** Description changed: == SRU Justification == Security team requires the SCHED_STACK_END_CHECK config to be enabled on all of our kernel. The test_380_config_sched_stack_end_check test from q-r-t will fail on all the KVM kernels. Copied from the config help text: This option checks for a stack overrun on calls to schedule(). If the stack end location is found to be over written always panic as the content of the corrupted region can no longer be trusted. This is to ensure no erroneous behaviour occurs which could result in data corruption or a sporadic crash at a later stage once the region is examined. The runtime overhead introduced is minimal. == Test == + Test kernels could be found here: + https://people.canonical.com/~phlin/kernel/lp-1812159-kvm-sched-check/ This issue case be verified with the test_380_config_sched_stack_end_check test from q-r-t, the test will pass with the patched kernel. == Regression Potential == Low, the introduced runtime overhead is minimal, and it's already enabled in the generic kernel. - == Original Bug report == The test_380_config_sched_stack_end_check test failed on the Bionic KVM kernel FAIL: test_380_config_sched_stack_end_check (__main__.KernelSecurityConfigTest) Ensure SCHED_STACK_END_CHECK is set ---------------------------------------------------------------------- Traceback (most recent call last): File "./test-kernel-security.py", line 2628, in test_380_config_sched_stack_end_check self.assertKernelConfig('SCHED_STACK_END_CHECK', expected) File "./test-kernel-security.py", line 207, in assertKernelConfig self.assertKernelConfigSet(name) File "./test-kernel-security.py", line 194, in assertKernelConfigSet '%s option was expected to be set in the kernel config' % name) AssertionError: SCHED_STACK_END_CHECK option was expected to be set in the kernel config - ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: linux-image-4.15.0-1028-kvm 4.15.0-1028.28 ProcVersionSignature: User Name 4.15.0-1028.28-kvm 4.15.18 Uname: Linux 4.15.0-1028-kvm x86_64 ApportVersion: 2.20.9-0ubuntu7.5 Architecture: amd64 Date: Thu Jan 17 06:44:41 2019 SourcePackage: linux-kvm UpgradeStatus: No upgrade log present (probably fresh install)
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1812159 Title: q-r-t security test wants SCHED_STACK_END_CHECK to be enabled in KVM kernels To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1812159/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
