Bug #1558275 “wrong/missing permissions for device file /dev/pra...” : Bugs : linux package : Ubuntu

Revision history for this message

bugproxy (bugproxy) wrote on 2016-03-16: sosreport of s83lp22

#1

sosreport of s83lp22 Edit (3.6 MiB, application/x-xz)

Default Comment by Bridge

tags:	added: architecture-s39064 bugnameltc-139153 severity-high targetmilestone-inin---
Changed in ubuntu:
assignee:	nobody → Skipper Bug Screeners (skipper-screen-team)

dann frazier (dannf) on 2016-03-16

Changed in ubuntu:
assignee:	Skipper Bug Screeners (skipper-screen-team) → Dimitri John Ledkov (xnox)

Revision history for this message

Ubuntu Foundations Team Bug Bot (crichton) wrote on 2016-03-17:

#2

Thank you for taking the time to report this bug and helping to make Ubuntu better. It seems that your bug report is not filed about a specific source package though, rather it is just filed against Ubuntu in general. It is important that bug reports be filed about source packages so that people interested in the package can find the bugs about it. You can find some hints about determining what package your bug might be about at https://wiki.ubuntu.com/Bugs/FindRightPackage. You might also ask for help in the #ubuntu-bugs irc channel on Freenode.

To change the source package that this bug is filed about visit https://bugs.launchpad.net/ubuntu/+bug/1558275/+editstatus and add the package name in the text box next to the word Package.

[This is an automated message. I apologize if it reached you inappropriately; please just reply to this message indicating so.]

tags:

added: bot-comment

Christian Rund (christian-rund) on 2016-03-17

affects:

ubuntu → linux-lts-xenial (Ubuntu)

Revision history for this message

bugproxy (bugproxy) wrote on 2016-03-17: Comment bridged from LTC Bugzilla

#3

------- Comment From <email address hidden> 2016-03-17 08:22 EDT-------
(In reply to comment #7)
> Thank you for taking the time to report this bug and helping to make Ubuntu
> better. It seems that your bug report is not filed about a specific source
> package though, rather it is just filed against Ubuntu in general. It is
> important that bug reports be filed about source packages so that people
> interested in the package can find the bugs about it. You can find some
> hints about determining what package your bug might be about at
> https://wiki.ubuntu.com/Bugs/FindRightPackage. You might also ask for help
> in the #ubuntu-bugs irc channel on Freenode.
>
> To change the source package that this bug is filed about visit
> https://bugs.launchpad.net/ubuntu/+bug/1558275/+editstatus and add the
> package name in the text box next to the word Package.
>
> [This is an automated message. I apologize if it reached you
> inappropriately; please just reply to this message indicating so.]

Done - the package in question is: linux-image-4.4.0-13-generic

Revision history for this message

Dimitri John Ledkov (xnox) wrote on 2016-03-17:

#4

@christian rund

no =) linux-lts-xenial is not the right package. that is a backport kernel to trusty.... and there is no s390x support in trusty.

affects:

linux-lts-xenial (Ubuntu) → linux (Ubuntu)

Revision history for this message

Dimitri John Ledkov (xnox) wrote on 2016-03-17:

#5

The permissions on the device are correct, as far as kernel is concerned. s390-tools documentation suggests that in practice it should be 0444. Thus s390-tools should ship such a udev rule, or such udev rule should be contributed upstream to systemd udev component.

Changed in linux (Ubuntu):
status:	New → Invalid

Revision history for this message

Dimitri John Ledkov (xnox) wrote on 2016-03-17:

#6

This is not a bug in Ubuntu, this is an upstream issue that affects all Linux on Z. Please escalate this bug to s390-tools upstream and/or systemd upstream.

Changed in systemd (Ubuntu):
status:	New → Incomplete
Changed in s390-tools (Ubuntu):
status:	New → Incomplete
assignee:	nobody → Dimitri John Ledkov (xnox)
Changed in systemd (Ubuntu):
assignee:	nobody → Dimitri John Ledkov (xnox)

Revision history for this message

Dimitri John Ledkov (xnox) wrote on 2016-03-17:

#7

For example, KVM for IBM z Systems 1.1.0 (Z) is also affected, and the device has following permissions:

# ls -latr /dev/prandom
crw------- 1 root root 10, 57 Mar 17 13:41 /dev/prandom

Dimitri John Ledkov (xnox) on 2016-03-18

Changed in s390-tools (Ubuntu):
importance:	Undecided → Wishlist
Changed in systemd (Ubuntu):
importance:	Undecided → Wishlist
Changed in linux (Ubuntu):
importance:	Undecided → Wishlist

Revision history for this message

bugproxy (bugproxy) wrote on 2016-03-18:

#8

------- Comment From <email address hidden> 2016-03-17 10:35 EDT-------
Hi Dimitri,

(In reply to comment #12)
> This is not a bug in Ubuntu, this is an upstream issue that affects all
> Linux on Z. Please escalate this bug to s390-tools upstream and/or systemd
> upstream.

I already started this discussion and probably correct the file mode directly in the prandom device driver. I will let you know when I have news on this issue.

tags:

added: targetmilestone-inin1604
removed: targetmilestone-inin---

Revision history for this message

Dimitri John Ledkov (xnox) wrote on 2016-03-18:

#9

Cool, reopening the bug task for linux package then, and setting it to incomplete.

Once there is an accepted patch for this, do drop a line here to ping the kernel team to get this included.

Regards,

Dimitri.

Changed in linux (Ubuntu):
status:	Invalid → Incomplete
Changed in s390-tools (Ubuntu):
status:	Incomplete → Invalid
Changed in systemd (Ubuntu):
status:	Incomplete → Invalid

Dimitri John Ledkov (xnox) on 2016-03-31

Changed in linux (Ubuntu):
status:	Incomplete → Invalid

Revision history for this message

bugproxy (bugproxy) wrote on 2016-04-05:

#10

------- Comment From <email address hidden> 2016-04-05 06:56 EDT-------
Please backport upstream commit:

commit 74b2375e6767935e6d9220bdbc6ed0db57f71a59
Author: Harald Freudenberger <email address hidden>
Date: Thu Mar 17 14:52:17 2016 +0100

s390/crypto: provide correct file mode at device register.
When the prng device driver calls misc_register() there is the possibility
to also provide the recommented file permissions. This fix now gives
useful values (0644) where previously just the default was used (resulting
in 0600 for the device file).
Signed-off-by: Harald Freudenberger <email address hidden>
Signed-off-by: Martin Schwidefsky <email address hidden>

arch/s390/crypto/prng.c | 2 ++
1 file changed, 2 insertions(+)

Martin Pitt (pitti) on 2016-04-05

Changed in linux (Ubuntu):
status:	Invalid → Triaged

Tim Gardner (timg-tpi) on 2016-04-05

Changed in linux (Ubuntu Xenial):
assignee:	Dimitri John Ledkov (xnox) → Tim Gardner (timg-tpi)
status:	Triaged → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2016-04-08:

#11

Download full text (7.9 KiB)

This bug was fixed in the package linux - 4.4.0-18.34

---------------
linux (4.4.0-18.34) xenial; urgency=low

[ Tim Gardner ]

* Release Tracking Bug
- LP: #1566868

  * [i915_bpo] Fix RC6 on SKL GT3 & GT4 (LP: #1564759)
    - SAUCE: i915_bpo: drm/i915/skl: Fix rc6 based gpu/system hang
    - SAUCE: i915_bpo: drm/i915/skl: Fix spurious gpu hang with gt3/gt4 revs

* CONFIG_ARCH_ROCKCHIP not enabled in armhf generic kernel (LP: #1566283)
- [Config] CONFIG_ARCH_ROCKCHIP=y

  * [Feature] Memory Bandwidth Monitoring (LP: #1397880)
    - perf/x86/cqm: Fix CQM handling of grouping events into a cache_group
    - perf/x86/cqm: Fix CQM memory leak and notifier leak
    - x86/cpufeature: Carve out X86_FEATURE_*
    - Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
    - x86/topology: Create logical package id
    - perf/x86/mbm: Add Intel Memory B/W Monitoring enumeration and init
    - perf/x86/mbm: Add memory bandwidth monitoring event management
    - perf/x86/mbm: Implement RMID recycling
    - perf/x86/mbm: Add support for MBM counter overflow handling

  * User namespace mount updates (LP: #1566505)
    - SAUCE: quota: Require that qids passed to dqget() be valid and map into s_user_ns
    - SAUCE: fs: Allow superblock owner to change ownership of inodes with unmappable ids
    - SAUCE: fuse: Don't initialize user_id or group_id in mount options
    - SAUCE: cgroup: Use a new super block when mounting in a cgroup namespace
    - SAUCE: fs: fix a posible leak of allocated superblock

  * [arm64] kernel BUG at /build/linux-StrpB2/linux-4.4.0/fs/ext4/inode.c:2394!
    (LP: #1566518)
    - arm64: Honour !PTE_WRITE in set_pte_at() for kernel mappings
    - arm64: Update PTE_RDONLY in set_pte_at() for PROT_NONE permission

  * [Feature]USB core and xHCI tasks for USB 3.1 SuperSpeedPlus (SSP) support
    for Alpine Ridge on SKL (LP: #1519623)
    - usb: define USB_SPEED_SUPER_PLUS speed for SuperSpeedPlus USB3.1 devices
    - usb: set USB 3.1 roothub device speed to USB_SPEED_SUPER_PLUS
    - usb: show speed "10000" in sysfs for USB 3.1 SuperSpeedPlus devices
    - usb: add device descriptor for usb 3.1 root hub
    - usb: Support USB 3.1 extended port status request
    - xhci: Make sure xhci handles USB_SPEED_SUPER_PLUS devices.
    - xhci: set roothub speed to USB_SPEED_SUPER_PLUS for USB3.1 capable controllers
    - xhci: USB 3.1 add default Speed Attributes to SuperSpeedPlus device capability
    - xhci: set slot context speed field to SuperSpeedPlus for USB 3.1 SSP devices
    - usb: Add USB3.1 SuperSpeedPlus Isoc Endpoint Companion descriptor
    - usb: Parse the new USB 3.1 SuperSpeedPlus Isoc endpoint companion descriptor
    - usb: Add USB 3.1 Precision time measurement capability descriptor support
    - xhci: refactor and cleanup endpoint initialization.
    - xhci: Add SuperSpeedPlus high bandwidth isoc support to xhci endpoints
    - xhci: cleanup isoc tranfers queuing code
    - xhci: Support extended burst isoc TRB structure used by xhci 1.1 for USB 3.1
    - SAUCE: (noup) usb: fix regression in SuperSpeed endpoint descriptor parsing

* wrong/missing permissions for device f...

This bug was fixed in the package linux - 4.4.0-18.34

---------------
linux (4.4.0-18.34) xenial; urgency=low

[ Tim Gardner ]

* Release Tracking Bug
    - LP: #1566868

* [i915_bpo] Fix RC6 on SKL GT3 & GT4 (LP: #1564759)
    - SAUCE: i915_bpo: drm/i915/skl: Fix rc6 based gpu/system hang
    - SAUCE: i915_bpo: drm/i915/skl: Fix spurious gpu hang with gt3/gt4 revs

* CONFIG_ARCH_ROCKCHIP not enabled in armhf generic kernel (LP: #1566283)
    - [Config] CONFIG_ARCH_ROCKCHIP=y

* [Feature] Memory Bandwidth Monitoring (LP: #1397880)
    - perf/x86/cqm: Fix CQM handling of grouping events into a cache_group
    - perf/x86/cqm: Fix CQM memory leak and notifier leak
    - x86/cpufeature: Carve out X86_FEATURE_*
    - Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
    - x86/topology: Create logical package id
    - perf/x86/mbm: Add Intel Memory B/W Monitoring enumeration and init
    - perf/x86/mbm: Add memory bandwidth monitoring event management
    - perf/x86/mbm: Implement RMID recycling
    - perf/x86/mbm: Add support for MBM counter overflow handling

* User namespace mount updates (LP: #1566505)
    - SAUCE: quota: Require that qids passed to dqget() be valid and map into s_user_ns
    - SAUCE: fs: Allow superblock owner to change ownership of inodes with unmappable ids
    - SAUCE: fuse: Don't initialize user_id or group_id in mount options
    - SAUCE: cgroup: Use a new super block when mounting in a cgroup namespace
    - SAUCE: fs: fix a posible leak of allocated superblock

* [arm64] kernel BUG at /build/linux-StrpB2/linux-4.4.0/fs/ext4/inode.c:2394!
    (LP: #1566518)
    - arm64: Honour !PTE_WRITE in set_pte_at() for kernel mappings
    - arm64: Update PTE_RDONLY in set_pte_at() for PROT_NONE permission

* [Feature]USB core and xHCI tasks for USB 3.1 SuperSpeedPlus (SSP) support
    for Alpine Ridge on SKL (LP: #1519623)
    - usb: define USB_SPEED_SUPER_PLUS speed for SuperSpeedPlus USB3.1 devices
    - usb: set USB 3.1 roothub device speed to USB_SPEED_SUPER_PLUS
    - usb: show speed "10000" in sysfs for USB 3.1 SuperSpeedPlus devices
    - usb: add device descriptor for usb 3.1 root hub
    - usb: Support USB 3.1 extended port status request
    - xhci: Make sure xhci handles USB_SPEED_SUPER_PLUS devices.
    - xhci: set roothub speed to USB_SPEED_SUPER_PLUS for USB3.1 capable controllers
    - xhci: USB 3.1 add default Speed Attributes to SuperSpeedPlus device capability
    - xhci: set slot context speed field to SuperSpeedPlus for USB 3.1 SSP devices
    - usb: Add USB3.1 SuperSpeedPlus Isoc Endpoint Companion descriptor
    - usb: Parse the new USB 3.1 SuperSpeedPlus Isoc endpoint companion descriptor
    - usb: Add USB 3.1 Precision time measurement capability descriptor support
    - xhci: refactor and cleanup endpoint initialization.
    - xhci: Add SuperSpeedPlus high bandwidth isoc support to xhci endpoints
    - xhci: cleanup isoc tranfers queuing code
    - xhci: Support extended burst isoc TRB structure used by xhci 1.1 for USB 3.1
    - SAUCE: (noup) usb: fix regression in SuperSpeed endpoint descriptor parsing

* wrong/missing permissions for device file /dev/prandom (prng.ko)
    (LP: #1558275)
    - s390/crypto: provide correct file mode at device register.

* The Front MIC jack can't work on a HP desktop machine (LP: #1564712)
    - ALSA: hda - fix front mic problem for a HP desktop

* HP Notebook Probook 440 G3  HDA Intel PCH horrible sounds while booting
    (LP: #1556228)
    - ALSA: hda - Apply reboot D3 fix for CX20724 codec, too

* please provide mmc-modules udeb (LP: #1565765)
    - [Config] Add mmc block drivers to d-i

* linux: Enforce signed module loading when UEFI secure boot (LP: #1566221)
    - Add secure_modules() call
    - PCI: Lock down BAR access when module security is enabled
    - x86: Lock down IO port access when module security is enabled
    - ACPI: Limit access to custom_method
    - asus-wmi: Restrict debugfs interface when module loading is restricted
    - Restrict /dev/mem and /dev/kmem when module loading is restricted
    - acpi: Ignore acpi_rsdp kernel parameter when module loading is restricted
    - kexec: Disable at runtime if the kernel enforces module loading restrictions
    - x86: Restrict MSR access when module loading is restricted
    - [Config] CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE=n
    - Add option to automatically enforce module signatures when in Secure Boot mode
    - efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI
    - efi: Add EFI_SECURE_BOOT bit
    - hibernate: Disable in a signed modules environment

* [Hyper-V] Additional PCI passthrough commits (LP: #1565967)
    - PCI: Add fwnode_handle to x86 pci_sysdata
    - PCI: Look up IRQ domain by fwnode_handle
    - [Config] CONFIG_PCI_HYPERV=m
    - PCI: hv: Add paravirtual PCI front-end for Microsoft Hyper-V VMs

* [Bug]Lenovo Yoga 260 and Carbon X1 4th gen freeze on HWP enable
    (LP: #1559923)
    - ACPI / processor: Request native thermal interrupt handling via _OSC

* Sync kernel zfs 0.6.5.6 - align with zfsutils-linux and spl packages
    (LP: #1564591)
    - SAUCE: (noup) Update spl to 0.6.5.6-0ubuntu1, zfs to 0.6.5.6-0ubuntu3

* [Ubuntu 16.04.1] RELEASE and ACQUIRE atomics on Power (LP: #1556096)
    - atomics: Allow architectures to define their own __atomic_op_* helpers
    - powerpc: atomic: Implement atomic{, 64}_*_return_* variants
    - powerpc: atomic: Implement acquire/release/relaxed variants for xchg
    - powerpc: atomic: Implement acquire/release/relaxed variants for cmpxchg

* fix for do_tools_cpupower when cross-compiling (LP: #1564206)
    - [Debian] cpupower uses non-standard CROSS

* ISST:LTE: Regression: roselp2 Oops in kernel during setup io (LP: #1546439)
    - SAUCE: block: partition: initialize percpuref before sending out KOBJ_ADD

* Unable to migrate container (LP: #1563921)
    - SAUCE: cgroup mount: ignore nsroot=

* [Hyper-V] patch inclusion in 16.04 for NIC hot add/remove (LP: #1563688)
    - hv_netvsc: Move subchannel waiting to rndis_filter_device_remove()

* /proc/$pid/maps performance regression (LP: #1547231)
    - proc: revert /proc/<pid>/maps [stack:TID] annotation

* TPM2.0 trusted keys fixes (LP: #1398274)
    - tpm: remove unneeded include of actbl2.h
    - tpm: fix checks for policy digest existence in tpm2_seal_trusted()
    - tpm_crb: Use the common ACPI definition of struct acpi_tpm2
    - tpm_tis: Disable interrupt auto probing on a per-device basis
    - tpm_tis: Do not fall back to a hardcoded address for TPM2
    - tpm_tis: Use devm_ioremap_resource
    - tpm_tis: Clean up the force=1 module parameter
    - tpm_crb: Drop le32_to_cpu(ioread32(..))
    - tpm_crb: Use devm_ioremap_resource
    - tpm: fix the rollback in tpm_chip_register()
    - tpm: fix the cleanup of struct tpm_chip
    - tpm: fix: set continueSession attribute for the unseal operation
    - tpm: fix: return rc when devm_add_action() fails
    - tpm_eventlog.c: fix binary_bios_measurements
    - tpm_crb/tis: fix: use dev_name() for /proc/iomem
    - tpm_crb: tpm2_shutdown() must be called before tpm_chip_unregister()
    - tpm_tis: fix build warning with tpm_tis_resume

* [Feature]intel_idle driver support for Knights Landing (LP: #1461365)
    - intel_idle: Support for Intel Xeon Phi Processor x200 Product Family

* cxlflash: Backport upstream cxlflash commits and submitting a noup patch to
    Xenial (LP: #1563485)
    - cxlflash: Fix to avoid unnecessary scan with internal LUNs
    - cxlflash: Increase cmd_per_lun for better throughput
    - SAUCE: (noup) cxlflash: Move to exponential back-off when cmd_room is not available

* Miscellaneous Ubuntu changes
    - [Config] do_zfs_powerpc64-smp  = true
    - [Debian] fix linux_tools when cross-compiling
    - [Config] do_zfs_powerpc64-smp use default value
    - SAUCE: apparmor: Fix FTBFS due to bad include path
    - SAUCE: i915_bpo: Disable preliminary hw support

-- Tim Gardner <tim.gardner@canonical.com>  Tue, 29 Mar 2016 15:31:33 -0600

Changed in linux (Ubuntu Xenial):
status:	Fix Committed → Fix Released

Revision history for this message

bugproxy (bugproxy) wrote on 2016-04-12:

#12

------- Comment From <email address hidden> 2016-04-12 11:18 EDT-------
Permissions for /dev/prandom device file are as expected now with kernel 4.4.0-18-generic. 'tester' user was able to read random data from the device.

Details
=====
Created a test user and loaded the prng module.
uid=1000(tester) gid=1000(tester) groups=1000(tester)
tester@s35lp35:~$ ll /dev/prandom
crw-r--r-- 1 root root 10, 54 Apr 12 17:08 /dev/prandom

tester@s35lp35:~$ modinfo prng
filename: /lib/modules/4.4.0-18-generic/kernel/arch/s390/crypto/prng.ko
description: s390 PRNG interface
author: IBM Corporation
license: GPL
srcversion: 60384609D5BAFDCBFD35A32
alias: cpu:type:*:feature:*0003*
depends:
intree: Y
vermagic: 4.4.0-18-generic SMP mod_unload modversions
parm: mode:int
parm: prng_mode:PRNG mode: 0 - auto, 1 - TDES, 2 - SHA512
parm: chunksize:int
parm: prng_chunk_size:PRNG read chunk size in bytes
parm: reseed_limit:int
parm: prng_reseed_limit:PRNG reseed limit

Ubuntu
linux package

wrong/missing permissions for device file /dev/prandom (prng.ko)

Bug Description

Other bug subscribers

Bug attachments

Remote bug watches

	Status	Importance	Assigned to
linux (Ubuntu)	Fix Released	Wishlist	Tim Gardner
Xenial	Fix Released	Wishlist	Tim Gardner
s390-tools (Ubuntu)	Invalid	Wishlist	Dimitri John Ledkov
Xenial	Invalid	Wishlist	Dimitri John Ledkov
systemd (Ubuntu)	Invalid	Wishlist	Dimitri John Ledkov
Xenial	Invalid	Wishlist	Dimitri John Ledkov

Ubuntulinux package

wrong/missing permissions for device file /dev/prandom (prng.ko)

Bug Description

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
linux package