[Bug 2059340] Re: crash in libsofthsm2 on armhf after time_t transition
I have encountered a similar problem when running test case of ima-evm- utils with softhsm used as engine on Ubuntu 24.04 (Noble). In this case I am also crashing in pkcs11_slot_unref when this line here is called: CRYPTOKI_call(slot->ctx, C_CloseAllSessions(slot->id)); https://github.com/OpenSC/libp11/blob/libp11-0.4.12/src/p11_slot.c#L433 ima-evm-utils: https://github.com/mimizohar/ima-evm-utils-test/ The evmctl utility has left main() when the crash occurs. So this function is called via some OpenSSL destructor code path. When OPENSSL_cleanup() is called before main() exits then this crash does NOT occur. When single stepping through the crash then it seems that C_CloseAllSessions() does not get called anymore but the crash occurs when it seems like it was trying to call this function. 0x77fb3530 <+96>:call 0x77fae110 0x77fb3535 <+101>: mov0x98(%rbx),%rdi 0x77fb353c <+108>: mov$0x1af,%edx 0x77fb3541 <+113>: mov%r13,%rsi 0x77fb3544 <+116>: call 0x77fadea0 => 0x77fb3549 <+121>: mov0x8(%rbx),%rax 0x77fb354d <+125>: mov0x70(%rbx),%rdi 0x77fb3551 <+129>: mov(%rax),%rax 0x77fb3554 <+132>: call *0x78(%rax) <- crash occurs here 0x77fb3557 <+135>: mov0x78(%rbx),%rdi Notes: - When SoftHSM is used in a test case via an OpenSSL provider, this same crash does NOT occur. - The same test passes on Fedora (latest) when using SoftHSM either via engine or provider interfaces. - Another problem is that I cannot use OPENSSL_cleanup before main() exit since tests on AltLinux and Debian end up failing then for some unknown reason. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059340 Title: crash in libsofthsm2 on armhf after time_t transition To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/softhsm2/+bug/2059340/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1802133] [NEW] Do not start tcsd when a TPM 2.0 is on the system
Public bug reported: When a TPM 2.0 is on the system, do not try to start tcsd and have it report failures due to it talking to a TPM 2.0 rather than a TPM 1.2. The following bash script lets one detect a TPM 1.2 on the system: function is_tpm12() { exec 100<>/dev/tpm0 /usr/bin/echo -en '\x00\xc1\x00\x00\x00\x0a\x00\x00\x00\xf1' >&100 res=$(od -t x1 -An <&100) exec 100>&- [ "${res:0:6}" == " 00 c4" ] && return 0 return 1 } if ! is_tpm12; then echo "Not a TPM 1.2" fi Please incorporate the above script into the post installation script of trousers. The reported failures may otherwise look as follows: invoke-rc.d: initscript trousers, action "start" failed. ? trousers.service - LSB: starts tcsd Loaded: loaded (/etc/init.d/trousers; generated) Active: failed (Result: exit-code) since Wed 2018-11-07 14:41:14 UTC; 6ms ago Docs: man:systemd-sysv-generator(8) Process: 690 ExecStart=/etc/init.d/trousers start (code=exited, status=137) Starting LSB: starts tcsd... * Starting Trusted Computing daemon tcsd /etc/init.d/trousers: 32: [: /dev/tpm0: unexpected operator ...fail! trousers.service: Control process exited, code=exited status=137 trousers.service: Failed with result 'exit-code'. Failed to start LSB: starts tcsd. dpkg: error processing package trousers (--configure): installed trousers package post-installation script subprocess returned error exit status 1 dpkg: dependency problems prevent configuration of tpm-tools: tpm-tools depends on trousers; however: Package trousers is not configured yet. dpkg: error processing package tpm-tools (--configure): dependency problems - leaving unconfigured No apport report written because the error message indicates its a followup error from a previous failure. Errors were encountered while processing: trousers tpm-tools This patch will also help users of the 'swtpm' project to use a virtual TPM on the system where tcsd is needed if a TPM 1.2 is to be virtualized. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: trousers 0.3.13-4 ProcVersionSignature: Ubuntu 4.4.0-96.119-generic 4.4.83 Uname: Linux 4.4.0-96-generic x86_64 NonfreeKernelModules: falcon_lsm_serviceable falcon_nf_netcontain falcon_lsm_pinned_6101 falcon_lsm_pinned_5704 falcon_lsm_pinned_5607 ApportVersion: 2.20.1-0ubuntu2.15 Architecture: amd64 Date: Wed Nov 7 11:04:44 2018 InstallationDate: Installed on 2016-10-11 (756 days ago) InstallationMedia: Ubuntu 16.04.1 LTS "Xenial Xerus" - Release amd64 (20160719) ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: trousers UpgradeStatus: No upgrade log present (probably fresh install) modified.conffile..etc.tcsd.conf: [inaccessible: [Errno 13] Permission denied: '/etc/tcsd.conf'] ** Affects: trousers (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug xenial -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1802133 Title: Do not start tcsd when a TPM 2.0 is on the system To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/trousers/+bug/1802133/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1582852] Re: IMA crashes while verifying signatures
Hi Joseph, thanks for building the kernel. We discovered the problem as part of testing IMA. We built the kernel with these 2 patches applied and one other patch applied for which now a bug has also been filed: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1584195 The issue is, I cannot test the code path without that other patch applied because that one provides the facilities for injecting a key into the kernel image, which is a prerequisite for using IMA with the .ima keyring, which in turn allows us to exercise the fixed code path. Thanks, Stefan -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1582852 Title: IMA crashes while verifying signatures To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1582852/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1582852] [NEW] IMA crashes while verifying signatures
Public bug reported: The application of a kernel patch to fix Bug 1569924 causes crashes when IMA is verifying signatures: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1569924 The following fix was applied: commit e6b195bb9adbf92b62f466b02fb8ae9b4294ad5e Author: Tadeusz StrukDate: Tue Feb 2 10:08:53 2016 -0800 crypto: KEYS: convert public key and digsig asym to the akcipher api This patch was taken from here: https://github.com/torvalds/linux/commit/db6c43bd2132dc2dd63d73a6d1ed601cffd0ae06.patch The series was posted here (not sure whether this is the latest version) https://lkml.org/lkml/2016/2/2/575 The following two patches should be applied as well. They stem from that same series of patches as the one that is already applied. https://github.com/torvalds/linux/commit/eb5798f2e28f3b43091cecc71c84c3f6fb35c7de.patch https://github.com/torvalds/linux/commit/d846e78e491ff4dd0747026c02414844d504fcb6.patch ** Affects: linux (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1582852 Title: IMA crashes while verifying signatures To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1582852/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs