This is a CONFIG request, do no apport collection required. :)
** Changed in: linux (Ubuntu)
Status: Incomplete => Confirmed
** Also affects: linux (Ubuntu Groovy)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Hirsute)
Importance: Undecided
Status:
Public bug reported:
Enabling CONFIG_UBSAN_BOUNDS is fast and provides good coverage for out-
of-bounds array indexing (i.e. it catchings the things that
CONFIG_FORTIFY doesn't).
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification
(This is a feature request, so no log needed.)
** Changed in: linux (Ubuntu)
Status: Incomplete => Confirmed
** Also affects: linux (Ubuntu Hirsute)
Importance: Undecided
Status: Confirmed
** Also affects: linux (Ubuntu Groovy)
Importance: Undecided
Status: New
**
I think it's fine. It sounds like there will just be no way to override
package-installed blacklists any more. That's unfortunate, but it's a
very rare situation.
** Changed in: systemd (Ubuntu)
Status: Incomplete => Won't Fix
** Changed in: linux (Ubuntu)
Status: Incomplete =>
To clarify, I'm suggesting:
CONFIG_PAGE_POISONING=y
CONFIG_PAGE_POISONING_ZERO=y
CONFIG_PAGE_POISONING_NO_SANITY=y
this should have no impact on regular boots, and if someone boots with
"page_poison=1" then they get page wiping when page_alloc pages are
freed (and then GFP_ZERO is a no-op since
Oh no, leave CONFIG_PAGE_POISONING_NO_SANITY=y. Things get REALLY slow
without that, and the default kernel is built with hibernation, so I
would expect to do =y for that option.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in
Public bug reported:
I'd like to be able to use page poisoning, but CONFIG_PAGE_POISONING is
not enabled on Ubuntu. (This option itself has a near-zero performance
impact since it must be combined with the boot option "page_poison=1" to
actually enable the poisoning.)
To make the poisoning (when
ping...
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1766052
Title:
Incorrect blacklist of bcm2835_wdt
Status in linux package in Ubuntu:
Triaged
Status in linux source package in
Oops, I missed the "|" ... fixed here:
https://lists.ubuntu.com/archives/kernel-team/2018-April/092002.html
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1766052
Title:
Incorrect
This should fix it:
https://lists.ubuntu.com/archives/kernel-team/2018-April/091890.html
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1766052
Title:
Incorrect blacklist of
Public bug reported:
Without bcm2835_wdt loaded, Raspberry Pi systems cannot reboot or shut
down. This needs to be removed from the automatic blacklist generated by
the kernel build that ends up in /lib/modprobe.d/blacklist_linux_$(uname
-r).conf
** Affects: linux (Ubuntu)
Importance:
Public bug reported:
In the v4.12 kernel, CONFIG_SECURITY_SELINUX_DISABLE (which allows
disabling selinux after boot) will conflict with read-only LSM
structures. Since Ubuntu is primarily using AppArmor for its LSM, and
SELinux is disabled by default, it makes sense to drop this feature in
favor
... why aren't all the kernels just signed? Why does this need to be a
separate package at all?
I can confirm installing the -signed package fixes it for me. Where in
the kernel source does this signature effect the output of
/proc/sys/kernel/secure_boot, though? I can't find that...
--
You
And it looks like this is specific to the 4.8 kernel. 4.4 thinks secure
boot is enabled.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1658255
Title:
Kernel not enforcing module
And that must be doing something wrong, since:
sudo efivar -p -n $(efivar --list | grep SecureBoot)
shows "1"
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1658255
Title:
Kernel not
the proc handler does:
secure_boot_enabled = efi_enabled(EFI_SECURE_BOOT);
this feature flag is set at boot:
#ifdef CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE
if (boot_params.secure_boot == EFI_SECURE_BOOT) {
set_bit(EFI_SECURE_BOOT, );
Oh, and that's not set up by the bootloader, it's in
arch/x86/boot/compressed/eboot.c:
boot_params->secure_boot = get_secure_boot();
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
(Hm, dmesg WARN on IOMMU seems to think I need
910170442944e1f8674fd5ddbeeb8ccd1877ea98, but that's unrelated...)
** Attachment added: "dmesg.txt"
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1658255/+attachment/4809482/+files/dmesg.txt
--
You received this bug notification because
$ cat /proc/sys/kernel/secure_boot
0
That seems weird. Everything else thinks it's enabled. What sets this
one (and what does it represent)?
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
Public bug reported:
$ sudo mokutil --sbstate
SecureBoot enabled
$ cat /proc/sys/kernel/moksbstate_disabled
0
$ sudo insmod ./hello.ko
$ echo $?
0
$ dmesg | grep Hello
[00112.530866] Hello, world!
$ strings /lib/modules/$(uname -r)/kernel/lib/test_module.ko | grep signature
~Module signature
What is needed to support this IOMMU? Kernel CONFIGs? New code? Can you
describe what is missing?
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1385391
Title:
Carrizo : IOMMU v2.6
Public bug reported:
The perf subsystem provides a rather large attack surface, and system
owners would like a way to disable access to non-root users. This is
already being done in Android and Debian, and I'd like to do the same on
my Ubuntu systems. :)
https://lkml.org/lkml/2016/1/11/587
**
Yup, but I wanted to avoid getting overwritten each time linux-firmware
gets updated. ;)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-firmware in Ubuntu.
https://bugs.launchpad.net/bugs/1436940
Title:
Qualcomm Atheros QCA6164
Adding ath10k/QCA6174/hw2.1/board-pci-168c:0041:17aa:3545.bin (from the
working board.bin in this thread) seems to fix it, though:
e6adc90ecaf55edc656990c6c50193ac board-pci-168c:0041:17aa:3545.bin
--
You received this bug notification because you are a member of Kernel
Packages, which is
Hm, not fixed for me. still seeing firmware crashes. :(
** Changed in: linux-firmware (Ubuntu Xenial)
Status: Fix Released => Confirmed
** Changed in: linux-firmware (Ubuntu)
Status: Fix Released => Confirmed
--
You received this bug notification because you are a member of
Public bug reported:
Kernel Address Space Layout Randomization (KASLR) can make it harder to
accomplish kernel security vulnerability exploits, especially during
remote attacks or attacks from containers. On x86, KASLR has a run-time
conflict with Hibernation, and currently the kernel selects
Please also backport 3dfb7d8cdbc7ea0c2970450e60818bb3eefbad69 from
4.5-rc1.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1551894
Title:
linux: 4.4.0-9.X fails yama ptrace
Still no issues for me. Yay! :)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1448912
Title:
BUG: unable to handle kernel NULL pointer dereference (aa_label_merge)
Status in AppArmor:
It's been 3 days running the test kernel and I've seen no problems. Very
encouraging!
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1448912
Title:
BUG: unable to handle kernel NULL
** Attachment removed: "firmware for qca6174"
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1436940/+attachment/4450449/+files/ath10k-qca6174.tar.bz2
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
** Summary changed:
- Atheros wifi 168c:0041(QCA6164) is not supported
+ Atheros wifi 168c:0041(QCA6174) is not supported
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1436940
Title:
@jsalisbury is there a 4.2 ubuntu kernel we could test with? Here's a
tarball with the firmware files. It's unpacked as:
cd /lib/firmware
tar xf /tmp/ath10k-qca6174.tar.bz2
** Attachment added: firmware for qca6174
I have not tested these, but IIUC, this is where to get an upstream
kernel build, configured for Ubuntu, thought likely without Ubuntu-
specific patches: http://kernel.ubuntu.com/~kernel-
ppa/mainline/daily/current/
--
You received this bug notification because you are a member of Kernel
With the new files, I still get the ath10k/QCA6174/hw2.1/firmware-4.bin
errors. Does the kernel need to be updated for a new driver that looks
for a -5 firmware?
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
The debug kernels reduced the frequency of the Oopsing, but this has
made AppArmor unusable with Apache for me.
** Also affects: linux (Ubuntu Wily)
Importance: Undecided
Assignee: John Johansen (jjohansen)
Status: Confirmed
** Also affects: linux (Ubuntu Trusty)
Importance:
Here is the Oops from a jj-special kernel. similar, but different.
** Attachment added: debugging-oops.txt
https://bugs.launchpad.net/apparmor/+bug/1448912/+attachment/4430738/+files/debugging-oops.txt
--
You received this bug notification because you are a member of Kernel
Packages, which
Three more crashes today, one after the other (the trigger must be some
kind of Apache access pattern, still trying to figure that out.)
** Attachment added: one.txt
https://bugs.launchpad.net/apparmor/+bug/1448912/+attachment/4429577/+files/one.txt
--
You received this bug notification
** Attachment added: two.txt
https://bugs.launchpad.net/apparmor/+bug/1448912/+attachment/4429578/+files/two.txt
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1448912
Title:
BUG:
** Attachment added: three.txt
https://bugs.launchpad.net/apparmor/+bug/1448912/+attachment/4429579/+files/three.txt
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1448912
Title:
** Summary changed:
- Wireless device not listed in driver's PCI IDs
+ Atheros 168c:0041 (Lenovo G50-80) is not supported
** Summary changed:
- Atheros 168c:0041 (Lenovo G50-80) is not supported
+ Atheros wifi 168c:0041 (Lenovo G50-80) is not supported
** Also affects: linux (Ubuntu Vivid)
** Summary changed:
- BUG: unable to handle kernel NULL pointer dereference
+ BUG: unable to handle kernel NULL pointer dereference (aa_label_merge)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
I saw the same thing this morning.
Ubuntu 14.04.2 LTS
Kernel linux-image-3.16.0-30-generic
libapache2-mod-apparmor 2.8.95~2430-0ubuntu5.1
apache2-mpm-prefork 2.4.7-1ubuntu4.4
Attached is first the warning (like in bug 1447530), and then the Oops,
9 seconds later.
** Attachment added: warn and
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-4249
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/812360
Title:
linux: 2.6.24-29.92 -proposed tracker
Status in
Thanks! Tested Ubuntu 3.13.0-40.68-generic 3.13.11.10 with upstream
regression suite, all tests pass.
** Tags removed: verification-needed-trusty
** Tags added: verification-done-trusty
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to
What does the output of xrandr show when VGA is working, and when it
is not?
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1300914
Title:
External screen undetected after first plug
Thanks for the backport to Utopic!
Pull request for Trusty is here: https://lists.ubuntu.com/archives
/kernel-team/2014-October/049110.html
Logs for test runs of https://github.com/redpig/seccomp.git
tests/seccomp_bpf_tests all pass now.
--
You received this bug notification because you are a
** Attachment added: before.log
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1379020/+attachment/4229705/+files/before.log
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
** Attachment added: after.log
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1379020/+attachment/4229706/+files/after.log
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1379020
Public bug reported:
For Chrome (and other seccomp users like LXC), the thread-sync features
for seccomp would provide better process isolation. The feature landed
in kernel 3.17, and is relatively easy to back-port. The upstream
seccomp regression tests can be used to verify both the new
2014-08-11 seccomp: Replace BUG(!spin_is_locked()) with assert_spin_lock
2014-07-18 seccomp: implement SECCOMP_FILTER_FLAG_TSYNC
2014-07-18 seccomp: allow mode setting across threads
2014-07-18 seccomp: introduce writer locking
2014-07-18 seccomp: split filter prep from
Works for me, thanks!
** Tags removed: verification-needed-precise
** Tags added: verified-precise
** Tags removed: verified-precise
** Tags added: verification-done-precise
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in
Reopened; it looks like this never landed and the auditsc fix in
3.13.0-33.58 typoed which bug it should close?
** Changed in: linux (Ubuntu Trusty)
Status: Fix Released = Confirmed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to
Public bug reported:
This is an old bug that looks like the fix missed Precise since Yama was
backported there. Yama was introduced in 3.4, but Precise is 3.2 with
Yama backported. The upstream fix for this bug is missing, which can
cause problems when a Yama-aware program is running in 32-bit
Test-case:
sudo apt-get install gcc-multilib
gcc -Wall yama-test.c -m32 -o yama-test
./yama-test
This should return 0 and report ok, but on precise, it fails.
** Attachment added: yama-test.c
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1338883/+attachment/4147811/+files/yama-test.c
Patch sent to kernel-team list:
https://lists.ubuntu.com/archives/kernel-team/2014-July/045729.html
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1338883
Title:
Yama PR_SET_PTRACER_ANY
Will Utopic be 3.16 based? If so, once
24f2e0273f80ec262a772059e140a0adef35296d is in the Ubuntu kernel, it
will be possible to enable CONFIG_RANDOMIZE_BASE along with
CONFIG_HIBERNATE on i386 and amd64.
Otherwise, please backport a6e15a39048ec3229b9a53425f4384f55f6cc1b3 and
Notes from IRC:
You can either turn off CONFIG_HIBERNATE to gain it, or write patches to
make those work together in some way. :) one idea I had that I haven't
had time to see if it could work is to make kaslr disabled by default if
CONFIG_HIBERNATE is enabled, and then if boot with kaslr on the
I've confirmed this is fixed. Thanks!
$ cat /proc/version_signature
Ubuntu 3.2.0-65.98-generic 3.2.60
$ ./seccomp_bpf_tests
...
[ RUN ] TRACE.read_has_side_effects
[ OK ] TRACE.read_has_side_effects
[ RUN ] TRACE.getpid_runs_normally
[ OK ] TRACE.getpid_runs_normally
...
Public bug reported:
In v3.2, there was confusion over the new PTRACE_EVENT_EXIT value.
Ultimately, upstream fixed it, but in the precise backporting of
seccomp, the wrong value was used:
5cdf389aee90109e2e3d88085dea4dd5508a3be7
As a result, seccomp filteres expecting ptrace managers don't work
** Description changed:
In v3.2, there was confusion over the new PTRACE_EVENT_EXIT value.
Ultimately, upstream fixed it, but in the precise backporting of
seccomp, the wrong value was used:
5cdf389aee90109e2e3d88085dea4dd5508a3be7
As a result, seccomp filteres expecting ptrace
For making sure IMA isn't enabled at boot by default, here's some
details From http://sourceforge.net/p/linux-ima/wiki/Home/
Enabling IMA
IMA was first included in the 2.6.30 kernel. For distros that enable IMA by
default in their kernels, collecting IMA measurements simply requires rebooting
Moving to main linux package. Waiting for memory benchmark comparison of:
- without CONFIG_IMA
- with CONFIG_IMA
- with CONFIG_IMG + policy
** Package changed: linux-meta-lts-saucy (Ubuntu) = linux (Ubuntu)
--
You received this bug notification because you are a member of Kernel
Packages,
sudo rmmod mei_me mei should stop the messages. Usually means AMT has
been disabled in the BIOS.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1196155
Title:
mei_me resets spamming
My testing was with a Debian userspace. I don't have a functional Ubuntu
ARM environment. I can boot rebuilt kernels in KVM.
Can you just adjust the header file to get it compiled? I have no idea
why __NR_time is stripped out like that. It's a valid syscall.
--
You received this bug
** Description changed:
While seccomp-bpf was backported into precise, it was only for x86. Now
that the ARM support is upstream too, it would be great to have the same
level of support on ARM in the LTS kernel.
I'll prepare patches.
+
+ [Impact]
+ ARM devices lack seccomp-bpf
65 matches
Mail list logo