This bug was fixed in the package linux - 4.12.0-13.14
---------------
linux (4.12.0-13.14) artful; urgency=low
* linux: 4.12.0-13.14 -proposed tracker (LP: #1714687)
* vhost guest network randomly drops under stress (kvm) (LP: #1711251)
- Revert "vhost: cache used event for better performance"
* EDAC sbridge: Failed to register device with error -22. (LP: #1714112)
- [Config] CONFIG_EDAC_GHES=n
* Artful update to v4.12.10 stable release (LP: #1714525)
- sparc64: remove unnecessary log message
- bonding: require speed/duplex only for 802.3ad, alb and tlb
- bonding: ratelimit failed speed/duplex update warning
- af_key: do not use GFP_KERNEL in atomic contexts
- dccp: purge write queue in dccp_destroy_sock()
- dccp: defer ccid_hc_tx_delete() at dismantle time
- ipv4: fix NULL dereference in free_fib_info_rcu()
- net_sched/sfq: update hierarchical backlog when drop packet
- net_sched: remove warning from qdisc_hash_add
- bpf: fix bpf_trace_printk on 32 bit archs
- net: igmp: Use ingress interface rather than vrf device
- openvswitch: fix skb_panic due to the incorrect actions attrlen
- ptr_ring: use kmalloc_array()
- ipv4: better IP_MAX_MTU enforcement
- nfp: fix infinite loop on umapping cleanup
- tun: handle register_netdevice() failures properly
- sctp: fully initialize the IPv6 address in sctp_v6_to_addr()
- tipc: fix use-after-free
- ipv6: reset fn->rr_ptr when replacing route
- ipv6: repair fib6 tree in failure case
- tcp: when rearming RTO, if RTO time is in past then fire RTO ASAP
- net/mlx4_core: Enable 4K UAR if SRIOV module parameter is not enabled
- irda: do not leak initialized list.dev to userspace
- net: sched: fix NULL pointer dereference when action calls some targets
- net_sched: fix order of queue length updates in qdisc_replace()
- bpf, verifier: add additional patterns to evaluate_reg_imm_alu
- bpf: fix mixed signed/unsigned derived min/max value bounds
- bpf/verifier: fix min/max handling in BPF_SUB
- Input: trackpoint - add new trackpoint firmware ID
- Input: elan_i2c - add ELAN0602 ACPI ID to support Lenovo Yoga310
- Input: ALPS - fix two-finger scroll breakage in right side on ALPS
touchpad
- KVM: s390: sthyi: fix sthyi inline assembly
- KVM: s390: sthyi: fix specification exception detection
- KVM: x86: simplify handling of PKRU
- KVM, pkeys: do not use PKRU value in vcpu->arch.guest_fpu.state
- KVM: x86: block guest protection keys unless the host has them enabled
- ALSA: usb-audio: Add delay quirk for H650e/Jabra 550a USB headsets
- ALSA: core: Fix unexpected error at replacing user TLV
- ALSA: hda - Add stereo mic quirk for Lenovo G50-70 (17aa:3978)
- ALSA: firewire: fix NULL pointer dereference when releasing uninitialized
data of iso-resource
- ALSA: firewire-motu: destroy stream data surely at failure of card
initialization
- ARCv2: SLC: Make sure busy bit is set properly for region ops
- ARCv2: PAE40: Explicitly set MSB counterpart of SLC region ops addresses
- ARCv2: PAE40: set MSB even if !CONFIG_ARC_HAS_PAE40 but PAE exists in SoC
- PM/hibernate: touch NMI watchdog when creating snapshot
- mm, shmem: fix handling /sys/kernel/mm/transparent_hugepage/shmem_enabled
- dax: fix deadlock due to misaligned PMD faults
- i2c: designware: Fix system suspend
- mm/madvise.c: fix freeing of locked page with MADV_FREE
- fork: fix incorrect fput of ->exe_file causing use-after-free
- mm/memblock.c: reversed logic in memblock_discard()
- arm64: fpsimd: Prevent registers leaking across exec
- drm: Fix framebuffer leak
- drm: Release driver tracking before making the object available again
- drm/sun4i: Implement drm_driver lastclose to restore fbdev console
- drm/atomic: Handle -EDEADLK with out-fences correctly
- drm/atomic: If the atomic check fails, return its value first
- drm/i915/vbt: ignore extraneous child devices for a port
- drm/i915/gvt: Fix the kernel null pointer error
- Revert "drm/amdgpu: fix vblank_time when displays are off"
- ACPI: device property: Fix node lookup in
acpi_graph_get_child_prop_value()
- tracing: Call clear_boot_tracer() at lateinit_sync
- tracing: Missing error code in tracer_alloc_buffers()
- tracing: Fix kmemleak in tracing_map_array_free()
- tracing: Fix freeing of filter in create_filter() when set_str is false
- RDMA/uverbs: Initialize cq_context appropriately
- kbuild: linker script do not match C names unless
LD_DEAD_CODE_DATA_ELIMINATION is configured
- cifs: Fix df output for users with quota limits
- cifs: return ENAMETOOLONG for overlong names in cifs_open()/cifs_lookup()
- nfsd: Limit end of page list when decoding NFSv4 WRITE
- ring-buffer: Have ring_buffer_alloc_read_page() return error on offline
CPU
- virtio_pci: fix cpu affinity support
- ftrace: Check for null ret_stack on profile function graph entry function
- perf/core: Fix group {cpu,task} validation
- timers: Fix excessive granularity of new timers after a nohz idle
- x86/mm: Fix use-after-free of ldt_struct
- net: sunrpc: svcsock: fix NULL-pointer exception
- netfilter: expect: fix crash when putting uninited expectation
- netfilter: nat: fix src map lookup
- netfilter: nfnetlink: Improve input length sanitization in nfnetlink_rcv
- Bluetooth: hidp: fix possible might sleep error in hidp_session_thread
- Bluetooth: cmtp: fix possible might sleep error in cmtp_session
- Bluetooth: bnep: fix possible might sleep error in bnep_session
- Revert "android: binder: Sanity check at binder ioctl"
- binder: use group leader instead of open thread
- binder: Use wake up hint for synchronous transactions.
- ANDROID: binder: fix proc->tsk check.
- iio: imu: adis16480: Fix acceleration scale factor for adis16480
- iio: hid-sensor-trigger: Fix the race with user space powering up sensors
- iio: magnetometer: st_magn: fix status register address for LSM303AGR
- iio: magnetometer: st_magn: remove ihl property for LSM303AGR
- staging: rtl8188eu: add RNX-N150NUB support
- iommu: Fix wrong freeing of iommu_device->dev
- Clarify (and fix) MAX_LFS_FILESIZE macros
- ntb: ntb_test: ensure the link is up before trying to configure the mws
- ntb: transport shouldn't disable link due to bogus values in SPADs
- ACPI: EC: Fix regression related to wrong ECDT initialization order
- powerpc/mm: Ensure cpumask update is ordered
- Linux 4.12.10
* arm64 arch_timer fixes (LP: #1713821)
- clocksource/drivers/arm_arch_timer: Fix mem frame loop initialization
- clocksource/drivers/arm_arch_timer: Avoid infinite recursion when ftrace
is
enabled
* [Bug] Harrisonville: pnd2_edac always fail to load on B1 stepping
Harrisonville SDP (LP: #1709257)
- EDAC, pnd2: Return proper error value from apl_rd_reg()
- EDAC, pnd2: Make function sbi_send() static
- EDAC, pnd2: Fix Apollo Lake DIMM detection
- EDAC, pnd2: Build in a minimal sideband driver for Apollo Lake
- EDAC, pnd2: Mask off the lower four bits of a BAR
- EDAC, pnd2: Conditionally unhide/hide the P2SB PCI device to read BAR
- EDAC, pnd2: Properly toggle hidden state for P2SB PCI device
- SAUCE: i2c: i801: Restore the presence state of P2SB PCI device after
reading BAR
* implement 'complain mode' in seccomp for developer mode with snaps
(LP: #1567597)
- seccomp: Action to log before allowing
* linux 4.12.0-11.12 ADT test failure with linux 4.12.0-11.12 (LP: #1710904)
- SAUCE: selftests/powerpc: Use snprintf to construct DSCR sysfs interface
paths
* Artful update to v4.12.9 stable release (LP: #1713106)
- audit: Fix use after free in audit_remove_watch_rule()
- parisc: pci memory bar assignment fails with 64bit kernels on dino/cujo
- crypto: ixp4xx - Fix error handling path in 'aead_perform()'
- crypto: x86/sha1 - Fix reads beyond the number of blocks passed
- drm/i915: Perform an invalidate prior to executing golden renderstate
- drm/amdgpu: save list length when fence is signaled
- Input: elan_i2c - add ELAN0608 to the ACPI table
- Input: elan_i2c - Add antoher Lenovo ACPI ID for upcoming Lenovo NB
- md: fix test in md_write_start()
- md: always clear ->safemode when md_check_recovery gets the mddev lock.
- MD: not clear ->safemode for external metadata array
- ALSA: seq: 2nd attempt at fixing race creating a queue
- ALSA: usb-audio: Apply sample rate quirk to Sennheiser headset
- ALSA: usb-audio: Add mute TLV for playback volumes on C-Media devices
- ALSA: usb-audio: add DSD support for new Amanero PID
- mm: discard memblock data later
- slub: fix per memcg cache leak on css offline
- mm: fix double mmap_sem unlock on MMF_UNSTABLE enforced SIGBUS
- mm/cma_debug.c: fix stack corruption due to sprintf usage
- mm/mempolicy: fix use after free when calling get_mempolicy
- mm/vmalloc.c: don't unconditonally use __GFP_HIGHMEM
- mm: revert x86_64 and arm64 ELF_ET_DYN_BASE base changes
- xen: fix bio vec merging
- ARM: dts: imx6qdl-nitrogen6_som2: fix PCIe reset
- blk-mq-pci: add a fallback when pci_irq_get_affinity returns NULL
- powerpc: Fix VSX enabling/flushing to also test MSR_FP and MSR_VEC
- xen-blkfront: use a right index when checking requests
- perf/x86: Fix RDPMC vs. mm_struct tracking
- x86/asm/64: Clear AC on NMI entries
- x86: Fix norandmaps/ADDR_NO_RANDOMIZE
- x86/elf: Remove the unnecessary ADDR_NO_RANDOMIZE checks
- irqchip/atmel-aic: Fix unbalanced of_node_put() in aic_common_irq_fixup()
- irqchip/atmel-aic: Fix unbalanced refcount in aic_common_rtc_irq_fixup()
- genirq: Restore trigger settings in irq_modify_status()
- genirq/ipi: Fixup checks against nr_cpu_ids
- kernel/watchdog: Prevent false positives with turbo modes
- Sanitize 'move_pages()' permission checks
- pids: make task_tgid_nr_ns() safe
- debug: Fix WARN_ON_ONCE() for modules
- usb: optimize acpi companion search for usb port devices
- usb: qmi_wwan: add D-Link DWM-222 device ID
- Linux 4.12.9
* Touchpad not detected (LP: #1708852)
- Input: elan_i2c - add ELAN0608 to the ACPI table
* HID: multitouch: Support ALPS PTP Stick and Touchpad devices (LP: #1712481)
- HID: multitouch: Support PTP Stick and Touchpad device
- SAUCE: HID: multitouch: Support ALPS PTP stick with pid 0x120A
* sort ABI files with C.UTF-8 locale (LP: #1712345)
- [Packaging] sort ABI files with C.UTF-8 locale
* igb: Support using Broadcom 54616 as PHY (LP: #1712024)
- SAUCE: igb: add support for using Broadcom 54616 as PHY
* RPT related fixes missing in Ubuntu 16.04.3 (LP: #1709220)
- powerpc/mm/radix: Improve _tlbiel_pid to be usable for PWC flushes
- powerpc/mm/radix: Improve TLB/PWC flushes
- powerpc/mm/radix: Avoid flushing the PWC on every flush_tlb_range
* AMD RV platforms with SNPS 3.1 USB controller stop responding (S3 issue)
(LP: #1711098)
- usb: xhci: Issue stop EP command only when the EP state is running
* dma-buf: performance issue when looking up the fence status (LP: #1711096)
- dma-buf: avoid scheduling on fence status query v2
* Linux 4.12 refuses to load self-signed modules under Secure Boot with
properly enrolled keys (LP: #1712168)
- SAUCE: (efi-lockdown) MODSIGN: Fix module signature verification
* [17.10 FEAT] Enable NVMe driver - kernel (LP: #1708432)
- [Config] CONFIG_BLK_DEV_NVME=m for s390
* Miscellaneous Ubuntu changes
- SAUCE: selftests/powerpc: Disable some ptrace selftests
* Miscellaneous upstream changes
- Revert "UBUNTU: SAUCE: seccomp: log actions even when audit is disabled"
- seccomp: Provide matching filter for introspection
- seccomp: Sysctl to display available actions
- seccomp: Operation for checking if an action is available
- seccomp: Sysctl to configure actions that are allowed to be logged
- seccomp: Selftest for detection of filter flag support
- seccomp: Filter flag to log all actions except SECCOMP_RET_ALLOW
-- Andy Whitcroft <a...@canonical.com> Fri, 25 Aug 2017 18:04:36 +0100
** Changed in: linux (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1712168
Title:
Linux 4.12 refuses to load self-signed modules under Secure Boot with
properly enrolled keys
Status in linux package in Ubuntu:
Fix Released
Bug description:
Since version 4.12, Linux refuses to load my self-signed VirtualBox
modules.
$ lsb_release -d
Description: Ubuntu Artful Aardvark (development branch)
$ uname -rvm
4.12.0-11-generic #12-Ubuntu SMP Fri Aug 11 12:26:42 UTC 2017 x86_64
$ sudo modprobe -v vboxdrv
insmod /lib/modules/4.12.0-11-generic/misc/vboxdrv.ko
modprobe: ERROR: could not insert 'vboxdrv': Required key not available
I've followed [this guide](https://askubuntu.com/a/768310/65926) to import
the key an sign the modules. It worked until kernel 4.11.
The key is properly enrolled:
$ sudo mokutil --test-key .mok/mok-eric-carvalho.der
.mok/mok-eric-carvalho.der is already enrolled
I think this happens because the kernel was built without
CONFIG_MODULE_SIG_UEFI:
$ ls -1 /boot/config-*
/boot/config-4.11.0-13-generic
/boot/config-4.12.0-11-generic
$ grep CONFIG_MODULE_SIG_UEFI /boot/config-*
/boot/config-4.11.0-13-generic:CONFIG_MODULE_SIG_UEFI=y
Same problem with kernel 4.12.0-12.13 from the proposed repository.
ProblemType: Bug
DistroRelease: Ubuntu 17.10
Package: linux-image-4.12.0-11-generic 4.12.0-11.12
ProcVersionSignature: Ubuntu 4.12.0-11.12-generic 4.12.5
Uname: Linux 4.12.0-11-generic x86_64
ApportVersion: 2.20.6-0ubuntu6
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/controlC1: carvalho 3077 F.... pulseaudio
/dev/snd/controlC0: carvalho 3077 F.... pulseaudio
CurrentDesktop: Budgie:GNOME
Date: Mon Aug 21 15:37:56 2017
HibernationDevice: RESUME=UUID=8766d3eb-a19c-403c-829a-ff5fa7878e87
InstallationDate: Installed on 2016-12-15 (249 days ago)
InstallationMedia: Ubuntu 17.04 "Zesty Zapus" - Alpha amd64 (20161214)
MachineType: LENOVO 80JE
ProcFB: 0 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.12.0-11-generic.efi.signed
root=UUID=ca49cfac-7b28-4152-bf45-006806f69224 ro quiet splash vt.handoff=7
RelatedPackageVersions:
linux-restricted-modules-4.12.0-11-generic N/A
linux-backports-modules-4.12.0-11-generic N/A
linux-firmware 1.167
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 09/30/2016
dmi.bios.vendor: LENOVO
dmi.bios.version: B0CNA0WW
dmi.board.asset.tag: NO Asset Tag
dmi.board.name: Lancer 4A1
dmi.board.vendor: LENOVO
dmi.board.version: SDK0J40688 WIN
dmi.chassis.asset.tag: NO Asset Tag
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: Lenovo G40-80
dmi.modalias:
dmi:bvnLENOVO:bvrB0CNA0WW:bd09/30/2016:svnLENOVO:pn80JE:pvrLenovoG40-80:rvnLENOVO:rnLancer4A1:rvrSDK0J40688WIN:cvnLENOVO:ct10:cvrLenovoG40-80:
dmi.product.family: IDEAPAD
dmi.product.name: 80JE
dmi.product.version: Lenovo G40-80
dmi.sys.vendor: LENOVO
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1712168/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
