| 2020-05-11 13:16:51 |
Andreas Hasenack |
bug |
|
|
added bug |
| 2020-05-11 13:18:36 |
Andreas Hasenack |
description |
Placeholder for full MIR template.
In the meantime, what prompted me to do this was that samba 4.12.x can use liburing to build a vfs module, but samba-vfs-modules is in main.
That particular vfs module in samba 4.12.2 has a serious data corruption bug[1], but it's being fixed.
1. https://bugzilla.samba.org/show_bug.cgi?id=14361 |
Placeholder for full MIR template.
In the meantime, what prompted me to do this was that samba 4.12.x can use liburing to build a vfs module, but samba-vfs-modules is in main.
That particular vfs module in samba 4.12.2 has a serious data corruption bug[1], but it's being fixed.
More data about uring, to add to this MIR in the reasoning section:
https://lwn.net/Articles/776703/
https://unixism.net/loti/
"""
io_uring is a powerful new way to do asynchronous I/O programming under Linux. Doing away with various limitations of previous generation I/O subsystems, io_uring holds immense promise. For more details on what io_uring brings to the table, please see the chapter What is io_uring?.
"""
1. https://bugzilla.samba.org/show_bug.cgi?id=14361 |
|
| 2020-05-11 13:51:47 |
Andreas Hasenack |
cve linked |
|
2019-19241 |
|
| 2020-05-13 12:18:53 |
Christian Ehrhardt |
bug |
|
|
added subscriber Christian Ehrhardt |
| 2020-06-30 11:43:18 |
Launchpad Janitor |
liburing (Ubuntu): status |
New |
Confirmed |
|
| 2020-06-30 11:45:12 |
Christian Ehrhardt |
liburing (Ubuntu): status |
Confirmed |
New |
|
| 2020-06-30 12:23:44 |
Christian Ehrhardt |
description |
Placeholder for full MIR template.
In the meantime, what prompted me to do this was that samba 4.12.x can use liburing to build a vfs module, but samba-vfs-modules is in main.
That particular vfs module in samba 4.12.2 has a serious data corruption bug[1], but it's being fixed.
More data about uring, to add to this MIR in the reasoning section:
https://lwn.net/Articles/776703/
https://unixism.net/loti/
"""
io_uring is a powerful new way to do asynchronous I/O programming under Linux. Doing away with various limitations of previous generation I/O subsystems, io_uring holds immense promise. For more details on what io_uring brings to the table, please see the chapter What is io_uring?.
"""
1. https://bugzilla.samba.org/show_bug.cgi?id=14361 |
[Availability]
liburing is in universe in groovy at version 0.6-3 without Ubuntu Delta at the moment.
It builds for the Ubuntu architectures amd64, arm64, armhf, ppc64el, riscv64, s390x.
[Rationale]
liburing can be used for advanced asynchronous IO in qemu (>=5),
samba (>=4.12.x) and probably more down the road.
- https://lwn.net/Articles/776703/
- https://unixism.net/loti/
Since groovy is the first step towards 22.04 I think it would be great to
enable liburing now and see how things behave and if/how they are further
adopted.
[Security]
There was a CVE of the kernel side of the interface
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19241
It is already handled and fixed in all Ubuntu releases:
https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19241.html
So far nothing else came up, but generally I/O interfaces are a good place
to exploit so there is an elevated risk I guess.
[Quality assurance]
The package has build time tests that are not yet working, so it ignores the
return value for now, but runs them to gather data. Mostly it seems permission
or kernel config errors.
It also has autopkgtests but those also miss permissions.
Note: I have forwarded an MP to Debian about the root permission at
build/test time.
Further all seems ok:
- No debconf questions.
- No long-term outstanding bugs.
- The package is maintained well in Debian/Ubuntu (sync, no open bugs)
- The package does not deal with exotic hardware (just very recent kernels)
- The package uses a debian/watch file
- not using python(2)
- symbols tracking is in place
- lintian --pedantic is rather happy
[UI standards]
this has no end-user UI, so no translations seem needed.
[Dependencies]
No other dependencies than libc6. This really is just a path to the kernel
and does not need many other components.
[Standards compliance]
- The package meets the FHS and Debian Policy standards.
- d/rules and d/control as small and well written
[Maintenance]
The Server team will subscribe for the package for maintenance
[Background]
quote https://unixism.net/loti/
"""
io_uring is a powerful new way to do asynchronous I/O programming under Linux.
Doing away with various limitations of previous generation I/O subsystems,
io_uring holds immense promise. For more details on what io_uring brings to
the table, please see the chapter What is io_uring?.
""" |
|
| 2020-06-30 12:25:27 |
Christian Ehrhardt |
liburing (Ubuntu): assignee |
|
Ubuntu Security Team (ubuntu-security) |
|
| 2020-06-30 12:46:51 |
Christian Ehrhardt |
description |
[Availability]
liburing is in universe in groovy at version 0.6-3 without Ubuntu Delta at the moment.
It builds for the Ubuntu architectures amd64, arm64, armhf, ppc64el, riscv64, s390x.
[Rationale]
liburing can be used for advanced asynchronous IO in qemu (>=5),
samba (>=4.12.x) and probably more down the road.
- https://lwn.net/Articles/776703/
- https://unixism.net/loti/
Since groovy is the first step towards 22.04 I think it would be great to
enable liburing now and see how things behave and if/how they are further
adopted.
[Security]
There was a CVE of the kernel side of the interface
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19241
It is already handled and fixed in all Ubuntu releases:
https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19241.html
So far nothing else came up, but generally I/O interfaces are a good place
to exploit so there is an elevated risk I guess.
[Quality assurance]
The package has build time tests that are not yet working, so it ignores the
return value for now, but runs them to gather data. Mostly it seems permission
or kernel config errors.
It also has autopkgtests but those also miss permissions.
Note: I have forwarded an MP to Debian about the root permission at
build/test time.
Further all seems ok:
- No debconf questions.
- No long-term outstanding bugs.
- The package is maintained well in Debian/Ubuntu (sync, no open bugs)
- The package does not deal with exotic hardware (just very recent kernels)
- The package uses a debian/watch file
- not using python(2)
- symbols tracking is in place
- lintian --pedantic is rather happy
[UI standards]
this has no end-user UI, so no translations seem needed.
[Dependencies]
No other dependencies than libc6. This really is just a path to the kernel
and does not need many other components.
[Standards compliance]
- The package meets the FHS and Debian Policy standards.
- d/rules and d/control as small and well written
[Maintenance]
The Server team will subscribe for the package for maintenance
[Background]
quote https://unixism.net/loti/
"""
io_uring is a powerful new way to do asynchronous I/O programming under Linux.
Doing away with various limitations of previous generation I/O subsystems,
io_uring holds immense promise. For more details on what io_uring brings to
the table, please see the chapter What is io_uring?.
""" |
[Availability]
liburing is in universe in groovy at version 0.6-3 without Ubuntu Delta at the moment.
It builds for the Ubuntu architectures amd64, arm64, armhf, ppc64el, riscv64, s390x.
[Rationale]
liburing can be used for advanced asynchronous IO in qemu (>=5),
samba (>=4.12.x) and probably more down the road.
- https://lwn.net/Articles/776703/
- https://unixism.net/loti/
- https://github.com/axboe/liburing/
Since groovy is the first step towards 22.04 I think it would be great to
enable liburing now and see how things behave and if/how they are further
adopted.
[Security]
There was a CVE of the kernel side of the interface
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19241
It is already handled and fixed in all Ubuntu releases:
https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19241.html
So far nothing else came up, but generally I/O interfaces are a good place
to exploit so there is an elevated risk I guess.
[Quality assurance]
The package has build time tests that are not yet working, so it ignores the
return value for now, but runs them to gather data. Mostly it seems permission
or kernel config errors.
It also has autopkgtests but those also miss permissions.
Note: I have forwarded an MP to Debian about the root permission at
build/test time.
Further all seems ok:
- No debconf questions.
- No long-term outstanding bugs.
- The package is maintained well in Debian/Ubuntu (sync, no open bugs)
- The package does not deal with exotic hardware (just very recent kernels)
- The package uses a debian/watch file
- not using python(2)
- symbols tracking is in place
- lintian --pedantic is rather happy
[UI standards]
this has no end-user UI, so no translations seem needed.
[Dependencies]
No other dependencies than libc6. This really is just a path to the kernel
and does not need many other components.
[Standards compliance]
- The package meets the FHS and Debian Policy standards.
- d/rules and d/control as small and well written
[Maintenance]
The Server team will subscribe for the package for maintenance
[Background]
quote https://unixism.net/loti/
"""
io_uring is a powerful new way to do asynchronous I/O programming under Linux.
Doing away with various limitations of previous generation I/O subsystems,
io_uring holds immense promise. For more details on what io_uring brings to
the table, please see the chapter What is io_uring?.
""" |
|
| 2020-07-01 09:41:11 |
Christian Ehrhardt |
bug watch added |
|
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964077 |
|
| 2020-07-06 03:59:33 |
Alex Murray |
tags |
|
security-review-done |
|
| 2020-07-06 03:59:34 |
Alex Murray |
liburing (Ubuntu): assignee |
Ubuntu Security Team (ubuntu-security) |
|
|
| 2020-07-13 12:51:21 |
Christian Ehrhardt |
liburing (Ubuntu): assignee |
|
Christian Ehrhardt (paelzer) |
|
| 2020-07-13 14:17:52 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~paelzer/ubuntu/+source/liburing/+git/liburing/+merge/387314 |
|
| 2020-07-14 14:34:12 |
Christian Ehrhardt |
summary |
MIR: liburing |
[MIR] liburing |
|
| 2020-07-14 23:16:36 |
Launchpad Janitor |
liburing (Ubuntu): status |
New |
Fix Released |
|
| 2020-07-15 09:06:48 |
Christian Ehrhardt |
liburing (Ubuntu): status |
Fix Released |
In Progress |
|
| 2020-07-15 09:06:50 |
Christian Ehrhardt |
liburing (Ubuntu): assignee |
Christian Ehrhardt (paelzer) |
|
|
| 2020-07-15 12:01:30 |
Christian Ehrhardt |
bug |
|
|
added subscriber Ubuntu Package Archive Administrators |
| 2020-07-16 09:17:59 |
Sebastien Bacher |
liburing (Ubuntu): status |
In Progress |
Fix Released |
|
