[Kernel-packages] [Bug 1735977] Re: Using asymmetric key for IMA appraisal crashes the system in Ubuntu 16.04
** Tags added: cscc
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1735977
Title:
Using asymmetric key for IMA appraisal crashes the system in Ubuntu
16.04
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Xenial:
Fix Released
Bug description:
== SRU Justification ==
The bug reporter was trying to enable IMA appraisal with signatures for
executable
files on Xenial. However, when enabling IMA appriasl the system would crash
and generate a trace.
This bug is happening because the following commit was applied to Xenial in
bug 1569924:
db6c43bd2132 ("crypto: KEYS: convert public key and digsig asym to the
akcipher api")
However, the following commit is also required or this bug happens:
eb5798f2e28f ("integrity: convert digsig to akcipher api")
== Fix ==
commit eb5798f2e28f3b43091cecc71c84c3f6fb35c7de
Author: Tadeusz Struk
Date: Tue Feb 2 10:08:58 2016 -0800
integrity: convert digsig to akcipher api
== Regression Potential ==
The requested commit is requred to fix an existing regression caused by bug
1569924.
== Test Case ==
A test kernel was built with this patch and tested by the original bug
reporter.
The bug reporter states the test kernel resolved the bug.
== Original Bug Description ==
I'm trying to enable IMA appraisal with signatures for executable files on
xenial with Linux 4.4. I took the following steps:
* Downloaded ubuntu-xenial kernel sources
* Run fakeroot debian/rules editconfigs to set CONFIG_SYSTEM_TRUSTED_KEYS to
my key
* Run fakeroot debian/rules binary-headers binary-generic binary-perarch to
build the kernel deb packaes
* Installed the kernel
* Signed the filesystem with my key using 'evmctl sing'
* Enabled IMA policy so that it will include the following line
appraise fowner=0 appraise_type=imasig
* From this point invocation of a signed binary cases a kernel BUG():
[ 1395.036910] kernel BUG at
/home/rapoport/git/ubuntu-xenial/crypto/asymmetric_keys/public_key.c:80!
[ 1395.038963] invalid opcode: [#1] SMP
[ 1395.039973] Modules linked in: isofs ppdev kvm_intel kvm irqbypass joydev
input_leds serio_raw parport_pc parport ib_iser rdma_cm iw_cm ib_cm ib_sa
ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi
autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor
async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear crct10dif_pclmul
crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul
glue_helper ablk_helper psmouse cryptd floppy
[ 1395.050761] CPU: 6 PID: 31586 Comm: bash Not tainted 4.4.0-101-generic #124
[ 1395.051909] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
Ubuntu-1.8.2-1ubuntu1 04/01/2014
[ 1395.053510] task: 8800bae9c600 ti: 88042c52c000 task.ti:
88042c52c000
[ 1395.054763] RIP: 0010:[] []
public_key_verify_signature+0x46/0x50
[ 1395.056406] RSP: 0018:88042c52fa98 EFLAGS: 00010246
[ 1395.057307] RAX: 813bdb80 RBX: fff4 RCX:
0001
[ 1395.058518] RDX: 81ea73c0 RSI: 88042c52fac8 RDI:
88042a107c10
[ 1395.059709] RBP: 88042c52faa0 R08: 88042a849100 R09:
0007
[ 1395.061109] R10: 88042a0f9d00 R11: 88042c52fb07 R12:
0080
[ 1395.062289] R13: 88042abd9a80 R14: 0014 R15:
88042a849ac4
[ 1395.063404] FS: 7f5e21958700() GS:88043fd8()
knlGS:
[ 1395.064771] CS: 0010 DS: ES: CR0: 80050033
[ 1395.065809] CR2: 7f5e20f5c3cc CR3: 00042cabc000 CR4:
000406e0
[ 1395.067058] Stack:
[ 1395.067540] 813bdb95 88042c52fab0 813bdaec
88042c52fb38
[ 1395.068964] 813a759e 88042c52fac8
[ 1395.070417] 88042a849ac4 02000114 88042a849100
[ 1395.071973] Call Trace:
[ 1395.072510] [] ? public_key_verify_signature_2+0x15/0x20
[ 1395.073605] [] verify_signature+0x3c/0x50
[ 1395.074526] [] asymmetric_verify+0x17e/0x2a0
[ 1395.075475] [] integrity_digsig_verify+0x70/0x110
[ 1395.076481] [] ima_appraise_measurement+0x244/0x420
[ 1395.077518] [] process_measurement+0x3fa/0x480
[ 1395.078479] [] ima_file_check+0x18/0x20
[ 1395.079381] [] path_openat+0x1f3/0x1330
[ 1395.080274] [] ? __slab_free+0xcb/0x2c0
[ 1395.081165] [] do_filp_open+0x91/0x100
[ 1395.082050] [] ? apparmor_cred_prepare+0x2f/0x50
[ 1395.083046] [] ? security_prepare_creds+0x43/0x60
[ 1395.084056] [] do_open_execat+0x78/0x1d0
[ 1395.084952] [] do_execveat_common.isra.33+0x240/0x760
[ 1395.086016] [] SyS_execve+0x3a/0x50
[ 1395.086877] [] stub_execve+0x5/0x5
[ 1395.087711] [] ? entry_SYSCALL_64_fastpath+0x16/0x71
[
[Kernel-packages] [Bug 1735977] Re: Using asymmetric key for IMA appraisal crashes the system in Ubuntu 16.04
** Changed in: linux (Ubuntu)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1735977
Title:
Using asymmetric key for IMA appraisal crashes the system in Ubuntu
16.04
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Xenial:
Fix Released
Bug description:
== SRU Justification ==
The bug reporter was trying to enable IMA appraisal with signatures for
executable
files on Xenial. However, when enabling IMA appriasl the system would crash
and generate a trace.
This bug is happening because the following commit was applied to Xenial in
bug 1569924:
db6c43bd2132 ("crypto: KEYS: convert public key and digsig asym to the
akcipher api")
However, the following commit is also required or this bug happens:
eb5798f2e28f ("integrity: convert digsig to akcipher api")
== Fix ==
commit eb5798f2e28f3b43091cecc71c84c3f6fb35c7de
Author: Tadeusz Struk
Date: Tue Feb 2 10:08:58 2016 -0800
integrity: convert digsig to akcipher api
== Regression Potential ==
The requested commit is requred to fix an existing regression caused by bug
1569924.
== Test Case ==
A test kernel was built with this patch and tested by the original bug
reporter.
The bug reporter states the test kernel resolved the bug.
== Original Bug Description ==
I'm trying to enable IMA appraisal with signatures for executable files on
xenial with Linux 4.4. I took the following steps:
* Downloaded ubuntu-xenial kernel sources
* Run fakeroot debian/rules editconfigs to set CONFIG_SYSTEM_TRUSTED_KEYS to
my key
* Run fakeroot debian/rules binary-headers binary-generic binary-perarch to
build the kernel deb packaes
* Installed the kernel
* Signed the filesystem with my key using 'evmctl sing'
* Enabled IMA policy so that it will include the following line
appraise fowner=0 appraise_type=imasig
* From this point invocation of a signed binary cases a kernel BUG():
[ 1395.036910] kernel BUG at
/home/rapoport/git/ubuntu-xenial/crypto/asymmetric_keys/public_key.c:80!
[ 1395.038963] invalid opcode: [#1] SMP
[ 1395.039973] Modules linked in: isofs ppdev kvm_intel kvm irqbypass joydev
input_leds serio_raw parport_pc parport ib_iser rdma_cm iw_cm ib_cm ib_sa
ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi
autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor
async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear crct10dif_pclmul
crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul
glue_helper ablk_helper psmouse cryptd floppy
[ 1395.050761] CPU: 6 PID: 31586 Comm: bash Not tainted 4.4.0-101-generic #124
[ 1395.051909] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
Ubuntu-1.8.2-1ubuntu1 04/01/2014
[ 1395.053510] task: 8800bae9c600 ti: 88042c52c000 task.ti:
88042c52c000
[ 1395.054763] RIP: 0010:[] []
public_key_verify_signature+0x46/0x50
[ 1395.056406] RSP: 0018:88042c52fa98 EFLAGS: 00010246
[ 1395.057307] RAX: 813bdb80 RBX: fff4 RCX:
0001
[ 1395.058518] RDX: 81ea73c0 RSI: 88042c52fac8 RDI:
88042a107c10
[ 1395.059709] RBP: 88042c52faa0 R08: 88042a849100 R09:
0007
[ 1395.061109] R10: 88042a0f9d00 R11: 88042c52fb07 R12:
0080
[ 1395.062289] R13: 88042abd9a80 R14: 0014 R15:
88042a849ac4
[ 1395.063404] FS: 7f5e21958700() GS:88043fd8()
knlGS:
[ 1395.064771] CS: 0010 DS: ES: CR0: 80050033
[ 1395.065809] CR2: 7f5e20f5c3cc CR3: 00042cabc000 CR4:
000406e0
[ 1395.067058] Stack:
[ 1395.067540] 813bdb95 88042c52fab0 813bdaec
88042c52fb38
[ 1395.068964] 813a759e 88042c52fac8
[ 1395.070417] 88042a849ac4 02000114 88042a849100
[ 1395.071973] Call Trace:
[ 1395.072510] [] ? public_key_verify_signature_2+0x15/0x20
[ 1395.073605] [] verify_signature+0x3c/0x50
[ 1395.074526] [] asymmetric_verify+0x17e/0x2a0
[ 1395.075475] [] integrity_digsig_verify+0x70/0x110
[ 1395.076481] [] ima_appraise_measurement+0x244/0x420
[ 1395.077518] [] process_measurement+0x3fa/0x480
[ 1395.078479] [] ima_file_check+0x18/0x20
[ 1395.079381] [] path_openat+0x1f3/0x1330
[ 1395.080274] [] ? __slab_free+0xcb/0x2c0
[ 1395.081165] [] do_filp_open+0x91/0x100
[ 1395.082050] [] ? apparmor_cred_prepare+0x2f/0x50
[ 1395.083046] [] ? security_prepare_creds+0x43/0x60
[ 1395.084056] [] do_open_execat+0x78/0x1d0
[ 1395.084952] [] do_execveat_common.isra.33+0x240/0x760
[ 1395.086016] [] SyS_execve+0x3a/0x50
[ 1395.086877] [] stub_execve+0x5/0x5
[ 1395.087711]
[Kernel-packages] [Bug 1735977] Re: Using asymmetric key for IMA appraisal crashes the system in Ubuntu 16.04
This bug was fixed in the package linux - 4.4.0-119.143 --- linux (4.4.0-119.143) xenial; urgency=medium * linux: 4.4.0-119.143 -proposed tracker (LP: #1760327) * Dell XPS 13 9360 bluetooth scan can not detect any device (LP: #1759821) - Revert "Bluetooth: btusb: fix QCA Rome suspend/resume" linux (4.4.0-118.142) xenial; urgency=medium * linux: 4.4.0-118.142 -proposed tracker (LP: #1759607) * Kernel panic with AWS 4.4.0-1053 / 4.4.0-1015 (Trusty) (LP: #1758869) - x86/microcode/AMD: Do not load when running on a hypervisor * CVE-2018-8043 - net: phy: mdio-bcm-unimac: fix potential NULL dereference in unimac_mdio_probe() linux (4.4.0-117.141) xenial; urgency=medium * linux: 4.4.0-117.141 -proposed tracker (LP: #1755208) * Xenial update to 4.4.114 stable release (LP: #1754592) - x86/asm/32: Make sync_core() handle missing CPUID on all 32-bit kernels - usbip: prevent vhci_hcd driver from leaking a socket pointer address - usbip: Fix implicit fallthrough warning - usbip: Fix potential format overflow in userspace tools - x86/microcode/intel: Fix BDW late-loading revision check - x86/retpoline: Fill RSB on context switch for affected CPUs - sched/deadline: Use the revised wakeup rule for suspending constrained dl tasks - can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once - can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once - PM / sleep: declare __tracedata symbols as char[] rather than char - time: Avoid undefined behaviour in ktime_add_safe() - timers: Plug locking race vs. timer migration - Prevent timer value 0 for MWAITX - drivers: base: cacheinfo: fix x86 with CONFIG_OF enabled - drivers: base: cacheinfo: fix boot error message when acpi is enabled - PCI: layerscape: Add "fsl,ls2085a-pcie" compatible ID - PCI: layerscape: Fix MSG TLP drop setting - mmc: sdhci-of-esdhc: add/remove some quirks according to vendor version - fs/select: add vmalloc fallback for select(2) - hwpoison, memcg: forcibly uncharge LRU pages - cma: fix calculation of aligned offset - mm, page_alloc: fix potential false positive in __zone_watermark_ok - ipc: msg, make msgrcv work with LONG_MIN - x86/ioapic: Fix incorrect pointers in ioapic_setup_resources() - ACPI / processor: Avoid reserving IO regions too early - ACPI / scan: Prefer devices without _HID/_CID for _ADR matching - ACPICA: Namespace: fix operand cache leak - netfilter: x_tables: speed up jump target validation - netfilter: arp_tables: fix invoking 32bit "iptable -P INPUT ACCEPT" failed in 64bit kernel - netfilter: nf_dup_ipv6: set again FLOWI_FLAG_KNOWN_NH at flowi6_flags - netfilter: nf_ct_expect: remove the redundant slash when policy name is empty - netfilter: nfnetlink_queue: reject verdict request from different portid - netfilter: restart search if moved to other chain - netfilter: nf_conntrack_sip: extend request line validation - netfilter: use fwmark_reflect in nf_send_reset - ext2: Don't clear SGID when inheriting ACLs - reiserfs: fix race in prealloc discard - reiserfs: don't preallocate blocks for extended attributes - reiserfs: Don't clear SGID when inheriting ACLs - fs/fcntl: f_setown, avoid undefined behaviour - scsi: libiscsi: fix shifting of DID_REQUEUE host byte - Input: trackpoint - force 3 buttons if 0 button is reported - usb: usbip: Fix possible deadlocks reported by lockdep - usbip: fix stub_rx: get_pipe() to validate endpoint number - usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input - usbip: prevent leaking socket pointer address in messages - um: link vmlinux with -no-pie - vsyscall: Fix permissions for emulate mode with KAISER/PTI - eventpoll.h: add missing epoll event masks - x86/microcode/intel: Extend BDW late-loading further with LLC size check - hrtimer: Reset hrtimer cpu base proper on CPU hotplug - dccp: don't restart ccid2_hc_tx_rto_expire() if sk in closed state - ipv6: Fix getsockopt() for sockets with default IPV6_AUTOFLOWLABEL - ipv6: fix udpv6 sendmsg crash caused by too small MTU - ipv6: ip6_make_skb() needs to clear cork.base.dst - lan78xx: Fix failure in USB Full Speed - net: igmp: fix source address check for IGMPv3 reports - tcp: __tcp_hdrlen() helper - net: qdisc_pkt_len_init() should be more robust - pppoe: take ->needed_headroom of lower device into account on xmit - r8169: fix memory corruption on retrieval of hardware statistics. - sctp: do not allow the v4 socket to bind a v4mapped v6 address - sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf - vmxnet3: repair memory leak - net: Allow neigh contructor functions ability to modify the primary_key - ipv4: Make neigh lookup keys for loopback/point-to-point devices be INADDR_ANY
[Kernel-packages] [Bug 1735977] Re: Using asymmetric key for IMA appraisal crashes the system in Ubuntu 16.04
** Tags removed: verification-needed-xenial
** Tags added: verification-done-xenial
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1735977
Title:
Using asymmetric key for IMA appraisal crashes the system in Ubuntu
16.04
Status in linux package in Ubuntu:
In Progress
Status in linux source package in Xenial:
Fix Committed
Bug description:
== SRU Justification ==
The bug reporter was trying to enable IMA appraisal with signatures for
executable
files on Xenial. However, when enabling IMA appriasl the system would crash
and generate a trace.
This bug is happening because the following commit was applied to Xenial in
bug 1569924:
db6c43bd2132 ("crypto: KEYS: convert public key and digsig asym to the
akcipher api")
However, the following commit is also required or this bug happens:
eb5798f2e28f ("integrity: convert digsig to akcipher api")
== Fix ==
commit eb5798f2e28f3b43091cecc71c84c3f6fb35c7de
Author: Tadeusz Struk
Date: Tue Feb 2 10:08:58 2016 -0800
integrity: convert digsig to akcipher api
== Regression Potential ==
The requested commit is requred to fix an existing regression caused by bug
1569924.
== Test Case ==
A test kernel was built with this patch and tested by the original bug
reporter.
The bug reporter states the test kernel resolved the bug.
== Original Bug Description ==
I'm trying to enable IMA appraisal with signatures for executable files on
xenial with Linux 4.4. I took the following steps:
* Downloaded ubuntu-xenial kernel sources
* Run fakeroot debian/rules editconfigs to set CONFIG_SYSTEM_TRUSTED_KEYS to
my key
* Run fakeroot debian/rules binary-headers binary-generic binary-perarch to
build the kernel deb packaes
* Installed the kernel
* Signed the filesystem with my key using 'evmctl sing'
* Enabled IMA policy so that it will include the following line
appraise fowner=0 appraise_type=imasig
* From this point invocation of a signed binary cases a kernel BUG():
[ 1395.036910] kernel BUG at
/home/rapoport/git/ubuntu-xenial/crypto/asymmetric_keys/public_key.c:80!
[ 1395.038963] invalid opcode: [#1] SMP
[ 1395.039973] Modules linked in: isofs ppdev kvm_intel kvm irqbypass joydev
input_leds serio_raw parport_pc parport ib_iser rdma_cm iw_cm ib_cm ib_sa
ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi
autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor
async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear crct10dif_pclmul
crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul
glue_helper ablk_helper psmouse cryptd floppy
[ 1395.050761] CPU: 6 PID: 31586 Comm: bash Not tainted 4.4.0-101-generic #124
[ 1395.051909] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
Ubuntu-1.8.2-1ubuntu1 04/01/2014
[ 1395.053510] task: 8800bae9c600 ti: 88042c52c000 task.ti:
88042c52c000
[ 1395.054763] RIP: 0010:[] []
public_key_verify_signature+0x46/0x50
[ 1395.056406] RSP: 0018:88042c52fa98 EFLAGS: 00010246
[ 1395.057307] RAX: 813bdb80 RBX: fff4 RCX:
0001
[ 1395.058518] RDX: 81ea73c0 RSI: 88042c52fac8 RDI:
88042a107c10
[ 1395.059709] RBP: 88042c52faa0 R08: 88042a849100 R09:
0007
[ 1395.061109] R10: 88042a0f9d00 R11: 88042c52fb07 R12:
0080
[ 1395.062289] R13: 88042abd9a80 R14: 0014 R15:
88042a849ac4
[ 1395.063404] FS: 7f5e21958700() GS:88043fd8()
knlGS:
[ 1395.064771] CS: 0010 DS: ES: CR0: 80050033
[ 1395.065809] CR2: 7f5e20f5c3cc CR3: 00042cabc000 CR4:
000406e0
[ 1395.067058] Stack:
[ 1395.067540] 813bdb95 88042c52fab0 813bdaec
88042c52fb38
[ 1395.068964] 813a759e 88042c52fac8
[ 1395.070417] 88042a849ac4 02000114 88042a849100
[ 1395.071973] Call Trace:
[ 1395.072510] [] ? public_key_verify_signature_2+0x15/0x20
[ 1395.073605] [] verify_signature+0x3c/0x50
[ 1395.074526] [] asymmetric_verify+0x17e/0x2a0
[ 1395.075475] [] integrity_digsig_verify+0x70/0x110
[ 1395.076481] [] ima_appraise_measurement+0x244/0x420
[ 1395.077518] [] process_measurement+0x3fa/0x480
[ 1395.078479] [] ima_file_check+0x18/0x20
[ 1395.079381] [] path_openat+0x1f3/0x1330
[ 1395.080274] [] ? __slab_free+0xcb/0x2c0
[ 1395.081165] [] do_filp_open+0x91/0x100
[ 1395.082050] [] ? apparmor_cred_prepare+0x2f/0x50
[ 1395.083046] [] ? security_prepare_creds+0x43/0x60
[ 1395.084056] [] do_open_execat+0x78/0x1d0
[ 1395.084952] [] do_execveat_common.isra.33+0x240/0x760
[ 1395.086016] [] SyS_execve+0x3a/0x50
[ 1395.086877] []
[Kernel-packages] [Bug 1735977] Re: Using asymmetric key for IMA appraisal crashes the system in Ubuntu 16.04
This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
xenial' to 'verification-done-xenial'. If the problem still exists,
change the tag 'verification-needed-xenial' to 'verification-failed-
xenial'.
If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.
See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!
** Tags added: verification-needed-xenial
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1735977
Title:
Using asymmetric key for IMA appraisal crashes the system in Ubuntu
16.04
Status in linux package in Ubuntu:
In Progress
Status in linux source package in Xenial:
Fix Committed
Bug description:
== SRU Justification ==
The bug reporter was trying to enable IMA appraisal with signatures for
executable
files on Xenial. However, when enabling IMA appriasl the system would crash
and generate a trace.
This bug is happening because the following commit was applied to Xenial in
bug 1569924:
db6c43bd2132 ("crypto: KEYS: convert public key and digsig asym to the
akcipher api")
However, the following commit is also required or this bug happens:
eb5798f2e28f ("integrity: convert digsig to akcipher api")
== Fix ==
commit eb5798f2e28f3b43091cecc71c84c3f6fb35c7de
Author: Tadeusz Struk
Date: Tue Feb 2 10:08:58 2016 -0800
integrity: convert digsig to akcipher api
== Regression Potential ==
The requested commit is requred to fix an existing regression caused by bug
1569924.
== Test Case ==
A test kernel was built with this patch and tested by the original bug
reporter.
The bug reporter states the test kernel resolved the bug.
== Original Bug Description ==
I'm trying to enable IMA appraisal with signatures for executable files on
xenial with Linux 4.4. I took the following steps:
* Downloaded ubuntu-xenial kernel sources
* Run fakeroot debian/rules editconfigs to set CONFIG_SYSTEM_TRUSTED_KEYS to
my key
* Run fakeroot debian/rules binary-headers binary-generic binary-perarch to
build the kernel deb packaes
* Installed the kernel
* Signed the filesystem with my key using 'evmctl sing'
* Enabled IMA policy so that it will include the following line
appraise fowner=0 appraise_type=imasig
* From this point invocation of a signed binary cases a kernel BUG():
[ 1395.036910] kernel BUG at
/home/rapoport/git/ubuntu-xenial/crypto/asymmetric_keys/public_key.c:80!
[ 1395.038963] invalid opcode: [#1] SMP
[ 1395.039973] Modules linked in: isofs ppdev kvm_intel kvm irqbypass joydev
input_leds serio_raw parport_pc parport ib_iser rdma_cm iw_cm ib_cm ib_sa
ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi
autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor
async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear crct10dif_pclmul
crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul
glue_helper ablk_helper psmouse cryptd floppy
[ 1395.050761] CPU: 6 PID: 31586 Comm: bash Not tainted 4.4.0-101-generic #124
[ 1395.051909] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
Ubuntu-1.8.2-1ubuntu1 04/01/2014
[ 1395.053510] task: 8800bae9c600 ti: 88042c52c000 task.ti:
88042c52c000
[ 1395.054763] RIP: 0010:[] []
public_key_verify_signature+0x46/0x50
[ 1395.056406] RSP: 0018:88042c52fa98 EFLAGS: 00010246
[ 1395.057307] RAX: 813bdb80 RBX: fff4 RCX:
0001
[ 1395.058518] RDX: 81ea73c0 RSI: 88042c52fac8 RDI:
88042a107c10
[ 1395.059709] RBP: 88042c52faa0 R08: 88042a849100 R09:
0007
[ 1395.061109] R10: 88042a0f9d00 R11: 88042c52fb07 R12:
0080
[ 1395.062289] R13: 88042abd9a80 R14: 0014 R15:
88042a849ac4
[ 1395.063404] FS: 7f5e21958700() GS:88043fd8()
knlGS:
[ 1395.064771] CS: 0010 DS: ES: CR0: 80050033
[ 1395.065809] CR2: 7f5e20f5c3cc CR3: 00042cabc000 CR4:
000406e0
[ 1395.067058] Stack:
[ 1395.067540] 813bdb95 88042c52fab0 813bdaec
88042c52fb38
[ 1395.068964] 813a759e 88042c52fac8
[ 1395.070417] 88042a849ac4 02000114 88042a849100
[ 1395.071973] Call Trace:
[ 1395.072510] [] ? public_key_verify_signature_2+0x15/0x20
[ 1395.073605] [] verify_signature+0x3c/0x50
[ 1395.074526] [] asymmetric_verify+0x17e/0x2a0
[ 1395.075475] [] integrity_digsig_verify+0x70/0x110
[
[Kernel-packages] [Bug 1735977] Re: Using asymmetric key for IMA appraisal crashes the system in Ubuntu 16.04
** Changed in: linux (Ubuntu Xenial)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1735977
Title:
Using asymmetric key for IMA appraisal crashes the system in Ubuntu
16.04
Status in linux package in Ubuntu:
In Progress
Status in linux source package in Xenial:
Fix Committed
Bug description:
== SRU Justification ==
The bug reporter was trying to enable IMA appraisal with signatures for
executable
files on Xenial. However, when enabling IMA appriasl the system would crash
and generate a trace.
This bug is happening because the following commit was applied to Xenial in
bug 1569924:
db6c43bd2132 ("crypto: KEYS: convert public key and digsig asym to the
akcipher api")
However, the following commit is also required or this bug happens:
eb5798f2e28f ("integrity: convert digsig to akcipher api")
== Fix ==
commit eb5798f2e28f3b43091cecc71c84c3f6fb35c7de
Author: Tadeusz Struk
Date: Tue Feb 2 10:08:58 2016 -0800
integrity: convert digsig to akcipher api
== Regression Potential ==
The requested commit is requred to fix an existing regression caused by bug
1569924.
== Test Case ==
A test kernel was built with this patch and tested by the original bug
reporter.
The bug reporter states the test kernel resolved the bug.
== Original Bug Description ==
I'm trying to enable IMA appraisal with signatures for executable files on
xenial with Linux 4.4. I took the following steps:
* Downloaded ubuntu-xenial kernel sources
* Run fakeroot debian/rules editconfigs to set CONFIG_SYSTEM_TRUSTED_KEYS to
my key
* Run fakeroot debian/rules binary-headers binary-generic binary-perarch to
build the kernel deb packaes
* Installed the kernel
* Signed the filesystem with my key using 'evmctl sing'
* Enabled IMA policy so that it will include the following line
appraise fowner=0 appraise_type=imasig
* From this point invocation of a signed binary cases a kernel BUG():
[ 1395.036910] kernel BUG at
/home/rapoport/git/ubuntu-xenial/crypto/asymmetric_keys/public_key.c:80!
[ 1395.038963] invalid opcode: [#1] SMP
[ 1395.039973] Modules linked in: isofs ppdev kvm_intel kvm irqbypass joydev
input_leds serio_raw parport_pc parport ib_iser rdma_cm iw_cm ib_cm ib_sa
ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi
autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor
async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear crct10dif_pclmul
crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul
glue_helper ablk_helper psmouse cryptd floppy
[ 1395.050761] CPU: 6 PID: 31586 Comm: bash Not tainted 4.4.0-101-generic #124
[ 1395.051909] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
Ubuntu-1.8.2-1ubuntu1 04/01/2014
[ 1395.053510] task: 8800bae9c600 ti: 88042c52c000 task.ti:
88042c52c000
[ 1395.054763] RIP: 0010:[] []
public_key_verify_signature+0x46/0x50
[ 1395.056406] RSP: 0018:88042c52fa98 EFLAGS: 00010246
[ 1395.057307] RAX: 813bdb80 RBX: fff4 RCX:
0001
[ 1395.058518] RDX: 81ea73c0 RSI: 88042c52fac8 RDI:
88042a107c10
[ 1395.059709] RBP: 88042c52faa0 R08: 88042a849100 R09:
0007
[ 1395.061109] R10: 88042a0f9d00 R11: 88042c52fb07 R12:
0080
[ 1395.062289] R13: 88042abd9a80 R14: 0014 R15:
88042a849ac4
[ 1395.063404] FS: 7f5e21958700() GS:88043fd8()
knlGS:
[ 1395.064771] CS: 0010 DS: ES: CR0: 80050033
[ 1395.065809] CR2: 7f5e20f5c3cc CR3: 00042cabc000 CR4:
000406e0
[ 1395.067058] Stack:
[ 1395.067540] 813bdb95 88042c52fab0 813bdaec
88042c52fb38
[ 1395.068964] 813a759e 88042c52fac8
[ 1395.070417] 88042a849ac4 02000114 88042a849100
[ 1395.071973] Call Trace:
[ 1395.072510] [] ? public_key_verify_signature_2+0x15/0x20
[ 1395.073605] [] verify_signature+0x3c/0x50
[ 1395.074526] [] asymmetric_verify+0x17e/0x2a0
[ 1395.075475] [] integrity_digsig_verify+0x70/0x110
[ 1395.076481] [] ima_appraise_measurement+0x244/0x420
[ 1395.077518] [] process_measurement+0x3fa/0x480
[ 1395.078479] [] ima_file_check+0x18/0x20
[ 1395.079381] [] path_openat+0x1f3/0x1330
[ 1395.080274] [] ? __slab_free+0xcb/0x2c0
[ 1395.081165] [] do_filp_open+0x91/0x100
[ 1395.082050] [] ? apparmor_cred_prepare+0x2f/0x50
[ 1395.083046] [] ? security_prepare_creds+0x43/0x60
[ 1395.084056] [] do_open_execat+0x78/0x1d0
[ 1395.084952] [] do_execveat_common.isra.33+0x240/0x760
[ 1395.086016] [] SyS_execve+0x3a/0x50
[ 1395.086877] []
[Kernel-packages] [Bug 1735977] Re: Using asymmetric key for IMA appraisal crashes the system in Ubuntu 16.04
SRU request submitted:
https://lists.ubuntu.com/archives/kernel-team/2017-December/088677.html
** Description changed:
+
+ == SRU Justification ==
+ The bug reporter was trying to enable IMA appraisal with signatures for
executable
+ files on Xenial. However, when enabling IMA appriasl the system would crash
+ and generate a trace.
+
+ This bug is happening because the following commit was applied to Xenial in
bug 1569924:
+ db6c43bd2132 ("crypto: KEYS: convert public key and digsig asym to the
akcipher api")
+
+ However, the following commit is also required or this bug happens:
+ eb5798f2e28f ("integrity: convert digsig to akcipher api")
+
+
+ == Fix ==
+ commit eb5798f2e28f3b43091cecc71c84c3f6fb35c7de
+ Author: Tadeusz Struk
+ Date: Tue Feb 2 10:08:58 2016 -0800
+
+ integrity: convert digsig to akcipher api
+
+ == Regression Potential ==
+ The requested commit is requred to fix an existing regression caused by bug
1569924.
+
+ == Test Case ==
+ A test kernel was built with this patch and tested by the original bug
reporter.
+ The bug reporter states the test kernel resolved the bug.
+
+
+
+ == Original Bug Description ==
I'm trying to enable IMA appraisal with signatures for executable files on
xenial with Linux 4.4. I took the following steps:
* Downloaded ubuntu-xenial kernel sources
* Run fakeroot debian/rules editconfigs to set CONFIG_SYSTEM_TRUSTED_KEYS to
my key
* Run fakeroot debian/rules binary-headers binary-generic binary-perarch to
build the kernel deb packaes
* Installed the kernel
* Signed the filesystem with my key using 'evmctl sing'
* Enabled IMA policy so that it will include the following line
- appraise fowner=0 appraise_type=imasig
+ appraise fowner=0 appraise_type=imasig
* From this point invocation of a signed binary cases a kernel BUG():
[ 1395.036910] kernel BUG at
/home/rapoport/git/ubuntu-xenial/crypto/asymmetric_keys/public_key.c:80!
- [ 1395.038963] invalid opcode: [#1] SMP
+ [ 1395.038963] invalid opcode: [#1] SMP
[ 1395.039973] Modules linked in: isofs ppdev kvm_intel kvm irqbypass joydev
input_leds serio_raw parport_pc parport ib_iser rdma_cm iw_cm ib_cm ib_sa
ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi
autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor
async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear crct10dif_pclmul
crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul
glue_helper ablk_helper psmouse cryptd floppy
[ 1395.050761] CPU: 6 PID: 31586 Comm: bash Not tainted 4.4.0-101-generic #124
[ 1395.051909] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
Ubuntu-1.8.2-1ubuntu1 04/01/2014
[ 1395.053510] task: 8800bae9c600 ti: 88042c52c000 task.ti:
88042c52c000
[ 1395.054763] RIP: 0010:[] []
public_key_verify_signature+0x46/0x50
[ 1395.056406] RSP: 0018:88042c52fa98 EFLAGS: 00010246
[ 1395.057307] RAX: 813bdb80 RBX: fff4 RCX:
0001
[ 1395.058518] RDX: 81ea73c0 RSI: 88042c52fac8 RDI:
88042a107c10
[ 1395.059709] RBP: 88042c52faa0 R08: 88042a849100 R09:
0007
[ 1395.061109] R10: 88042a0f9d00 R11: 88042c52fb07 R12:
0080
[ 1395.062289] R13: 88042abd9a80 R14: 0014 R15:
88042a849ac4
[ 1395.063404] FS: 7f5e21958700() GS:88043fd8()
knlGS:
[ 1395.064771] CS: 0010 DS: ES: CR0: 80050033
[ 1395.065809] CR2: 7f5e20f5c3cc CR3: 00042cabc000 CR4:
000406e0
[ 1395.067058] Stack:
[ 1395.067540] 813bdb95 88042c52fab0 813bdaec
88042c52fb38
[ 1395.068964] 813a759e 88042c52fac8
[ 1395.070417] 88042a849ac4 02000114 88042a849100
[ 1395.071973] Call Trace:
[ 1395.072510] [] ? public_key_verify_signature_2+0x15/0x20
[ 1395.073605] [] verify_signature+0x3c/0x50
[ 1395.074526] [] asymmetric_verify+0x17e/0x2a0
[ 1395.075475] [] integrity_digsig_verify+0x70/0x110
[ 1395.076481] [] ima_appraise_measurement+0x244/0x420
[ 1395.077518] [] process_measurement+0x3fa/0x480
[ 1395.078479] [] ima_file_check+0x18/0x20
[ 1395.079381] [] path_openat+0x1f3/0x1330
[ 1395.080274] [] ? __slab_free+0xcb/0x2c0
[ 1395.081165] [] do_filp_open+0x91/0x100
[ 1395.082050] [] ? apparmor_cred_prepare+0x2f/0x50
[ 1395.083046] [] ? security_prepare_creds+0x43/0x60
[ 1395.084056] [] do_open_execat+0x78/0x1d0
[ 1395.084952] [] do_execveat_common.isra.33+0x240/0x760
[ 1395.086016] [] SyS_execve+0x3a/0x50
[ 1395.086877] [] stub_execve+0x5/0x5
[ 1395.087711] [] ? entry_SYSCALL_64_fastpath+0x16/0x71
- [ 1395.088746] Code: 2a 0f b6 57 0c b8 bf ff ff ff 80 fa 01 77 14 48 8b 14 d5
b0 05 a5 81 48 85 d2 74 07 55 48 89 e5 ff d2 5d f3 c3 0f 0b 0f 0b 0f 0b
[Kernel-packages] [Bug 1735977] Re: Using asymmetric key for IMA appraisal crashes the system in Ubuntu 16.04
** Changed in: linux (Ubuntu)
Status: Incomplete => In Progress
** Changed in: linux (Ubuntu Xenial)
Status: Incomplete => In Progress
** Changed in: linux (Ubuntu)
Assignee: (unassigned) => Joseph Salisbury (jsalisbury)
** Changed in: linux (Ubuntu Xenial)
Assignee: (unassigned) => Joseph Salisbury (jsalisbury)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1735977
Title:
Using asymmetric key for IMA appraisal crashes the system in Ubuntu
16.04
Status in linux package in Ubuntu:
In Progress
Status in linux source package in Xenial:
In Progress
Bug description:
I'm trying to enable IMA appraisal with signatures for executable files on
xenial with Linux 4.4. I took the following steps:
* Downloaded ubuntu-xenial kernel sources
* Run fakeroot debian/rules editconfigs to set CONFIG_SYSTEM_TRUSTED_KEYS to
my key
* Run fakeroot debian/rules binary-headers binary-generic binary-perarch to
build the kernel deb packaes
* Installed the kernel
* Signed the filesystem with my key using 'evmctl sing'
* Enabled IMA policy so that it will include the following line
appraise fowner=0 appraise_type=imasig
* From this point invocation of a signed binary cases a kernel BUG():
[ 1395.036910] kernel BUG at
/home/rapoport/git/ubuntu-xenial/crypto/asymmetric_keys/public_key.c:80!
[ 1395.038963] invalid opcode: [#1] SMP
[ 1395.039973] Modules linked in: isofs ppdev kvm_intel kvm irqbypass joydev
input_leds serio_raw parport_pc parport ib_iser rdma_cm iw_cm ib_cm ib_sa
ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi
autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor
async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear crct10dif_pclmul
crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul
glue_helper ablk_helper psmouse cryptd floppy
[ 1395.050761] CPU: 6 PID: 31586 Comm: bash Not tainted 4.4.0-101-generic #124
[ 1395.051909] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
Ubuntu-1.8.2-1ubuntu1 04/01/2014
[ 1395.053510] task: 8800bae9c600 ti: 88042c52c000 task.ti:
88042c52c000
[ 1395.054763] RIP: 0010:[] []
public_key_verify_signature+0x46/0x50
[ 1395.056406] RSP: 0018:88042c52fa98 EFLAGS: 00010246
[ 1395.057307] RAX: 813bdb80 RBX: fff4 RCX:
0001
[ 1395.058518] RDX: 81ea73c0 RSI: 88042c52fac8 RDI:
88042a107c10
[ 1395.059709] RBP: 88042c52faa0 R08: 88042a849100 R09:
0007
[ 1395.061109] R10: 88042a0f9d00 R11: 88042c52fb07 R12:
0080
[ 1395.062289] R13: 88042abd9a80 R14: 0014 R15:
88042a849ac4
[ 1395.063404] FS: 7f5e21958700() GS:88043fd8()
knlGS:
[ 1395.064771] CS: 0010 DS: ES: CR0: 80050033
[ 1395.065809] CR2: 7f5e20f5c3cc CR3: 00042cabc000 CR4:
000406e0
[ 1395.067058] Stack:
[ 1395.067540] 813bdb95 88042c52fab0 813bdaec
88042c52fb38
[ 1395.068964] 813a759e 88042c52fac8
[ 1395.070417] 88042a849ac4 02000114 88042a849100
[ 1395.071973] Call Trace:
[ 1395.072510] [] ? public_key_verify_signature_2+0x15/0x20
[ 1395.073605] [] verify_signature+0x3c/0x50
[ 1395.074526] [] asymmetric_verify+0x17e/0x2a0
[ 1395.075475] [] integrity_digsig_verify+0x70/0x110
[ 1395.076481] [] ima_appraise_measurement+0x244/0x420
[ 1395.077518] [] process_measurement+0x3fa/0x480
[ 1395.078479] [] ima_file_check+0x18/0x20
[ 1395.079381] [] path_openat+0x1f3/0x1330
[ 1395.080274] [] ? __slab_free+0xcb/0x2c0
[ 1395.081165] [] do_filp_open+0x91/0x100
[ 1395.082050] [] ? apparmor_cred_prepare+0x2f/0x50
[ 1395.083046] [] ? security_prepare_creds+0x43/0x60
[ 1395.084056] [] do_open_execat+0x78/0x1d0
[ 1395.084952] [] do_execveat_common.isra.33+0x240/0x760
[ 1395.086016] [] SyS_execve+0x3a/0x50
[ 1395.086877] [] stub_execve+0x5/0x5
[ 1395.087711] [] ? entry_SYSCALL_64_fastpath+0x16/0x71
[ 1395.088746] Code: 2a 0f b6 57 0c b8 bf ff ff ff 80 fa 01 77 14 48 8b 14 d5
b0 05 a5 81 48 85 d2 74 07 55 48 89 e5 ff d2 5d f3 c3 0f 0b 0f 0b 0f 0b <0f> 0b
0f 1f 84 00 00 00 00 00 66 66 66 66 90 55 48 8b bf a0 00
[ 1395.093215] RIP [] public_key_verify_signature+0x46/0x50
[ 1395.094322] RSP
[ 1395.095364] ---[ end trace 7ee330317745ad36 ]---
I did some checks and it appears that upstream commit db6c43bd2132 ("crypto:
KEYS: convert public key and digsig asym to the akcipher api") has changed
public keys APIs, but the IMA usage of that API was fixed only by commit
eb5798f2e28f ("integrity: convert digsig to akcipher api")
---
AlsaDevices:
total 0
crw-rw 1 root audio 116, 1 Dec
[Kernel-packages] [Bug 1735977] Re: Using asymmetric key for IMA appraisal crashes the system in Ubuntu 16.04
Yes, with cherry-picked commit eb5798f2e28f ("integrity: convert digsig to
akcipher api") all works as expected.
Thanks!
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1735977
Title:
Using asymmetric key for IMA appraisal crashes the system in Ubuntu
16.04
Status in linux package in Ubuntu:
Incomplete
Status in linux source package in Xenial:
Incomplete
Bug description:
I'm trying to enable IMA appraisal with signatures for executable files on
xenial with Linux 4.4. I took the following steps:
* Downloaded ubuntu-xenial kernel sources
* Run fakeroot debian/rules editconfigs to set CONFIG_SYSTEM_TRUSTED_KEYS to
my key
* Run fakeroot debian/rules binary-headers binary-generic binary-perarch to
build the kernel deb packaes
* Installed the kernel
* Signed the filesystem with my key using 'evmctl sing'
* Enabled IMA policy so that it will include the following line
appraise fowner=0 appraise_type=imasig
* From this point invocation of a signed binary cases a kernel BUG():
[ 1395.036910] kernel BUG at
/home/rapoport/git/ubuntu-xenial/crypto/asymmetric_keys/public_key.c:80!
[ 1395.038963] invalid opcode: [#1] SMP
[ 1395.039973] Modules linked in: isofs ppdev kvm_intel kvm irqbypass joydev
input_leds serio_raw parport_pc parport ib_iser rdma_cm iw_cm ib_cm ib_sa
ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi
autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor
async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear crct10dif_pclmul
crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul
glue_helper ablk_helper psmouse cryptd floppy
[ 1395.050761] CPU: 6 PID: 31586 Comm: bash Not tainted 4.4.0-101-generic #124
[ 1395.051909] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
Ubuntu-1.8.2-1ubuntu1 04/01/2014
[ 1395.053510] task: 8800bae9c600 ti: 88042c52c000 task.ti:
88042c52c000
[ 1395.054763] RIP: 0010:[] []
public_key_verify_signature+0x46/0x50
[ 1395.056406] RSP: 0018:88042c52fa98 EFLAGS: 00010246
[ 1395.057307] RAX: 813bdb80 RBX: fff4 RCX:
0001
[ 1395.058518] RDX: 81ea73c0 RSI: 88042c52fac8 RDI:
88042a107c10
[ 1395.059709] RBP: 88042c52faa0 R08: 88042a849100 R09:
0007
[ 1395.061109] R10: 88042a0f9d00 R11: 88042c52fb07 R12:
0080
[ 1395.062289] R13: 88042abd9a80 R14: 0014 R15:
88042a849ac4
[ 1395.063404] FS: 7f5e21958700() GS:88043fd8()
knlGS:
[ 1395.064771] CS: 0010 DS: ES: CR0: 80050033
[ 1395.065809] CR2: 7f5e20f5c3cc CR3: 00042cabc000 CR4:
000406e0
[ 1395.067058] Stack:
[ 1395.067540] 813bdb95 88042c52fab0 813bdaec
88042c52fb38
[ 1395.068964] 813a759e 88042c52fac8
[ 1395.070417] 88042a849ac4 02000114 88042a849100
[ 1395.071973] Call Trace:
[ 1395.072510] [] ? public_key_verify_signature_2+0x15/0x20
[ 1395.073605] [] verify_signature+0x3c/0x50
[ 1395.074526] [] asymmetric_verify+0x17e/0x2a0
[ 1395.075475] [] integrity_digsig_verify+0x70/0x110
[ 1395.076481] [] ima_appraise_measurement+0x244/0x420
[ 1395.077518] [] process_measurement+0x3fa/0x480
[ 1395.078479] [] ima_file_check+0x18/0x20
[ 1395.079381] [] path_openat+0x1f3/0x1330
[ 1395.080274] [] ? __slab_free+0xcb/0x2c0
[ 1395.081165] [] do_filp_open+0x91/0x100
[ 1395.082050] [] ? apparmor_cred_prepare+0x2f/0x50
[ 1395.083046] [] ? security_prepare_creds+0x43/0x60
[ 1395.084056] [] do_open_execat+0x78/0x1d0
[ 1395.084952] [] do_execveat_common.isra.33+0x240/0x760
[ 1395.086016] [] SyS_execve+0x3a/0x50
[ 1395.086877] [] stub_execve+0x5/0x5
[ 1395.087711] [] ? entry_SYSCALL_64_fastpath+0x16/0x71
[ 1395.088746] Code: 2a 0f b6 57 0c b8 bf ff ff ff 80 fa 01 77 14 48 8b 14 d5
b0 05 a5 81 48 85 d2 74 07 55 48 89 e5 ff d2 5d f3 c3 0f 0b 0f 0b 0f 0b <0f> 0b
0f 1f 84 00 00 00 00 00 66 66 66 66 90 55 48 8b bf a0 00
[ 1395.093215] RIP [] public_key_verify_signature+0x46/0x50
[ 1395.094322] RSP
[ 1395.095364] ---[ end trace 7ee330317745ad36 ]---
I did some checks and it appears that upstream commit db6c43bd2132 ("crypto:
KEYS: convert public key and digsig asym to the akcipher api") has changed
public keys APIs, but the IMA usage of that API was fixed only by commit
eb5798f2e28f ("integrity: convert digsig to akcipher api")
---
AlsaDevices:
total 0
crw-rw 1 root audio 116, 1 Dec 3 09:36 seq
crw-rw 1 root audio 116, 33 Dec 3 09:36 timer
AplayDevices: Error: [Errno 2] No such file or directory
ApportVersion: 2.20.1-0ubuntu2.13
Architecture: amd64
ArecordDevices: Error: [Errno 2] No
[Kernel-packages] [Bug 1735977] Re: Using asymmetric key for IMA appraisal crashes the system in Ubuntu 16.04
I created a Xenial source tree with a pick of commit:
eb5798f2e28f ("integrity: convert digsig to akcipher api")
The tree can be downloaded from:
http://kernel.ubuntu.com/~jsalisbury/lp1735977/
Can you retry your steps with this tree and see if it resolves this bug?
If it does, we can SRU that commit to Xenial.
Thanks in advance!
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1735977
Title:
Using asymmetric key for IMA appraisal crashes the system in Ubuntu
16.04
Status in linux package in Ubuntu:
Incomplete
Status in linux source package in Xenial:
Incomplete
Bug description:
I'm trying to enable IMA appraisal with signatures for executable files on
xenial with Linux 4.4. I took the following steps:
* Downloaded ubuntu-xenial kernel sources
* Run fakeroot debian/rules editconfigs to set CONFIG_SYSTEM_TRUSTED_KEYS to
my key
* Run fakeroot debian/rules binary-headers binary-generic binary-perarch to
build the kernel deb packaes
* Installed the kernel
* Signed the filesystem with my key using 'evmctl sing'
* Enabled IMA policy so that it will include the following line
appraise fowner=0 appraise_type=imasig
* From this point invocation of a signed binary cases a kernel BUG():
[ 1395.036910] kernel BUG at
/home/rapoport/git/ubuntu-xenial/crypto/asymmetric_keys/public_key.c:80!
[ 1395.038963] invalid opcode: [#1] SMP
[ 1395.039973] Modules linked in: isofs ppdev kvm_intel kvm irqbypass joydev
input_leds serio_raw parport_pc parport ib_iser rdma_cm iw_cm ib_cm ib_sa
ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi
autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor
async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear crct10dif_pclmul
crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul
glue_helper ablk_helper psmouse cryptd floppy
[ 1395.050761] CPU: 6 PID: 31586 Comm: bash Not tainted 4.4.0-101-generic #124
[ 1395.051909] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
Ubuntu-1.8.2-1ubuntu1 04/01/2014
[ 1395.053510] task: 8800bae9c600 ti: 88042c52c000 task.ti:
88042c52c000
[ 1395.054763] RIP: 0010:[] []
public_key_verify_signature+0x46/0x50
[ 1395.056406] RSP: 0018:88042c52fa98 EFLAGS: 00010246
[ 1395.057307] RAX: 813bdb80 RBX: fff4 RCX:
0001
[ 1395.058518] RDX: 81ea73c0 RSI: 88042c52fac8 RDI:
88042a107c10
[ 1395.059709] RBP: 88042c52faa0 R08: 88042a849100 R09:
0007
[ 1395.061109] R10: 88042a0f9d00 R11: 88042c52fb07 R12:
0080
[ 1395.062289] R13: 88042abd9a80 R14: 0014 R15:
88042a849ac4
[ 1395.063404] FS: 7f5e21958700() GS:88043fd8()
knlGS:
[ 1395.064771] CS: 0010 DS: ES: CR0: 80050033
[ 1395.065809] CR2: 7f5e20f5c3cc CR3: 00042cabc000 CR4:
000406e0
[ 1395.067058] Stack:
[ 1395.067540] 813bdb95 88042c52fab0 813bdaec
88042c52fb38
[ 1395.068964] 813a759e 88042c52fac8
[ 1395.070417] 88042a849ac4 02000114 88042a849100
[ 1395.071973] Call Trace:
[ 1395.072510] [] ? public_key_verify_signature_2+0x15/0x20
[ 1395.073605] [] verify_signature+0x3c/0x50
[ 1395.074526] [] asymmetric_verify+0x17e/0x2a0
[ 1395.075475] [] integrity_digsig_verify+0x70/0x110
[ 1395.076481] [] ima_appraise_measurement+0x244/0x420
[ 1395.077518] [] process_measurement+0x3fa/0x480
[ 1395.078479] [] ima_file_check+0x18/0x20
[ 1395.079381] [] path_openat+0x1f3/0x1330
[ 1395.080274] [] ? __slab_free+0xcb/0x2c0
[ 1395.081165] [] do_filp_open+0x91/0x100
[ 1395.082050] [] ? apparmor_cred_prepare+0x2f/0x50
[ 1395.083046] [] ? security_prepare_creds+0x43/0x60
[ 1395.084056] [] do_open_execat+0x78/0x1d0
[ 1395.084952] [] do_execveat_common.isra.33+0x240/0x760
[ 1395.086016] [] SyS_execve+0x3a/0x50
[ 1395.086877] [] stub_execve+0x5/0x5
[ 1395.087711] [] ? entry_SYSCALL_64_fastpath+0x16/0x71
[ 1395.088746] Code: 2a 0f b6 57 0c b8 bf ff ff ff 80 fa 01 77 14 48 8b 14 d5
b0 05 a5 81 48 85 d2 74 07 55 48 89 e5 ff d2 5d f3 c3 0f 0b 0f 0b 0f 0b <0f> 0b
0f 1f 84 00 00 00 00 00 66 66 66 66 90 55 48 8b bf a0 00
[ 1395.093215] RIP [] public_key_verify_signature+0x46/0x50
[ 1395.094322] RSP
[ 1395.095364] ---[ end trace 7ee330317745ad36 ]---
I did some checks and it appears that upstream commit db6c43bd2132 ("crypto:
KEYS: convert public key and digsig asym to the akcipher api") has changed
public keys APIs, but the IMA usage of that API was fixed only by commit
eb5798f2e28f ("integrity: convert digsig to akcipher api")
---
AlsaDevices:
total 0
crw-rw 1 root audio 116, 1 Dec 3 09:36
[Kernel-packages] [Bug 1735977] Re: Using asymmetric key for IMA appraisal crashes the system in Ubuntu 16.04
** Changed in: linux (Ubuntu)
Importance: Undecided => Medium
** Also affects: linux (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Xenial)
Status: New => Incomplete
** Changed in: linux (Ubuntu)
Status: Confirmed => Incomplete
** Changed in: linux (Ubuntu Xenial)
Importance: Undecided => Medium
** Tags added: kernel-da-key
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1735977
Title:
Using asymmetric key for IMA appraisal crashes the system in Ubuntu
16.04
Status in linux package in Ubuntu:
Incomplete
Status in linux source package in Xenial:
Incomplete
Bug description:
I'm trying to enable IMA appraisal with signatures for executable files on
xenial with Linux 4.4. I took the following steps:
* Downloaded ubuntu-xenial kernel sources
* Run fakeroot debian/rules editconfigs to set CONFIG_SYSTEM_TRUSTED_KEYS to
my key
* Run fakeroot debian/rules binary-headers binary-generic binary-perarch to
build the kernel deb packaes
* Installed the kernel
* Signed the filesystem with my key using 'evmctl sing'
* Enabled IMA policy so that it will include the following line
appraise fowner=0 appraise_type=imasig
* From this point invocation of a signed binary cases a kernel BUG():
[ 1395.036910] kernel BUG at
/home/rapoport/git/ubuntu-xenial/crypto/asymmetric_keys/public_key.c:80!
[ 1395.038963] invalid opcode: [#1] SMP
[ 1395.039973] Modules linked in: isofs ppdev kvm_intel kvm irqbypass joydev
input_leds serio_raw parport_pc parport ib_iser rdma_cm iw_cm ib_cm ib_sa
ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi
autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor
async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear crct10dif_pclmul
crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul
glue_helper ablk_helper psmouse cryptd floppy
[ 1395.050761] CPU: 6 PID: 31586 Comm: bash Not tainted 4.4.0-101-generic #124
[ 1395.051909] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
Ubuntu-1.8.2-1ubuntu1 04/01/2014
[ 1395.053510] task: 8800bae9c600 ti: 88042c52c000 task.ti:
88042c52c000
[ 1395.054763] RIP: 0010:[] []
public_key_verify_signature+0x46/0x50
[ 1395.056406] RSP: 0018:88042c52fa98 EFLAGS: 00010246
[ 1395.057307] RAX: 813bdb80 RBX: fff4 RCX:
0001
[ 1395.058518] RDX: 81ea73c0 RSI: 88042c52fac8 RDI:
88042a107c10
[ 1395.059709] RBP: 88042c52faa0 R08: 88042a849100 R09:
0007
[ 1395.061109] R10: 88042a0f9d00 R11: 88042c52fb07 R12:
0080
[ 1395.062289] R13: 88042abd9a80 R14: 0014 R15:
88042a849ac4
[ 1395.063404] FS: 7f5e21958700() GS:88043fd8()
knlGS:
[ 1395.064771] CS: 0010 DS: ES: CR0: 80050033
[ 1395.065809] CR2: 7f5e20f5c3cc CR3: 00042cabc000 CR4:
000406e0
[ 1395.067058] Stack:
[ 1395.067540] 813bdb95 88042c52fab0 813bdaec
88042c52fb38
[ 1395.068964] 813a759e 88042c52fac8
[ 1395.070417] 88042a849ac4 02000114 88042a849100
[ 1395.071973] Call Trace:
[ 1395.072510] [] ? public_key_verify_signature_2+0x15/0x20
[ 1395.073605] [] verify_signature+0x3c/0x50
[ 1395.074526] [] asymmetric_verify+0x17e/0x2a0
[ 1395.075475] [] integrity_digsig_verify+0x70/0x110
[ 1395.076481] [] ima_appraise_measurement+0x244/0x420
[ 1395.077518] [] process_measurement+0x3fa/0x480
[ 1395.078479] [] ima_file_check+0x18/0x20
[ 1395.079381] [] path_openat+0x1f3/0x1330
[ 1395.080274] [] ? __slab_free+0xcb/0x2c0
[ 1395.081165] [] do_filp_open+0x91/0x100
[ 1395.082050] [] ? apparmor_cred_prepare+0x2f/0x50
[ 1395.083046] [] ? security_prepare_creds+0x43/0x60
[ 1395.084056] [] do_open_execat+0x78/0x1d0
[ 1395.084952] [] do_execveat_common.isra.33+0x240/0x760
[ 1395.086016] [] SyS_execve+0x3a/0x50
[ 1395.086877] [] stub_execve+0x5/0x5
[ 1395.087711] [] ? entry_SYSCALL_64_fastpath+0x16/0x71
[ 1395.088746] Code: 2a 0f b6 57 0c b8 bf ff ff ff 80 fa 01 77 14 48 8b 14 d5
b0 05 a5 81 48 85 d2 74 07 55 48 89 e5 ff d2 5d f3 c3 0f 0b 0f 0b 0f 0b <0f> 0b
0f 1f 84 00 00 00 00 00 66 66 66 66 90 55 48 8b bf a0 00
[ 1395.093215] RIP [] public_key_verify_signature+0x46/0x50
[ 1395.094322] RSP
[ 1395.095364] ---[ end trace 7ee330317745ad36 ]---
I did some checks and it appears that upstream commit db6c43bd2132 ("crypto:
KEYS: convert public key and digsig asym to the akcipher api") has changed
public keys APIs, but the IMA usage of that API was fixed only by commit
eb5798f2e28f ("integrity: convert digsig to akcipher api")
---
AlsaDevices:
[Kernel-packages] [Bug 1735977] Re: Using asymmetric key for IMA appraisal crashes the system in Ubuntu 16.04
** Changed in: linux (Ubuntu)
Status: Incomplete => Confirmed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1735977
Title:
Using asymmetric key for IMA appraisal crashes the system in Ubuntu
16.04
Status in linux package in Ubuntu:
Confirmed
Bug description:
I'm trying to enable IMA appraisal with signatures for executable files on
xenial with Linux 4.4. I took the following steps:
* Downloaded ubuntu-xenial kernel sources
* Run fakeroot debian/rules editconfigs to set CONFIG_SYSTEM_TRUSTED_KEYS to
my key
* Run fakeroot debian/rules binary-headers binary-generic binary-perarch to
build the kernel deb packaes
* Installed the kernel
* Signed the filesystem with my key using 'evmctl sing'
* Enabled IMA policy so that it will include the following line
appraise fowner=0 appraise_type=imasig
* From this point invocation of a signed binary cases a kernel BUG():
[ 1395.036910] kernel BUG at
/home/rapoport/git/ubuntu-xenial/crypto/asymmetric_keys/public_key.c:80!
[ 1395.038963] invalid opcode: [#1] SMP
[ 1395.039973] Modules linked in: isofs ppdev kvm_intel kvm irqbypass joydev
input_leds serio_raw parport_pc parport ib_iser rdma_cm iw_cm ib_cm ib_sa
ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi
autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor
async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear crct10dif_pclmul
crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul
glue_helper ablk_helper psmouse cryptd floppy
[ 1395.050761] CPU: 6 PID: 31586 Comm: bash Not tainted 4.4.0-101-generic #124
[ 1395.051909] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
Ubuntu-1.8.2-1ubuntu1 04/01/2014
[ 1395.053510] task: 8800bae9c600 ti: 88042c52c000 task.ti:
88042c52c000
[ 1395.054763] RIP: 0010:[] []
public_key_verify_signature+0x46/0x50
[ 1395.056406] RSP: 0018:88042c52fa98 EFLAGS: 00010246
[ 1395.057307] RAX: 813bdb80 RBX: fff4 RCX:
0001
[ 1395.058518] RDX: 81ea73c0 RSI: 88042c52fac8 RDI:
88042a107c10
[ 1395.059709] RBP: 88042c52faa0 R08: 88042a849100 R09:
0007
[ 1395.061109] R10: 88042a0f9d00 R11: 88042c52fb07 R12:
0080
[ 1395.062289] R13: 88042abd9a80 R14: 0014 R15:
88042a849ac4
[ 1395.063404] FS: 7f5e21958700() GS:88043fd8()
knlGS:
[ 1395.064771] CS: 0010 DS: ES: CR0: 80050033
[ 1395.065809] CR2: 7f5e20f5c3cc CR3: 00042cabc000 CR4:
000406e0
[ 1395.067058] Stack:
[ 1395.067540] 813bdb95 88042c52fab0 813bdaec
88042c52fb38
[ 1395.068964] 813a759e 88042c52fac8
[ 1395.070417] 88042a849ac4 02000114 88042a849100
[ 1395.071973] Call Trace:
[ 1395.072510] [] ? public_key_verify_signature_2+0x15/0x20
[ 1395.073605] [] verify_signature+0x3c/0x50
[ 1395.074526] [] asymmetric_verify+0x17e/0x2a0
[ 1395.075475] [] integrity_digsig_verify+0x70/0x110
[ 1395.076481] [] ima_appraise_measurement+0x244/0x420
[ 1395.077518] [] process_measurement+0x3fa/0x480
[ 1395.078479] [] ima_file_check+0x18/0x20
[ 1395.079381] [] path_openat+0x1f3/0x1330
[ 1395.080274] [] ? __slab_free+0xcb/0x2c0
[ 1395.081165] [] do_filp_open+0x91/0x100
[ 1395.082050] [] ? apparmor_cred_prepare+0x2f/0x50
[ 1395.083046] [] ? security_prepare_creds+0x43/0x60
[ 1395.084056] [] do_open_execat+0x78/0x1d0
[ 1395.084952] [] do_execveat_common.isra.33+0x240/0x760
[ 1395.086016] [] SyS_execve+0x3a/0x50
[ 1395.086877] [] stub_execve+0x5/0x5
[ 1395.087711] [] ? entry_SYSCALL_64_fastpath+0x16/0x71
[ 1395.088746] Code: 2a 0f b6 57 0c b8 bf ff ff ff 80 fa 01 77 14 48 8b 14 d5
b0 05 a5 81 48 85 d2 74 07 55 48 89 e5 ff d2 5d f3 c3 0f 0b 0f 0b 0f 0b <0f> 0b
0f 1f 84 00 00 00 00 00 66 66 66 66 90 55 48 8b bf a0 00
[ 1395.093215] RIP [] public_key_verify_signature+0x46/0x50
[ 1395.094322] RSP
[ 1395.095364] ---[ end trace 7ee330317745ad36 ]---
I did some checks and it appears that upstream commit db6c43bd2132 ("crypto:
KEYS: convert public key and digsig asym to the akcipher api") has changed
public keys APIs, but the IMA usage of that API was fixed only by commit
eb5798f2e28f ("integrity: convert digsig to akcipher api")
---
AlsaDevices:
total 0
crw-rw 1 root audio 116, 1 Dec 3 09:36 seq
crw-rw 1 root audio 116, 33 Dec 3 09:36 timer
AplayDevices: Error: [Errno 2] No such file or directory
ApportVersion: 2.20.1-0ubuntu2.13
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq',
[Kernel-packages] [Bug 1735977] Re: Using asymmetric key for IMA appraisal crashes the system in Ubuntu 16.04
apport information
** Tags added: apport-collected uec-images
** Description changed:
I'm trying to enable IMA appraisal with signatures for executable files on
xenial with Linux 4.4. I took the following steps:
* Downloaded ubuntu-xenial kernel sources
* Run fakeroot debian/rules editconfigs to set CONFIG_SYSTEM_TRUSTED_KEYS to
my key
* Run fakeroot debian/rules binary-headers binary-generic binary-perarch to
build the kernel deb packaes
* Installed the kernel
* Signed the filesystem with my key using 'evmctl sing'
* Enabled IMA policy so that it will include the following line
appraise fowner=0 appraise_type=imasig
* From this point invocation of a signed binary cases a kernel BUG():
[ 1395.036910] kernel BUG at
/home/rapoport/git/ubuntu-xenial/crypto/asymmetric_keys/public_key.c:80!
[ 1395.038963] invalid opcode: [#1] SMP
[ 1395.039973] Modules linked in: isofs ppdev kvm_intel kvm irqbypass joydev
input_leds serio_raw parport_pc parport ib_iser rdma_cm iw_cm ib_cm ib_sa
ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi
autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor
async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear crct10dif_pclmul
crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul
glue_helper ablk_helper psmouse cryptd floppy
[ 1395.050761] CPU: 6 PID: 31586 Comm: bash Not tainted 4.4.0-101-generic #124
[ 1395.051909] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
Ubuntu-1.8.2-1ubuntu1 04/01/2014
[ 1395.053510] task: 8800bae9c600 ti: 88042c52c000 task.ti:
88042c52c000
[ 1395.054763] RIP: 0010:[] []
public_key_verify_signature+0x46/0x50
[ 1395.056406] RSP: 0018:88042c52fa98 EFLAGS: 00010246
[ 1395.057307] RAX: 813bdb80 RBX: fff4 RCX:
0001
[ 1395.058518] RDX: 81ea73c0 RSI: 88042c52fac8 RDI:
88042a107c10
[ 1395.059709] RBP: 88042c52faa0 R08: 88042a849100 R09:
0007
[ 1395.061109] R10: 88042a0f9d00 R11: 88042c52fb07 R12:
0080
[ 1395.062289] R13: 88042abd9a80 R14: 0014 R15:
88042a849ac4
[ 1395.063404] FS: 7f5e21958700() GS:88043fd8()
knlGS:
[ 1395.064771] CS: 0010 DS: ES: CR0: 80050033
[ 1395.065809] CR2: 7f5e20f5c3cc CR3: 00042cabc000 CR4:
000406e0
[ 1395.067058] Stack:
[ 1395.067540] 813bdb95 88042c52fab0 813bdaec
88042c52fb38
[ 1395.068964] 813a759e 88042c52fac8
[ 1395.070417] 88042a849ac4 02000114 88042a849100
[ 1395.071973] Call Trace:
[ 1395.072510] [] ? public_key_verify_signature_2+0x15/0x20
[ 1395.073605] [] verify_signature+0x3c/0x50
[ 1395.074526] [] asymmetric_verify+0x17e/0x2a0
[ 1395.075475] [] integrity_digsig_verify+0x70/0x110
[ 1395.076481] [] ima_appraise_measurement+0x244/0x420
[ 1395.077518] [] process_measurement+0x3fa/0x480
[ 1395.078479] [] ima_file_check+0x18/0x20
[ 1395.079381] [] path_openat+0x1f3/0x1330
[ 1395.080274] [] ? __slab_free+0xcb/0x2c0
[ 1395.081165] [] do_filp_open+0x91/0x100
[ 1395.082050] [] ? apparmor_cred_prepare+0x2f/0x50
[ 1395.083046] [] ? security_prepare_creds+0x43/0x60
[ 1395.084056] [] do_open_execat+0x78/0x1d0
[ 1395.084952] [] do_execveat_common.isra.33+0x240/0x760
[ 1395.086016] [] SyS_execve+0x3a/0x50
[ 1395.086877] [] stub_execve+0x5/0x5
[ 1395.087711] [] ? entry_SYSCALL_64_fastpath+0x16/0x71
[ 1395.088746] Code: 2a 0f b6 57 0c b8 bf ff ff ff 80 fa 01 77 14 48 8b 14 d5
b0 05 a5 81 48 85 d2 74 07 55 48 89 e5 ff d2 5d f3 c3 0f 0b 0f 0b 0f 0b <0f> 0b
0f 1f 84 00 00 00 00 00 66 66 66 66 90 55 48 8b bf a0 00
[ 1395.093215] RIP [] public_key_verify_signature+0x46/0x50
[ 1395.094322] RSP
[ 1395.095364] ---[ end trace 7ee330317745ad36 ]---
- I did some checks and it appears that upstream commit db6c43bd2132
- ("crypto: KEYS: convert public key and digsig asym to the akcipher api")
- has changed public keys APIs, but the IMA usage of that API was fixed
- only by commit eb5798f2e28f ("integrity: convert digsig to akcipher
- api")
+ I did some checks and it appears that upstream commit db6c43bd2132 ("crypto:
KEYS: convert public key and digsig asym to the akcipher api") has changed
public keys APIs, but the IMA usage of that API was fixed only by commit
eb5798f2e28f ("integrity: convert digsig to akcipher api")
+ ---
+ AlsaDevices:
+ total 0
+ crw-rw 1 root audio 116, 1 Dec 3 09:36 seq
+ crw-rw 1 root audio 116, 33 Dec 3 09:36 timer
+ AplayDevices: Error: [Errno 2] No such file or directory
+ ApportVersion: 2.20.1-0ubuntu2.13
+ Architecture: amd64
+ ArecordDevices: Error: [Errno 2] No such file or directory
+ AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq',
