IMA crashes while verifying signatures

Bug #1582852 reported by Stefan Berger
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Confirmed
Medium
Unassigned
Xenial
Confirmed
Medium
Unassigned

Bug Description

The application of a kernel patch to fix Bug 1569924 causes crashes when IMA is verifying signatures:

https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1569924

The following fix was applied:

commit e6b195bb9adbf92b62f466b02fb8ae9b4294ad5e
Author: Tadeusz Struk <email address hidden>
Date: Tue Feb 2 10:08:53 2016 -0800

    crypto: KEYS: convert public key and digsig asym to the akcipher api

This patch was taken from here:

https://github.com/torvalds/linux/commit/db6c43bd2132dc2dd63d73a6d1ed601cffd0ae06.patch

The series was posted here (not sure whether this is the latest version)

https://lkml.org/lkml/2016/2/2/575

The following two patches should be applied as well. They stem from that same series of patches as the one that is already applied.

https://github.com/torvalds/linux/commit/eb5798f2e28f3b43091cecc71c84c3f6fb35c7de.patch
https://github.com/torvalds/linux/commit/d846e78e491ff4dd0747026c02414844d504fcb6.patch

Revision history for this message
Brad Figg (brad-figg) wrote : Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:

apport-collect 1582852

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
tags: added: kernel-da-key
Changed in linux (Ubuntu):
importance: Undecided → Medium
status: Incomplete → Triaged
Changed in linux (Ubuntu Xenial):
importance: Undecided → Medium
status: New → Triaged
Changed in linux (Ubuntu):
assignee: nobody → Joseph Salisbury (jsalisbury)
Changed in linux (Ubuntu Xenial):
assignee: nobody → Joseph Salisbury (jsalisbury)
status: Triaged → In Progress
Changed in linux (Ubuntu):
status: Triaged → In Progress
Revision history for this message
Joseph Salisbury (jsalisbury) wrote :

I built Xenial test kernel with a pick of eb5798f2 and d846e78e4. The test kernel can be downloaded from:

http://kernel.ubuntu.com/~jsalisbury/lp1582852/

Can you test this kernel and see if it resolves this bug?

Thanks in advance!

Revision history for this message
Stefan Berger (stefanb-us) wrote :

Hi Joseph,

 thanks for building the kernel. We discovered the problem as part of testing IMA. We built the kernel with these 2 patches applied and one other patch applied for which now a bug has also been filed:

https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1584195

The issue is, I cannot test the code path without that other patch applied because that one provides the facilities for injecting a key into the kernel image, which is a prerequisite for using IMA with the .ima keyring, which in turn allows us to exercise the fixed code path.

Thanks,
  Stefan

Revision history for this message
Joseph Salisbury (jsalisbury) wrote :

Do you happen to know if the patches mentioned in bug 1584195 will get merged to at least linux-next soon?

Changed in linux (Ubuntu Xenial):
status: In Progress → Confirmed
Changed in linux (Ubuntu):
status: In Progress → Confirmed
Changed in linux (Ubuntu Xenial):
assignee: Joseph Salisbury (jsalisbury) → nobody
Changed in linux (Ubuntu):
assignee: Joseph Salisbury (jsalisbury) → nobody
Brad Figg (brad-figg)
tags: added: cscc
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers