subject:"Bug#1071603\: systemd\-udevd.service\: kdump \: failed to call kexec_load system call \: Operation not permitted"

Bug#1071603: systemd-udevd.service: kdump : failed to call kexec_load system call : Operation not permitted

2024-05-22 Thread Luca Boccassi

Control: reassign -1 kdump-tools 1:1.8.1

On Wed, 22 May 2024 00:46:42 -0700 Yong Wang 
wrote:
> Package: udev
> Version: 252.22-1~deb12u1
> Severity: important
> X-Debbugs-Cc: yongw...@nvidia.com
> 
> Dear Maintainer,
> 
>   The error shows up every time when cpu "online" event triggers
"kdump-config try-reload", 
> with error message : "kdump-config: failed to unload kdump kernel"
(in syslog), due to 
> kexec_load system call (belongs to "@reboot" set) is missing in
whitelist i.e. "SystemCallFilter"  
> setting in systemd-udevd.service.
>   In SMP system, performing the following command can trigger cpu
"online" event:
> echo 0 > /sys/devices/system/cpu/cpu1/online
> echo 1 > /sys/devices/system/cpu/cpu1/online
>   kdump kernel is expected to be unloaded and reloaded successfully
in this scenario rather than 
> getting such error message.

There is no such rule in the udev package, it comes from kdump-tools:

https://sources.debian.org/data/main/k/kdump-tools/1%3A1.10.3/debian/kdump-tools.udev

If a package adds rules that require additional permissions, then it's
that package that needs to ship a drop-in to allow them, otherwise the
attack surface is increased even for those that don't use it.

kdump-tools maintainers, please ship a drop-in like this together with
your udev rule:

/usr/lib/systemd/system/systemd-udevd.service.d/debian-kdump-tools-
kexec.conf
[Service]
SystemCallFilter=@reboot

(note that I haven't tested this)

-- 
Kind regards,
Luca Boccassi


signature.asc
Description: This is a digitally signed message part

Bug#1071603: systemd-udevd.service: kdump : failed to call kexec_load system call : Operation not permitted

2024-05-22 Thread Yong Wang

Package: udev
Version: 252.22-1~deb12u1
Severity: important
X-Debbugs-Cc: yongw...@nvidia.com

Dear Maintainer,

  The error shows up every time when cpu "online" event triggers "kdump-config 
try-reload", 
with error message : "kdump-config: failed to unload kdump kernel" (in syslog), 
due to 
kexec_load system call (belongs to "@reboot" set) is missing in whitelist i.e. 
"SystemCallFilter"  
setting in systemd-udevd.service.
  In SMP system, performing the following command can trigger cpu "online" 
event:
echo 0 > /sys/devices/system/cpu/cpu1/online
echo 1 > /sys/devices/system/cpu/cpu1/online
  kdump kernel is expected to be unloaded and reloaded successfully in this 
scenario rather than 
getting such error message.


-- Package-specific info:

-- System Information:
Debian Release: 12.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-21-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages udev depends on:
ii  adduser  3.134
ii  libacl1  2.3.1-3
ii  libblkid12.38.1-5+deb12u1
ii  libc62.36-9+deb12u7
ii  libcap2  1:2.66-4
ii  libkmod2 30+20221128-1
ii  libselinux1  3.4-1+b6
ii  libudev1 252.22-1~deb12u1

udev recommends no packages.

udev suggests no packages.

Versions of packages udev is related to:
ii  systemd  252.22-1~deb12u1

-- no debconf information
P: /devices/LNXSYSTM:00
M: LNXSYSTM:00
R: 00
U: acpi
E: DEVPATH=/devices/LNXSYSTM:00
E: SUBSYSTEM=acpi
E: MODALIAS=acpi:LNXSYSTM:
E: USEC_INITIALIZED=1640680
E: ID_VENDOR_FROM_DATABASE=The Linux Foundation

P: /devices/LNXSYSTM:00/LNXPWRBN:00
M: LNXPWRBN:00
R: 00
U: acpi
V: button
E: DEVPATH=/devices/LNXSYSTM:00/LNXPWRBN:00
E: SUBSYSTEM=acpi
E: DRIVER=button
E: MODALIAS=acpi:LNXPWRBN:
E: USEC_INITIALIZED=1642502
E: ID_VENDOR_FROM_DATABASE=The Linux Foundation

P: /devices/LNXSYSTM:00/LNXPWRBN:00/input/input2
M: input2
R: 2
U: input
E: DEVPATH=/devices/LNXSYSTM:00/LNXPWRBN:00/input/input2
E: SUBSYSTEM=input
E: PRODUCT=19/0/1/0
E: NAME="Power Button"
E: PHYS="LNXPWRBN/button/input0"
E: PROP=0
E: EV=3
E: KEY=10 0
E: MODALIAS=input:b0019vp0001e-e0,1,k74,ramlsfw
E: USEC_INITIALIZED=449814
E: ID_INPUT=1
E: ID_INPUT_KEY=1
E: ID_PATH=acpi-LNXPWRBN:00
E: ID_PATH_TAG=acpi-LNXPWRBN_00
E: ID_FOR_SEAT=input-acpi-LNXPWRBN_00
E: TAGS=:seat:
E: CURRENT_TAGS=:seat:

P: /devices/LNXSYSTM:00/LNXPWRBN:00/input/input2/event1
M: event1
R: 1
U: input
D: c 13:65
N: input/event1
L: 0
E: DEVPATH=/devices/LNXSYSTM:00/LNXPWRBN:00/input/input2/event1
E: SUBSYSTEM=input
E: DEVNAME=/dev/input/event1
E: MAJOR=13
E: MINOR=65
E: USEC_INITIALIZED=1774043
E: ID_INPUT=1
E: ID_INPUT_KEY=1
E: ID_PATH=acpi-LNXPWRBN:00
E: ID_PATH_TAG=acpi-LNXPWRBN_00
E: XKBMODEL=pc105
E: XKBLAYOUT=us
E: BACKSPACE=guess
E: LIBINPUT_DEVICE_GROUP=19/0/1:LNXPWRBN/button
E: TAGS=:power-switch:
E: CURRENT_TAGS=:power-switch:

P: /devices/LNXSYSTM:00/LNXPWRBN:00/wakeup/wakeup26
M: wakeup26
R: 26
U: wakeup
E: DEVPATH=/devices/LNXSYSTM:00/LNXPWRBN:00/wakeup/wakeup26
E: SUBSYSTEM=wakeup

P: /devices/LNXSYSTM:00/LNXSYBUS:00
M: LNXSYBUS:00
R: 00
U: acpi
E: DEVPATH=/devices/LNXSYSTM:00/LNXSYBUS:00
E: SUBSYSTEM=acpi
E: MODALIAS=acpi:LNXSYBUS:
E: USEC_INITIALIZED=1655300
E: ID_VENDOR_FROM_DATABASE=The Linux Foundation

P: /devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0010:00
M: ACPI0010:00
R: 00
U: acpi
E: DEVPATH=/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0010:00
E: SUBSYSTEM=acpi
E: MODALIAS=acpi:ACPI0010:PNP0A05:
E: USEC_INITIALIZED=1656140
E: ID_VENDOR_FROM_DATABASE=The Linux Foundation

P: /devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0010:00/LNXCPU:00
M: LNXCPU:00
R: 00
U: acpi
E: DEVPATH=/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0010:00/LNXCPU:00
E: SUBSYSTEM=acpi
E: MODALIAS=acpi:LNXCPU:
E: USEC_INITIALIZED=1656911
E: ID_VENDOR_FROM_DATABASE=The Linux Foundation

P: /devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0010:00/LNXCPU:01
M: LNXCPU:01
R: 01
U: acpi
E: DEVPATH=/devices/LNXSYSTM:00/LNXSYBUS:00/ACPI0010:00/LNXCPU:01
E: SUBSYSTEM=acpi
E: MODALIAS=acpi:LNXCPU:
E: USEC_INITIALIZED=1657140
E: ID_VENDOR_FROM_DATABASE=The Linux Foundation

P: /devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00
M: PNP0A08:00
R: 00
U: acpi
E: DEVPATH=/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00
E: SUBSYSTEM=acpi
E: MODALIAS=acpi:PNP0A08:PNP0A03:
E: USEC_INITIALIZED=1656644
E: ID_VENDOR_FROM_DATABASE=The Linux Foundation

P: /devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/PNP0A06:00
M: PNP0A06:00
R: 00
U: acpi
E: DEVPATH=/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/PNP0A06:00
E: SUBSYSTEM=acpi
E: MODALIAS=acpi:PNP0A06:
E: USEC_INITIALIZED=1657703
E: ID_VENDOR_FROM_DATABASE=The Linux Foundation

P: /devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/PNP0A06:01
M: PNP0A06:01
R: 01
U: acpi
E:

Bug#1071603: systemd-udevd.service: kdump : failed to call kexec_load system call : Operation not permitted

Bug#1071603: systemd-udevd.service: kdump : failed to call kexec_load system call : Operation not permitted

2 matches

Site Navigation

Mail list logo

Footer information