[Kernel-packages] [Bug 1735977] Re: Using asymmetric key for IMA appraisal crashes the system in Ubuntu 16.04
** Tags added: cscc -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1735977 Title: Using asymmetric key for IMA appraisal crashes the system in Ubuntu 16.04 Status in linux package in Ubuntu: Fix Released Status in linux source package in Xenial: Fix Released Bug description: == SRU Justification == The bug reporter was trying to enable IMA appraisal with signatures for executable files on Xenial. However, when enabling IMA appriasl the system would crash and generate a trace. This bug is happening because the following commit was applied to Xenial in bug 1569924: db6c43bd2132 ("crypto: KEYS: convert public key and digsig asym to the akcipher api") However, the following commit is also required or this bug happens: eb5798f2e28f ("integrity: convert digsig to akcipher api") == Fix == commit eb5798f2e28f3b43091cecc71c84c3f6fb35c7de Author: Tadeusz Struk Date: Tue Feb 2 10:08:58 2016 -0800 integrity: convert digsig to akcipher api == Regression Potential == The requested commit is requred to fix an existing regression caused by bug 1569924. == Test Case == A test kernel was built with this patch and tested by the original bug reporter. The bug reporter states the test kernel resolved the bug. == Original Bug Description == I'm trying to enable IMA appraisal with signatures for executable files on xenial with Linux 4.4. I took the following steps: * Downloaded ubuntu-xenial kernel sources * Run fakeroot debian/rules editconfigs to set CONFIG_SYSTEM_TRUSTED_KEYS to my key * Run fakeroot debian/rules binary-headers binary-generic binary-perarch to build the kernel deb packaes * Installed the kernel * Signed the filesystem with my key using 'evmctl sing' * Enabled IMA policy so that it will include the following line appraise fowner=0 appraise_type=imasig * From this point invocation of a signed binary cases a kernel BUG(): [ 1395.036910] kernel BUG at /home/rapoport/git/ubuntu-xenial/crypto/asymmetric_keys/public_key.c:80! [ 1395.038963] invalid opcode: [#1] SMP [ 1395.039973] Modules linked in: isofs ppdev kvm_intel kvm irqbypass joydev input_leds serio_raw parport_pc parport ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper psmouse cryptd floppy [ 1395.050761] CPU: 6 PID: 31586 Comm: bash Not tainted 4.4.0-101-generic #124 [ 1395.051909] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 [ 1395.053510] task: 8800bae9c600 ti: 88042c52c000 task.ti: 88042c52c000 [ 1395.054763] RIP: 0010:[] [] public_key_verify_signature+0x46/0x50 [ 1395.056406] RSP: 0018:88042c52fa98 EFLAGS: 00010246 [ 1395.057307] RAX: 813bdb80 RBX: fff4 RCX: 0001 [ 1395.058518] RDX: 81ea73c0 RSI: 88042c52fac8 RDI: 88042a107c10 [ 1395.059709] RBP: 88042c52faa0 R08: 88042a849100 R09: 0007 [ 1395.061109] R10: 88042a0f9d00 R11: 88042c52fb07 R12: 0080 [ 1395.062289] R13: 88042abd9a80 R14: 0014 R15: 88042a849ac4 [ 1395.063404] FS: 7f5e21958700() GS:88043fd8() knlGS: [ 1395.064771] CS: 0010 DS: ES: CR0: 80050033 [ 1395.065809] CR2: 7f5e20f5c3cc CR3: 00042cabc000 CR4: 000406e0 [ 1395.067058] Stack: [ 1395.067540] 813bdb95 88042c52fab0 813bdaec 88042c52fb38 [ 1395.068964] 813a759e 88042c52fac8 [ 1395.070417] 88042a849ac4 02000114 88042a849100 [ 1395.071973] Call Trace: [ 1395.072510] [] ? public_key_verify_signature_2+0x15/0x20 [ 1395.073605] [] verify_signature+0x3c/0x50 [ 1395.074526] [] asymmetric_verify+0x17e/0x2a0 [ 1395.075475] [] integrity_digsig_verify+0x70/0x110 [ 1395.076481] [] ima_appraise_measurement+0x244/0x420 [ 1395.077518] [] process_measurement+0x3fa/0x480 [ 1395.078479] [] ima_file_check+0x18/0x20 [ 1395.079381] [] path_openat+0x1f3/0x1330 [ 1395.080274] [] ? __slab_free+0xcb/0x2c0 [ 1395.081165] [] do_filp_open+0x91/0x100 [ 1395.082050] [] ? apparmor_cred_prepare+0x2f/0x50 [ 1395.083046] [] ? security_prepare_creds+0x43/0x60 [ 1395.084056] [] do_open_execat+0x78/0x1d0 [ 1395.084952] [] do_execveat_common.isra.33+0x240/0x760 [ 1395.086016] [] SyS_execve+0x3a/0x50 [ 1395.086877] [] stub_execve+0x5/0x5 [ 1395.087711] [] ? entry_SYSCALL_64_fastpath+0x16/0x71 [
[Kernel-packages] [Bug 1735977] Re: Using asymmetric key for IMA appraisal crashes the system in Ubuntu 16.04
** Changed in: linux (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1735977 Title: Using asymmetric key for IMA appraisal crashes the system in Ubuntu 16.04 Status in linux package in Ubuntu: Fix Released Status in linux source package in Xenial: Fix Released Bug description: == SRU Justification == The bug reporter was trying to enable IMA appraisal with signatures for executable files on Xenial. However, when enabling IMA appriasl the system would crash and generate a trace. This bug is happening because the following commit was applied to Xenial in bug 1569924: db6c43bd2132 ("crypto: KEYS: convert public key and digsig asym to the akcipher api") However, the following commit is also required or this bug happens: eb5798f2e28f ("integrity: convert digsig to akcipher api") == Fix == commit eb5798f2e28f3b43091cecc71c84c3f6fb35c7de Author: Tadeusz Struk Date: Tue Feb 2 10:08:58 2016 -0800 integrity: convert digsig to akcipher api == Regression Potential == The requested commit is requred to fix an existing regression caused by bug 1569924. == Test Case == A test kernel was built with this patch and tested by the original bug reporter. The bug reporter states the test kernel resolved the bug. == Original Bug Description == I'm trying to enable IMA appraisal with signatures for executable files on xenial with Linux 4.4. I took the following steps: * Downloaded ubuntu-xenial kernel sources * Run fakeroot debian/rules editconfigs to set CONFIG_SYSTEM_TRUSTED_KEYS to my key * Run fakeroot debian/rules binary-headers binary-generic binary-perarch to build the kernel deb packaes * Installed the kernel * Signed the filesystem with my key using 'evmctl sing' * Enabled IMA policy so that it will include the following line appraise fowner=0 appraise_type=imasig * From this point invocation of a signed binary cases a kernel BUG(): [ 1395.036910] kernel BUG at /home/rapoport/git/ubuntu-xenial/crypto/asymmetric_keys/public_key.c:80! [ 1395.038963] invalid opcode: [#1] SMP [ 1395.039973] Modules linked in: isofs ppdev kvm_intel kvm irqbypass joydev input_leds serio_raw parport_pc parport ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper psmouse cryptd floppy [ 1395.050761] CPU: 6 PID: 31586 Comm: bash Not tainted 4.4.0-101-generic #124 [ 1395.051909] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 [ 1395.053510] task: 8800bae9c600 ti: 88042c52c000 task.ti: 88042c52c000 [ 1395.054763] RIP: 0010:[] [] public_key_verify_signature+0x46/0x50 [ 1395.056406] RSP: 0018:88042c52fa98 EFLAGS: 00010246 [ 1395.057307] RAX: 813bdb80 RBX: fff4 RCX: 0001 [ 1395.058518] RDX: 81ea73c0 RSI: 88042c52fac8 RDI: 88042a107c10 [ 1395.059709] RBP: 88042c52faa0 R08: 88042a849100 R09: 0007 [ 1395.061109] R10: 88042a0f9d00 R11: 88042c52fb07 R12: 0080 [ 1395.062289] R13: 88042abd9a80 R14: 0014 R15: 88042a849ac4 [ 1395.063404] FS: 7f5e21958700() GS:88043fd8() knlGS: [ 1395.064771] CS: 0010 DS: ES: CR0: 80050033 [ 1395.065809] CR2: 7f5e20f5c3cc CR3: 00042cabc000 CR4: 000406e0 [ 1395.067058] Stack: [ 1395.067540] 813bdb95 88042c52fab0 813bdaec 88042c52fb38 [ 1395.068964] 813a759e 88042c52fac8 [ 1395.070417] 88042a849ac4 02000114 88042a849100 [ 1395.071973] Call Trace: [ 1395.072510] [] ? public_key_verify_signature_2+0x15/0x20 [ 1395.073605] [] verify_signature+0x3c/0x50 [ 1395.074526] [] asymmetric_verify+0x17e/0x2a0 [ 1395.075475] [] integrity_digsig_verify+0x70/0x110 [ 1395.076481] [] ima_appraise_measurement+0x244/0x420 [ 1395.077518] [] process_measurement+0x3fa/0x480 [ 1395.078479] [] ima_file_check+0x18/0x20 [ 1395.079381] [] path_openat+0x1f3/0x1330 [ 1395.080274] [] ? __slab_free+0xcb/0x2c0 [ 1395.081165] [] do_filp_open+0x91/0x100 [ 1395.082050] [] ? apparmor_cred_prepare+0x2f/0x50 [ 1395.083046] [] ? security_prepare_creds+0x43/0x60 [ 1395.084056] [] do_open_execat+0x78/0x1d0 [ 1395.084952] [] do_execveat_common.isra.33+0x240/0x760 [ 1395.086016] [] SyS_execve+0x3a/0x50 [ 1395.086877] [] stub_execve+0x5/0x5 [ 1395.087711]
[Kernel-packages] [Bug 1735977] Re: Using asymmetric key for IMA appraisal crashes the system in Ubuntu 16.04
This bug was fixed in the package linux - 4.4.0-119.143 --- linux (4.4.0-119.143) xenial; urgency=medium * linux: 4.4.0-119.143 -proposed tracker (LP: #1760327) * Dell XPS 13 9360 bluetooth scan can not detect any device (LP: #1759821) - Revert "Bluetooth: btusb: fix QCA Rome suspend/resume" linux (4.4.0-118.142) xenial; urgency=medium * linux: 4.4.0-118.142 -proposed tracker (LP: #1759607) * Kernel panic with AWS 4.4.0-1053 / 4.4.0-1015 (Trusty) (LP: #1758869) - x86/microcode/AMD: Do not load when running on a hypervisor * CVE-2018-8043 - net: phy: mdio-bcm-unimac: fix potential NULL dereference in unimac_mdio_probe() linux (4.4.0-117.141) xenial; urgency=medium * linux: 4.4.0-117.141 -proposed tracker (LP: #1755208) * Xenial update to 4.4.114 stable release (LP: #1754592) - x86/asm/32: Make sync_core() handle missing CPUID on all 32-bit kernels - usbip: prevent vhci_hcd driver from leaking a socket pointer address - usbip: Fix implicit fallthrough warning - usbip: Fix potential format overflow in userspace tools - x86/microcode/intel: Fix BDW late-loading revision check - x86/retpoline: Fill RSB on context switch for affected CPUs - sched/deadline: Use the revised wakeup rule for suspending constrained dl tasks - can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once - can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once - PM / sleep: declare __tracedata symbols as char[] rather than char - time: Avoid undefined behaviour in ktime_add_safe() - timers: Plug locking race vs. timer migration - Prevent timer value 0 for MWAITX - drivers: base: cacheinfo: fix x86 with CONFIG_OF enabled - drivers: base: cacheinfo: fix boot error message when acpi is enabled - PCI: layerscape: Add "fsl,ls2085a-pcie" compatible ID - PCI: layerscape: Fix MSG TLP drop setting - mmc: sdhci-of-esdhc: add/remove some quirks according to vendor version - fs/select: add vmalloc fallback for select(2) - hwpoison, memcg: forcibly uncharge LRU pages - cma: fix calculation of aligned offset - mm, page_alloc: fix potential false positive in __zone_watermark_ok - ipc: msg, make msgrcv work with LONG_MIN - x86/ioapic: Fix incorrect pointers in ioapic_setup_resources() - ACPI / processor: Avoid reserving IO regions too early - ACPI / scan: Prefer devices without _HID/_CID for _ADR matching - ACPICA: Namespace: fix operand cache leak - netfilter: x_tables: speed up jump target validation - netfilter: arp_tables: fix invoking 32bit "iptable -P INPUT ACCEPT" failed in 64bit kernel - netfilter: nf_dup_ipv6: set again FLOWI_FLAG_KNOWN_NH at flowi6_flags - netfilter: nf_ct_expect: remove the redundant slash when policy name is empty - netfilter: nfnetlink_queue: reject verdict request from different portid - netfilter: restart search if moved to other chain - netfilter: nf_conntrack_sip: extend request line validation - netfilter: use fwmark_reflect in nf_send_reset - ext2: Don't clear SGID when inheriting ACLs - reiserfs: fix race in prealloc discard - reiserfs: don't preallocate blocks for extended attributes - reiserfs: Don't clear SGID when inheriting ACLs - fs/fcntl: f_setown, avoid undefined behaviour - scsi: libiscsi: fix shifting of DID_REQUEUE host byte - Input: trackpoint - force 3 buttons if 0 button is reported - usb: usbip: Fix possible deadlocks reported by lockdep - usbip: fix stub_rx: get_pipe() to validate endpoint number - usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input - usbip: prevent leaking socket pointer address in messages - um: link vmlinux with -no-pie - vsyscall: Fix permissions for emulate mode with KAISER/PTI - eventpoll.h: add missing epoll event masks - x86/microcode/intel: Extend BDW late-loading further with LLC size check - hrtimer: Reset hrtimer cpu base proper on CPU hotplug - dccp: don't restart ccid2_hc_tx_rto_expire() if sk in closed state - ipv6: Fix getsockopt() for sockets with default IPV6_AUTOFLOWLABEL - ipv6: fix udpv6 sendmsg crash caused by too small MTU - ipv6: ip6_make_skb() needs to clear cork.base.dst - lan78xx: Fix failure in USB Full Speed - net: igmp: fix source address check for IGMPv3 reports - tcp: __tcp_hdrlen() helper - net: qdisc_pkt_len_init() should be more robust - pppoe: take ->needed_headroom of lower device into account on xmit - r8169: fix memory corruption on retrieval of hardware statistics. - sctp: do not allow the v4 socket to bind a v4mapped v6 address - sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf - vmxnet3: repair memory leak - net: Allow neigh contructor functions ability to modify the primary_key - ipv4: Make neigh lookup keys for loopback/point-to-point devices be INADDR_ANY
[Kernel-packages] [Bug 1735977] Re: Using asymmetric key for IMA appraisal crashes the system in Ubuntu 16.04
** Tags removed: verification-needed-xenial ** Tags added: verification-done-xenial -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1735977 Title: Using asymmetric key for IMA appraisal crashes the system in Ubuntu 16.04 Status in linux package in Ubuntu: In Progress Status in linux source package in Xenial: Fix Committed Bug description: == SRU Justification == The bug reporter was trying to enable IMA appraisal with signatures for executable files on Xenial. However, when enabling IMA appriasl the system would crash and generate a trace. This bug is happening because the following commit was applied to Xenial in bug 1569924: db6c43bd2132 ("crypto: KEYS: convert public key and digsig asym to the akcipher api") However, the following commit is also required or this bug happens: eb5798f2e28f ("integrity: convert digsig to akcipher api") == Fix == commit eb5798f2e28f3b43091cecc71c84c3f6fb35c7de Author: Tadeusz StrukDate: Tue Feb 2 10:08:58 2016 -0800 integrity: convert digsig to akcipher api == Regression Potential == The requested commit is requred to fix an existing regression caused by bug 1569924. == Test Case == A test kernel was built with this patch and tested by the original bug reporter. The bug reporter states the test kernel resolved the bug. == Original Bug Description == I'm trying to enable IMA appraisal with signatures for executable files on xenial with Linux 4.4. I took the following steps: * Downloaded ubuntu-xenial kernel sources * Run fakeroot debian/rules editconfigs to set CONFIG_SYSTEM_TRUSTED_KEYS to my key * Run fakeroot debian/rules binary-headers binary-generic binary-perarch to build the kernel deb packaes * Installed the kernel * Signed the filesystem with my key using 'evmctl sing' * Enabled IMA policy so that it will include the following line appraise fowner=0 appraise_type=imasig * From this point invocation of a signed binary cases a kernel BUG(): [ 1395.036910] kernel BUG at /home/rapoport/git/ubuntu-xenial/crypto/asymmetric_keys/public_key.c:80! [ 1395.038963] invalid opcode: [#1] SMP [ 1395.039973] Modules linked in: isofs ppdev kvm_intel kvm irqbypass joydev input_leds serio_raw parport_pc parport ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper psmouse cryptd floppy [ 1395.050761] CPU: 6 PID: 31586 Comm: bash Not tainted 4.4.0-101-generic #124 [ 1395.051909] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 [ 1395.053510] task: 8800bae9c600 ti: 88042c52c000 task.ti: 88042c52c000 [ 1395.054763] RIP: 0010:[] [] public_key_verify_signature+0x46/0x50 [ 1395.056406] RSP: 0018:88042c52fa98 EFLAGS: 00010246 [ 1395.057307] RAX: 813bdb80 RBX: fff4 RCX: 0001 [ 1395.058518] RDX: 81ea73c0 RSI: 88042c52fac8 RDI: 88042a107c10 [ 1395.059709] RBP: 88042c52faa0 R08: 88042a849100 R09: 0007 [ 1395.061109] R10: 88042a0f9d00 R11: 88042c52fb07 R12: 0080 [ 1395.062289] R13: 88042abd9a80 R14: 0014 R15: 88042a849ac4 [ 1395.063404] FS: 7f5e21958700() GS:88043fd8() knlGS: [ 1395.064771] CS: 0010 DS: ES: CR0: 80050033 [ 1395.065809] CR2: 7f5e20f5c3cc CR3: 00042cabc000 CR4: 000406e0 [ 1395.067058] Stack: [ 1395.067540] 813bdb95 88042c52fab0 813bdaec 88042c52fb38 [ 1395.068964] 813a759e 88042c52fac8 [ 1395.070417] 88042a849ac4 02000114 88042a849100 [ 1395.071973] Call Trace: [ 1395.072510] [] ? public_key_verify_signature_2+0x15/0x20 [ 1395.073605] [] verify_signature+0x3c/0x50 [ 1395.074526] [] asymmetric_verify+0x17e/0x2a0 [ 1395.075475] [] integrity_digsig_verify+0x70/0x110 [ 1395.076481] [] ima_appraise_measurement+0x244/0x420 [ 1395.077518] [] process_measurement+0x3fa/0x480 [ 1395.078479] [] ima_file_check+0x18/0x20 [ 1395.079381] [] path_openat+0x1f3/0x1330 [ 1395.080274] [] ? __slab_free+0xcb/0x2c0 [ 1395.081165] [] do_filp_open+0x91/0x100 [ 1395.082050] [] ? apparmor_cred_prepare+0x2f/0x50 [ 1395.083046] [] ? security_prepare_creds+0x43/0x60 [ 1395.084056] [] do_open_execat+0x78/0x1d0 [ 1395.084952] [] do_execveat_common.isra.33+0x240/0x760 [ 1395.086016] [] SyS_execve+0x3a/0x50 [ 1395.086877] []
[Kernel-packages] [Bug 1735977] Re: Using asymmetric key for IMA appraisal crashes the system in Ubuntu 16.04
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- xenial' to 'verification-done-xenial'. If the problem still exists, change the tag 'verification-needed-xenial' to 'verification-failed- xenial'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-xenial -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1735977 Title: Using asymmetric key for IMA appraisal crashes the system in Ubuntu 16.04 Status in linux package in Ubuntu: In Progress Status in linux source package in Xenial: Fix Committed Bug description: == SRU Justification == The bug reporter was trying to enable IMA appraisal with signatures for executable files on Xenial. However, when enabling IMA appriasl the system would crash and generate a trace. This bug is happening because the following commit was applied to Xenial in bug 1569924: db6c43bd2132 ("crypto: KEYS: convert public key and digsig asym to the akcipher api") However, the following commit is also required or this bug happens: eb5798f2e28f ("integrity: convert digsig to akcipher api") == Fix == commit eb5798f2e28f3b43091cecc71c84c3f6fb35c7de Author: Tadeusz StrukDate: Tue Feb 2 10:08:58 2016 -0800 integrity: convert digsig to akcipher api == Regression Potential == The requested commit is requred to fix an existing regression caused by bug 1569924. == Test Case == A test kernel was built with this patch and tested by the original bug reporter. The bug reporter states the test kernel resolved the bug. == Original Bug Description == I'm trying to enable IMA appraisal with signatures for executable files on xenial with Linux 4.4. I took the following steps: * Downloaded ubuntu-xenial kernel sources * Run fakeroot debian/rules editconfigs to set CONFIG_SYSTEM_TRUSTED_KEYS to my key * Run fakeroot debian/rules binary-headers binary-generic binary-perarch to build the kernel deb packaes * Installed the kernel * Signed the filesystem with my key using 'evmctl sing' * Enabled IMA policy so that it will include the following line appraise fowner=0 appraise_type=imasig * From this point invocation of a signed binary cases a kernel BUG(): [ 1395.036910] kernel BUG at /home/rapoport/git/ubuntu-xenial/crypto/asymmetric_keys/public_key.c:80! [ 1395.038963] invalid opcode: [#1] SMP [ 1395.039973] Modules linked in: isofs ppdev kvm_intel kvm irqbypass joydev input_leds serio_raw parport_pc parport ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper psmouse cryptd floppy [ 1395.050761] CPU: 6 PID: 31586 Comm: bash Not tainted 4.4.0-101-generic #124 [ 1395.051909] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 [ 1395.053510] task: 8800bae9c600 ti: 88042c52c000 task.ti: 88042c52c000 [ 1395.054763] RIP: 0010:[] [] public_key_verify_signature+0x46/0x50 [ 1395.056406] RSP: 0018:88042c52fa98 EFLAGS: 00010246 [ 1395.057307] RAX: 813bdb80 RBX: fff4 RCX: 0001 [ 1395.058518] RDX: 81ea73c0 RSI: 88042c52fac8 RDI: 88042a107c10 [ 1395.059709] RBP: 88042c52faa0 R08: 88042a849100 R09: 0007 [ 1395.061109] R10: 88042a0f9d00 R11: 88042c52fb07 R12: 0080 [ 1395.062289] R13: 88042abd9a80 R14: 0014 R15: 88042a849ac4 [ 1395.063404] FS: 7f5e21958700() GS:88043fd8() knlGS: [ 1395.064771] CS: 0010 DS: ES: CR0: 80050033 [ 1395.065809] CR2: 7f5e20f5c3cc CR3: 00042cabc000 CR4: 000406e0 [ 1395.067058] Stack: [ 1395.067540] 813bdb95 88042c52fab0 813bdaec 88042c52fb38 [ 1395.068964] 813a759e 88042c52fac8 [ 1395.070417] 88042a849ac4 02000114 88042a849100 [ 1395.071973] Call Trace: [ 1395.072510] [] ? public_key_verify_signature_2+0x15/0x20 [ 1395.073605] [] verify_signature+0x3c/0x50 [ 1395.074526] [] asymmetric_verify+0x17e/0x2a0 [ 1395.075475] [] integrity_digsig_verify+0x70/0x110 [
[Kernel-packages] [Bug 1735977] Re: Using asymmetric key for IMA appraisal crashes the system in Ubuntu 16.04
** Changed in: linux (Ubuntu Xenial) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1735977 Title: Using asymmetric key for IMA appraisal crashes the system in Ubuntu 16.04 Status in linux package in Ubuntu: In Progress Status in linux source package in Xenial: Fix Committed Bug description: == SRU Justification == The bug reporter was trying to enable IMA appraisal with signatures for executable files on Xenial. However, when enabling IMA appriasl the system would crash and generate a trace. This bug is happening because the following commit was applied to Xenial in bug 1569924: db6c43bd2132 ("crypto: KEYS: convert public key and digsig asym to the akcipher api") However, the following commit is also required or this bug happens: eb5798f2e28f ("integrity: convert digsig to akcipher api") == Fix == commit eb5798f2e28f3b43091cecc71c84c3f6fb35c7de Author: Tadeusz StrukDate: Tue Feb 2 10:08:58 2016 -0800 integrity: convert digsig to akcipher api == Regression Potential == The requested commit is requred to fix an existing regression caused by bug 1569924. == Test Case == A test kernel was built with this patch and tested by the original bug reporter. The bug reporter states the test kernel resolved the bug. == Original Bug Description == I'm trying to enable IMA appraisal with signatures for executable files on xenial with Linux 4.4. I took the following steps: * Downloaded ubuntu-xenial kernel sources * Run fakeroot debian/rules editconfigs to set CONFIG_SYSTEM_TRUSTED_KEYS to my key * Run fakeroot debian/rules binary-headers binary-generic binary-perarch to build the kernel deb packaes * Installed the kernel * Signed the filesystem with my key using 'evmctl sing' * Enabled IMA policy so that it will include the following line appraise fowner=0 appraise_type=imasig * From this point invocation of a signed binary cases a kernel BUG(): [ 1395.036910] kernel BUG at /home/rapoport/git/ubuntu-xenial/crypto/asymmetric_keys/public_key.c:80! [ 1395.038963] invalid opcode: [#1] SMP [ 1395.039973] Modules linked in: isofs ppdev kvm_intel kvm irqbypass joydev input_leds serio_raw parport_pc parport ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper psmouse cryptd floppy [ 1395.050761] CPU: 6 PID: 31586 Comm: bash Not tainted 4.4.0-101-generic #124 [ 1395.051909] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 [ 1395.053510] task: 8800bae9c600 ti: 88042c52c000 task.ti: 88042c52c000 [ 1395.054763] RIP: 0010:[] [] public_key_verify_signature+0x46/0x50 [ 1395.056406] RSP: 0018:88042c52fa98 EFLAGS: 00010246 [ 1395.057307] RAX: 813bdb80 RBX: fff4 RCX: 0001 [ 1395.058518] RDX: 81ea73c0 RSI: 88042c52fac8 RDI: 88042a107c10 [ 1395.059709] RBP: 88042c52faa0 R08: 88042a849100 R09: 0007 [ 1395.061109] R10: 88042a0f9d00 R11: 88042c52fb07 R12: 0080 [ 1395.062289] R13: 88042abd9a80 R14: 0014 R15: 88042a849ac4 [ 1395.063404] FS: 7f5e21958700() GS:88043fd8() knlGS: [ 1395.064771] CS: 0010 DS: ES: CR0: 80050033 [ 1395.065809] CR2: 7f5e20f5c3cc CR3: 00042cabc000 CR4: 000406e0 [ 1395.067058] Stack: [ 1395.067540] 813bdb95 88042c52fab0 813bdaec 88042c52fb38 [ 1395.068964] 813a759e 88042c52fac8 [ 1395.070417] 88042a849ac4 02000114 88042a849100 [ 1395.071973] Call Trace: [ 1395.072510] [] ? public_key_verify_signature_2+0x15/0x20 [ 1395.073605] [] verify_signature+0x3c/0x50 [ 1395.074526] [] asymmetric_verify+0x17e/0x2a0 [ 1395.075475] [] integrity_digsig_verify+0x70/0x110 [ 1395.076481] [] ima_appraise_measurement+0x244/0x420 [ 1395.077518] [] process_measurement+0x3fa/0x480 [ 1395.078479] [] ima_file_check+0x18/0x20 [ 1395.079381] [] path_openat+0x1f3/0x1330 [ 1395.080274] [] ? __slab_free+0xcb/0x2c0 [ 1395.081165] [] do_filp_open+0x91/0x100 [ 1395.082050] [] ? apparmor_cred_prepare+0x2f/0x50 [ 1395.083046] [] ? security_prepare_creds+0x43/0x60 [ 1395.084056] [] do_open_execat+0x78/0x1d0 [ 1395.084952] [] do_execveat_common.isra.33+0x240/0x760 [ 1395.086016] [] SyS_execve+0x3a/0x50 [ 1395.086877] []
[Kernel-packages] [Bug 1735977] Re: Using asymmetric key for IMA appraisal crashes the system in Ubuntu 16.04
SRU request submitted: https://lists.ubuntu.com/archives/kernel-team/2017-December/088677.html ** Description changed: + + == SRU Justification == + The bug reporter was trying to enable IMA appraisal with signatures for executable + files on Xenial. However, when enabling IMA appriasl the system would crash + and generate a trace. + + This bug is happening because the following commit was applied to Xenial in bug 1569924: + db6c43bd2132 ("crypto: KEYS: convert public key and digsig asym to the akcipher api") + + However, the following commit is also required or this bug happens: + eb5798f2e28f ("integrity: convert digsig to akcipher api") + + + == Fix == + commit eb5798f2e28f3b43091cecc71c84c3f6fb35c7de + Author: Tadeusz Struk+ Date: Tue Feb 2 10:08:58 2016 -0800 + + integrity: convert digsig to akcipher api + + == Regression Potential == + The requested commit is requred to fix an existing regression caused by bug 1569924. + + == Test Case == + A test kernel was built with this patch and tested by the original bug reporter. + The bug reporter states the test kernel resolved the bug. + + + + == Original Bug Description == I'm trying to enable IMA appraisal with signatures for executable files on xenial with Linux 4.4. I took the following steps: * Downloaded ubuntu-xenial kernel sources * Run fakeroot debian/rules editconfigs to set CONFIG_SYSTEM_TRUSTED_KEYS to my key * Run fakeroot debian/rules binary-headers binary-generic binary-perarch to build the kernel deb packaes * Installed the kernel * Signed the filesystem with my key using 'evmctl sing' * Enabled IMA policy so that it will include the following line - appraise fowner=0 appraise_type=imasig + appraise fowner=0 appraise_type=imasig * From this point invocation of a signed binary cases a kernel BUG(): [ 1395.036910] kernel BUG at /home/rapoport/git/ubuntu-xenial/crypto/asymmetric_keys/public_key.c:80! - [ 1395.038963] invalid opcode: [#1] SMP + [ 1395.038963] invalid opcode: [#1] SMP [ 1395.039973] Modules linked in: isofs ppdev kvm_intel kvm irqbypass joydev input_leds serio_raw parport_pc parport ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper psmouse cryptd floppy [ 1395.050761] CPU: 6 PID: 31586 Comm: bash Not tainted 4.4.0-101-generic #124 [ 1395.051909] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 [ 1395.053510] task: 8800bae9c600 ti: 88042c52c000 task.ti: 88042c52c000 [ 1395.054763] RIP: 0010:[] [] public_key_verify_signature+0x46/0x50 [ 1395.056406] RSP: 0018:88042c52fa98 EFLAGS: 00010246 [ 1395.057307] RAX: 813bdb80 RBX: fff4 RCX: 0001 [ 1395.058518] RDX: 81ea73c0 RSI: 88042c52fac8 RDI: 88042a107c10 [ 1395.059709] RBP: 88042c52faa0 R08: 88042a849100 R09: 0007 [ 1395.061109] R10: 88042a0f9d00 R11: 88042c52fb07 R12: 0080 [ 1395.062289] R13: 88042abd9a80 R14: 0014 R15: 88042a849ac4 [ 1395.063404] FS: 7f5e21958700() GS:88043fd8() knlGS: [ 1395.064771] CS: 0010 DS: ES: CR0: 80050033 [ 1395.065809] CR2: 7f5e20f5c3cc CR3: 00042cabc000 CR4: 000406e0 [ 1395.067058] Stack: [ 1395.067540] 813bdb95 88042c52fab0 813bdaec 88042c52fb38 [ 1395.068964] 813a759e 88042c52fac8 [ 1395.070417] 88042a849ac4 02000114 88042a849100 [ 1395.071973] Call Trace: [ 1395.072510] [] ? public_key_verify_signature_2+0x15/0x20 [ 1395.073605] [] verify_signature+0x3c/0x50 [ 1395.074526] [] asymmetric_verify+0x17e/0x2a0 [ 1395.075475] [] integrity_digsig_verify+0x70/0x110 [ 1395.076481] [] ima_appraise_measurement+0x244/0x420 [ 1395.077518] [] process_measurement+0x3fa/0x480 [ 1395.078479] [] ima_file_check+0x18/0x20 [ 1395.079381] [] path_openat+0x1f3/0x1330 [ 1395.080274] [] ? __slab_free+0xcb/0x2c0 [ 1395.081165] [] do_filp_open+0x91/0x100 [ 1395.082050] [] ? apparmor_cred_prepare+0x2f/0x50 [ 1395.083046] [] ? security_prepare_creds+0x43/0x60 [ 1395.084056] [] do_open_execat+0x78/0x1d0 [ 1395.084952] [] do_execveat_common.isra.33+0x240/0x760 [ 1395.086016] [] SyS_execve+0x3a/0x50 [ 1395.086877] [] stub_execve+0x5/0x5 [ 1395.087711] [] ? entry_SYSCALL_64_fastpath+0x16/0x71 - [ 1395.088746] Code: 2a 0f b6 57 0c b8 bf ff ff ff 80 fa 01 77 14 48 8b 14 d5 b0 05 a5 81 48 85 d2 74 07 55 48 89 e5 ff d2 5d f3 c3 0f 0b 0f 0b 0f 0b
[Kernel-packages] [Bug 1735977] Re: Using asymmetric key for IMA appraisal crashes the system in Ubuntu 16.04
** Changed in: linux (Ubuntu) Status: Incomplete => In Progress ** Changed in: linux (Ubuntu Xenial) Status: Incomplete => In Progress ** Changed in: linux (Ubuntu) Assignee: (unassigned) => Joseph Salisbury (jsalisbury) ** Changed in: linux (Ubuntu Xenial) Assignee: (unassigned) => Joseph Salisbury (jsalisbury) -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1735977 Title: Using asymmetric key for IMA appraisal crashes the system in Ubuntu 16.04 Status in linux package in Ubuntu: In Progress Status in linux source package in Xenial: In Progress Bug description: I'm trying to enable IMA appraisal with signatures for executable files on xenial with Linux 4.4. I took the following steps: * Downloaded ubuntu-xenial kernel sources * Run fakeroot debian/rules editconfigs to set CONFIG_SYSTEM_TRUSTED_KEYS to my key * Run fakeroot debian/rules binary-headers binary-generic binary-perarch to build the kernel deb packaes * Installed the kernel * Signed the filesystem with my key using 'evmctl sing' * Enabled IMA policy so that it will include the following line appraise fowner=0 appraise_type=imasig * From this point invocation of a signed binary cases a kernel BUG(): [ 1395.036910] kernel BUG at /home/rapoport/git/ubuntu-xenial/crypto/asymmetric_keys/public_key.c:80! [ 1395.038963] invalid opcode: [#1] SMP [ 1395.039973] Modules linked in: isofs ppdev kvm_intel kvm irqbypass joydev input_leds serio_raw parport_pc parport ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper psmouse cryptd floppy [ 1395.050761] CPU: 6 PID: 31586 Comm: bash Not tainted 4.4.0-101-generic #124 [ 1395.051909] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 [ 1395.053510] task: 8800bae9c600 ti: 88042c52c000 task.ti: 88042c52c000 [ 1395.054763] RIP: 0010:[] [] public_key_verify_signature+0x46/0x50 [ 1395.056406] RSP: 0018:88042c52fa98 EFLAGS: 00010246 [ 1395.057307] RAX: 813bdb80 RBX: fff4 RCX: 0001 [ 1395.058518] RDX: 81ea73c0 RSI: 88042c52fac8 RDI: 88042a107c10 [ 1395.059709] RBP: 88042c52faa0 R08: 88042a849100 R09: 0007 [ 1395.061109] R10: 88042a0f9d00 R11: 88042c52fb07 R12: 0080 [ 1395.062289] R13: 88042abd9a80 R14: 0014 R15: 88042a849ac4 [ 1395.063404] FS: 7f5e21958700() GS:88043fd8() knlGS: [ 1395.064771] CS: 0010 DS: ES: CR0: 80050033 [ 1395.065809] CR2: 7f5e20f5c3cc CR3: 00042cabc000 CR4: 000406e0 [ 1395.067058] Stack: [ 1395.067540] 813bdb95 88042c52fab0 813bdaec 88042c52fb38 [ 1395.068964] 813a759e 88042c52fac8 [ 1395.070417] 88042a849ac4 02000114 88042a849100 [ 1395.071973] Call Trace: [ 1395.072510] [] ? public_key_verify_signature_2+0x15/0x20 [ 1395.073605] [] verify_signature+0x3c/0x50 [ 1395.074526] [] asymmetric_verify+0x17e/0x2a0 [ 1395.075475] [] integrity_digsig_verify+0x70/0x110 [ 1395.076481] [] ima_appraise_measurement+0x244/0x420 [ 1395.077518] [] process_measurement+0x3fa/0x480 [ 1395.078479] [] ima_file_check+0x18/0x20 [ 1395.079381] [] path_openat+0x1f3/0x1330 [ 1395.080274] [] ? __slab_free+0xcb/0x2c0 [ 1395.081165] [] do_filp_open+0x91/0x100 [ 1395.082050] [] ? apparmor_cred_prepare+0x2f/0x50 [ 1395.083046] [] ? security_prepare_creds+0x43/0x60 [ 1395.084056] [] do_open_execat+0x78/0x1d0 [ 1395.084952] [] do_execveat_common.isra.33+0x240/0x760 [ 1395.086016] [] SyS_execve+0x3a/0x50 [ 1395.086877] [] stub_execve+0x5/0x5 [ 1395.087711] [] ? entry_SYSCALL_64_fastpath+0x16/0x71 [ 1395.088746] Code: 2a 0f b6 57 0c b8 bf ff ff ff 80 fa 01 77 14 48 8b 14 d5 b0 05 a5 81 48 85 d2 74 07 55 48 89 e5 ff d2 5d f3 c3 0f 0b 0f 0b 0f 0b <0f> 0b 0f 1f 84 00 00 00 00 00 66 66 66 66 90 55 48 8b bf a0 00 [ 1395.093215] RIP [] public_key_verify_signature+0x46/0x50 [ 1395.094322] RSP [ 1395.095364] ---[ end trace 7ee330317745ad36 ]--- I did some checks and it appears that upstream commit db6c43bd2132 ("crypto: KEYS: convert public key and digsig asym to the akcipher api") has changed public keys APIs, but the IMA usage of that API was fixed only by commit eb5798f2e28f ("integrity: convert digsig to akcipher api") --- AlsaDevices: total 0 crw-rw 1 root audio 116, 1 Dec
[Kernel-packages] [Bug 1735977] Re: Using asymmetric key for IMA appraisal crashes the system in Ubuntu 16.04
Yes, with cherry-picked commit eb5798f2e28f ("integrity: convert digsig to akcipher api") all works as expected. Thanks! -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1735977 Title: Using asymmetric key for IMA appraisal crashes the system in Ubuntu 16.04 Status in linux package in Ubuntu: Incomplete Status in linux source package in Xenial: Incomplete Bug description: I'm trying to enable IMA appraisal with signatures for executable files on xenial with Linux 4.4. I took the following steps: * Downloaded ubuntu-xenial kernel sources * Run fakeroot debian/rules editconfigs to set CONFIG_SYSTEM_TRUSTED_KEYS to my key * Run fakeroot debian/rules binary-headers binary-generic binary-perarch to build the kernel deb packaes * Installed the kernel * Signed the filesystem with my key using 'evmctl sing' * Enabled IMA policy so that it will include the following line appraise fowner=0 appraise_type=imasig * From this point invocation of a signed binary cases a kernel BUG(): [ 1395.036910] kernel BUG at /home/rapoport/git/ubuntu-xenial/crypto/asymmetric_keys/public_key.c:80! [ 1395.038963] invalid opcode: [#1] SMP [ 1395.039973] Modules linked in: isofs ppdev kvm_intel kvm irqbypass joydev input_leds serio_raw parport_pc parport ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper psmouse cryptd floppy [ 1395.050761] CPU: 6 PID: 31586 Comm: bash Not tainted 4.4.0-101-generic #124 [ 1395.051909] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 [ 1395.053510] task: 8800bae9c600 ti: 88042c52c000 task.ti: 88042c52c000 [ 1395.054763] RIP: 0010:[] [] public_key_verify_signature+0x46/0x50 [ 1395.056406] RSP: 0018:88042c52fa98 EFLAGS: 00010246 [ 1395.057307] RAX: 813bdb80 RBX: fff4 RCX: 0001 [ 1395.058518] RDX: 81ea73c0 RSI: 88042c52fac8 RDI: 88042a107c10 [ 1395.059709] RBP: 88042c52faa0 R08: 88042a849100 R09: 0007 [ 1395.061109] R10: 88042a0f9d00 R11: 88042c52fb07 R12: 0080 [ 1395.062289] R13: 88042abd9a80 R14: 0014 R15: 88042a849ac4 [ 1395.063404] FS: 7f5e21958700() GS:88043fd8() knlGS: [ 1395.064771] CS: 0010 DS: ES: CR0: 80050033 [ 1395.065809] CR2: 7f5e20f5c3cc CR3: 00042cabc000 CR4: 000406e0 [ 1395.067058] Stack: [ 1395.067540] 813bdb95 88042c52fab0 813bdaec 88042c52fb38 [ 1395.068964] 813a759e 88042c52fac8 [ 1395.070417] 88042a849ac4 02000114 88042a849100 [ 1395.071973] Call Trace: [ 1395.072510] [] ? public_key_verify_signature_2+0x15/0x20 [ 1395.073605] [] verify_signature+0x3c/0x50 [ 1395.074526] [] asymmetric_verify+0x17e/0x2a0 [ 1395.075475] [] integrity_digsig_verify+0x70/0x110 [ 1395.076481] [] ima_appraise_measurement+0x244/0x420 [ 1395.077518] [] process_measurement+0x3fa/0x480 [ 1395.078479] [] ima_file_check+0x18/0x20 [ 1395.079381] [] path_openat+0x1f3/0x1330 [ 1395.080274] [] ? __slab_free+0xcb/0x2c0 [ 1395.081165] [] do_filp_open+0x91/0x100 [ 1395.082050] [] ? apparmor_cred_prepare+0x2f/0x50 [ 1395.083046] [] ? security_prepare_creds+0x43/0x60 [ 1395.084056] [] do_open_execat+0x78/0x1d0 [ 1395.084952] [] do_execveat_common.isra.33+0x240/0x760 [ 1395.086016] [] SyS_execve+0x3a/0x50 [ 1395.086877] [] stub_execve+0x5/0x5 [ 1395.087711] [] ? entry_SYSCALL_64_fastpath+0x16/0x71 [ 1395.088746] Code: 2a 0f b6 57 0c b8 bf ff ff ff 80 fa 01 77 14 48 8b 14 d5 b0 05 a5 81 48 85 d2 74 07 55 48 89 e5 ff d2 5d f3 c3 0f 0b 0f 0b 0f 0b <0f> 0b 0f 1f 84 00 00 00 00 00 66 66 66 66 90 55 48 8b bf a0 00 [ 1395.093215] RIP [] public_key_verify_signature+0x46/0x50 [ 1395.094322] RSP [ 1395.095364] ---[ end trace 7ee330317745ad36 ]--- I did some checks and it appears that upstream commit db6c43bd2132 ("crypto: KEYS: convert public key and digsig asym to the akcipher api") has changed public keys APIs, but the IMA usage of that API was fixed only by commit eb5798f2e28f ("integrity: convert digsig to akcipher api") --- AlsaDevices: total 0 crw-rw 1 root audio 116, 1 Dec 3 09:36 seq crw-rw 1 root audio 116, 33 Dec 3 09:36 timer AplayDevices: Error: [Errno 2] No such file or directory ApportVersion: 2.20.1-0ubuntu2.13 Architecture: amd64 ArecordDevices: Error: [Errno 2] No
[Kernel-packages] [Bug 1735977] Re: Using asymmetric key for IMA appraisal crashes the system in Ubuntu 16.04
I created a Xenial source tree with a pick of commit: eb5798f2e28f ("integrity: convert digsig to akcipher api") The tree can be downloaded from: http://kernel.ubuntu.com/~jsalisbury/lp1735977/ Can you retry your steps with this tree and see if it resolves this bug? If it does, we can SRU that commit to Xenial. Thanks in advance! -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1735977 Title: Using asymmetric key for IMA appraisal crashes the system in Ubuntu 16.04 Status in linux package in Ubuntu: Incomplete Status in linux source package in Xenial: Incomplete Bug description: I'm trying to enable IMA appraisal with signatures for executable files on xenial with Linux 4.4. I took the following steps: * Downloaded ubuntu-xenial kernel sources * Run fakeroot debian/rules editconfigs to set CONFIG_SYSTEM_TRUSTED_KEYS to my key * Run fakeroot debian/rules binary-headers binary-generic binary-perarch to build the kernel deb packaes * Installed the kernel * Signed the filesystem with my key using 'evmctl sing' * Enabled IMA policy so that it will include the following line appraise fowner=0 appraise_type=imasig * From this point invocation of a signed binary cases a kernel BUG(): [ 1395.036910] kernel BUG at /home/rapoport/git/ubuntu-xenial/crypto/asymmetric_keys/public_key.c:80! [ 1395.038963] invalid opcode: [#1] SMP [ 1395.039973] Modules linked in: isofs ppdev kvm_intel kvm irqbypass joydev input_leds serio_raw parport_pc parport ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper psmouse cryptd floppy [ 1395.050761] CPU: 6 PID: 31586 Comm: bash Not tainted 4.4.0-101-generic #124 [ 1395.051909] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 [ 1395.053510] task: 8800bae9c600 ti: 88042c52c000 task.ti: 88042c52c000 [ 1395.054763] RIP: 0010:[] [] public_key_verify_signature+0x46/0x50 [ 1395.056406] RSP: 0018:88042c52fa98 EFLAGS: 00010246 [ 1395.057307] RAX: 813bdb80 RBX: fff4 RCX: 0001 [ 1395.058518] RDX: 81ea73c0 RSI: 88042c52fac8 RDI: 88042a107c10 [ 1395.059709] RBP: 88042c52faa0 R08: 88042a849100 R09: 0007 [ 1395.061109] R10: 88042a0f9d00 R11: 88042c52fb07 R12: 0080 [ 1395.062289] R13: 88042abd9a80 R14: 0014 R15: 88042a849ac4 [ 1395.063404] FS: 7f5e21958700() GS:88043fd8() knlGS: [ 1395.064771] CS: 0010 DS: ES: CR0: 80050033 [ 1395.065809] CR2: 7f5e20f5c3cc CR3: 00042cabc000 CR4: 000406e0 [ 1395.067058] Stack: [ 1395.067540] 813bdb95 88042c52fab0 813bdaec 88042c52fb38 [ 1395.068964] 813a759e 88042c52fac8 [ 1395.070417] 88042a849ac4 02000114 88042a849100 [ 1395.071973] Call Trace: [ 1395.072510] [] ? public_key_verify_signature_2+0x15/0x20 [ 1395.073605] [] verify_signature+0x3c/0x50 [ 1395.074526] [] asymmetric_verify+0x17e/0x2a0 [ 1395.075475] [] integrity_digsig_verify+0x70/0x110 [ 1395.076481] [] ima_appraise_measurement+0x244/0x420 [ 1395.077518] [] process_measurement+0x3fa/0x480 [ 1395.078479] [] ima_file_check+0x18/0x20 [ 1395.079381] [] path_openat+0x1f3/0x1330 [ 1395.080274] [] ? __slab_free+0xcb/0x2c0 [ 1395.081165] [] do_filp_open+0x91/0x100 [ 1395.082050] [] ? apparmor_cred_prepare+0x2f/0x50 [ 1395.083046] [] ? security_prepare_creds+0x43/0x60 [ 1395.084056] [] do_open_execat+0x78/0x1d0 [ 1395.084952] [] do_execveat_common.isra.33+0x240/0x760 [ 1395.086016] [] SyS_execve+0x3a/0x50 [ 1395.086877] [] stub_execve+0x5/0x5 [ 1395.087711] [] ? entry_SYSCALL_64_fastpath+0x16/0x71 [ 1395.088746] Code: 2a 0f b6 57 0c b8 bf ff ff ff 80 fa 01 77 14 48 8b 14 d5 b0 05 a5 81 48 85 d2 74 07 55 48 89 e5 ff d2 5d f3 c3 0f 0b 0f 0b 0f 0b <0f> 0b 0f 1f 84 00 00 00 00 00 66 66 66 66 90 55 48 8b bf a0 00 [ 1395.093215] RIP [] public_key_verify_signature+0x46/0x50 [ 1395.094322] RSP [ 1395.095364] ---[ end trace 7ee330317745ad36 ]--- I did some checks and it appears that upstream commit db6c43bd2132 ("crypto: KEYS: convert public key and digsig asym to the akcipher api") has changed public keys APIs, but the IMA usage of that API was fixed only by commit eb5798f2e28f ("integrity: convert digsig to akcipher api") --- AlsaDevices: total 0 crw-rw 1 root audio 116, 1 Dec 3 09:36
[Kernel-packages] [Bug 1735977] Re: Using asymmetric key for IMA appraisal crashes the system in Ubuntu 16.04
** Changed in: linux (Ubuntu) Importance: Undecided => Medium ** Also affects: linux (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: linux (Ubuntu Xenial) Status: New => Incomplete ** Changed in: linux (Ubuntu) Status: Confirmed => Incomplete ** Changed in: linux (Ubuntu Xenial) Importance: Undecided => Medium ** Tags added: kernel-da-key -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1735977 Title: Using asymmetric key for IMA appraisal crashes the system in Ubuntu 16.04 Status in linux package in Ubuntu: Incomplete Status in linux source package in Xenial: Incomplete Bug description: I'm trying to enable IMA appraisal with signatures for executable files on xenial with Linux 4.4. I took the following steps: * Downloaded ubuntu-xenial kernel sources * Run fakeroot debian/rules editconfigs to set CONFIG_SYSTEM_TRUSTED_KEYS to my key * Run fakeroot debian/rules binary-headers binary-generic binary-perarch to build the kernel deb packaes * Installed the kernel * Signed the filesystem with my key using 'evmctl sing' * Enabled IMA policy so that it will include the following line appraise fowner=0 appraise_type=imasig * From this point invocation of a signed binary cases a kernel BUG(): [ 1395.036910] kernel BUG at /home/rapoport/git/ubuntu-xenial/crypto/asymmetric_keys/public_key.c:80! [ 1395.038963] invalid opcode: [#1] SMP [ 1395.039973] Modules linked in: isofs ppdev kvm_intel kvm irqbypass joydev input_leds serio_raw parport_pc parport ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper psmouse cryptd floppy [ 1395.050761] CPU: 6 PID: 31586 Comm: bash Not tainted 4.4.0-101-generic #124 [ 1395.051909] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 [ 1395.053510] task: 8800bae9c600 ti: 88042c52c000 task.ti: 88042c52c000 [ 1395.054763] RIP: 0010:[] [] public_key_verify_signature+0x46/0x50 [ 1395.056406] RSP: 0018:88042c52fa98 EFLAGS: 00010246 [ 1395.057307] RAX: 813bdb80 RBX: fff4 RCX: 0001 [ 1395.058518] RDX: 81ea73c0 RSI: 88042c52fac8 RDI: 88042a107c10 [ 1395.059709] RBP: 88042c52faa0 R08: 88042a849100 R09: 0007 [ 1395.061109] R10: 88042a0f9d00 R11: 88042c52fb07 R12: 0080 [ 1395.062289] R13: 88042abd9a80 R14: 0014 R15: 88042a849ac4 [ 1395.063404] FS: 7f5e21958700() GS:88043fd8() knlGS: [ 1395.064771] CS: 0010 DS: ES: CR0: 80050033 [ 1395.065809] CR2: 7f5e20f5c3cc CR3: 00042cabc000 CR4: 000406e0 [ 1395.067058] Stack: [ 1395.067540] 813bdb95 88042c52fab0 813bdaec 88042c52fb38 [ 1395.068964] 813a759e 88042c52fac8 [ 1395.070417] 88042a849ac4 02000114 88042a849100 [ 1395.071973] Call Trace: [ 1395.072510] [] ? public_key_verify_signature_2+0x15/0x20 [ 1395.073605] [] verify_signature+0x3c/0x50 [ 1395.074526] [] asymmetric_verify+0x17e/0x2a0 [ 1395.075475] [] integrity_digsig_verify+0x70/0x110 [ 1395.076481] [] ima_appraise_measurement+0x244/0x420 [ 1395.077518] [] process_measurement+0x3fa/0x480 [ 1395.078479] [] ima_file_check+0x18/0x20 [ 1395.079381] [] path_openat+0x1f3/0x1330 [ 1395.080274] [] ? __slab_free+0xcb/0x2c0 [ 1395.081165] [] do_filp_open+0x91/0x100 [ 1395.082050] [] ? apparmor_cred_prepare+0x2f/0x50 [ 1395.083046] [] ? security_prepare_creds+0x43/0x60 [ 1395.084056] [] do_open_execat+0x78/0x1d0 [ 1395.084952] [] do_execveat_common.isra.33+0x240/0x760 [ 1395.086016] [] SyS_execve+0x3a/0x50 [ 1395.086877] [] stub_execve+0x5/0x5 [ 1395.087711] [] ? entry_SYSCALL_64_fastpath+0x16/0x71 [ 1395.088746] Code: 2a 0f b6 57 0c b8 bf ff ff ff 80 fa 01 77 14 48 8b 14 d5 b0 05 a5 81 48 85 d2 74 07 55 48 89 e5 ff d2 5d f3 c3 0f 0b 0f 0b 0f 0b <0f> 0b 0f 1f 84 00 00 00 00 00 66 66 66 66 90 55 48 8b bf a0 00 [ 1395.093215] RIP [] public_key_verify_signature+0x46/0x50 [ 1395.094322] RSP [ 1395.095364] ---[ end trace 7ee330317745ad36 ]--- I did some checks and it appears that upstream commit db6c43bd2132 ("crypto: KEYS: convert public key and digsig asym to the akcipher api") has changed public keys APIs, but the IMA usage of that API was fixed only by commit eb5798f2e28f ("integrity: convert digsig to akcipher api") --- AlsaDevices:
[Kernel-packages] [Bug 1735977] Re: Using asymmetric key for IMA appraisal crashes the system in Ubuntu 16.04
** Changed in: linux (Ubuntu) Status: Incomplete => Confirmed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1735977 Title: Using asymmetric key for IMA appraisal crashes the system in Ubuntu 16.04 Status in linux package in Ubuntu: Confirmed Bug description: I'm trying to enable IMA appraisal with signatures for executable files on xenial with Linux 4.4. I took the following steps: * Downloaded ubuntu-xenial kernel sources * Run fakeroot debian/rules editconfigs to set CONFIG_SYSTEM_TRUSTED_KEYS to my key * Run fakeroot debian/rules binary-headers binary-generic binary-perarch to build the kernel deb packaes * Installed the kernel * Signed the filesystem with my key using 'evmctl sing' * Enabled IMA policy so that it will include the following line appraise fowner=0 appraise_type=imasig * From this point invocation of a signed binary cases a kernel BUG(): [ 1395.036910] kernel BUG at /home/rapoport/git/ubuntu-xenial/crypto/asymmetric_keys/public_key.c:80! [ 1395.038963] invalid opcode: [#1] SMP [ 1395.039973] Modules linked in: isofs ppdev kvm_intel kvm irqbypass joydev input_leds serio_raw parport_pc parport ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper psmouse cryptd floppy [ 1395.050761] CPU: 6 PID: 31586 Comm: bash Not tainted 4.4.0-101-generic #124 [ 1395.051909] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 [ 1395.053510] task: 8800bae9c600 ti: 88042c52c000 task.ti: 88042c52c000 [ 1395.054763] RIP: 0010:[] [] public_key_verify_signature+0x46/0x50 [ 1395.056406] RSP: 0018:88042c52fa98 EFLAGS: 00010246 [ 1395.057307] RAX: 813bdb80 RBX: fff4 RCX: 0001 [ 1395.058518] RDX: 81ea73c0 RSI: 88042c52fac8 RDI: 88042a107c10 [ 1395.059709] RBP: 88042c52faa0 R08: 88042a849100 R09: 0007 [ 1395.061109] R10: 88042a0f9d00 R11: 88042c52fb07 R12: 0080 [ 1395.062289] R13: 88042abd9a80 R14: 0014 R15: 88042a849ac4 [ 1395.063404] FS: 7f5e21958700() GS:88043fd8() knlGS: [ 1395.064771] CS: 0010 DS: ES: CR0: 80050033 [ 1395.065809] CR2: 7f5e20f5c3cc CR3: 00042cabc000 CR4: 000406e0 [ 1395.067058] Stack: [ 1395.067540] 813bdb95 88042c52fab0 813bdaec 88042c52fb38 [ 1395.068964] 813a759e 88042c52fac8 [ 1395.070417] 88042a849ac4 02000114 88042a849100 [ 1395.071973] Call Trace: [ 1395.072510] [] ? public_key_verify_signature_2+0x15/0x20 [ 1395.073605] [] verify_signature+0x3c/0x50 [ 1395.074526] [] asymmetric_verify+0x17e/0x2a0 [ 1395.075475] [] integrity_digsig_verify+0x70/0x110 [ 1395.076481] [] ima_appraise_measurement+0x244/0x420 [ 1395.077518] [] process_measurement+0x3fa/0x480 [ 1395.078479] [] ima_file_check+0x18/0x20 [ 1395.079381] [] path_openat+0x1f3/0x1330 [ 1395.080274] [] ? __slab_free+0xcb/0x2c0 [ 1395.081165] [] do_filp_open+0x91/0x100 [ 1395.082050] [] ? apparmor_cred_prepare+0x2f/0x50 [ 1395.083046] [] ? security_prepare_creds+0x43/0x60 [ 1395.084056] [] do_open_execat+0x78/0x1d0 [ 1395.084952] [] do_execveat_common.isra.33+0x240/0x760 [ 1395.086016] [] SyS_execve+0x3a/0x50 [ 1395.086877] [] stub_execve+0x5/0x5 [ 1395.087711] [] ? entry_SYSCALL_64_fastpath+0x16/0x71 [ 1395.088746] Code: 2a 0f b6 57 0c b8 bf ff ff ff 80 fa 01 77 14 48 8b 14 d5 b0 05 a5 81 48 85 d2 74 07 55 48 89 e5 ff d2 5d f3 c3 0f 0b 0f 0b 0f 0b <0f> 0b 0f 1f 84 00 00 00 00 00 66 66 66 66 90 55 48 8b bf a0 00 [ 1395.093215] RIP [] public_key_verify_signature+0x46/0x50 [ 1395.094322] RSP [ 1395.095364] ---[ end trace 7ee330317745ad36 ]--- I did some checks and it appears that upstream commit db6c43bd2132 ("crypto: KEYS: convert public key and digsig asym to the akcipher api") has changed public keys APIs, but the IMA usage of that API was fixed only by commit eb5798f2e28f ("integrity: convert digsig to akcipher api") --- AlsaDevices: total 0 crw-rw 1 root audio 116, 1 Dec 3 09:36 seq crw-rw 1 root audio 116, 33 Dec 3 09:36 timer AplayDevices: Error: [Errno 2] No such file or directory ApportVersion: 2.20.1-0ubuntu2.13 Architecture: amd64 ArecordDevices: Error: [Errno 2] No such file or directory AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq',
[Kernel-packages] [Bug 1735977] Re: Using asymmetric key for IMA appraisal crashes the system in Ubuntu 16.04
apport information ** Tags added: apport-collected uec-images ** Description changed: I'm trying to enable IMA appraisal with signatures for executable files on xenial with Linux 4.4. I took the following steps: * Downloaded ubuntu-xenial kernel sources * Run fakeroot debian/rules editconfigs to set CONFIG_SYSTEM_TRUSTED_KEYS to my key * Run fakeroot debian/rules binary-headers binary-generic binary-perarch to build the kernel deb packaes * Installed the kernel * Signed the filesystem with my key using 'evmctl sing' * Enabled IMA policy so that it will include the following line appraise fowner=0 appraise_type=imasig * From this point invocation of a signed binary cases a kernel BUG(): [ 1395.036910] kernel BUG at /home/rapoport/git/ubuntu-xenial/crypto/asymmetric_keys/public_key.c:80! [ 1395.038963] invalid opcode: [#1] SMP [ 1395.039973] Modules linked in: isofs ppdev kvm_intel kvm irqbypass joydev input_leds serio_raw parport_pc parport ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper psmouse cryptd floppy [ 1395.050761] CPU: 6 PID: 31586 Comm: bash Not tainted 4.4.0-101-generic #124 [ 1395.051909] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 [ 1395.053510] task: 8800bae9c600 ti: 88042c52c000 task.ti: 88042c52c000 [ 1395.054763] RIP: 0010:[] [] public_key_verify_signature+0x46/0x50 [ 1395.056406] RSP: 0018:88042c52fa98 EFLAGS: 00010246 [ 1395.057307] RAX: 813bdb80 RBX: fff4 RCX: 0001 [ 1395.058518] RDX: 81ea73c0 RSI: 88042c52fac8 RDI: 88042a107c10 [ 1395.059709] RBP: 88042c52faa0 R08: 88042a849100 R09: 0007 [ 1395.061109] R10: 88042a0f9d00 R11: 88042c52fb07 R12: 0080 [ 1395.062289] R13: 88042abd9a80 R14: 0014 R15: 88042a849ac4 [ 1395.063404] FS: 7f5e21958700() GS:88043fd8() knlGS: [ 1395.064771] CS: 0010 DS: ES: CR0: 80050033 [ 1395.065809] CR2: 7f5e20f5c3cc CR3: 00042cabc000 CR4: 000406e0 [ 1395.067058] Stack: [ 1395.067540] 813bdb95 88042c52fab0 813bdaec 88042c52fb38 [ 1395.068964] 813a759e 88042c52fac8 [ 1395.070417] 88042a849ac4 02000114 88042a849100 [ 1395.071973] Call Trace: [ 1395.072510] [] ? public_key_verify_signature_2+0x15/0x20 [ 1395.073605] [] verify_signature+0x3c/0x50 [ 1395.074526] [] asymmetric_verify+0x17e/0x2a0 [ 1395.075475] [] integrity_digsig_verify+0x70/0x110 [ 1395.076481] [] ima_appraise_measurement+0x244/0x420 [ 1395.077518] [] process_measurement+0x3fa/0x480 [ 1395.078479] [] ima_file_check+0x18/0x20 [ 1395.079381] [] path_openat+0x1f3/0x1330 [ 1395.080274] [] ? __slab_free+0xcb/0x2c0 [ 1395.081165] [] do_filp_open+0x91/0x100 [ 1395.082050] [] ? apparmor_cred_prepare+0x2f/0x50 [ 1395.083046] [] ? security_prepare_creds+0x43/0x60 [ 1395.084056] [] do_open_execat+0x78/0x1d0 [ 1395.084952] [] do_execveat_common.isra.33+0x240/0x760 [ 1395.086016] [] SyS_execve+0x3a/0x50 [ 1395.086877] [] stub_execve+0x5/0x5 [ 1395.087711] [] ? entry_SYSCALL_64_fastpath+0x16/0x71 [ 1395.088746] Code: 2a 0f b6 57 0c b8 bf ff ff ff 80 fa 01 77 14 48 8b 14 d5 b0 05 a5 81 48 85 d2 74 07 55 48 89 e5 ff d2 5d f3 c3 0f 0b 0f 0b 0f 0b <0f> 0b 0f 1f 84 00 00 00 00 00 66 66 66 66 90 55 48 8b bf a0 00 [ 1395.093215] RIP [] public_key_verify_signature+0x46/0x50 [ 1395.094322] RSP [ 1395.095364] ---[ end trace 7ee330317745ad36 ]--- - I did some checks and it appears that upstream commit db6c43bd2132 - ("crypto: KEYS: convert public key and digsig asym to the akcipher api") - has changed public keys APIs, but the IMA usage of that API was fixed - only by commit eb5798f2e28f ("integrity: convert digsig to akcipher - api") + I did some checks and it appears that upstream commit db6c43bd2132 ("crypto: KEYS: convert public key and digsig asym to the akcipher api") has changed public keys APIs, but the IMA usage of that API was fixed only by commit eb5798f2e28f ("integrity: convert digsig to akcipher api") + --- + AlsaDevices: + total 0 + crw-rw 1 root audio 116, 1 Dec 3 09:36 seq + crw-rw 1 root audio 116, 33 Dec 3 09:36 timer + AplayDevices: Error: [Errno 2] No such file or directory + ApportVersion: 2.20.1-0ubuntu2.13 + Architecture: amd64 + ArecordDevices: Error: [Errno 2] No such file or directory + AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq',