** Changed in: linux-kvm (Ubuntu Cosmic)
Status: Fix Committed => Won't Fix
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/1812159
Title:
q-r-t security test wants SCHED_STACK_END_CHECK to be enabled in KVM
kernels
Status in ubuntu-kernel-tests:
Fix Released
Status in linux-kvm package in Ubuntu:
Fix Released
Status in linux-kvm source package in Xenial:
Fix Released
Status in linux-kvm source package in Bionic:
Fix Released
Status in linux-kvm source package in Cosmic:
Won't Fix
Status in linux-kvm source package in Disco:
Fix Released
Bug description:
== SRU Justification ==
Security team requires the SCHED_STACK_END_CHECK config to be enabled
on all of our kernel.
The test_380_config_sched_stack_end_check test from q-r-t will fail on
all the KVM kernels.
Copied from the config help text:
This option checks for a stack overrun on calls to schedule(). If the
stack end location is found to be over written always panic as the
content of the corrupted region can no longer be trusted. This is to
ensure no erroneous behaviour occurs which could result in data
corruption or a sporadic crash at a later stage once the region is
examined. The runtime overhead introduced is minimal.
== Test ==
Test kernels could be found here:
https://people.canonical.com/~phlin/kernel/lp-1812159-kvm-sched-check/
This issue case be verified with the test_380_config_sched_stack_end_check
test from q-r-t, the test will pass with the patched kernel.
== Regression Potential ==
Low, the introduced runtime overhead is minimal, and it's already enabled in
the generic kernel.
== Original Bug report ==
The test_380_config_sched_stack_end_check test failed on the Bionic
KVM kernel
FAIL: test_380_config_sched_stack_end_check
(__main__.KernelSecurityConfigTest)
Ensure SCHED_STACK_END_CHECK is set
----------------------------------------------------------------------
Traceback (most recent call last):
File "./test-kernel-security.py", line 2628, in
test_380_config_sched_stack_end_check
self.assertKernelConfig('SCHED_STACK_END_CHECK', expected)
File "./test-kernel-security.py", line 207, in assertKernelConfig
self.assertKernelConfigSet(name)
File "./test-kernel-security.py", line 194, in assertKernelConfigSet
'%s option was expected to be set in the kernel config' % name)
AssertionError: SCHED_STACK_END_CHECK option was expected to be set in the
kernel config
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: linux-image-4.15.0-1028-kvm 4.15.0-1028.28
ProcVersionSignature: User Name 4.15.0-1028.28-kvm 4.15.18
Uname: Linux 4.15.0-1028-kvm x86_64
ApportVersion: 2.20.9-0ubuntu7.5
Architecture: amd64
Date: Thu Jan 17 06:44:41 2019
SourcePackage: linux-kvm
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1812159/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
