Ubuntu
vulkan-tools package

[MIR] vulkan-tools

Bug #1946359 reported by Miriam España Acebal on 2021-10-07

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
vulkan (Ubuntu)	Invalid	Undecided	Unassigned
Bionic	Won't Fix	Medium	Unassigned
vulkan-tools (Ubuntu)	Invalid	Medium	Miriam España Acebal	Ubuntu ubuntu-22.04
Focal	New	Undecided	Unassigned
Hirsute	Won't Fix	Undecided	Unassigned
Impish	Won't Fix	Undecided	Unassigned
Jammy	Invalid	Medium	Miriam España Acebal	Ubuntu ubuntu-22.04

Bug Description

------ vulkan-tools ------

[Availability]

vulkan-utils package is present since Focal, as part of vulkan-tools package: <https://launchpad.net/ ubuntu/+source/vulkan-tools> as transitional package <https://launchpad.net/ubuntu/+source/vulkan-tools/ 1.2.131.1+dfsg1-1> : amd64 arm64 armhf ppc64el riscv64 s390x.

In this case, vulkan-tools has to be MIR (it's source for vulkan-utils).

The package was in sync until it had to be changed to accomodate the MIR requirements (delta contains now dep8 tests, but it's going to be fordwarded to Debian). Package with test is here:
https://code.launchpad.net/~mirespace/+git/vulkan-tools (ppa:mirespace/impish-vulkan-tools-adding-dep8-tests).

[Rationale]

This tool is included in our GKE images for Focal and the package needs to be on main for this (so, after MIR, it needs to be promoted up to (including) Focal).

[Security]

No CVEs found.

[Quality assurance]

-> Bugs

No active bugs in launchpad.

     Debian:
        - https://bugs.debian.org/cgi-bin/pkgreport.cgi?package=vulkan-tools: The only reported bug is not
     considered as such.

- https://bugs.debian.org/cgi-bin/ pkgreport.cgi?include=tags%3Apatch&exclude=tags%3Apending&pend-exc=done&repeatmerged=no&src=vulkan : The only one has a patch and is a request for porting to non-linux systems.

Upstream: https://github.com/KhronosGroup/Vulkan-Tools/issues. They have 6 bugs open (52 closed), Wayland support related and the other driver-related with a workaround or known issues.

-> Contents

  root@focal:~# apt-file list vulkan-tools
  vulkan-tools: /usr/bin/vkcube
  vulkan-tools: /usr/bin/vkcubepp
  vulkan-tools: /usr/bin/vulkaninfo
  vulkan-tools: /usr/share/doc/vulkan-tools/changelog.Debian.gz
  vulkan-tools: /usr/share/doc/vulkan-tools/copyright
  vulkan-tools: /usr/share/man/man1/vulkaninfo.1.gz

-> Installation:

No debconf questions arise.

    ubuntu@develop:~$ sudo apt install vulkan-tools
  Reading package lists... Done
  Building dependency tree... Done
  Reading state information... Done
  The following additional packages will be installed:
    libdrm-amdgpu1 libllvm12 libvulkan1 libwayland-client0 libx11-xcb1 libxcb-dri3-0 libxcb-present0
    libxcb-randr0 libxcb-sync1 libxshmfence1 mesa-vulkan-drivers
  The following NEW packages will be installed:
    libdrm-amdgpu1 libllvm12 libvulkan1 libwayland-client0 libx11-xcb1 libxcb-dri3-0 libxcb-present0
    libxcb-randr0 libxcb-sync1 libxshmfence1 mesa-vulkan-drivers vulkan-tools
     0 upgraded, 12 newly installed, 0 to remove and 11 not upgraded.
     Need to get 27.0 MB of archives.
     After this operation, 121 MB of additional disk space will be used.
     Do you want to continue? [Y/n] y
     Get:1 http://archive.ubuntu.com/ubuntu impish-proposed/main amd64 libdrm-amdgpu1 amd64 2.4.107-8ubuntu1 [ 19.8 kB]
     Get:2 http://archive.ubuntu.com/ubuntu impish/main amd64 libllvm12 amd64 1:12.0.1-8build1 [21.1 MB]
     Get:3 http://archive.ubuntu.com/ubuntu impish/main amd64 libvulkan1 amd64 1.2.162.0-1 [97.2 kB]
     Get:4 http://archive.ubuntu.com/ubuntu impish/main amd64 libwayland-client0 amd64 1.19.0-2build1 [25.0 kB]
     Get:5 http://archive.ubuntu.com/ubuntu impish/main amd64 libx11-xcb1 amd64 2:1.7.2-1 [7788 B]
     Get:6 http://archive.ubuntu.com/ubuntu impish/main amd64 libxcb-dri3-0 amd64 1.14-3ubuntu1 [6720 B]
     Get:7 http://archive.ubuntu.com/ubuntu impish/main amd64 libxcb-present0 amd64 1.14-3ubuntu1 [5556 B]
     Get:8 http://archive.ubuntu.com/ubuntu impish/main amd64 libxcb-randr0 amd64 1.14-3ubuntu1 [16.4 kB]
     Get:9 http://archive.ubuntu.com/ubuntu impish/main amd64 libxcb-sync1 amd64 1.14-3ubuntu1 [8900 B]
     Get:10 http://archive.ubuntu.com/ubuntu impish/main amd64 libxshmfence1 amd64 1.3-1build2 [5168 B]
     Get:11 http://archive.ubuntu.com/ubuntu impish/main amd64 mesa-vulkan-drivers amd64 21.2.2-1ubuntu1 [5541 kB]
     Get:12 http://archive.ubuntu.com/ubuntu impish/universe amd64 vulkan-tools amd64 1.2.162.0+dfsg1-1 [202 kB]
     Fetched 27.0 MB in 1s (20.2 MB/s)

→ Building: It builds ok.

vulkan-tools package is well maintained in Debian and also in upstream.

It uses a debian/watch file.

Although the package scans HW (as its target functionality is to show vulkan information related to gpu) and in that sense also "deals with exotic HW", it incorporates a mocked ICD driver that we used e. g. for testing.

-> Tests: They are now included:

    autopkgtest [12:51:08]: test check-sections: - - - - - - - - - - results - - - - - - - - - -
    check-sections PASS
    autopkgtest [12:51:08]: @@@@@@@@@@@@@@@@@@@@ summary
    check-sections PASS

-> Lintian executions:

    ❯ lintian --pedantic -I --show-overrides
    I: vulkan-tools source: debian-watch-file-should-dversionmangle-not-uversionmangle opts="repack,uversionmangle=s/$/+dfsg1/,filenamemangle=s/(?:.*?)?sdk[_-]?(\d[\d.]*)\.tar\.gz/ vulkan-tools-$1.tar.gz/" https://github.com/KhronosGroup/Vulkan-Tools/tags (?:.*?/)sdk[_-](\d[\d.]*)\.tar\.gz
    P: vulkan-tools source: rules-requires-root-missing

[Dependencies]

All dependencies are in main, as seen in Installation above.

[Standards compliance]

dh style simple rules, no compat file.

[Maintenance]

Upstream is active, the package is maintained in Debian and is a simple command tool application. Once the dep8tests were fordwarded and accepted on Debian, the package can be a sync again. In the meantime, server team is going to sign up for Ubuntu.

[Background information]

vulkaninfo outputs various types of Vulkan information such as:

-device properties of identified GPUs

-Vulkan extensions supported by each GPU

-recognized layers

-supported image formats and format properties.

Vulkan is a next generation graphics and compute API that provides high-efficiency, cross-platform access to modern GPUs.

  [1] https://tracker.debian.org/pkg/vulkan
  [2] https://tracker.debian.org/pkg/vulkan-tools
  [3] https://ftp-master.debian.org/removals.txt
  [4] https://github.com/KhronosGroup/Vulkan-LoaderAndValidationLayers

------ vulkan ------

[Availability]

vulkaninfo tool is present up to Bionic in package vulkan-utils, as part of vulkan source package: <https://launchpad.net/ubuntu/+source/vulkan> in updates pocket <https://launchpad.net/ubuntu/+source/vulkan/1.1.70+dfsg1-1ubuntu0.18.04.1> : amd64 arm64 armhf i386 ppc64el s390x

The package was in sync until it had to be changed to accomodate the MIR requirements (delta contains now dep8 tests and a patch the tests). Package with test is here:
https://code.launchpad.net/~mirespace/ubuntu/+source/vulkan/+git/vulkan (ppa : https://launchpad.net/~mirespace/+archive/ubuntu/bionic-vulkan-adding-dep8-tests).

[Rationale]

This tool is included in our GKE images for Bionic and the package needs to be on main for this reason. Because the source package changes for the needed tool to be MIR -vulkaninfo-, here is presented this MIR for vulkaninfo in Bionic and the submitted MIR for vulkan-tools is [5] for the rest of the Ubuntu series.

[Security]

No CVEs found.

[Quality assurance]

-> Bugs

No active bugs in launchpad.

Debian:

Upstream: https://github.com/KhronosGroup/Vulkan-LoaderAndValidationLayers/issues. They have 20 bugs open (517 closed), but it's a read-only report and many of these were moved or/and fixed in the splitting of repositories that they did from this (https://github.com/KhronosGroup/Vulkan-Tools/, https://github.com/KhronosGroup/Vulkan-ValidationLayers, https://github.com/KhronosGroup/Vulkan-Loader).

-> Contents

    root@bionic:~# apt-file list vulkan-utils
    vulkan-utils: /usr/bin/vulkan-smoketest
    vulkan-utils: /usr/bin/vulkaninfo
    vulkan-utils: /usr/share/doc/vulkan-utils/changelog.Debian.gz
    vulkan-utils: /usr/share/doc/vulkan-utils/copyright
    vulkan-utils: /usr/share/man/man1/vulkan-smoketest.1.gz
    vulkan-utils: /usr/share/man/man1/vulkaninfo.1.gz

-> Installation:

No debconf questions arise.

    root@bionic:~# apt install vulkan-utils
[...]
The following additional packages will be installed:
   libvulkan1
The following NEW packages will be installed:
   libvulkan1 vulkan-utils
Do you want to continue? [Y/n]
Get:1 <http://archive.ubuntu.com/ubuntu> bionic-updates/universe amd64 libvulkan1 amd64 1.1.70+dfsg1-1ubuntu0.18.04.1 [93.4 kB]
Get:2 <http://archive.ubuntu.com/ubuntu> bionic-updates/universe amd64 vulkan-utils amd64 1.1.70+dfsg1-1ubuntu0.18.04.1 [88.7 kB]

As result, we see libvulkan1 needs also to be imported from universe (It's already in Focal main), but it's from the same source package as vulkan-utils (vulkan).

→ Building: It builds ok.

vulkan package was renamed to vulkan-tools, so in Debian and in upstream are not maintained
under this form anymore.

It uses a debian/watch file.

-> Tests: They are now included alongside a patch needed for json output:

[...]
VK_FORMAT_FEATURE_DEPTH_STENCIL_ATTACHMENT_BIT
VK_FORMAT_FEATURE_BLIT_SRC_BIT
VK_FORMAT_FEATURE_BLIT_DST_BIT
VK_FORMAT_FEATURE_SAMPLED_IMAGE_FILTER_LINEAR_BIT
VK_FORMAT_FEATURE_SAMPLED_IMAGE_FILTER_CUBIC_BIT_IMG
VK_FORMAT_FEATURE_TRANSFER_SRC_BIT_KHR
VK_FORMAT_FEATURE_TRANSFER_DST_BIT_KHR

        Checking GPU0 is virtual in text output
deviceType = VIRTUAL_GPU
        Checking GPU0 is mocked in json output
        'DISPLAY' environment variable not set... skipping surface info
        "Vulkan Mock Device"
        Checking GPU0 virtual and mocked in html output
        'DISPLAY' environment variable not set... skipping surface info
        autopkgtest [12:51:12]: test check-sections: -----------------------]
        autopkgtest [12:51:12]: test check-sections: - - - - - - - - - - results - - - - - - - - - -check-sections PASS
        autopkgtest [12:51:13]: @@@@@@@@@@@@@@@@@@@@ summary
        check-sections PASS

-> Lintian executions:

     ❯ lintian --pedantic -I --show-overrides
      E: libvulkan-dev: missing-dependency-on-libc needed by usr/lib/x86_64-linux-gnu/libVkLayer_core_validation.so and 5 others
      E: libvulkan-dev: package-must-activate-ldconfig-trigger usr/lib/x86_64-linux-gnu/libVkLayer_utils.so
      W: libvulkan-dev: package-name-doesnt-match-sonames libVkLayer-core-validation libVkLayer-object-tracker libVkLayer-parameter-validation libVkLayer-threading libVkLayer-unique-objects libVkLayer-utils
      W: libvulkan-dev: shlib-without-versioned-soname usr/lib/x86_64-linux-gnu/libVkLayer_core_validation.so libVkLayer_core_validation.so
      W: libvulkan-dev: shlib-without-versioned-soname usr/lib/x86_64-linux-gnu/libVkLayer_object_tracker.so libVkLayer_object_tracker.so
      W: libvulkan-dev: shlib-without-versioned-soname usr/lib/x86_64-linux-gnu/libVkLayer_parameter_validation.so libVkLayer_parameter_validation.so
      W: libvulkan-dev: shlib-without-versioned-soname ... use --no-tag-display-limit to see all (or pipe to a file/ program)
      I: vulkan-utils: extended-description-is-probably-too-short
      I: libvulkan-dev: hardening-no-bindnow usr/lib/x86_64-linux-gnu/libVkLayer_core_validation.so
      I: libvulkan-dev: hardening-no-bindnow usr/lib/x86_64-linux-gnu/libVkLayer_object_tracker.so
      I: libvulkan-dev: hardening-no-bindnow usr/lib/x86_64-linux-gnu/libVkLayer_parameter_validation.so
      I: libvulkan-dev: hardening-no-bindnow ... use --no-tag-display-limit to see all (or pipe to a file/program)
      I: libvulkan1: hardening-no-bindnow usr/lib/x86_64-linux-gnu/libvulkan.so.1.1.70
      I: libvulkan-dev: no-symbols-control-file usr/lib/x86_64-linux-gnu/libVkLayer_core_validation.so
      I: libvulkan-dev: no-symbols-control-file usr/lib/x86_64-linux-gnu/libVkLayer_object_tracker.so
      I: libvulkan-dev: no-symbols-control-file usr/lib/x86_64-linux-gnu/libVkLayer_parameter_validation.so
      I: libvulkan-dev: no-symbols-control-file ... use --no-tag-display-limit to see all (or pipe to a file/ program)
      I: libvulkan1: no-symbols-control-file usr/lib/x86_64-linux-gnu/libvulkan.so.1.1.70
      I: libvulkan-dev: package-contains-empty-directory usr/share/vulkan/implicit_layer.d/
      I: libvulkan-dev: spelling-error-in-binary usr/lib/x86_64-linux-gnu/libVkLayer_core_validation.so Attemped Attempted
      I: libvulkan-dev: spelling-error-in-binary usr/lib/x86_64-linux-gnu/libVkLayer_core_validation.so truely truly
      I: libvulkan-dev: spelling-error-in-binary usr/lib/x86_64-linux-gnu/libVkLayer_parameter_validation.so Attemped Attempted

Errors appears in libvulkan-dev (not libvulkan1 or vulkan-utils)... anyway, looking into this at the moment if submission.

[Dependencies]

All dependencies are in main or provided by the package itself, as seen in Installation above.

[Standards compliance]

dh style simple rules plus use of gentarball, compat 9.

[Maintenance]

It's a simple command tool application that is not maintained in Debian as vulkan because the package has been renamed to vulkan-tools. Server team is going to sign up for Ubuntu.

[Background information]

vulkaninfo outputs various types of Vulkan information such as:

-device properties of identified GPUs

-Vulkan extensions supported by each GPU

-recognized layers

-supported image formats and format properties.

Vulkan is a next generation graphics and compute API that provides high-efficiency, cross-platform access to modern GPUs.

vulkan source package [1] seems to be renamed to [2] (it is also not present in the removals file [3]). Upstream [4] is now Read-only, with recommendations to use the new repositories (vulkan-tools among others, that was also MIR submitted: because the source package changes for the needed tool to be MIR -vulkaninfo-, here is presented this MIR and here is the MIR for vulkan-tools [5]).

See original description

Tags:

Miriam España Acebal (mirespace) on 2021-10-07

description:

updated

Miriam España Acebal (mirespace) on 2021-10-08

description:

updated

Christian Ehrhardt  (paelzer) on 2021-10-12

Changed in vulkan-tools (Ubuntu):
assignee:	nobody → Lukas Märdian (slyon)

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2021-10-14:

FYI - this is meant to be eventually promoted throughout all our releases.
Since the location changed there is also bug 1947020 for <=Bionic.
While the source changed and even more the source-name, since the rational and many other things are actually the same I'm merging them here.

description:	updated
Changed in vulkan-tools (Ubuntu):
status:	New → Invalid
status:	Invalid → New
Changed in vulkan (Ubuntu):
status:	New → Invalid
no longer affects:	vulkan (Ubuntu Focal)
no longer affects:	vulkan (Ubuntu Hirsute)
no longer affects:	vulkan-tools (Ubuntu Bionic)

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2021-10-14:

@Lukas - could you in the very same context also look at src:vulkan for Bionic please?

Revision history for this message

Lukas Märdian (slyon) wrote on 2021-10-27:

Download full text (4.8 KiB)

Hi Miriam!
I checked the vulkan-tools MIR for Jammy/Impish/Hirsute/Focal, which looks rather straight forwards, but requires a few additional changes before the MIR team can give the final ACK.

Also, I checked the vulkan MIR for Bionic, that seems to be much more complicated. Please see my remarks in the next comment. I will be requesting security review for this one, too.

------ vulkan-tools ------
[Summary]
TODO: MIR team ACK, pending some requested changes (see below).

This MIR is looking pretty good overall, I do not see any big security constraints and I think we do not need a security review. But the proposed autopkgtests should be integrated and a build-time test suite needs to be added in addition to integrating the LTO workaround (or fix) into the package itself. All of those changes need to be SRUed into the stable series down to Focal/Bionic.
This does NOT need a security review
List of specific binary packages to be promoted to main: vulkan-tools (we can probably skip the transitional vulkan-utils package).

Notes:
As this MIR is to be backdated to Hirsute/Focal (and Bionic for src:vulkan) we need the proposed changes to be SRUed to those series first. (see https://wiki.ubuntu.com/StableReleaseUpdates)

Required TODOs:
* Add build-time tests that fail the build if they don't pass
* Integrate the proposed autopkgtests
* avoid the lto-disabled list (for arm64), should be fixed (or worked around) inside the package itself
* SRU those changes down to the stable series (Impish/Hirsute/Focal/Bionic)

Recommended TODOs:
* Add a team bug subscriber
* Check build warning (in Focal version): "cube.cpp:2067:38: warning: ‘void* memset(void*, int, size_t)’ clearing an object of non-trivial type"
* Try to keep vulkan-tools more up-to-date in the future

[Duplication]
* There is no other package in main providing the same functionality.

[Dependencies]
OK:
* no other Dependencies to MIR due to this (glslang-tools is only a build-dep, all others are in main already)
* No dependencies in main that are only superficially tested requiring more tests now

[Embedded sources and static linking]
OK:
* no embedded source present
* no static linking

[Security]
OK:
* history of CVEs does not look concerning (no CVEs found)
* does not run a daemon as root
* does not use webkit1,2
* does not use lib*v8 directly
* does not parse data formats
* does not open a port
* does not process arbitrary web content
* does not use centralized online accounts
* does not integrate arbitrary javascript into the desktop
* does not deal with system authentication (eg, pam), etc)

[Common blockers]
OK:
* does not FTBFS currently
* no translation present, but none needed for this case (user visible)?
* not a python/go package, no extra constraints to consider in that regard

Recommended:
* The package does not contain any autopkgtests. Those are being prepared but we want them to be inside the archive and SRUed to all relevant series (i.e. down to Focal/Bionic):
https://git.launchpad.net/~mirespace/+git/vulkan-tools/log/?h=impish-vulkan-tools-adding-dep8-tests

Problems:
* does NOT have a test suite that runs at build time and fails the build upon error. (Maybe use somethi...

------ src:vulkan (Bionic) ------
[Summary]
TODO: MIR team ACK, pending some requested changes (see below) and security review.

Recommended TODOs:
* Add a team bug subscriber
* add autopkgtests
* fix lintian errors
* fix some build warnings

[Duplication]
* There is no other package in main providing the same functionality.

[Dependencies]
OK:
* no other Dependencies to MIR due to this (quilt is only a build-dep)
* No dependencies in main that are only superficially tested requiring more tests now?

[Embedded sources and static linking]
OK:
* no static linking (some static linking in loader/ and external/glsl is only used for Windows builds)

Problems:
* embedded glslang, spirv-{tools,headers}, hlsl, glm and vkjson sources

[Common blockers]
OK:
* does not FTBFS currently
* no translation present, but none needed for this case (user visible)?
* not a python/go package, no extra constraints to consider in that regard

Problems:
* does have a test suite, but that doesn't seem to run during build
* no autopkgtest

Recommendation:
* fix lintian errors (those only affect libvulkan-dev, that we do not want to promote):
  + E: libvulkan-dev: missing-dependency-on-libc needed by usr/lib/x86_64-linux-gnu/libVkLayer_core_validation.so and 5 others (missing ${shlibs:Depends}?)
  + E: libvulkan-dev: package-must-activate-ldconfig-trigger usr/lib/x86_64-linux-gnu/libVkLayer_utils.so

Problems:
* symbols tracking is NOT in place

[Upstream red flags]
OK:
* no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH (usage is OK inside tests)
* no use of user nobody
* no use of setuid
* no important open bugs (crashers, etc) in Debian or Ubuntu
* no dependency on webkit, qtwebkit, seed or libgoa-*
* not part of the UI for extra checks

Recommended:
* There is some fishy usage of malloc (passing the argument count into malloc) in cube.c and cube.cpp inside the "WinMain" function, but this seems to be unused inside the linux build.
* attempt to fix external/glslang build warnings
  + glslang/MachineIndependent/attribute.cpp:85:16: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
  + SPIRV/GlslangToSpv.cpp:780:38: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
* attempt to fix vulkan build warnings:
  + layers/vk_layer_logging.h:1029:13: warning: ‘void InsertCmdDebugUtilsLabel(debug_report_data*, VkCommandBuffer, const VkDebugUtilsLabelEXT*)’ defined but not used [-Wunused-function]
  + layers/vk_layer_logging.h:1013:13: warning: ‘void EndCmdDebugUtilsLabel(debug_report_data*, VkCommandBuffer)’ defined but not used [-Wunused-function]
  + layers/vk_layer_logging.h:991:13: warning: ‘void BeginCmdDebugUtilsLabel(debug_report_data*, VkCommandBuffer, const VkDebugUtilsLabelEXT*)’ defined but not used [-Wunused-function]
  + layers/vk_layer_logging.h:968:13: warning: ‘void InsertQueueDebugUtilsLabel(debug_report_data*, VkQueue, const VkDebugUtilsLabelEXT*)’ defined but not used [-Wunused-function]
  + layers/vk_layer_logging.h:952:13: warning: ‘void EndQueueDebugUtilsLabel(debug_report_data*, VkQueue)’ defined but not used [-Wunused-function]
  + layers/vk_layer_logging.h:931:13: warning: ‘void BeginQueueDebugUtilsLabel(debug_report_data*, VkQueue, const VkDebugUtilsLabelEXT*)’ defined but not used [-Wunused-function]
  + layers/vk_layer_logging.h:749:13: warning: ‘void layer_disable_tmp_debug_messengers(debug_report_data*, uint32_t, VkDebugUtilsMessengerEXT_T**)’ defined but not used [-Wunused-function]
  + layers/vk_layer_logging.h:732:17: warning: ‘VkResult layer_enable_tmp_debug_messengers(debug_report_data*, uint32_t, VkDebugUtilsMessengerCreateInfoEXT*, VkDebugUtilsMessengerEXT_T**)’ defined but not used [-Wunused-function]
  + layers/vk_layer_logging.h:725:13: warning: ‘void layer_free_tmp_debug_messengers(VkDebugUtilsMessengerCreateInfoEXT*, VkDebugUtilsMessengerEXT_T**)’ defined but not used [-Wunused-function]
  + layers/vk_layer_logging.h:679:17: warning: ‘VkResult layer_copy_tmp_debug_messengers(const void*, uint32_t*, VkDebugUtilsMessengerCreateInfoEXT**, VkDebugUtilsMessengerEXT_T***)’ defined but not used [-Wunused-function]
  + build/vk_object_types.h:294:35: warning: ‘VkDebugReportObjectTypeEXT convertCoreObjectToDebugReportObject(VkObjectType)’ defined but not used [-Wunused-function]
  + loader/debug_utils.c:524:17: warning: ‘severity’ may be used uninitialized in this function [-Wmaybe-uninitialized]

Changed in vulkan-tools (Ubuntu):
status:	New → Incomplete
Changed in vulkan (Ubuntu Bionic):
status:	New → Incomplete
assignee:	nobody → Lukas Märdian (slyon)
no longer affects:	vulkan (Ubuntu Impish)
no longer affects:	vulkan (Ubuntu Jammy)
Changed in vulkan (Ubuntu Bionic):
assignee:	Lukas Märdian (slyon) → Ubuntu Security Team (ubuntu-security)

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2022-01-11:

While this is for CPC, Server team members work on it. Thereby I know that while obviously we'd appreciate a faster review, this can happen past 22.04 - but not much later. Also we have to face that the >=Focal tasks still have some TODOs to even enter security review queue - therefore this can't be of "Panic we need it now priority".

The intention is to have the required TODOs resolved by ~April and to get security review completed afterwards by Mid 2022. Setting priority to Medium (can be high once required TODOs are done), and milestone to 22.04 (the latest currently existing milestone).

Also - since the current task on >=Focal is not on Lukas but on Miriam I'm assigning the task to her.

Changed in vulkan-tools (Ubuntu Jammy):
assignee:	Lukas Märdian (slyon) → Miriam España Acebal (mirespace)
importance:	Undecided → Medium
Changed in vulkan (Ubuntu Bionic):
importance:	Undecided → Medium
Changed in vulkan-tools (Ubuntu Jammy):
milestone:	none → ubuntu-22.04

Seth Arnold (seth-arnold) on 2022-05-11

tags:

added: sec-979

Revision history for this message

Brian Murray (brian-murray) wrote on 2022-07-18:

Ubuntu 21.10 (Impish Indri) has reached end of life, so this bug will not be fixed for that specific release.

Changed in vulkan-tools (Ubuntu Impish):
status:	New → Won't Fix

Rodrigo Figueiredo Zaiden (rodrigo-zaiden) on 2022-07-25

Changed in vulkan (Ubuntu Bionic):
status:	Incomplete → In Progress
assignee:	Ubuntu Security Team (ubuntu-security) → Rodrigo Figueiredo Zaiden (rodrigo-zaiden)

Revision history for this message

Rodrigo Figueiredo Zaiden (rodrigo-zaiden) wrote on 2022-07-29:

I reviewed vulkan 1.1.70+dfsg1-1ubuntu0.18.04.1 as checked into bionic.
This shouldn't be considered a full audit but rather a quick gauge of
maintainability.

vulkan is an API to control GPUs with many attributes, mainly: driver loaders,
validation layers and tools. This source package existed up until bionic and
was later split in 3 other packages: vulkan-loader, vulkan-tools and
vulkan-validationlayers. The MIR is targeting vulkan-utils package that in
later releases is part of the vulkan-tools source package.

My main concern is that upstream does not maintain this code[1] anymore, it was
moved to other repos[2][3][4][5] and the code does not match, that is, the
backport is not trivial and more than that, the code has changed too much and
many fixes can't be backported as far as I could dig into.

The most concerning issues would be (the highs from Coverity, excluding
external/):
- An out-of-bounds in loader/loader.c:3403, it was fixed in vulkan-loader but
the backport is quite a big change[6], increasing the chance of regressions.

- A memory overlap issue in loader/ that still exists in the newer repos, and
I've reported to upstream to get their opinion:
https://github.com/KhronosGroup/Vulkan-Loader/issues/988

- Two use-after-free issues in layers/vk_layer_logging.h that I couldn't find
the corresponding fix in vulkan-layer new repo[4].

I understand that the loader/ and layers/, the main points of my criticism were
moved to vulkan-loader, that is not in the MIR for newer releases (it is
vulkan-tools), but for bionic I believe we can't skip checking it since we would
be promoting vulkan-utils package. So, I would suggest this MIR to be rejected.
From a security point of view, this code is not maintainable.

Security team NACK for promoting vulkan to main: the code maintainability is
not sustainable.

[1] https://github.com/KhronosGroup/Vulkan-LoaderAndValidationLayers
[2] https://github.com/KhronosGroup/Vulkan-Headers
[3] https://github.com/KhronosGroup/Vulkan-Loader
[4] https://github.com/KhronosGroup/Vulkan-ValidationLayers
[5] https://github.com/KhronosGroup/Vulkan-Tools
[6] https://github.com/KhronosGroup/Vulkan-Loader/commit/40761b0913d3fbc4b618d4837ae0d06cc7c47508

I reviewed vulkan 1.1.70+dfsg1-1ubuntu0.18.04.1 as checked into bionic.
This shouldn't be considered a full audit but rather a quick gauge of
maintainability.

- A memory overlap issue in loader/ that still exists in the newer repos, and
I've reported to upstream to get their opinion:
https://github.com/KhronosGroup/Vulkan-Loader/issues/988

- Two use-after-free issues in layers/vk_layer_logging.h that I couldn't find
the corresponding fix in vulkan-layer new repo[4].

Security team NACK for promoting vulkan to main: the code maintainability is
not sustainable.

Rodrigo Figueiredo Zaiden (rodrigo-zaiden) on 2022-07-29

Changed in vulkan (Ubuntu Bionic):
assignee:	Rodrigo Figueiredo Zaiden (rodrigo-zaiden) → nobody

Rodrigo Figueiredo Zaiden (rodrigo-zaiden) on 2022-08-02

Changed in vulkan (Ubuntu Bionic):
status:	In Progress → Won't Fix

Revision history for this message

Utkarsh Gupta (utkarsh) wrote on 2022-09-20:

Hirsute is EOL, marking this as Won't Fix.

Changed in vulkan-tools (Ubuntu Hirsute):
status:	New → Won't Fix

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2023-06-13:

There has been not further update for too long, for now we consider it invalid.
Feel free to re-open if there is effort backing it up and motivation to bring it to main.

Changed in vulkan-tools (Ubuntu):
status:	Incomplete → Invalid
Changed in vulkan-tools (Ubuntu Jammy):
status:	Incomplete → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

auto-github-khronosgroup-vulkan-loader #988 Edit

Bug watches keep track of this bug in other bug trackers.

Ubuntuvulkan-tools package

[MIR] vulkan-tools

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
vulkan-tools package