Test kernel for Bionic available here:
http://people.canonical.com/~phlin/kernel/lp-1766832/

This test will pass with this new kernel, and the rmmod command works as
expected.

  test_140_kernel_modules_not_tainted (__main__.KernelSecurityTest)
  kernel modules are not marked with a taint flag (especially 'E' for 
TAINT_UNSIGNED_MODULE) ... ok


** Description changed:

  == Justification ==
- In the Bionic and Xenial KVM kernel, the CONFIG_MODULE_UNLOAD was not set, 
this will cause the rmmod command in test_072_strict_devmem test from the 
kernel security test suite fail to run, and induce a failure in the following 
test_140_kernel_modules_not_tainted test.
+ In the Bionic KVM and Xenial KVM kernel, the CONFIG_MODULE_UNLOAD was not 
set, this will cause the rmmod command in test_072_strict_devmem test from the 
kernel security test suite fail to run, and induce a failure in the following 
test_140_kernel_modules_not_tainted test.
  
  == Test ==
  Before enabling the config, rmmod command will return:
  "ERROR: Module signpost is in use"
- After the config was enabled, rmmod will succeed.
+ After the config was enabled, rmmod will succeed and it will pass with this 
test_140_kernel_modules_not_tainted test.
  
  == Fix ==
  Set CONFIG_MODULE_UNLOAD to "y" to allow user to unload a module.
  
  == Regression Potential ==
  Minimal.
  No code changes, just one config change without disabling any other configs.
  
  Similar to bug 1760654.
  
  But this time the test_072_strict_devmem passed on the testing node.
  And the test_140_kernel_modules_not_tainted test still failed with the same 
error message:
  
    FAIL: test_140_kernel_modules_not_tainted (__main__.KernelSecurityTest)
    kernel modules are not marked with a taint flag (especially 'E' for 
TAINT_UNSIGNED_MODULE)
    ----------------------------------------------------------------------
    Traceback (most recent call last):
      File "./test-kernel-security.py", line 1865, in 
test_140_kernel_modules_not_tainted
        self.fail('Module \'%s\' is tainted: %s' % (fields[0], last_field))
    AssertionError: Module 'signpost' is tainted: (OE)
  
  If you try to remove the module after this, you will get:
  $ sudo rmmod signpost
  rmmod: ERROR: Module signpost is in use
  
  And the lsmod shows:
  $ lsmod | grep signpost
  signpost               12288  -2
  
  From the Internet [1], the "-2" here indicates that the CONFIG_MODULE_UNLOAD 
is not set.
  Which is true for the Bionic KVM kernel.
  
  $ grep -i CONFIG_MODULE_UNLOAD debian.kvm/config/config.common.ubuntu
  # CONFIG_MODULE_UNLOAD is not set
  
  https://unix.stackexchange.com/questions/269500/lsmod-shows-2-in-the-
  used-by-colum
  
  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: linux-image-4.15.0-1008-kvm 4.15.0-1008.8
  ProcVersionSignature: User Name 4.15.0-1008.8-kvm 4.15.17
  Uname: Linux 4.15.0-1008-kvm x86_64
  NonfreeKernelModules: signpost
  ApportVersion: 2.20.9-0ubuntu7
  Architecture: amd64
  Date: Wed Apr 25 08:35:29 2018
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=C.UTF-8
   SHELL=/bin/bash
  SourcePackage: linux-kvm
  UpgradeStatus: No upgrade log present (probably fresh install)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1766832

Title:
  test_140_kernel_modules_not_tainted in kernel security test failed
  with 4.15 kvm kernel

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-kvm/+bug/1766832/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to