kernel-packages team mailing list archive

Thread
Date
[Bug 1359670] Re: Unsigned oot modules are wrongly tainted and trace events disabled

To: kernel-packages@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1359670@xxxxxxxxxxxxxxxxxx>
Date: Mon, 22 Sep 2014 22:45:50 -0000
Reply-to: Bug 1359670 <1359670@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
This bug was fixed in the package linux - 3.13.0-36.63

---------------
linux (3.13.0-36.63) trusty; urgency=low

  [ Joseph Salisbury ]

  * Release Tracking Bug
    - LP: #1365052

  [ Feng Kan ]

  * SAUCE: (no-up) irqchip:gic: change access of gicc_ctrl register to read
    modify write.
    - LP: #1357527
  * SAUCE: (no-up) arm64: optimized copy_to_user and copy_from_user
    assembly code
    - LP: #1358949

  [ Ming Lei ]

  * SAUCE: (no-up) Drop APM X-Gene SoC Ethernet driver
    - LP: #1360140
  * [Config] Drop XGENE entries
    - LP: #1360140
  * [Config] CONFIG_NET_XGENE=m for arm64
    - LP: #1360140

  [ Stefan Bader ]

  * SAUCE: Add compat macro for skb_get_hash
    - LP: #1358162
  * SAUCE: bcache: prevent crash on changing writeback_running
    - LP: #1357295

  [ Suman Tripathi ]

  * SAUCE: (no-up) arm64: Fix the csr-mask for APM X-Gene SoC AHCI SATA PHY
    clock DTS node.
    - LP: #1359489
  * SAUCE: (no-up) ahci_xgene: Skip the PHY and clock initialization if
    already configured by the firmware.
    - LP: #1359501
  * SAUCE: (no-up) ahci_xgene: Fix the link down in first attempt for the
    APM X-Gene SoC AHCI SATA host controller driver.
    - LP: #1359507

  [ Tuan Phan ]

  * SAUCE: (no-up) pci-xgene-msi: fixed deadlock in irq_set_affinity
    - LP: #1359514

  [ Upstream Kernel Changes ]

  * iwlwifi: mvm: Add a missed beacons threshold
    - LP: #1349572
  * mac80211: reset probe_send_count also in HW_CONNECTION_MONITOR case
    - LP: #1349572
  * genirq: Add an accessor for IRQ_PER_CPU flag
    - LP: #1357527
  * arm64: perf: add support for percpu pmu interrupt
    - LP: #1357527
  * cifs: sanity check length of data to send before sending
    - LP: #1283101
  * KVM: nVMX: Pass vmexit parameters to nested_vmx_vmexit
    - LP: #1329434
  * KVM: nVMX: Rework interception of IRQs and NMIs
    - LP: #1329434
  * KVM: vmx: disable APIC virtualization in nested guests
    - LP: #1329434
  * HID: Add transport-driver functions to the USB HID interface.
    - LP: #1353021
  * ahci_xgene: Removing NCQ support from the APM X-Gene SoC AHCI SATA Host
    Controller driver.
    - LP: #1358498
  * fold d_kill() and d_free()
    - LP: #1354234
  * fold try_prune_one_dentry()
    - LP: #1354234
  * new helper: dentry_free()
    - LP: #1354234
  * expand the call of dentry_lru_del() in dentry_kill()
    - LP: #1354234
  * dentry_kill(): don't try to remove from shrink list
    - LP: #1354234
  * don't remove from shrink list in select_collect()
    - LP: #1354234
  * more graceful recovery in umount_collect()
    - LP: #1354234
  * dcache: don't need rcu in shrink_dentry_list()
    - LP: #1354234
  * lift the "already marked killed" case into shrink_dentry_list()
  * split dentry_kill()
    - LP: #1354234
  * expand dentry_kill(dentry, 0) in shrink_dentry_list()
    - LP: #1354234
  * shrink_dentry_list(): take parent's ->d_lock earlier
    - LP: #1354234
  * dealing with the rest of shrink_dentry_list() livelock
    - LP: #1354234
  * dentry_kill() doesn't need the second argument now
    - LP: #1354234
  * dcache: add missing lockdep annotation
    - LP: #1354234
  * fs: convert use of typedef ctl_table to struct ctl_table
    - LP: #1354234
  * lock_parent: don't step on stale ->d_parent of all-but-freed one
    - LP: #1354234
  * tools/testing/selftests/ptrace/peeksiginfo.c: add PAGE_SIZE definition
    - LP: #1358855
  * x86, irq, pic: Probe for legacy PIC and set legacy_pic appropriately
    - LP: #1317697
  * bnx2x: Fix kernel crash and data miscompare after EEH recovery
    - LP: #1353105
  * bnx2x: Adapter not recovery from EEH error injection
    - LP: #1353105
  * Fix: module signature vs tracepoints: add new TAINT_UNSIGNED_MODULE
    - LP: #1359670
  * bcache: fix crash on shutdown in passthrough mode
    - LP: #1357295
  * bcache: fix uninterruptible sleep in writeback thread
    - LP: #1357295
  * namespaces: Use task_lock and not rcu to protect nsproxy
    - LP: #1328088
  * MAINTAINERS: Add entry for APM X-Gene SoC ethernet driver
    - LP: #1360140
  * Documentation: dts: Add bindings for APM X-Gene SoC ethernet driver
    - LP: #1360140
  * dts: Add bindings for APM X-Gene SoC ethernet driver
    - LP: #1360140
  * drivers: net: Add APM X-Gene SoC ethernet driver support.
    - LP: #1360140
  * powerpc/mm: Add new "set" flag argument to pte/pmd update function
    - LP: #1357014
  * powerpc/thp: Add write barrier after updating the valid bit
    - LP: #1357014
  * powerpc/thp: Don't recompute vsid and ssize in loop on invalidate
    - LP: #1357014
  * powerpc/thp: Invalidate old 64K based hash page mapping before insert
    of 4k pte
    - LP: #1357014
  * powerpc/thp: Handle combo pages in invalidate
    - LP: #1357014
  * powerpc/thp: Invalidate with vpn in loop
    - LP: #1357014
  * powerpc/thp: Use ACCESS_ONCE when loading pmdp
    - LP: #1357014
  * powerpc/mm: Use read barrier when creating real_pte
    - LP: #1357014
  * powerpc/thp: Add tracepoints to track hugepage invalidate
    - LP: #1357014
  * powerpc: subpage_protect: Increase the array size to take care of 64TB
    - LP: #1357014
  * mfd: rtsx: Add set pull control macro and simplify rtl8411
    - LP: #1361086
  * mfd: rtsx: Add support for card reader rtl8402
    - LP: #1361086
  * kvm: iommu: fix the third parameter of kvm_iommu_put_pages
    (CVE-2014-3601)
    - LP: #1362443
    - CVE-2014-3601
  * isofs: Fix unbounded recursion when processing relocated directories
    - LP: #1362447, #1362448
    - CVE-2014-5472
  * net: sctp: inherit auth_capable on INIT collisions
    - LP: #1349804
    - CVE-2014-5077
  * blk-mq: fix initializing request's start time
    - LP: #1297522

  [ Vinayak Kale ]

  * SAUCE: (no-up) dt-bindings: Add Potenza PMU binding
    - LP: #1357527
  * SAUCE: (no-up) arm64: dts: Add PMU node for APM X-Gene Storm SOC
    - LP: #1357527
 -- Joseph Salisbury <joseph.salisbury@xxxxxxxxxxxxx>   Wed, 03 Sep 2014 12:13:43 -0400

** Changed in: linux (Ubuntu Trusty)
       Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-3601

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-5077

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-5472

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1359670

Title:
  Unsigned oot modules are wrongly tainted and trace events disabled

Status in “linux” package in Ubuntu:
  Fix Released
Status in “linux” source package in Trusty:
  Fix Released
Status in “linux” source package in Utopic:
  Fix Released

Bug description:
  [Impact]

  Developers are unable to unable to use kernel tracing functions on
  kernel modules they have themselves compiled.  This makes Ubuntu a
  poor platform for module developement and debugging.

  [Test Case]

  Build an OOT or modified version of a module, insert it and notice
  that tracing becomes disabled.  Apply updated kernel and confirm the
  same does not occur.

  [Regression Potential]

  This only changes the taint infrastructure to introduce a single new
  flag. Should be very low risk.

  ===

  The issue is explained in detail at http://lwn.net/Articles/588799/

  I am trying to load a backported drm module using dkms.
  It is not signed so is listed as tainted and trace points are disabled.
  As explained in the above article this is because the TAINT_FORCED MODULE flag is incorrectly set for unsigned modules.

  The final patch to fix this and add a TAINT_UNSIGNED_MODULE that does
  not disable trace points can be found at
  http://lwn.net/Articles/588803/ (fixed in 3.15)

  Please consider shipping this patch.

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: linux-image-3.13.0-34-generic 3.13.0-34.60
  ProcVersionSignature: Ubuntu 3.13.0-34.60-generic 3.13.11.4
  Uname: Linux 3.13.0-34-generic x86_64
  ApportVersion: 2.14.1-0ubuntu3.3
  Architecture: amd64
  AudioDevicesInUse:
   USER        PID ACCESS COMMAND
   /dev/snd/controlC0:  badger     2013 F.... pulseaudio
  CurrentDesktop: Unity
  Date: Thu Aug 21 11:28:15 2014
  HibernationDevice: RESUME=UUID=21f8f6b4-495d-4bc6-8dec-1f78435d4b95
  InstallationDate: Installed on 2014-06-30 (51 days ago)
  InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Release amd64 (20140417)
  MachineType: LENOVO 0301CTO
  ProcFB: 0 inteldrmfb
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.13.0-34-generic root=UUID=d56caf05-a203-436f-8497-b8a37294fe8a ro quiet splash vt.handoff=7
  RelatedPackageVersions:
   linux-restricted-modules-3.13.0-34-generic N/A
   linux-backports-modules-3.13.0-34-generic  N/A
   linux-firmware                             1.127.5
  SourcePackage: linux
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 10/14/2010
  dmi.bios.vendor: LENOVO
  dmi.bios.version: 80ET42WW (1.19 )
  dmi.board.name: 0301CTO
  dmi.board.vendor: LENOVO
  dmi.board.version: Not Available
  dmi.chassis.asset.tag: No Asset Information
  dmi.chassis.type: 10
  dmi.chassis.vendor: LENOVO
  dmi.chassis.version: Not Available
  dmi.modalias: dmi:bvnLENOVO:bvr80ET42WW(1.19):bd10/14/2010:svnLENOVO:pn0301CTO:pvrThinkPadEdge:rvnLENOVO:rn0301CTO:rvrNotAvailable:cvnLENOVO:ct10:cvrNotAvailable:
  dmi.product.name: 0301CTO
  dmi.product.version: ThinkPad Edge
  dmi.sys.vendor: LENOVO

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1359670/+subscriptions
References

[Bug 1359670] [NEW] Unsigned oot modules are wrongly tainted and trace events disabled
From: Jack Leigh, 2014-08-21