** Also affects: linux-kvm (Ubuntu Bionic)
Importance: Undecided
Assignee: Po-Hsu Lin (cypressyew)
Status: In Progress
** Also affects: linux-kvm (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: linux-kvm (Ubuntu Xenial)
Assignee: (unassigned) => Po-Hsu Lin (cypressyew)
** Changed in: linux-kvm (Ubuntu Xenial)
Status: New => Fix Committed
** Changed in: linux-kvm (Ubuntu Bionic)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/1766832
Title:
test_140_kernel_modules_not_tainted in kernel security test failed
with 4.15 kvm kernel
Status in linux-kvm package in Ubuntu:
Fix Committed
Status in linux-kvm source package in Xenial:
Fix Committed
Status in linux-kvm source package in Bionic:
Fix Committed
Bug description:
== Justification ==
In the Bionic KVM and Xenial KVM kernel, the CONFIG_MODULE_UNLOAD was not
set, this will cause the rmmod command in test_072_strict_devmem test from the
kernel security test suite fail to run, and induce a failure in the following
test_140_kernel_modules_not_tainted test.
== Test ==
Before enabling the config, rmmod command will return:
"ERROR: Module signpost is in use"
After the config was enabled, rmmod will succeed and it will pass with this
test_140_kernel_modules_not_tainted test.
== Fix ==
Set CONFIG_MODULE_UNLOAD to "y" to allow user to unload a module.
== Regression Potential ==
Minimal.
No code changes, just one config change without disabling any other configs.
Similar to bug 1760654.
But this time the test_072_strict_devmem passed on the testing node.
And the test_140_kernel_modules_not_tainted test still failed with the same
error message:
FAIL: test_140_kernel_modules_not_tainted (__main__.KernelSecurityTest)
kernel modules are not marked with a taint flag (especially 'E' for
TAINT_UNSIGNED_MODULE)
----------------------------------------------------------------------
Traceback (most recent call last):
File "./test-kernel-security.py", line 1865, in
test_140_kernel_modules_not_tainted
self.fail('Module \'%s\' is tainted: %s' % (fields[0], last_field))
AssertionError: Module 'signpost' is tainted: (OE)
If you try to remove the module after this, you will get:
$ sudo rmmod signpost
rmmod: ERROR: Module signpost is in use
And the lsmod shows:
$ lsmod | grep signpost
signpost 12288 -2
From the Internet [1], the "-2" here indicates that the CONFIG_MODULE_UNLOAD
is not set.
Which is true for the Bionic KVM kernel.
$ grep -i CONFIG_MODULE_UNLOAD debian.kvm/config/config.common.ubuntu
# CONFIG_MODULE_UNLOAD is not set
https://unix.stackexchange.com/questions/269500/lsmod-shows-2-in-the-
used-by-colum
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: linux-image-4.15.0-1008-kvm 4.15.0-1008.8
ProcVersionSignature: User Name 4.15.0-1008.8-kvm 4.15.17
Uname: Linux 4.15.0-1008-kvm x86_64
NonfreeKernelModules: signpost
ApportVersion: 2.20.9-0ubuntu7
Architecture: amd64
Date: Wed Apr 25 08:35:29 2018
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=C.UTF-8
SHELL=/bin/bash
SourcePackage: linux-kvm
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-kvm/+bug/1766832/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
