| 2020-01-28 16:46:32 |
Sam Whited |
bug |
|
|
added bug |
| 2020-01-28 20:35:16 |
Jamie Strandboge |
bug task added |
|
snapd |
|
| 2020-01-29 21:38:46 |
Bryce Harrington |
bug watch added |
|
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943913 |
|
| 2020-01-29 21:38:46 |
Bryce Harrington |
bug watch added |
|
https://github.com/seccomp/libseccomp/issues/153 |
|
| 2020-01-29 21:38:46 |
Bryce Harrington |
attachment added |
|
0001-Cherry-pick-upstream-commits-21b98d8-and-19af04d.patch https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1861177/+attachment/5323922/+files/0001-Cherry-pick-upstream-commits-21b98d8-and-19af04d.patch |
|
| 2020-01-29 21:43:43 |
Bryce Harrington |
libseccomp (Ubuntu): importance |
Undecided |
High |
|
| 2020-01-29 21:43:43 |
Bryce Harrington |
libseccomp (Ubuntu): status |
New |
Triaged |
|
| 2020-01-30 00:24:40 |
Bryce Harrington |
tags |
|
server-next |
|
| 2020-01-30 00:26:05 |
Ubuntu Foundations Team Bug Bot |
tags |
server-next |
patch server-next |
|
| 2020-01-30 10:08:55 |
Michael Vogt |
snapd: status |
New |
Triaged |
|
| 2020-01-30 10:08:57 |
Michael Vogt |
snapd: importance |
Undecided |
Medium |
|
| 2020-01-30 14:52:11 |
Ian Johnson |
snapd: assignee |
|
Ian Johnson (anonymouse67) |
|
| 2020-03-12 00:15:26 |
mbentley |
bug |
|
|
added subscriber mbentley |
| 2020-05-04 16:56:46 |
Ian Johnson |
bug watch added |
|
https://github.com/snapcore/core20/issues/48 |
|
| 2020-05-04 16:56:59 |
Ian Johnson |
bug |
|
|
added subscriber Dimitri John Ledkov |
| 2020-06-09 16:42:45 |
Dimitri John Ledkov |
libseccomp (Ubuntu): importance |
High |
Medium |
|
| 2020-06-09 16:42:47 |
Dimitri John Ledkov |
libseccomp (Ubuntu): status |
Triaged |
In Progress |
|
| 2020-06-09 16:43:13 |
Robie Basak |
tags |
patch server-next |
patch |
|
| 2020-06-09 16:53:22 |
Jamie Strandboge |
bug watch added |
|
https://github.com/seccomp/libseccomp/issues/187 |
|
| 2020-06-10 14:54:54 |
Dan Streetman |
bug |
|
|
added subscriber Dan Streetman |
| 2020-06-10 15:30:45 |
Jamie Strandboge |
snapd: status |
Triaged |
Invalid |
|
| 2020-06-10 15:30:45 |
Jamie Strandboge |
snapd: assignee |
Ian Johnson (anonymouse67) |
|
|
| 2020-06-22 10:20:53 |
Ioanna Alifieraki |
nominated for series |
|
Ubuntu Focal |
|
| 2020-06-22 10:20:53 |
Ioanna Alifieraki |
bug task added |
|
libseccomp (Ubuntu Focal) |
|
| 2020-06-22 10:20:53 |
Ioanna Alifieraki |
nominated for series |
|
Ubuntu Xenial |
|
| 2020-06-22 10:20:53 |
Ioanna Alifieraki |
bug task added |
|
libseccomp (Ubuntu Xenial) |
|
| 2020-06-22 10:20:53 |
Ioanna Alifieraki |
nominated for series |
|
Ubuntu Groovy |
|
| 2020-06-22 10:20:53 |
Ioanna Alifieraki |
bug task added |
|
libseccomp (Ubuntu Groovy) |
|
| 2020-06-22 10:20:53 |
Ioanna Alifieraki |
nominated for series |
|
Ubuntu Bionic |
|
| 2020-06-22 10:20:53 |
Ioanna Alifieraki |
bug task added |
|
libseccomp (Ubuntu Bionic) |
|
| 2020-06-22 10:20:53 |
Ioanna Alifieraki |
nominated for series |
|
Ubuntu Eoan |
|
| 2020-06-22 10:20:53 |
Ioanna Alifieraki |
bug task added |
|
libseccomp (Ubuntu Eoan) |
|
| 2020-06-22 10:21:07 |
Ioanna Alifieraki |
libseccomp (Ubuntu Focal): status |
New |
In Progress |
|
| 2020-06-22 10:21:10 |
Ioanna Alifieraki |
libseccomp (Ubuntu Eoan): status |
New |
In Progress |
|
| 2020-06-22 10:21:15 |
Ioanna Alifieraki |
libseccomp (Ubuntu Bionic): status |
New |
In Progress |
|
| 2020-06-22 10:21:19 |
Ioanna Alifieraki |
libseccomp (Ubuntu Xenial): status |
New |
In Progress |
|
| 2020-06-22 10:21:23 |
Ioanna Alifieraki |
libseccomp (Ubuntu Focal): importance |
Undecided |
Medium |
|
| 2020-06-22 10:21:26 |
Ioanna Alifieraki |
libseccomp (Ubuntu Eoan): importance |
Undecided |
Medium |
|
| 2020-06-22 10:21:29 |
Ioanna Alifieraki |
libseccomp (Ubuntu Bionic): importance |
Undecided |
Medium |
|
| 2020-06-22 10:21:32 |
Ioanna Alifieraki |
libseccomp (Ubuntu Xenial): importance |
Undecided |
Medium |
|
| 2020-06-22 10:21:39 |
Ioanna Alifieraki |
libseccomp (Ubuntu Xenial): assignee |
|
Ioanna Alifieraki (joalif) |
|
| 2020-06-22 10:21:41 |
Ioanna Alifieraki |
libseccomp (Ubuntu Bionic): assignee |
|
Ioanna Alifieraki (joalif) |
|
| 2020-06-22 10:21:43 |
Ioanna Alifieraki |
libseccomp (Ubuntu Eoan): assignee |
|
Ioanna Alifieraki (joalif) |
|
| 2020-06-22 10:21:45 |
Ioanna Alifieraki |
libseccomp (Ubuntu Focal): assignee |
|
Ioanna Alifieraki (joalif) |
|
| 2020-06-22 10:21:47 |
Ioanna Alifieraki |
libseccomp (Ubuntu Groovy): assignee |
|
Ioanna Alifieraki (joalif) |
|
| 2020-06-22 10:58:30 |
Ioanna Alifieraki |
description |
There is a known and patched issue with version 2.4 of libseccomp where certain operations have a large performance regression. This is causing some packages that use libseccomp such as container orchestration systems to occasionally time out or otherwise fail under certain workloads.
Please consider porting the patch into the various Ubuntu versions that have version 2.4 of libseccomp and into the backports. The performance patch from version 2.5 (yet to be released) applies cleanly on top of the 2.4 branch of libseccomp.
For more information, and for a copy of the patch (which can also be cherry picked from the upstream libseccomp repos) see the similar Debian issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943913 |
[IMPACT]
There is a known and patched issue with version 2.4 of libseccomp where certain operations have a large performance regression. This is causing some packages that use libseccomp such as container orchestration systems to occasionally time out or otherwise fail under certain workloads.
Please consider porting the patch into the various Ubuntu versions that have version 2.4 of libseccomp and into the backports. The performance patch from version 2.5 (yet to be released) applies cleanly on top of the 2.4 branch of libseccomp.
For more information, and for a copy of the patch (which can also be cherry picked from the upstream libseccomp repos) see the similar Debian issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943913
Upstream issue : https://github.com/seccomp/libseccomp/issues/153
Upstream fix : https://github.com/seccomp/libseccomp/pull/180/
[Test Case]
For this test case we use Docker on Ubuntu Groovy (20.10) :
--> Current libseccomp version
#dpkg -l | grep libseccomp
ii libseccomp2:amd64 2.4.3-1ubuntu3 amd64 high level interface to Linux seccomp filter
## pull ubuntu image
# docker pull ubuntu
## create a container
# docker run --name test_seccomp -it 74435f89ab78 /bin/bash
## run test case
# for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
...
MAX TIME :
real 0m10,319s
user 0m0,018s
sys 0m0,033s
--> Patched libseccomp version
# dpkg -l | grep libseccomp
ii libseccomp2:amd64 2.4.3-1ubuntu4 amd64 high level interface to Linux seccomp filter
# docker start test_seccomp
## run test case
# for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
...
MAX TIME :
real 0m3,650s
user 0m0,025s
sys 0m0,028s
[Regression Potential]
The first of the 2 patches cleans up the code that adds rules to a single filter without changing the logic of the code. The second patch introduces the idea of shadow transactions. On a successful transaction commit the old transaction checkpoint is preserved and is brought up to date with the current filter. The next time a new transaction starts, it checks is the a shadow transaction exist and if so the shadow is used instead of creating a new checkpoint from scratch [1]. This is the patch that mitigates the performance regression. Any potential regression will involve the parts of the code that add rules to filters and/or the code that creates and checks the shadow transactions.
[Other]
Affected releases : Groovy, Focal, Eoan, Bionic, Xenial.
[1] https://github.com/seccomp/libseccomp/pull/180/commits/bc3a6c0453b0350ee43e4925482f705a2fbf5a4d |
|
| 2020-06-22 11:05:33 |
Ioanna Alifieraki |
attachment added |
|
lp1861177_groovy.debdiff https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1861177/+attachment/5386079/+files/lp1861177_groovy.debdiff |
|
| 2020-06-29 13:33:22 |
Ioanna Alifieraki |
attachment added |
|
lp1861177_focal.debdiff https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1861177/+attachment/5388139/+files/lp1861177_focal.debdiff |
|
| 2020-06-29 13:33:50 |
Ioanna Alifieraki |
attachment added |
|
lp1861177_eoan.debdiff https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1861177/+attachment/5388140/+files/lp1861177_eoan.debdiff |
|
| 2020-06-29 13:34:20 |
Ioanna Alifieraki |
attachment added |
|
lp1861177_bionic.debdiff https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1861177/+attachment/5388141/+files/lp1861177_bionic.debdiff |
|
| 2020-06-29 13:34:53 |
Ioanna Alifieraki |
attachment added |
|
lp1861177_xenial.debdiff https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1861177/+attachment/5388142/+files/lp1861177_xenial.debdiff |
|
| 2020-06-29 13:35:17 |
Ioanna Alifieraki |
bug |
|
|
added subscriber STS Sponsors |
| 2020-06-30 14:03:36 |
Ioanna Alifieraki |
bug |
|
|
added subscriber Ioanna Alifieraki |
| 2020-07-13 13:46:10 |
Łukasz Zemczak |
libseccomp (Ubuntu Focal): status |
In Progress |
Fix Committed |
|
| 2020-07-13 13:46:12 |
Łukasz Zemczak |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2020-07-13 13:46:14 |
Łukasz Zemczak |
bug |
|
|
added subscriber SRU Verification |
| 2020-07-13 13:46:20 |
Łukasz Zemczak |
tags |
patch |
patch verification-needed verification-needed-focal |
|
| 2020-07-13 13:52:31 |
Łukasz Zemczak |
libseccomp (Ubuntu Eoan): status |
In Progress |
Fix Committed |
|
| 2020-07-13 13:52:37 |
Łukasz Zemczak |
tags |
patch verification-needed verification-needed-focal |
patch verification-needed verification-needed-eoan verification-needed-focal |
|
| 2020-07-13 13:54:29 |
Łukasz Zemczak |
libseccomp (Ubuntu Bionic): status |
In Progress |
Fix Committed |
|
| 2020-07-13 13:54:35 |
Łukasz Zemczak |
tags |
patch verification-needed verification-needed-eoan verification-needed-focal |
patch verification-needed verification-needed-bionic verification-needed-eoan verification-needed-focal |
|
| 2020-07-13 13:58:02 |
Łukasz Zemczak |
libseccomp (Ubuntu Xenial): status |
In Progress |
Fix Committed |
|
| 2020-07-13 13:58:07 |
Łukasz Zemczak |
tags |
patch verification-needed verification-needed-bionic verification-needed-eoan verification-needed-focal |
patch verification-needed verification-needed-bionic verification-needed-eoan verification-needed-focal verification-needed-xenial |
|
| 2020-07-14 17:33:55 |
Launchpad Janitor |
libseccomp (Ubuntu Groovy): status |
In Progress |
Fix Released |
|
| 2020-07-16 09:32:17 |
Ioanna Alifieraki |
tags |
patch verification-needed verification-needed-bionic verification-needed-eoan verification-needed-focal verification-needed-xenial |
patch verification-done-xenial verification-needed verification-needed-bionic verification-needed-eoan verification-needed-focal |
|
| 2020-07-16 10:06:31 |
Ioanna Alifieraki |
tags |
patch verification-done-xenial verification-needed verification-needed-bionic verification-needed-eoan verification-needed-focal |
patch verification-done-focal verification-done-xenial verification-needed verification-needed-bionic verification-needed-eoan |
|
| 2020-07-17 11:11:54 |
Ioanna Alifieraki |
tags |
patch verification-done-focal verification-done-xenial verification-needed verification-needed-bionic verification-needed-eoan |
patch verification-done-bionic verification-done-focal verification-done-xenial verification-needed verification-needed-eoan |
|
| 2020-07-20 12:14:30 |
Ioanna Alifieraki |
tags |
patch verification-done-bionic verification-done-focal verification-done-xenial verification-needed verification-needed-eoan |
patch verification-done-bionic verification-done-eoan verification-done-focal verification-done-xenial verification-needed |
|
| 2020-07-23 11:24:43 |
Launchpad Janitor |
libseccomp (Ubuntu Focal): status |
Fix Committed |
Fix Released |
|
| 2020-07-23 11:24:44 |
Launchpad Janitor |
libseccomp (Ubuntu Focal): status |
Fix Committed |
Fix Released |
|
| 2020-07-23 11:24:50 |
Łukasz Zemczak |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
| 2020-07-23 17:09:32 |
Launchpad Janitor |
libseccomp (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
| 2020-07-23 17:09:31 |
Launchpad Janitor |
libseccomp (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
| 2020-07-23 17:09:46 |
Launchpad Janitor |
libseccomp (Ubuntu Xenial): status |
Fix Committed |
Fix Released |
|
| 2020-07-23 17:09:49 |
Launchpad Janitor |
libseccomp (Ubuntu Xenial): status |
Fix Committed |
Fix Released |
|
| 2020-07-27 11:03:13 |
Dariusz Gadomski |
libseccomp (Ubuntu Eoan): status |
Fix Committed |
Won't Fix |
|
| 2020-08-02 00:37:43 |
Mathew Hodson |
affects |
snapd |
ubuntu-translations |
|
| 2020-08-02 00:37:55 |
Mathew Hodson |
bug task deleted |
ubuntu-translations |
|
|
| 2020-08-18 15:14:55 |
Launchpad Janitor |
libseccomp (Ubuntu Eoan): status |
Won't Fix |
Fix Released |
|
