← Back to team overview

group.of.nepali.translators team mailing list archive

[Bug 1760643] Re: test_072_config_debug_rodata in kernel security test failed with 4.4 X-kvm

 

This bug was fixed in the package linux-kvm - 4.4.0-1027.32

---------------
linux-kvm (4.4.0-1027.32) xenial; urgency=medium

  * linux-kvm: 4.4.0-1027.32 -proposed tracker (LP: #1772964)

  * Xenial update to 4.4.129 stable release (LP: #1768429)
    - [Config] Remove ARCH_HWEIGHT_CFLAGS

  * test_140_kernel_modules_not_tainted in kernel security test failed with 4.15
    kvm kernel (LP: #1766832)
    - kvm: [config] enable CONFIG_MODULE_UNLOAD

  * test_072_config_debug_set_module_ronx  in kernel security test failed with
    4.4 X-kvm (LP: #1760646)
    - kvm: [config] enable CONFIG_DEBUG_SET_MODULE_RONX

  * test_151_sysctl_disables_bpf_unpriv_userns in kernel security test failed
    with 4.4/4.15 kvm (LP: #1760656)
    - kvm: [config] enable BPF_SYSCALL

  * test_077_config_security_ipsec in kernel security test failed with 4.4/4.15
    kvm (LP: #1760653)
    - kvm: [config] enable ipsec configs

  * test_072_config_strict_devmem in kernel security test failed with 4.4/4.15
    kvm (LP: #1760648) // test_072_strict_devmem in kernel security test failed
    with 4.4/4.15 kvm (LP: #1760649)
    - kvm: [config] enable DEVMEM

  * test_076_config_security_acl_ext4  in kernel security test failed with
    4.4/4.15 kvm (LP: #1760652) // test_160_setattr_CVE_2015_1350 in kernel
    security test failed with 4.4/4.15 kvm (LP: #1760657)
    - kvm: [config] enable POSIX_ACL, XATTR, FS_SECURITY for all filesystems

  * test_074_config_security_default_mmap_min_addr in kernel security test
    failed with 4.4/4.15 kvm (LP: #1760650)
    - kvm: [config] DEFAULT_MMAP_MIN_ADDR=65536

  * test_072_config_debug_rodata in kernel security test failed with 4.4 X-kvm
    (LP: #1760643)
    - [Config] enable CONFIG_DEBUG_RODATA

  [ Ubuntu: 4.4.0-128.154 ]

  * linux: 4.4.0-128.154 -proposed tracker (LP: #1772960)
  * CVE-2018-3639 (x86)
    - x86/cpu: Make alternative_msr_write work for 32-bit code
    - x86/bugs: Fix the parameters alignment and missing void
    - KVM: SVM: Move spec control call after restore of GS
    - x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP
    - x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS
    - x86/cpufeatures: Disentangle SSBD enumeration
    - x86/cpu/AMD: Fix erratum 1076 (CPB bit)
    - x86/cpufeatures: Add FEATURE_ZEN
    - x86/speculation: Handle HT correctly on AMD
    - x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL
    - x86/speculation: Add virtualized speculative store bypass disable support
    - x86/speculation: Rework speculative_store_bypass_update()
    - x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host}
    - x86/bugs: Expose x86_spec_ctrl_base directly
    - x86/bugs: Remove x86_spec_ctrl_set()
    - x86/bugs: Rework spec_ctrl base and mask logic
    - x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG
    - KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD
    - x86/bugs: Rename SSBD_NO to SSB_NO
    - KVM: VMX: Expose SSBD properly to guests.
  * [i915_bpo] Fix flickering issue after panel change (LP: #1770565)
    - drm/i915: Fix iboost setting for DDI with 4 lanes on SKL
    - drm/i915: Name the "iboost bit"
    - drm/i915: Program iboost settings for HDMI/DVI on SKL
    - drm/i915: Move bxt_ddi_vswing_sequence() call into intel_ddi_pre_enable()
      for HDMI
    - drm/i915: Explicitly use ddi buf trans entry 9 for hdmi
    - drm/i915: Split DP/eDP/FDI and HDMI/DVI DDI buffer programming apart
    - drm/i915: Get the iboost setting based on the port type
    - drm/i915: Simplify intel_ddi_get_encoder_port()
    - drm/i915: Fix iboost setting for SKL Y/U DP DDI buffer translation entry 2
    - drm/i915: KBL - Recommended buffer translation programming for DisplayPort
    - drm/i915: Ignore OpRegion panel type except on select machines
  * [SRU][Bionic/Artful] fix false positives in W+X checking (LP: #1769696)
    - init: fix false positives in W+X checking
  * [Ubuntu 16.04] kernel: fix rwlock implementation (LP: #1761674)
    - SAUCE: (no-up) s390: fix rwlock implementation
  * linux < 4.11: unable to use netfilter logging from non-init namespaces
    (LP: #1766573)
    - netfilter: allow logging from non-init namespaces
  * [LTC Test] Ubuntu 18.04:  tm_sigreturn failed on P8 compat mode 16.04.04
    guest (LP: #1771439)
    - powerpc: signals: Discard transaction state from signal frames
  * QCA9377 requires more IRAM banks for its new firmware (LP: #1748345)
    - ath10k: update the IRAM bank number for QCA9377
  * i915/kbl_dmc_ver1.bin failed with error -2 package 1.157.17 kernel
    4.4.0-116-generic (LP: #1752536)
    - ubuntu: i915_bpo - Add MODULE_FIRMWARE for Geminilake's DMC
  * Xenial update to 4.4.131 stable release (LP: #1768825)
    - ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS
    - ext4: set h_journal if there is a failure starting a reserved handle
    - ext4: add validity checks for bitmap block numbers
    - ext4: fix bitmap position validation
    - usbip: usbip_host: fix to hold parent lock for device_attach() calls
    - usbip: vhci_hcd: Fix usb device and sockfd leaks
    - USB: serial: simple: add libtransistor console
    - USB: serial: ftdi_sio: use jtag quirk for Arrow USB Blaster
    - USB: serial: cp210x: add ID for NI USB serial console
    - usb: core: Add quirk for HP v222w 16GB Mini
    - USB: Increment wakeup count on remote wakeup.
    - ALSA: usb-audio: Skip broken EU on Dell dock USB-audio
    - virtio: add ability to iterate over vqs
    - virtio_console: free buffers after reset
    - drm/virtio: fix vq wait_event condition
    - tty: Don't call panic() at tty_ldisc_init()
    - tty: n_gsm: Fix long delays with control frame timeouts in ADM mode
    - tty: n_gsm: Fix DLCI handling for ADM mode if debug & 2 is not set
    - tty: Use __GFP_NOFAIL for tty_ldisc_get()
    - ALSA: core: Report audio_tstamp in snd_pcm_sync_ptr
    - ALSA: seq: oss: Fix unbalanced use lock for synth MIDI device
    - ALSA: hda/realtek - Add some fixes for ALC233
    - mtd: cfi: cmdset_0001: Do not allow read/write to suspend erase block.
    - mtd: cfi: cmdset_0001: Workaround Micron Erase suspend bug.
    - mtd: cfi: cmdset_0002: Do not allow read/write to suspend erase block.
    - kobject: don't use WARN for registration failures
    - scsi: sd: Defer spinning up drive while SANITIZE is in progress
    - ARM: amba: Make driver_override output consistent with other buses
    - ARM: amba: Fix race condition with driver_override
    - ARM: amba: Don't read past the end of sysfs "driver_override" buffer
    - ASoC: fsl_esai: Fix divisor calculation failure at lower ratio
    - libceph: validate con->state at the top of try_write()
    - x86/ipc: Fix x32 version of shmid64_ds and msqid64_ds
    - x86/smpboot: Don't use mwait_play_dead() on AMD systems
    - serial: mctrl_gpio: export mctrl_gpio_disable_ms and mctrl_gpio_init
    - serial: mctrl_gpio: Add missing module license
    - Linux 4.4.131
  * Xenial update to 4.4.130 stable release (LP: #1768474) // CVE-2017-5715 //
    CVE-2017-5753
    - SAUCE: s390: print messages for gmb and nobp
  * Xenial update to 4.4.130 stable release (LP: #1768474)
    - cifs: do not allow creating sockets except with SMB1 posix exensions
    - x86/tsc: Prevent 32bit truncation in calc_hpet_ref()
    - perf: Return proper values for user stack errors
    - staging: ion : Donnot wakeup kswapd in ion system alloc
    - r8152: add Linksys USB3GIGV1 id
    - Input: drv260x - fix initializing overdrive voltage
    - ath9k_hw: check if the chip failed to wake up
    - jbd2: fix use after free in kjournald2()
    - Revert "ath10k: send (re)assoc peer command when NSS changed"
    - Revert "UBUNTU: SAUCE: s390: print messages for gmb and nobp"
    - Revert "UBUNTU: SAUCE: s390: improve cpu alternative handling for gmb and
      nobp"
    - Revert "s390: add ppa to kernel entry / exit"
    - Revert "s390: introduce CPU alternatives"
    - s390: introduce CPU alternatives
    - s390: enable CPU alternatives unconditionally
    - s390/alternative: use a copy of the facility bit mask
    - s390: add options to change branch prediction behaviour for the kernel
    - s390: scrub registers on kernel entry and KVM exit
    - s390: add optimized array_index_mask_nospec
    - s390: run user space and KVM guests with modified branch prediction
    - s390: introduce execute-trampolines for branches
    - s390: Replace IS_ENABLED(EXPOLINE_*) with IS_ENABLED(CONFIG_EXPOLINE_*)
    - s390: do not bypass BPENTER for interrupt system calls
    - s390/entry.S: fix spurious zeroing of r0
    - s390: move nobp parameter functions to nospec-branch.c
    - s390: add automatic detection of the spectre defense
    - [Config] Add CONFIG_EXPOLINE=y and CONFIG_EXPOLINE_AUTO=y
    - s390: report spectre mitigation via syslog
    - s390: add sysfs attributes for spectre
    - s390: correct nospec auto detection init order
    - s390: correct module section names for expoline code revert
    - bonding: do not set slave_dev npinfo before slave_enable_netpoll in
      bond_enslave
    - KEYS: DNS: limit the length of option strings
    - l2tp: check sockaddr length in pppol2tp_connect()
    - net: validate attribute sizes in neigh_dump_table()
    - llc: delete timers synchronously in llc_sk_free()
    - tcp: don't read out-of-bounds opsize
    - team: avoid adding twice the same option to the event list
    - team: fix netconsole setup over team
    - packet: fix bitfield update race
    - pppoe: check sockaddr length in pppoe_connect()
    - vlan: Fix reading memory beyond skb->tail in skb_vlan_tagged_multi
    - sctp: do not check port in sctp_inet6_cmp_addr
    - llc: hold llc_sap before release_sock()
    - llc: fix NULL pointer deref for SOCK_ZAPPED
    - tipc: add policy for TIPC_NLA_NET_ADDR
    - net: fix deadlock while clearing neighbor proxy table
    - tcp: md5: reject TCP_MD5SIG or TCP_MD5SIG_EXT on established sockets
    - net: af_packet: fix race in PACKET_{R|T}X_RING
    - ipv6: add RTA_TABLE and RTA_PREFSRC to rtm_ipv6_policy
    - scsi: mptsas: Disable WRITE SAME
    - cdrom: information leak in cdrom_ioctl_media_changed()
    - s390/cio: update chpid descriptor after resource accessibility event
    - s390/uprobes: implement arch_uretprobe_is_alive()
    - Linux 4.4.130
    - SAUCE: s390: Add 'nogmb' kernel parameter
  * Xenial update to 4.4.129 stable release (LP: #1768429)
    - media: v4l2-compat-ioctl32: don't oops on overlay
    - parisc: Fix out of array access in match_pci_device()
    - perf intel-pt: Fix overlap detection to identify consecutive buffers
      correctly
    - perf intel-pt: Fix sync_switch
    - perf intel-pt: Fix error recovery from missing TIP packet
    - perf intel-pt: Fix timestamp following overflow
    - radeon: hide pointless #warning when compile testing
    - block/loop: fix deadlock after loop_set_status
    - s390/qdio: don't retry EQBS after CCQ 96
    - s390/qdio: don't merge ERROR output buffers
    - s390/ipl: ensure loadparm valid flag is set
    - getname_kernel() needs to make sure that ->name != ->iname in long case
    - rtl8187: Fix NULL pointer dereference in priv->conf_mutex
    - hwmon: (ina2xx) Fix access to uninitialized mutex
    - cdc_ether: flag the Cinterion AHS8 modem by gemalto as WWAN
    - slip: Check if rstate is initialized before uncompressing
    - lan78xx: Correctly indicate invalid OTP
    - x86/hweight: Get rid of the special calling convention
    - [Config] Remove ARCH_HWEIGHT_CFLAGS
    - x86/hweight: Don't clobber %rdi
    - tty: make n_tty_read() always abort if hangup is in progress
    - ubifs: Check ubifs_wbuf_sync() return code
    - ubi: fastmap: Don't flush fastmap work on detach
    - ubi: Fix error for write access
    - ubi: Reject MLC NAND
    - fs/reiserfs/journal.c: add missing resierfs_warning() arg
    - resource: fix integer overflow at reallocation
    - ipc/shm: fix use-after-free of shm file via remap_file_pages()
    - mm, slab: reschedule cache_reap() on the same CPU
    - usb: musb: gadget: misplaced out of bounds check
    - ARM: dts: at91: at91sam9g25: fix mux-mask pinctrl property
    - ARM: dts: at91: sama5d4: fix pinctrl compatible string
    - xen-netfront: Fix hang on device removal
    - regmap: Fix reversed bounds check in regmap_raw_write()
    - ACPI / video: Add quirk to force acpi-video backlight on Samsung 670Z5E
    - ACPI / hotplug / PCI: Check presence of slot itself in get_slot_status()
    - USB:fix USB3 devices behind USB3 hubs not resuming at hibernate thaw
    - usb: dwc3: pci: Properly cleanup resource
    - HID: i2c-hid: fix size check and type usage
    - powerpc/powernv: Handle unknown OPAL errors in opal_nvram_write()
    - powerpc/64: Fix smp_wmb barrier definition use use lwsync consistently
    - powerpc/powernv: define a standard delay for OPAL_BUSY type retry loops
    - powerpc/powernv: Fix OPAL NVRAM driver OPAL_BUSY loops
    - HID: Fix hid_report_len usage
    - HID: core: Fix size as type u32
    - ASoC: ssm2602: Replace reg_default_raw with reg_default
    - thunderbolt: Resume control channel after hibernation image is created
    - random: use a tighter cap in credit_entropy_bits_safe()
    - jbd2: if the journal is aborted then don't allow update of the log tail
    - ext4: don't update checksum of new initialized bitmaps
    - ext4: fail ext4_iget for root directory if unallocated
    - RDMA/ucma: Don't allow setting RDMA_OPTION_IB_PATH without an RDMA device
    - ALSA: pcm: Fix UAF at PCM release via PCM timer access
    - IB/srp: Fix srp_abort()
    - IB/srp: Fix completion vector assignment algorithm
    - dmaengine: at_xdmac: fix rare residue corruption
    - um: Use POSIX ucontext_t instead of struct ucontext
    - iommu/vt-d: Fix a potential memory leak
    - mmc: jz4740: Fix race condition in IRQ mask update
    - clk: mvebu: armada-38x: add support for 1866MHz variants
    - clk: mvebu: armada-38x: add support for missing clocks
    - clk: bcm2835: De-assert/assert PLL reset signal when appropriate
    - thermal: imx: Fix race condition in imx_thermal_probe()
    - watchdog: f71808e_wdt: Fix WD_EN register read
    - ALSA: oss: consolidate kmalloc/memset 0 call to kzalloc
    - ALSA: pcm: Use ERESTARTSYS instead of EINTR in OSS emulation
    - ALSA: pcm: Avoid potential races between OSS ioctls and read/write
    - ALSA: pcm: Return -EBUSY for OSS ioctls changing busy streams
    - ALSA: pcm: Fix mutex unbalance in OSS emulation ioctls
    - ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation
    - vfio-pci: Virtualize PCIe & AF FLR
    - vfio/pci: Virtualize Maximum Payload Size
    - vfio/pci: Virtualize Maximum Read Request Size
    - ext4: don't allow r/w mounts if metadata blocks overlap the superblock
    - drm/radeon: Fix PCIe lane width calculation
    - ext4: fix crashes in dioread_nolock mode
    - ext4: fix deadlock between inline_data and ext4_expand_extra_isize_ea()
    - ALSA: line6: Use correct endpoint type for midi output
    - ALSA: rawmidi: Fix missing input substream checks in compat ioctls
    - ALSA: hda - New VIA controller suppor no-snoop path
    - HID: hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device
    - MIPS: uaccess: Add micromips clobbers to bzero invocation
    - MIPS: memset.S: EVA & fault support for small_memset
    - MIPS: memset.S: Fix return of __clear_user from Lpartial_fixup
    - MIPS: memset.S: Fix clobber of v1 in last_fixup
    - powerpc/eeh: Fix enabling bridge MMIO windows
    - powerpc/lib: Fix off-by-one in alternate feature patching
    - jffs2_kill_sb(): deal with failed allocations
    - hypfs_kill_super(): deal with failed allocations
    - rpc_pipefs: fix double-dput()
    - Don't leak MNT_INTERNAL away from internal mounts
    - autofs: mount point create should honour passed in mode
    - mm: allow GFP_{FS,IO} for page_cache_read page cache allocation
    - mm/filemap.c: fix NULL pointer in page_cache_tree_insert()
    - ext4: bugfix for mmaped pages in mpage_release_unused_pages()
    - fanotify: fix logic of events on child
    - writeback: safer lock nesting
    - Linux 4.4.129
  * CVE-2018-8087
    - mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl()
  * Integrated Webcam Realtek Integrated_Webcam_HD (0bda:58f4) not working in
    DELL XPS 13 9370 with firmware 1.50 (LP: #1763748)
    - SAUCE: media: uvcvideo: Support realtek's UVC 1.5 device
  * [Xenial] Kernels OOPS when mwifiex is in AP mode (LP: #1769671)
    - Revert "UBUNTU: SAUCE: mwifiex: do not dereference invalid pointer"
    - Revert "UBUNTU: SAUCE: net/wireless: do not dereference invalid pointer"
    - mwifiex: cfg80211: do not change virtual interface during scan processing
  * user space process hung in 'D' state waiting for disk io to complete
    (LP: #1750038)
    - NFS: Use GFP_NOIO for two allocations in writeback
  * Acer Swift sf314-52 power button not managed  (LP: #1766054)
    - SAUCE: platform/x86: acer-wmi: add another KEY_POWER keycode

 -- Khalid Elmously <khalid.elmously@xxxxxxxxxxxxx>  Fri, 25 May 2018
16:30:58 -0400

** Changed in: linux-kvm (Ubuntu Xenial)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5715

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5753

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-3639

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-8087

** Changed in: linux-kvm (Ubuntu Xenial)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1760643

Title:
  test_072_config_debug_rodata in kernel security test failed with 4.4
  X-kvm

Status in QA Regression Testing:
  Fix Released
Status in ubuntu-kernel-tests:
  In Progress
Status in linux package in Ubuntu:
  Invalid
Status in linux-kvm package in Ubuntu:
  In Progress
Status in linux source package in Xenial:
  Invalid
Status in linux-kvm source package in Xenial:
  Fix Released

Bug description:
  == Justification ==
  In Xenial KVM kernel, the CONFIG_DEBUG_KERNEL is enabled, security team would like to see CONFIG_DEBUG_RODATA to be enabled as well.

  == Test ==
  Before enabling the config the test_072_config_debug_rodata test from qa-regression-testing will fail. After that, the test will pass.
  A test kernel with CONFIG_DEBUG_RODATA enabled in Xenial KVM could be found here:
  http://people.canonical.com/~phlin/kernel/lp-1760643/

  == Fix ==
  Enable the CONFIG_DEBUG_RODATA.
  Some other configs were enabled just for skipping the interaction during the compilation.

  == Regression Potential ==
  Minimal.
  No code changes, just one config enabled without disabling any other configs.

  The test failed with:
    FAIL: test_072_config_debug_rodata (__main__.KernelSecurityTest)
    CONFIG_DEBUG_RODATA/CONFIG_STRICT_KERNEL_RWX enabled
    ----------------------------------------------------------------------
    Traceback (most recent call last):
      File "./test-kernel-security.py", line 642, in test_072_config_debug_rodata
        self.assertEqual(self._test_config(option), expected)
    AssertionError: False != True

  Steps to reproduce:
    Deploy the node with Xenial 4.4 kernel, install linux-kvm
    sudo apt-get install python-minimal
    git clone --depth=1 git://kernel.ubuntu.com/ubuntu/autotest-client-tests -b master-next
    git clone --depth=1 git://kernel.ubuntu.com/ubuntu/autotest
    rm -fr autotest/client/tests
    ln -sf ~/autotest-client-tests autotest/client/tests
    AUTOTEST_PATH=/home/ubuntu/autotest sudo -E autotest/client/autotest-local --verbose autotest/client/tests/ubuntu_qrt_kernel_security/control

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: linux-image-4.4.0-1019-kvm 4.4.0-1019.24
  ProcVersionSignature: User Name 4.4.0-1019.24-kvm 4.4.98
  Uname: Linux 4.4.0-1019-kvm x86_64
  NonfreeKernelModules: signpost
  ApportVersion: 2.20.1-0ubuntu2.15
  Architecture: amd64
  Date: Mon Apr  2 16:54:36 2018
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: linux-kvm
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/qa-regression-testing/+bug/1760643/+subscriptions