[Bug 1807686] [NEW] efi-lockdown patch causes -EPERM for some debugfs files even though CONFIG_LOCK_DOWN_KERNEL is not set

You have been subscribed to a public bug:

== Comment: #0 - Dominik Klein <dominik.klein@de.ibm.com> - 2018-12-10 03:58:10 ==
There seems to be a bug in the efi-lockdown patch as applied on top of vanilla for Cosmic kernels:
http://kernel.ubuntu.com/git/ubuntu/ubuntu-cosmic.git/commit/fs/debugfs/file.c?id=a1ba65da9ceae481c154bfd1a2c1550e4566d986

Also seems to be present for Disco as of today:
http://kernel.ubuntu.com/git/ubuntu/ubuntu-disco.git/commit/fs/debugfs/file.c?id=a1ba65da9ceae481c154bfd1a2c1550e4566d986

The problem is that part of the patch modifies kernel behavior
independently of CONFIG_LOCK_DOWN_KERNEL being set or not causing issues
on two debugfs files on s390x.

Vasily Gorbik has already analyzed the problem and has posted a proposed fix here:
https://lkml.org/lkml/2018/11/21/634
https://lkml.org/lkml/2018/11/21/635

** Affects: linux (Ubuntu)
Importance: Undecided
Assignee: Skipper Bug Screeners (skipper-screen-team)
Status: New


** Tags: architecture-s39064 bugnameltc-173993 severity-high targetmilestone-inin1810
--
efi-lockdown patch causes -EPERM for some debugfs files even though CONFIG_LOCK_DOWN_KERNEL is not set
https://bugs.launchpad.net/bugs/1807686
You received this bug notification because you are subscribed to linux in Ubuntu.