[Kernel-packages] [Bug 1811981] Re: test_410_config_lock_down_kernel in ubuntu_kernel_security test failed on B/C/D KVM
** Changed in: linux-kvm (Ubuntu Cosmic)
Status: Fix Committed => Won't Fix
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/1811981
Title:
test_410_config_lock_down_kernel in ubuntu_kernel_security test failed
on B/C/D KVM
Status in QA Regression Testing:
Fix Released
Status in ubuntu-kernel-tests:
Fix Released
Status in linux-kvm package in Ubuntu:
Fix Released
Status in linux-kvm source package in Bionic:
Fix Released
Status in linux-kvm source package in Cosmic:
Won't Fix
Status in linux-kvm source package in Disco:
Fix Released
Bug description:
== SRU Justification ==
Security team requires the CONFIG_LOCK_DOWN_KERNEL to be enabled in all of
our kernels.
== Test ==
Test kernels could be found here:
https://people.canonical.com/~phlin/kernel/lp-1811981-kvm-lockdown/
This issue can be verified with test_410_config_lock_down_kernel
test from q-r-t, the test will pass with the patched kernel.
== Regression Potential ==
Low, we already have this config enabled in the generic kernel.
== Original bug report ==
Kernel Version: 4.15.0-44.47
This test has passed on s390x / AMD64 / ARM64 / i386, but failed with
Power8 and Power9
FAIL: test_410_config_lock_down_kernel (__main__.KernelSecurityConfigTest)
Ensure kernel efi lockdown is enabled
--
Traceback (most recent call last):
File "./test-kernel-security.py", line 2668, in
test_410_config_lock_down_kernel
self.assertKernelConfig('LOCK_DOWN_KERNEL', expected)
File "./test-kernel-security.py", line 207, in assertKernelConfig
self.assertKernelConfigSet(name)
File "./test-kernel-security.py", line 194, in assertKernelConfigSet
'%s option was expected to be set in the kernel config' % name)
AssertionError: LOCK_DOWN_KERNEL option was expected to be set in the kernel
config
To manage notifications about this bug go to:
https://bugs.launchpad.net/qa-regression-testing/+bug/1811981/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1811981] Re: test_410_config_lock_down_kernel in ubuntu_kernel_security test failed on B/C/D KVM
This bug was fixed in the package linux-kvm - 5.0.0-1011.12 --- linux-kvm (5.0.0-1011.12) disco; urgency=medium * linux-kvm: 5.0.0-1011.12 -proposed tracker (LP: #1834892) * q-r-t security test wants SCHED_STACK_END_CHECK to be enabled in KVM kernels (LP: #1812159) - [Config]: enable SCHED_STACK_END_CHECK * PAGE_POISONING / PAGE_POISONING_NO_SANITY / PAGE_POISONING_ZERO option was expected to be set in C-KVM (LP: #1812624) - [Config]: enable PAGE_POISONING, PAGE_POISONING_NO_SANITY, PAGE_POISONING_ZERO * test_410_config_lock_down_kernel in ubuntu_kernel_security test failed on B/C/D KVM (LP: #1811981) - [Config]: enable CONFIG_LOCK_DOWN_KERNEL [ Ubuntu: 5.0.0-21.22 ] * linux: 5.0.0-21.22 -proposed tracker (LP: #1834902) * Disco update: 5.0.15 upstream stable release (LP: #1834529) - net: stmmac: Use bfsize1 in ndesc_init_rx_desc - Drivers: hv: vmbus: Remove the undesired put_cpu_ptr() in hv_synic_cleanup() - ubsan: Fix nasty -Wbuiltin-declaration-mismatch GCC-9 warnings - staging: greybus: power_supply: fix prop-descriptor request size - staging: wilc1000: Avoid GFP_KERNEL allocation from atomic context. - staging: most: cdev: fix chrdev_region leak in mod_exit - staging: most: sound: pass correct device when creating a sound card - ASoC: tlv320aic3x: fix reset gpio reference counting - ASoC: hdmi-codec: fix S/PDIF DAI - ASoC: stm32: sai: fix iec958 controls indexation - ASoC: stm32: sai: fix exposed capabilities in spdif mode - ASoC: stm32: sai: fix race condition in irq handler - ASoC:soc-pcm:fix a codec fixup issue in TDM case - ASoC:hdac_hda:use correct format to setup hda codec - ASoC:intel:skl:fix a simultaneous playback & capture issue on hda platform - ASoC: dpcm: prevent snd_soc_dpcm use after free - ASoC: nau8824: fix the issue of the widget with prefix name - ASoC: nau8810: fix the issue of widget with prefixed name - ASoC: samsung: odroid: Fix clock configuration for 44100 sample rate - ASoC: rt5682: Check JD status when system resume - ASoC: rt5682: fix jack type detection issue - ASoC: rt5682: recording has no sound after booting - ASoC: wm_adsp: Add locking to wm_adsp2_bus_error - clk: meson-gxbb: round the vdec dividers to closest - ASoC: stm32: dfsdm: manage multiple prepare - ASoC: stm32: dfsdm: fix debugfs warnings on entry creation - ASoC: cs4270: Set auto-increment bit for register writes - ASoC: dapm: Fix NULL pointer dereference in snd_soc_dapm_free_kcontrol - drm/omap: hdmi4_cec: Fix CEC clock handling for PM - IB/hfi1: Clear the IOWAIT pending bits when QP is put into error state - IB/hfi1: Eliminate opcode tests on mr deref - IB/hfi1: Fix the allocation of RSM table - MIPS: KGDB: fix kgdb support for SMP platforms. - ASoC: tlv320aic32x4: Fix Common Pins - drm/mediatek: Fix an error code in mtk_hdmi_dt_parse_pdata() - perf/x86/intel: Fix handling of wakeup_events for multi-entry PEBS - perf/x86/intel: Initialize TFA MSR - linux/kernel.h: Use parentheses around argument in u64_to_user_ptr() - iov_iter: Fix build error without CONFIG_CRYPTO - xtensa: fix initialization of pt_regs::syscall in start_thread - ASoC: rockchip: pdm: fix regmap_ops hang issue - drm/amdkfd: Add picasso pci id - drm/amdgpu: Adjust IB test timeout for XGMI configuration - drm/amdgpu: amdgpu_device_recover_vram always failed if only one node in shadow_list - drm/amd/display: fix cursor black issue - ASoC: cs35l35: Disable regulators on driver removal - objtool: Add rewind_stack_do_exit() to the noreturn list - slab: fix a crash by reading /proc/slab_allocators - drm/sun4i: tcon top: Fix NULL/invalid pointer dereference in sun8i_tcon_top_un/bind - virtio_pci: fix a NULL pointer reference in vp_del_vqs - RDMA/vmw_pvrdma: Fix memory leak on pvrdma_pci_remove - RDMA/hns: Fix bug that caused srq creation to fail - KEYS: trusted: fix -Wvarags warning - scsi: csiostor: fix missing data copy in csio_scsi_err_handler() - drm/mediatek: fix possible object reference leak - drm/mediatek: fix the rate and divder of hdmi phy for MT2701 - drm/mediatek: make implementation of recalc_rate() for MT2701 hdmi phy - drm/mediatek: remove flag CLK_SET_RATE_PARENT for MT2701 hdmi phy - drm/mediatek: using new factor for tvdpll for MT2701 hdmi phy - drm/mediatek: no change parent rate in round_rate() for MT2701 hdmi phy - ASoC: Intel: kbl: fix wrong number of channels - ASoC: stm32: sai: fix master clock management - ALSA: hda: Fix racy display power access - virtio-blk: limit number of hw queues by nr_cpu_ids - blk-mq: introduce blk_mq_complete_request_sync() - nvme: cancel request synchronously - nvme-fc: correct csn initialization and increments on error - nvmet: fix discover log page when
[Kernel-packages] [Bug 1811981] Re: test_410_config_lock_down_kernel in ubuntu_kernel_security test failed on B/C/D KVM
This bug was fixed in the package linux-kvm - 5.0.0-1011.12 --- linux-kvm (5.0.0-1011.12) disco; urgency=medium * linux-kvm: 5.0.0-1011.12 -proposed tracker (LP: #1834892) * q-r-t security test wants SCHED_STACK_END_CHECK to be enabled in KVM kernels (LP: #1812159) - [Config]: enable SCHED_STACK_END_CHECK * PAGE_POISONING / PAGE_POISONING_NO_SANITY / PAGE_POISONING_ZERO option was expected to be set in C-KVM (LP: #1812624) - [Config]: enable PAGE_POISONING, PAGE_POISONING_NO_SANITY, PAGE_POISONING_ZERO * test_410_config_lock_down_kernel in ubuntu_kernel_security test failed on B/C/D KVM (LP: #1811981) - [Config]: enable CONFIG_LOCK_DOWN_KERNEL [ Ubuntu: 5.0.0-21.22 ] * linux: 5.0.0-21.22 -proposed tracker (LP: #1834902) * Disco update: 5.0.15 upstream stable release (LP: #1834529) - net: stmmac: Use bfsize1 in ndesc_init_rx_desc - Drivers: hv: vmbus: Remove the undesired put_cpu_ptr() in hv_synic_cleanup() - ubsan: Fix nasty -Wbuiltin-declaration-mismatch GCC-9 warnings - staging: greybus: power_supply: fix prop-descriptor request size - staging: wilc1000: Avoid GFP_KERNEL allocation from atomic context. - staging: most: cdev: fix chrdev_region leak in mod_exit - staging: most: sound: pass correct device when creating a sound card - ASoC: tlv320aic3x: fix reset gpio reference counting - ASoC: hdmi-codec: fix S/PDIF DAI - ASoC: stm32: sai: fix iec958 controls indexation - ASoC: stm32: sai: fix exposed capabilities in spdif mode - ASoC: stm32: sai: fix race condition in irq handler - ASoC:soc-pcm:fix a codec fixup issue in TDM case - ASoC:hdac_hda:use correct format to setup hda codec - ASoC:intel:skl:fix a simultaneous playback & capture issue on hda platform - ASoC: dpcm: prevent snd_soc_dpcm use after free - ASoC: nau8824: fix the issue of the widget with prefix name - ASoC: nau8810: fix the issue of widget with prefixed name - ASoC: samsung: odroid: Fix clock configuration for 44100 sample rate - ASoC: rt5682: Check JD status when system resume - ASoC: rt5682: fix jack type detection issue - ASoC: rt5682: recording has no sound after booting - ASoC: wm_adsp: Add locking to wm_adsp2_bus_error - clk: meson-gxbb: round the vdec dividers to closest - ASoC: stm32: dfsdm: manage multiple prepare - ASoC: stm32: dfsdm: fix debugfs warnings on entry creation - ASoC: cs4270: Set auto-increment bit for register writes - ASoC: dapm: Fix NULL pointer dereference in snd_soc_dapm_free_kcontrol - drm/omap: hdmi4_cec: Fix CEC clock handling for PM - IB/hfi1: Clear the IOWAIT pending bits when QP is put into error state - IB/hfi1: Eliminate opcode tests on mr deref - IB/hfi1: Fix the allocation of RSM table - MIPS: KGDB: fix kgdb support for SMP platforms. - ASoC: tlv320aic32x4: Fix Common Pins - drm/mediatek: Fix an error code in mtk_hdmi_dt_parse_pdata() - perf/x86/intel: Fix handling of wakeup_events for multi-entry PEBS - perf/x86/intel: Initialize TFA MSR - linux/kernel.h: Use parentheses around argument in u64_to_user_ptr() - iov_iter: Fix build error without CONFIG_CRYPTO - xtensa: fix initialization of pt_regs::syscall in start_thread - ASoC: rockchip: pdm: fix regmap_ops hang issue - drm/amdkfd: Add picasso pci id - drm/amdgpu: Adjust IB test timeout for XGMI configuration - drm/amdgpu: amdgpu_device_recover_vram always failed if only one node in shadow_list - drm/amd/display: fix cursor black issue - ASoC: cs35l35: Disable regulators on driver removal - objtool: Add rewind_stack_do_exit() to the noreturn list - slab: fix a crash by reading /proc/slab_allocators - drm/sun4i: tcon top: Fix NULL/invalid pointer dereference in sun8i_tcon_top_un/bind - virtio_pci: fix a NULL pointer reference in vp_del_vqs - RDMA/vmw_pvrdma: Fix memory leak on pvrdma_pci_remove - RDMA/hns: Fix bug that caused srq creation to fail - KEYS: trusted: fix -Wvarags warning - scsi: csiostor: fix missing data copy in csio_scsi_err_handler() - drm/mediatek: fix possible object reference leak - drm/mediatek: fix the rate and divder of hdmi phy for MT2701 - drm/mediatek: make implementation of recalc_rate() for MT2701 hdmi phy - drm/mediatek: remove flag CLK_SET_RATE_PARENT for MT2701 hdmi phy - drm/mediatek: using new factor for tvdpll for MT2701 hdmi phy - drm/mediatek: no change parent rate in round_rate() for MT2701 hdmi phy - ASoC: Intel: kbl: fix wrong number of channels - ASoC: stm32: sai: fix master clock management - ALSA: hda: Fix racy display power access - virtio-blk: limit number of hw queues by nr_cpu_ids - blk-mq: introduce blk_mq_complete_request_sync() - nvme: cancel request synchronously - nvme-fc: correct csn initialization and increments on error - nvmet: fix discover log page when
[Kernel-packages] [Bug 1811981] Re: test_410_config_lock_down_kernel in ubuntu_kernel_security test failed on B/C/D KVM
This bug was fixed in the package linux-kvm - 4.15.0-1039.39 --- linux-kvm (4.15.0-1039.39) bionic; urgency=medium * linux-kvm: 4.15.0-1039.39 -proposed tracker (LP: #1834940) * q-r-t security test wants SCHED_STACK_END_CHECK to be enabled in KVM kernels (LP: #1812159) - [Config]: enable SCHED_STACK_END_CHECK * test_410_config_lock_down_kernel in ubuntu_kernel_security test failed on B/C/D KVM (LP: #1811981) - [Config]: enable CONFIG_LOCK_DOWN_KERNEL [ Ubuntu: 4.15.0-55.60 ] * linux: 4.15.0-55.60 -proposed tracker (LP: #1834954) * Request backport of ceph commits into bionic (LP: #1834235) - ceph: use atomic_t for ceph_inode_info::i_shared_gen - ceph: define argument structure for handle_cap_grant - ceph: flush pending works before shutdown super - ceph: send cap releases more aggressively - ceph: single workqueue for inode related works - ceph: avoid dereferencing invalid pointer during cached readdir - ceph: quota: add initial infrastructure to support cephfs quotas - ceph: quota: support for ceph.quota.max_files - ceph: quota: don't allow cross-quota renames - ceph: fix root quota realm check - ceph: quota: support for ceph.quota.max_bytes - ceph: quota: update MDS when max_bytes is approaching - ceph: quota: add counter for snaprealms with quota - ceph: avoid iput_final() while holding mutex or in dispatch thread * QCA9377 isn't being recognized sometimes (LP: #1757218) - SAUCE: USB: Disable USB2 LPM at shutdown * hns: fix ICMP6 neighbor solicitation messages discard problem (LP: #1833140) - net: hns: fix ICMP6 neighbor solicitation messages discard problem - net: hns: fix unsigned comparison to less than zero * Fix occasional boot time crash in hns driver (LP: #1833138) - net: hns: Fix probabilistic memory overwrite when HNS driver initialized * use-after-free in hns_nic_net_xmit_hw (LP: #1833136) - net: hns: fix KASAN: use-after-free in hns_nic_net_xmit_hw() * hns: attempt to restart autoneg when disabled should report error (LP: #1833147) - net: hns: Restart autoneg need return failed when autoneg off * systemd 237-3ubuntu10.14 ADT test failure on Bionic ppc64el (test-seccomp) (LP: #1821625) - powerpc: sys_pkey_alloc() and sys_pkey_free() system calls - powerpc: sys_pkey_mprotect() system call * [UBUNTU] pkey: Indicate old mkvp only if old and curr. mkvp are different (LP: #1832625) - pkey: Indicate old mkvp only if old and current mkvp are different * [UBUNTU] kernel: Fix gcm-aes-s390 wrong scatter-gather list processing (LP: #1832623) - s390/crypto: fix gcm-aes-s390 selftest failures * System crashes on hot adding a core with drmgr command (4.15.0-48-generic) (LP: #1833716) - powerpc/numa: improve control of topology updates - powerpc/numa: document topology_updates_enabled, disable by default * Kernel modules generated incorrectly when system is localized to a non- English language (LP: #1828084) - scripts: override locale from environment when running recordmcount.pl * [UBUNTU] kernel: Fix wrong dispatching for control domain CPRBs (LP: #1832624) - s390/zcrypt: Fix wrong dispatching for control domain CPRBs * CVE-2019-11815 - net: rds: force to destroy connection if t_sock is NULL in rds_tcp_kill_sock(). * Sound device not detected after resume from hibernate (LP: #1826868) - drm/i915: Force 2*96 MHz cdclk on glk/cnl when audio power is enabled - drm/i915: Save the old CDCLK atomic state - drm/i915: Remove redundant store of logical CDCLK state - drm/i915: Skip modeset for cdclk changes if possible * Handle overflow in proc_get_long of sysctl (LP: #1833935) - sysctl: handle overflow in proc_get_long * Dell XPS 13 (9370) defaults to s2idle sleep/suspend instead of deep, NVMe drains lots of power under s2idle (LP: #1808957) - Revert "UBUNTU: SAUCE: pci/nvme: prevent WDC PC SN720 NVMe from entering D3 and being disabled" - Revert "UBUNTU: SAUCE: nvme: add quirk to not call disable function when suspending" - Revert "UBUNTU: SAUCE: pci: prevent Intel NVMe SSDPEKKF from entering D3" - Revert "SAUCE: nvme: add quirk to not call disable function when suspending" - Revert "SAUCE: pci: prevent sk hynix nvme from entering D3" - PCI: PM: Avoid possible suspend-to-idle issue - PCI: PM: Skip devices in D0 for suspend-to-idle - nvme-pci: Sync queues on reset - nvme: Export get and set features - nvme-pci: Use host managed power state for suspend * linux v4.15 ftbfs on a newer host kernel (e.g. hwe) (LP: #1823429) - selinux: use kernel linux/socket.h for genheaders and mdp * 32-bit x86 kernel 4.15.0-50 crash in vmalloc_sync_all (LP: #1830433) - x86/mm/pat: Disable preemption around __flush_tlb_all() - x86/mm: Drop usage of __flush_tlb_all() in kernel_physical_mapping_init() - x86/mm:
[Kernel-packages] [Bug 1811981] Re: test_410_config_lock_down_kernel in ubuntu_kernel_security test failed on B/C/D KVM
** Changed in: ubuntu-kernel-tests
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/1811981
Title:
test_410_config_lock_down_kernel in ubuntu_kernel_security test failed
on B/C/D KVM
Status in QA Regression Testing:
Fix Released
Status in ubuntu-kernel-tests:
Fix Released
Status in linux-kvm package in Ubuntu:
In Progress
Status in linux-kvm source package in Bionic:
Fix Committed
Status in linux-kvm source package in Cosmic:
Fix Committed
Status in linux-kvm source package in Disco:
Fix Committed
Bug description:
== SRU Justification ==
Security team requires the CONFIG_LOCK_DOWN_KERNEL to be enabled in all of
our kernels.
== Test ==
Test kernels could be found here:
https://people.canonical.com/~phlin/kernel/lp-1811981-kvm-lockdown/
This issue can be verified with test_410_config_lock_down_kernel
test from q-r-t, the test will pass with the patched kernel.
== Regression Potential ==
Low, we already have this config enabled in the generic kernel.
== Original bug report ==
Kernel Version: 4.15.0-44.47
This test has passed on s390x / AMD64 / ARM64 / i386, but failed with
Power8 and Power9
FAIL: test_410_config_lock_down_kernel (__main__.KernelSecurityConfigTest)
Ensure kernel efi lockdown is enabled
--
Traceback (most recent call last):
File "./test-kernel-security.py", line 2668, in
test_410_config_lock_down_kernel
self.assertKernelConfig('LOCK_DOWN_KERNEL', expected)
File "./test-kernel-security.py", line 207, in assertKernelConfig
self.assertKernelConfigSet(name)
File "./test-kernel-security.py", line 194, in assertKernelConfigSet
'%s option was expected to be set in the kernel config' % name)
AssertionError: LOCK_DOWN_KERNEL option was expected to be set in the kernel
config
To manage notifications about this bug go to:
https://bugs.launchpad.net/qa-regression-testing/+bug/1811981/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1811981] Re: test_410_config_lock_down_kernel in ubuntu_kernel_security test failed on B/C/D KVM
I can confirm that the CONFIG_LOCK_DOWN_KERNEL config is enabled in the
5.0.0-1011.12 linux-kvm kernel in disco-proposed. Thanks!
** Tags added: verifiction-done-disco
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/1811981
Title:
test_410_config_lock_down_kernel in ubuntu_kernel_security test failed
on B/C/D KVM
Status in QA Regression Testing:
Fix Released
Status in ubuntu-kernel-tests:
In Progress
Status in linux-kvm package in Ubuntu:
In Progress
Status in linux-kvm source package in Bionic:
Fix Committed
Status in linux-kvm source package in Cosmic:
Fix Committed
Status in linux-kvm source package in Disco:
Fix Committed
Bug description:
== SRU Justification ==
Security team requires the CONFIG_LOCK_DOWN_KERNEL to be enabled in all of
our kernels.
== Test ==
Test kernels could be found here:
https://people.canonical.com/~phlin/kernel/lp-1811981-kvm-lockdown/
This issue can be verified with test_410_config_lock_down_kernel
test from q-r-t, the test will pass with the patched kernel.
== Regression Potential ==
Low, we already have this config enabled in the generic kernel.
== Original bug report ==
Kernel Version: 4.15.0-44.47
This test has passed on s390x / AMD64 / ARM64 / i386, but failed with
Power8 and Power9
FAIL: test_410_config_lock_down_kernel (__main__.KernelSecurityConfigTest)
Ensure kernel efi lockdown is enabled
--
Traceback (most recent call last):
File "./test-kernel-security.py", line 2668, in
test_410_config_lock_down_kernel
self.assertKernelConfig('LOCK_DOWN_KERNEL', expected)
File "./test-kernel-security.py", line 207, in assertKernelConfig
self.assertKernelConfigSet(name)
File "./test-kernel-security.py", line 194, in assertKernelConfigSet
'%s option was expected to be set in the kernel config' % name)
AssertionError: LOCK_DOWN_KERNEL option was expected to be set in the kernel
config
To manage notifications about this bug go to:
https://bugs.launchpad.net/qa-regression-testing/+bug/1811981/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1811981] Re: test_410_config_lock_down_kernel in ubuntu_kernel_security test failed on B/C/D KVM
I can confirm that the CONFIG_LOCK_DOWN_KERNEL config is enabled in the
4.15.0-1039.39 linux-kvm kernel in bionic-proposed. Thanks!
** Tags added: verification-done-bionic
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/1811981
Title:
test_410_config_lock_down_kernel in ubuntu_kernel_security test failed
on B/C/D KVM
Status in QA Regression Testing:
Fix Released
Status in ubuntu-kernel-tests:
In Progress
Status in linux-kvm package in Ubuntu:
In Progress
Status in linux-kvm source package in Bionic:
Fix Committed
Status in linux-kvm source package in Cosmic:
Fix Committed
Status in linux-kvm source package in Disco:
Fix Committed
Bug description:
== SRU Justification ==
Security team requires the CONFIG_LOCK_DOWN_KERNEL to be enabled in all of
our kernels.
== Test ==
Test kernels could be found here:
https://people.canonical.com/~phlin/kernel/lp-1811981-kvm-lockdown/
This issue can be verified with test_410_config_lock_down_kernel
test from q-r-t, the test will pass with the patched kernel.
== Regression Potential ==
Low, we already have this config enabled in the generic kernel.
== Original bug report ==
Kernel Version: 4.15.0-44.47
This test has passed on s390x / AMD64 / ARM64 / i386, but failed with
Power8 and Power9
FAIL: test_410_config_lock_down_kernel (__main__.KernelSecurityConfigTest)
Ensure kernel efi lockdown is enabled
--
Traceback (most recent call last):
File "./test-kernel-security.py", line 2668, in
test_410_config_lock_down_kernel
self.assertKernelConfig('LOCK_DOWN_KERNEL', expected)
File "./test-kernel-security.py", line 207, in assertKernelConfig
self.assertKernelConfigSet(name)
File "./test-kernel-security.py", line 194, in assertKernelConfigSet
'%s option was expected to be set in the kernel config' % name)
AssertionError: LOCK_DOWN_KERNEL option was expected to be set in the kernel
config
To manage notifications about this bug go to:
https://bugs.launchpad.net/qa-regression-testing/+bug/1811981/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1811981] Re: test_410_config_lock_down_kernel in ubuntu_kernel_security test failed on B/C/D KVM
** Tags removed: ubuntu-kernel-security
** Tags added: ubuntu-qrt-kernel-security
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/1811981
Title:
test_410_config_lock_down_kernel in ubuntu_kernel_security test failed
on B/C/D KVM
Status in QA Regression Testing:
Fix Released
Status in ubuntu-kernel-tests:
In Progress
Status in linux-kvm package in Ubuntu:
In Progress
Status in linux-kvm source package in Bionic:
Fix Committed
Status in linux-kvm source package in Cosmic:
Fix Committed
Status in linux-kvm source package in Disco:
Fix Committed
Bug description:
== SRU Justification ==
Security team requires the CONFIG_LOCK_DOWN_KERNEL to be enabled in all of
our kernels.
== Test ==
Test kernels could be found here:
https://people.canonical.com/~phlin/kernel/lp-1811981-kvm-lockdown/
This issue can be verified with test_410_config_lock_down_kernel
test from q-r-t, the test will pass with the patched kernel.
== Regression Potential ==
Low, we already have this config enabled in the generic kernel.
== Original bug report ==
Kernel Version: 4.15.0-44.47
This test has passed on s390x / AMD64 / ARM64 / i386, but failed with
Power8 and Power9
FAIL: test_410_config_lock_down_kernel (__main__.KernelSecurityConfigTest)
Ensure kernel efi lockdown is enabled
--
Traceback (most recent call last):
File "./test-kernel-security.py", line 2668, in
test_410_config_lock_down_kernel
self.assertKernelConfig('LOCK_DOWN_KERNEL', expected)
File "./test-kernel-security.py", line 207, in assertKernelConfig
self.assertKernelConfigSet(name)
File "./test-kernel-security.py", line 194, in assertKernelConfigSet
'%s option was expected to be set in the kernel config' % name)
AssertionError: LOCK_DOWN_KERNEL option was expected to be set in the kernel
config
To manage notifications about this bug go to:
https://bugs.launchpad.net/qa-regression-testing/+bug/1811981/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1811981] Re: test_410_config_lock_down_kernel in ubuntu_kernel_security test failed on B/C/D KVM
** Changed in: linux-kvm (Ubuntu Bionic)
Status: In Progress => Fix Committed
** Changed in: linux-kvm (Ubuntu Cosmic)
Status: In Progress => Fix Committed
** Changed in: linux-kvm (Ubuntu Disco)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/1811981
Title:
test_410_config_lock_down_kernel in ubuntu_kernel_security test failed
on B/C/D KVM
Status in QA Regression Testing:
Fix Released
Status in ubuntu-kernel-tests:
In Progress
Status in linux-kvm package in Ubuntu:
In Progress
Status in linux-kvm source package in Bionic:
Fix Committed
Status in linux-kvm source package in Cosmic:
Fix Committed
Status in linux-kvm source package in Disco:
Fix Committed
Bug description:
== SRU Justification ==
Security team requires the CONFIG_LOCK_DOWN_KERNEL to be enabled in all of
our kernels.
== Test ==
Test kernels could be found here:
https://people.canonical.com/~phlin/kernel/lp-1811981-kvm-lockdown/
This issue can be verified with test_410_config_lock_down_kernel
test from q-r-t, the test will pass with the patched kernel.
== Regression Potential ==
Low, we already have this config enabled in the generic kernel.
== Original bug report ==
Kernel Version: 4.15.0-44.47
This test has passed on s390x / AMD64 / ARM64 / i386, but failed with
Power8 and Power9
FAIL: test_410_config_lock_down_kernel (__main__.KernelSecurityConfigTest)
Ensure kernel efi lockdown is enabled
--
Traceback (most recent call last):
File "./test-kernel-security.py", line 2668, in
test_410_config_lock_down_kernel
self.assertKernelConfig('LOCK_DOWN_KERNEL', expected)
File "./test-kernel-security.py", line 207, in assertKernelConfig
self.assertKernelConfigSet(name)
File "./test-kernel-security.py", line 194, in assertKernelConfigSet
'%s option was expected to be set in the kernel config' % name)
AssertionError: LOCK_DOWN_KERNEL option was expected to be set in the kernel
config
To manage notifications about this bug go to:
https://bugs.launchpad.net/qa-regression-testing/+bug/1811981/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1811981] Re: test_410_config_lock_down_kernel in ubuntu_kernel_security test failed on B/C/D KVM
https://lists.ubuntu.com/archives/kernel-team/2019-June/101275.html
** Tags removed: ppc64el
** Tags added: amd64 cosmic disco ubuntu-kernel-security
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/1811981
Title:
test_410_config_lock_down_kernel in ubuntu_kernel_security test failed
on B/C/D KVM
Status in QA Regression Testing:
Fix Released
Status in ubuntu-kernel-tests:
In Progress
Status in linux-kvm package in Ubuntu:
In Progress
Status in linux-kvm source package in Bionic:
In Progress
Status in linux-kvm source package in Cosmic:
In Progress
Status in linux-kvm source package in Disco:
In Progress
Bug description:
== SRU Justification ==
Security team requires the CONFIG_LOCK_DOWN_KERNEL to be enabled in all of
our kernels.
== Test ==
Test kernels could be found here:
https://people.canonical.com/~phlin/kernel/lp-1811981-kvm-lockdown/
This issue can be verified with test_410_config_lock_down_kernel
test from q-r-t, the test will pass with the patched kernel.
== Regression Potential ==
Low, we already have this config enabled in the generic kernel.
== Original bug report ==
Kernel Version: 4.15.0-44.47
This test has passed on s390x / AMD64 / ARM64 / i386, but failed with
Power8 and Power9
FAIL: test_410_config_lock_down_kernel (__main__.KernelSecurityConfigTest)
Ensure kernel efi lockdown is enabled
--
Traceback (most recent call last):
File "./test-kernel-security.py", line 2668, in
test_410_config_lock_down_kernel
self.assertKernelConfig('LOCK_DOWN_KERNEL', expected)
File "./test-kernel-security.py", line 207, in assertKernelConfig
self.assertKernelConfigSet(name)
File "./test-kernel-security.py", line 194, in assertKernelConfigSet
'%s option was expected to be set in the kernel config' % name)
AssertionError: LOCK_DOWN_KERNEL option was expected to be set in the kernel
config
To manage notifications about this bug go to:
https://bugs.launchpad.net/qa-regression-testing/+bug/1811981/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1811981] Re: test_410_config_lock_down_kernel in ubuntu_kernel_security test failed on B/C/D KVM
** Description changed:
+ == SRU Justification ==
+ Security team requires the CONFIG_LOCK_DOWN_KERNEL to be enabled in all of
our kernels.
+
+ == Test ==
+ Test kernels could be found here:
+ https://people.canonical.com/~phlin/kernel/lp-1811981-kvm-lockdown/
+ This issue can be verified with test_410_config_lock_down_kernel
+ test from q-r-t, the test will pass with the patched kernel.
+
+ == Regression Potential ==
+ Low, we already have this config enabled in the generic kernel.
+
+
+ == Original bug report ==
Kernel Version: 4.15.0-44.47
This test has passed on s390x / AMD64 / ARM64 / i386, but failed with
Power8 and Power9
FAIL: test_410_config_lock_down_kernel (__main__.KernelSecurityConfigTest)
Ensure kernel efi lockdown is enabled
--
Traceback (most recent call last):
File "./test-kernel-security.py", line 2668, in
test_410_config_lock_down_kernel
self.assertKernelConfig('LOCK_DOWN_KERNEL', expected)
File "./test-kernel-security.py", line 207, in assertKernelConfig
self.assertKernelConfigSet(name)
File "./test-kernel-security.py", line 194, in assertKernelConfigSet
'%s option was expected to be set in the kernel config' % name)
AssertionError: LOCK_DOWN_KERNEL option was expected to be set in the kernel
config
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/1811981
Title:
test_410_config_lock_down_kernel in ubuntu_kernel_security test failed
on B/C/D KVM
Status in QA Regression Testing:
Fix Released
Status in ubuntu-kernel-tests:
In Progress
Status in linux-kvm package in Ubuntu:
In Progress
Status in linux-kvm source package in Bionic:
In Progress
Status in linux-kvm source package in Cosmic:
In Progress
Status in linux-kvm source package in Disco:
In Progress
Bug description:
== SRU Justification ==
Security team requires the CONFIG_LOCK_DOWN_KERNEL to be enabled in all of
our kernels.
== Test ==
Test kernels could be found here:
https://people.canonical.com/~phlin/kernel/lp-1811981-kvm-lockdown/
This issue can be verified with test_410_config_lock_down_kernel
test from q-r-t, the test will pass with the patched kernel.
== Regression Potential ==
Low, we already have this config enabled in the generic kernel.
== Original bug report ==
Kernel Version: 4.15.0-44.47
This test has passed on s390x / AMD64 / ARM64 / i386, but failed with
Power8 and Power9
FAIL: test_410_config_lock_down_kernel (__main__.KernelSecurityConfigTest)
Ensure kernel efi lockdown is enabled
--
Traceback (most recent call last):
File "./test-kernel-security.py", line 2668, in
test_410_config_lock_down_kernel
self.assertKernelConfig('LOCK_DOWN_KERNEL', expected)
File "./test-kernel-security.py", line 207, in assertKernelConfig
self.assertKernelConfigSet(name)
File "./test-kernel-security.py", line 194, in assertKernelConfigSet
'%s option was expected to be set in the kernel config' % name)
AssertionError: LOCK_DOWN_KERNEL option was expected to be set in the kernel
config
To manage notifications about this bug go to:
https://bugs.launchpad.net/qa-regression-testing/+bug/1811981/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1811981] Re: test_410_config_lock_down_kernel in ubuntu_kernel_security test failed on B/C/D KVM
** Changed in: ubuntu-kernel-tests
Status: New => In Progress
** Changed in: ubuntu-kernel-tests
Assignee: (unassigned) => Po-Hsu Lin (cypressyew)
** Changed in: linux-kvm (Ubuntu)
Assignee: (unassigned) => Po-Hsu Lin (cypressyew)
** Changed in: linux-kvm (Ubuntu Bionic)
Assignee: (unassigned) => Po-Hsu Lin (cypressyew)
** Changed in: linux-kvm (Ubuntu Cosmic)
Assignee: (unassigned) => Po-Hsu Lin (cypressyew)
** Changed in: linux-kvm (Ubuntu Disco)
Assignee: (unassigned) => Po-Hsu Lin (cypressyew)
** Changed in: linux-kvm (Ubuntu Disco)
Status: New => In Progress
** Changed in: linux-kvm (Ubuntu Cosmic)
Status: New => In Progress
** Changed in: linux-kvm (Ubuntu Bionic)
Status: New => In Progress
** Changed in: linux-kvm (Ubuntu)
Status: New => In Progress
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/1811981
Title:
test_410_config_lock_down_kernel in ubuntu_kernel_security test failed
on B/C/D KVM
Status in QA Regression Testing:
Fix Released
Status in ubuntu-kernel-tests:
In Progress
Status in linux-kvm package in Ubuntu:
In Progress
Status in linux-kvm source package in Bionic:
In Progress
Status in linux-kvm source package in Cosmic:
In Progress
Status in linux-kvm source package in Disco:
In Progress
Bug description:
Kernel Version: 4.15.0-44.47
This test has passed on s390x / AMD64 / ARM64 / i386, but failed with
Power8 and Power9
FAIL: test_410_config_lock_down_kernel (__main__.KernelSecurityConfigTest)
Ensure kernel efi lockdown is enabled
--
Traceback (most recent call last):
File "./test-kernel-security.py", line 2668, in
test_410_config_lock_down_kernel
self.assertKernelConfig('LOCK_DOWN_KERNEL', expected)
File "./test-kernel-security.py", line 207, in assertKernelConfig
self.assertKernelConfigSet(name)
File "./test-kernel-security.py", line 194, in assertKernelConfigSet
'%s option was expected to be set in the kernel config' % name)
AssertionError: LOCK_DOWN_KERNEL option was expected to be set in the kernel
config
To manage notifications about this bug go to:
https://bugs.launchpad.net/qa-regression-testing/+bug/1811981/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
