the iboost setting based on the port type
- drm/i915: Simplify intel_ddi_get_encoder_port()
- drm/i915: Fix iboost setting for SKL Y/U DP DDI buffer translation entry 2
- drm/i915: KBL - Recommended buffer translation programming for DisplayPort
- drm/i915: Ignore OpRegion panel type except on select machines
* [SRU][Bionic/Artful] fix false positives in W+X checking (LP: #1769696)
- init: fix false positives in W+X checking
* [Ubuntu 16.04] kernel: fix rwlock implementation (LP: #1761674)
- SAUCE: (no-up) s390: fix rwlock implementation
* linux < 4.11: unable to use netfilter logging from non-init namespaces
(LP: #1766573)
- netfilter: allow logging from non-init namespaces
* [LTC Test] Ubuntu 18.04: tm_sigreturn failed on P8 compat mode 16.04.04
guest (LP: #1771439)
- powerpc: signals: Discard transaction state from signal frames
* QCA9377 requires more IRAM banks for its new firmware (LP: #1748345)
- ath10k: update the IRAM bank number for QCA9377
* i915/kbl_dmc_ver1.bin failed with error -2 package 1.157.17 kernel
4.4.0-116-generic (LP: #1752536)
- ubuntu: i915_bpo - Add MODULE_FIRMWARE for Geminilake's DMC
* Xenial update to 4.4.131 stable release (LP: #1768825)
- ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS
- ext4: set h_journal if there is a failure starting a reserved handle
- ext4: add validity checks for bitmap block numbers
- ext4: fix bitmap position validation
- usbip: usbip_host: fix to hold parent lock for device_attach() calls
- usbip: vhci_hcd: Fix usb device and sockfd leaks
- USB: serial: simple: add libtransistor console
- USB: serial: ftdi_sio: use jtag quirk for Arrow USB Blaster
- USB: serial: cp210x: add ID for NI USB serial console
- usb: core: Add quirk for HP v222w 16GB Mini
- USB: Increment wakeup count on remote wakeup.
- ALSA: usb-audio: Skip broken EU on Dell dock USB-audio
- virtio: add ability to iterate over vqs
- virtio_console: free buffers after reset
- drm/virtio: fix vq wait_event condition
- tty: Don't call panic() at tty_ldisc_init()
- tty: n_gsm: Fix long delays with control frame timeouts in ADM mode
- tty: n_gsm: Fix DLCI handling for ADM mode if debug & 2 is not set
- tty: Use __GFP_NOFAIL for tty_ldisc_get()
- ALSA: core: Report audio_tstamp in snd_pcm_sync_ptr
- ALSA: seq: oss: Fix unbalanced use lock for synth MIDI device
- ALSA: hda/realtek - Add some fixes for ALC233
- mtd: cfi: cmdset_0001: Do not allow read/write to suspend erase block.
- mtd: cfi: cmdset_0001: Workaround Micron Erase suspend bug.
- mtd: cfi: cmdset_0002: Do not allow read/write to suspend erase block.
- kobject: don't use WARN for registration failures
- scsi: sd: Defer spinning up drive while SANITIZE is in progress
- ARM: amba: Make driver_override output consistent with other buses
- ARM: amba: Fix race condition with driver_override
- ARM: amba: Don't read past the end of sysfs "driver_override" buffer
- ASoC: fsl_esai: Fix divisor calculation failure at lower ratio
- libceph: validate con->state at the top of try_write()
- x86/ipc: Fix x32 version of shmid64_ds and msqid64_ds
- x86/smpboot: Don't use mwait_play_dead() on AMD systems
- serial: mctrl_gpio: export mctrl_gpio_disable_ms and mctrl_gpio_init
- serial: mctrl_gpio: Add missing module license
- Linux 4.4.131
* Xenial update to 4.4.130 stable release (LP: #1768474) // CVE-2017-5715 //
CVE-2017-5753
- SAUCE: s390: print messages for gmb and nobp
* Xenial update to 4.4.130 stable release (LP: #1768474)
- cifs: do not allow creating sockets except with SMB1 posix exensions
- x86/tsc: Prevent 32bit truncation in calc_hpet_ref()
- perf: Return proper values for user stack errors
- staging: ion : Donnot wakeup kswapd in ion system alloc
- r8152: add Linksys USB3GIGV1 id
- Input: drv260x - fix initializing overdrive voltage
- ath9k_hw: check if the chip failed to wake up
- jbd2: fix use after free in kjournald2()
- Revert "ath10k: send (re)assoc peer command when NSS changed"
- Revert "UBUNTU: SAUCE: s390: print messages for gmb and nobp"
- Revert "UBUNTU: SAUCE: s390: improve cpu alternative handling for gmb and
nobp"
- Revert "s390: add ppa to kernel entry / exit"
- Revert "s390: introduce CPU alternatives"
- s390: introduce CPU alternatives
- s390: enable CPU alternatives unconditionally
- s390/alternative: use a copy of the facility bit mask
- s390: add options to change branch prediction behaviour for the kernel
- s390: scrub registers on kernel entry and KVM exit
- s390: add optimized array_index_mask_nospec
- s390: run user space and KVM guests with modified branch prediction
- s390: introduce execute-trampolines for branches
- s390: Replace IS_ENABLED(EXPOLINE_*) with IS_ENABLED(CONFIG_EXPOLINE_*)
- s390: do not bypass BPENTER for interrupt system calls
- s390/entry.S: fix spurious zeroing of r0
- s390: move nobp parameter functions to nospec-branch.c
- s390: add automatic detection of the spectre defense
- [Config] Add CONFIG_EXPOLINE=y and CONFIG_EXPOLINE_AUTO=y
- s390: report spectre mitigation via syslog
- s390: add sysfs attributes for spectre
- s390: correct nospec auto detection init order
- s390: correct module section names for expoline code revert
- bonding: do not set slave_dev npinfo before slave_enable_netpoll in
bond_enslave
- KEYS: DNS: limit the length of option strings
- l2tp: check sockaddr length in pppol2tp_connect()
- net: validate attribute sizes in neigh_dump_table()
- llc: delete timers synchronously in llc_sk_free()
- tcp: don't read out-of-bounds opsize
- team: avoid adding twice the same option to the event list
- team: fix netconsole setup over team
- packet: fix bitfield update race
- pppoe: check sockaddr length in pppoe_connect()
- vlan: Fix reading memory beyond skb->tail in skb_vlan_tagged_multi
- sctp: do not check port in sctp_inet6_cmp_addr
- llc: hold llc_sap before release_sock()
- llc: fix NULL pointer deref for SOCK_ZAPPED
- tipc: add policy for TIPC_NLA_NET_ADDR
- net: fix deadlock while clearing neighbor proxy table
- tcp: md5: reject TCP_MD5SIG or TCP_MD5SIG_EXT on established sockets
- net: af_packet: fix race in PACKET_{R|T}X_RING
- ipv6: add RTA_TABLE and RTA_PREFSRC to rtm_ipv6_policy
- scsi: mptsas: Disable WRITE SAME
- cdrom: information leak in cdrom_ioctl_media_changed()
- s390/cio: update chpid descriptor after resource accessibility event
- s390/uprobes: implement arch_uretprobe_is_alive()
- Linux 4.4.130
- SAUCE: s390: Add 'nogmb' kernel parameter
* Xenial update to 4.4.129 stable release (LP: #1768429)
- media: v4l2-compat-ioctl32: don't oops on overlay
- parisc: Fix out of array access in match_pci_device()
- perf intel-pt: Fix overlap detection to identify consecutive buffers
correctly
- perf intel-pt: Fix sync_switch
- perf intel-pt: Fix error recovery from missing TIP packet
- perf intel-pt: Fix timestamp following overflow
- radeon: hide pointless #warning when compile testing
- block/loop: fix deadlock after loop_set_status
- s390/qdio: don't retry EQBS after CCQ 96
- s390/qdio: don't merge ERROR output buffers
- s390/ipl: ensure loadparm valid flag is set
- getname_kernel() needs to make sure that ->name != ->iname in long case
- rtl8187: Fix NULL pointer dereference in priv->conf_mutex
- hwmon: (ina2xx) Fix access to uninitialized mutex
- cdc_ether: flag the Cinterion AHS8 modem by gemalto as WWAN
- slip: Check if rstate is initialized before uncompressing
- lan78xx: Correctly indicate invalid OTP
- x86/hweight: Get rid of the special calling convention
- [Config] Remove ARCH_HWEIGHT_CFLAGS
- x86/hweight: Don't clobber %rdi
- tty: make n_tty_read() always abort if hangup is in progress
- ubifs: Check ubifs_wbuf_sync() return code
- ubi: fastmap: Don't flush fastmap work on detach
- ubi: Fix error for write access
- ubi: Reject MLC NAND
- fs/reiserfs/journal.c: add missing resierfs_warning() arg
- resource: fix integer overflow at reallocation
- ipc/shm: fix use-after-free of shm file via remap_file_pages()
- mm, slab: reschedule cache_reap() on the same CPU
- usb: musb: gadget: misplaced out of bounds check
- ARM: dts: at91: at91sam9g25: fix mux-mask pinctrl property
- ARM: dts: at91: sama5d4: fix pinctrl compatible string
- xen-netfront: Fix hang on device removal
- regmap: Fix reversed bounds check in regmap_raw_write()
- ACPI / video: Add quirk to force acpi-video backlight on Samsung 670Z5E
- ACPI / hotplug / PCI: Check presence of slot itself in get_slot_status()
- USB:fix USB3 devices behind USB3 hubs not resuming at hibernate thaw
- usb: dwc3: pci: Properly cleanup resource
- HID: i2c-hid: fix size check and type usage
- powerpc/powernv: Handle unknown OPAL errors in opal_nvram_write()
- powerpc/64: Fix smp_wmb barrier definition use use lwsync consistently
- powerpc/powernv: define a standard delay for OPAL_BUSY type retry loops
- powerpc/powernv: Fix OPAL NVRAM driver OPAL_BUSY loops
- HID: Fix hid_report_len usage
- HID: core: Fix size as type u32
- ASoC: ssm2602: Replace reg_default_raw with reg_default
- thunderbolt: Resume control channel after hibernation image is created
- random: use a tighter cap in credit_entropy_bits_safe()
- jbd2: if the journal is aborted then don't allow update of the log tail
- ext4: don't update checksum of new initialized bitmaps
- ext4: fail ext4_iget for root directory if unallocated
- RDMA/ucma: Don't allow setting RDMA_OPTION_IB_PATH without an RDMA device
- ALSA: pcm: Fix UAF at PCM release via PCM timer access
- IB/srp: Fix srp_abort()
- IB/srp: Fix completion vector assignment algorithm
- dmaengine: at_xdmac: fix rare residue corruption
- um: Use POSIX ucontext_t instead of struct ucontext
- iommu/vt-d: Fix a potential memory leak
- mmc: jz4740: Fix race condition in IRQ mask update
- clk: mvebu: armada-38x: add support for 1866MHz variants
- clk: mvebu: armada-38x: add support for missing clocks
- clk: bcm2835: De-assert/assert PLL reset signal when appropriate
- thermal: imx: Fix race condition in imx_thermal_probe()
- watchdog: f71808e_wdt: Fix WD_EN register read
- ALSA: oss: consolidate kmalloc/memset 0 call to kzalloc
- ALSA: pcm: Use ERESTARTSYS instead of EINTR in OSS emulation
- ALSA: pcm: Avoid potential races between OSS ioctls and read/write
- ALSA: pcm: Return -EBUSY for OSS ioctls changing busy streams
- ALSA: pcm: Fix mutex unbalance in OSS emulation ioctls
- ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation
- vfio-pci: Virtualize PCIe & AF FLR
- vfio/pci: Virtualize Maximum Payload Size
- vfio/pci: Virtualize Maximum Read Request Size
- ext4: don't allow r/w mounts if metadata blocks overlap the superblock
- drm/radeon: Fix PCIe lane width calculation
- ext4: fix crashes in dioread_nolock mode
- ext4: fix deadlock between inline_data and ext4_expand_extra_isize_ea()
- ALSA: line6: Use correct endpoint type for midi output
- ALSA: rawmidi: Fix missing input substream checks in compat ioctls
- ALSA: hda - New VIA controller suppor no-snoop path
- HID: hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device
- MIPS: uaccess: Add micromips clobbers to bzero invocation
- MIPS: memset.S: EVA & fault support for small_memset
- MIPS: memset.S: Fix return of __clear_user from Lpartial_fixup
- MIPS: memset.S: Fix clobber of v1 in last_fixup
- powerpc/eeh: Fix enabling bridge MMIO windows
- powerpc/lib: Fix off-by-one in alternate feature patching
- jffs2_kill_sb(): deal with failed allocations
- hypfs_kill_super(): deal with failed allocations
- rpc_pipefs: fix double-dput()
- Don't leak MNT_INTERNAL away from internal mounts
- autofs: mount point create should honour passed in mode
- mm: allow GFP_{FS,IO} for page_cache_read page cache allocation
- mm/filemap.c: fix NULL pointer in page_cache_tree_insert()
- ext4: bugfix for mmaped pages in mpage_release_unused_pages()
- fanotify: fix logic of events on child
- writeback: safer lock nesting
- Linux 4.4.129
* CVE-2018-8087
- mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl()
* Integrated Webcam Realtek Integrated_Webcam_HD (0bda:58f4) not working in
DELL XPS 13 9370 with firmware 1.50 (LP: #1763748)
- SAUCE: media: uvcvideo: Support realtek's UVC 1.5 device
* [Xenial] Kernels OOPS when mwifiex is in AP mode (LP: #1769671)
- Revert "UBUNTU: SAUCE: mwifiex: do not dereference invalid pointer"
- Revert "UBUNTU: SAUCE: net/wireless: do not dereference invalid pointer"
- mwifiex: cfg80211: do not change virtual interface during scan processing
* user space process hung in 'D' state waiting for disk io to complete
(LP: #1750038)
- NFS: Use GFP_NOIO for two allocations in writeback
* Acer Swift sf314-52 power button not managed (LP: #1766054)
- SAUCE: platform/x86: acer-wmi: add another KEY_POWER keycode
-- Khalid Elmously <khalid.elmously@xxxxxxxxxxxxx> Fri, 25 May 2018
16:30:58 -0400
** Changed in: linux-kvm (Ubuntu Xenial)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-3639
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-8087
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1760648
Title:
test_072_config_strict_devmem in kernel security test failed with
4.4/4.15 kvm
Status in QA Regression Testing:
Invalid
Status in linux package in Ubuntu:
Incomplete
Status in linux-kvm package in Ubuntu:
Fix Released
Status in linux source package in Xenial:
New
Status in linux-kvm source package in Xenial:
Fix Released
Status in linux source package in Bionic:
Incomplete
Status in linux-kvm source package in Bionic:
Fix Released
Bug description:
FAIL: test_072_config_strict_devmem (__main__.KernelSecurityTest)
CONFIG_STRICT_DEVMEM enabled
----------------------------------------------------------------------
Traceback (most recent call last):
File "./test-kernel-security.py", line 707, in test_072_config_strict_devmem
self.assertEqual(self._test_config('STRICT_DEVMEM'), strict)
AssertionError: False != True
Steps to reproduce:
Deploy the node with Xenial 4.4 kernel, install linux-kvm
sudo apt-get install python-minimal
git clone --depth=1 git://kernel.ubuntu.com/ubuntu/autotest-client-tests -b master-next
git clone --depth=1 git://kernel.ubuntu.com/ubuntu/autotest
rm -fr autotest/client/tests
ln -sf ~/autotest-client-tests autotest/client/tests
AUTOTEST_PATH=/home/ubuntu/autotest sudo -E autotest/client/autotest-local --verbose autotest/client/tests/ubuntu_qrt_kernel_security/control
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: linux-image-4.4.0-1019-kvm 4.4.0-1019.24
ProcVersionSignature: User Name 4.4.0-1019.24-kvm 4.4.98
Uname: Linux 4.4.0-1019-kvm x86_64
NonfreeKernelModules: signpost
ApportVersion: 2.20.1-0ubuntu2.15
Architecture: amd64
Date: Mon Apr 2 17:02:10 2018
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: linux-kvm
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/qa-regression-testing/+bug/1760648/+subscriptions
