Public bug reported: [Impact]
Some cloud-focused kernels have CONFIG_BT enabled but cloud instances shouldn't need bluetooth support. Disabling the bluetooth subsystem reduces the amount of security-sensitive code we have to worry about in the cloud kernels and also has the nice side effect of minimizing build times and kernel sizes. The cloud kernels known to have bluetooth enabled include: * [B/D/E] linux-aws (arm64 only) * [X/B/D/E] linux-gcp * [B] linux-gke-4.15 * [B] linux-gke-5.0 * [X/B/D/E] linux-oracle [Test Case] 1. Install patched kernel and reboot into it 2. Ensure that the following command does NOT display any output: $ grep CONFIG_BT=[my] /boot/config-$(uname -r) [Regression Potential] There could be an unexpected dependence on bluetooth within one of the clouds but I think it is highly unlikely. ** Affects: linux-aws (Ubuntu) Importance: High Status: Triaged ** Affects: linux-gcp (Ubuntu) Importance: High Status: Triaged ** Affects: linux-gke-4.15 (Ubuntu) Importance: Undecided Status: Invalid ** Affects: linux-gke-5.0 (Ubuntu) Importance: Undecided Status: Invalid ** Affects: linux-oracle (Ubuntu) Importance: High Status: Triaged ** Affects: linux-aws (Ubuntu Xenial) Importance: Undecided Status: Invalid ** Affects: linux-gcp (Ubuntu Xenial) Importance: High Status: Triaged ** Affects: linux-gke-4.15 (Ubuntu Xenial) Importance: Undecided Status: Invalid ** Affects: linux-gke-5.0 (Ubuntu Xenial) Importance: Undecided Status: Invalid ** Affects: linux-oracle (Ubuntu Xenial) Importance: High Status: Triaged ** Affects: linux-aws (Ubuntu Bionic) Importance: Undecided Status: Triaged ** Affects: linux-gcp (Ubuntu Bionic) Importance: High Status: Triaged ** Affects: linux-gke-4.15 (Ubuntu Bionic) Importance: High Status: Triaged ** Affects: linux-gke-5.0 (Ubuntu Bionic) Importance: High Status: Triaged ** Affects: linux-oracle (Ubuntu Bionic) Importance: High Status: Triaged ** Affects: linux-aws (Ubuntu Disco) Importance: Undecided Status: Triaged ** Affects: linux-gcp (Ubuntu Disco) Importance: High Status: Triaged ** Affects: linux-gke-4.15 (Ubuntu Disco) Importance: Undecided Status: Invalid ** Affects: linux-gke-5.0 (Ubuntu Disco) Importance: Undecided Status: Invalid ** Affects: linux-oracle (Ubuntu Disco) Importance: High Status: Triaged ** Affects: linux-aws (Ubuntu Eoan) Importance: High Status: Triaged ** Affects: linux-gcp (Ubuntu Eoan) Importance: High Status: Triaged ** Affects: linux-gke-4.15 (Ubuntu Eoan) Importance: Undecided Status: Invalid ** Affects: linux-gke-5.0 (Ubuntu Eoan) Importance: Undecided Status: Invalid ** Affects: linux-oracle (Ubuntu Eoan) Importance: High Status: Triaged ** Also affects: linux-aws (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: linux-aws (Ubuntu Eoan) Importance: High Status: Triaged ** Also affects: linux-aws (Ubuntu Disco) Importance: Undecided Status: New ** Changed in: linux-aws (Ubuntu Disco) Status: New => Triaged ** Changed in: linux-aws (Ubuntu Bionic) Status: New => Triaged ** Description changed: [Impact] Some cloud-focused kernels have CONFIG_BT enabled but cloud instances shouldn't need bluetooth support. Disabling the bluetooth subsystem reduces the amount of security-sensitive code we have to worry about in the cloud kernels and also has the nice side effect of minimizing build times and kernel sizes. + The cloud kernels known to have bluetooth enabled include: + + * [B/D/E] linux-aws (arm64 only) + + [Test Case] 1. Install patched kernel and reboot into it 2. Ensure that the following command does NOT display any output: - $ grep CONFIG_BT=[my] /boot/config-$(uname -r) + $ grep CONFIG_BT=[my] /boot/config-$(uname -r) [Regression Potential] There could be an unexpected dependence on bluetooth within one of the clouds but I think it is highly unlikely. ** Also affects: linux-gcp (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-aws (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: linux-gcp (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: linux-aws (Ubuntu Xenial) Status: New => Invalid ** Also affects: linux-gke-4.15 (Ubuntu) Importance: Undecided Status: New ** Also affects: linux-gke-5.0 (Ubuntu) Importance: Undecided Status: New ** Changed in: linux-gke-4.15 (Ubuntu Xenial) Status: New => Invalid ** Changed in: linux-gke-4.15 (Ubuntu Disco) Status: New => Invalid ** Changed in: linux-gke-4.15 (Ubuntu Eoan) Status: New => Invalid ** Also affects: linux-oracle (Ubuntu) Importance: Undecided Status: New ** Changed in: linux-gke-5.0 (Ubuntu Xenial) Status: New => Invalid ** Changed in: linux-gke-5.0 (Ubuntu Disco) Status: New => Invalid ** Changed in: linux-gke-5.0 (Ubuntu Eoan) Status: New => Invalid ** Changed in: linux-gke-4.15 (Ubuntu Bionic) Status: New => Triaged ** Changed in: linux-gke-5.0 (Ubuntu Bionic) Importance: Undecided => High ** Changed in: linux-gke-5.0 (Ubuntu Bionic) Status: New => Triaged ** Changed in: linux-gke-4.15 (Ubuntu Bionic) Importance: Undecided => High ** Changed in: linux-gcp (Ubuntu Xenial) Status: New => Triaged ** Changed in: linux-gcp (Ubuntu Xenial) Importance: Undecided => High ** Changed in: linux-gcp (Ubuntu Bionic) Importance: Undecided => High ** Changed in: linux-gcp (Ubuntu Bionic) Status: New => Triaged ** Changed in: linux-gcp (Ubuntu Disco) Importance: Undecided => High ** Changed in: linux-gcp (Ubuntu Disco) Status: New => Triaged ** Changed in: linux-gcp (Ubuntu Eoan) Importance: Undecided => High ** Changed in: linux-gcp (Ubuntu Eoan) Status: New => Triaged ** Changed in: linux-oracle (Ubuntu Xenial) Importance: Undecided => High ** Changed in: linux-oracle (Ubuntu Xenial) Status: New => Triaged ** Changed in: linux-oracle (Ubuntu Bionic) Importance: Undecided => High ** Changed in: linux-oracle (Ubuntu Bionic) Status: New => Triaged ** Changed in: linux-oracle (Ubuntu Disco) Importance: Undecided => High ** Changed in: linux-oracle (Ubuntu Disco) Status: New => Triaged ** Changed in: linux-oracle (Ubuntu Eoan) Importance: Undecided => High ** Changed in: linux-oracle (Ubuntu Eoan) Status: New => Triaged ** Description changed: [Impact] Some cloud-focused kernels have CONFIG_BT enabled but cloud instances shouldn't need bluetooth support. Disabling the bluetooth subsystem reduces the amount of security-sensitive code we have to worry about in the cloud kernels and also has the nice side effect of minimizing build times and kernel sizes. The cloud kernels known to have bluetooth enabled include: * [B/D/E] linux-aws (arm64 only) - + * [X/B/D/E] linux-gcp + * [B] linux-gke-4.15 + * [B] linux-gke-5.0 + * [X/B/D/E] linux-oracle [Test Case] 1. Install patched kernel and reboot into it 2. Ensure that the following command does NOT display any output: $ grep CONFIG_BT=[my] /boot/config-$(uname -r) [Regression Potential] There could be an unexpected dependence on bluetooth within one of the clouds but I think it is highly unlikely. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1840488 Title: Disable Bluetooth in cloud kernels To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-aws/+bug/1840488/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs