[Bug 2020826] Re: typo systemds-detect-virt
Matthew Ruffell
2020826 at bugs.launchpad.net
Mon May 29 03:45:07 UTC 2023
** Also affects: needrestart (Ubuntu Mantic)
Importance: Undecided
Status: New
** Also affects: needrestart (Ubuntu Lunar)
Importance: Undecided
Status: New
** Also affects: needrestart (Ubuntu Kinetic)
Importance: Undecided
Status: New
** Changed in: needrestart (Ubuntu Kinetic)
Status: New => In Progress
** Changed in: needrestart (Ubuntu Lunar)
Status: New => In Progress
** Changed in: needrestart (Ubuntu Mantic)
Status: New => In Progress
** Changed in: needrestart (Ubuntu Kinetic)
Importance: Undecided => Medium
** Changed in: needrestart (Ubuntu Lunar)
Importance: Undecided => Medium
** Changed in: needrestart (Ubuntu Mantic)
Importance: Undecided => Medium
** Changed in: needrestart (Ubuntu Kinetic)
Assignee: (unassigned) => Matthew Ruffell (mruffell)
** Changed in: needrestart (Ubuntu Lunar)
Assignee: (unassigned) => Matthew Ruffell (mruffell)
** Changed in: needrestart (Ubuntu Mantic)
Assignee: (unassigned) => Matthew Ruffell (mruffell)
** Tags added: sts
** Description changed:
- Hello, this was reported in Debian:
+ [Impact]
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026026
+ VM detection in needrestart was quietly and subtly broken in version 3.6
+ that ships in kinetic, lunar and mantic, where a spelling mistake had
+ been made that incorrectly called /usr/bin/systemds-detect-virt over
+ /usr/bin/systemd-detect-virt.
- $ rg systemds-detect
- needrestart/kinetic/needrestart-3.6/needrestart
- 54:if($is_systemd && -x q(/usr/bin/systemds-detect-virt)) {
+ This causes needrestart to think we are running in bare metal always,
+ and it spends extra time checking microcode status, and sometimes
+ prompting the user that their microcode is out of date, even know there
+ is no way to apply microcode updates, which can mislead users each time
+ they run apt install commands.
- needrestart/lunar/needrestart-3.6/needrestart
- 54:if($is_systemd && -x q(/usr/bin/systemds-detect-virt)) {
+ The fix is to correct the spelling mistake.
+ [Testcase]
- Note that /usr/bin/systemds-detect-virt doesn't exist. It should be /usr/bin/systemd-detect-virt. Apparently installing libimvirt-perl is enough to work around the issue:
+ Start a VM, I used a m5.large on AWS, with either kinetic, lunar or
+ mantic.
- if($is_systemd && -x q(/usr/bin/systemds-detect-virt)) {
- # check if we are inside of a vm
- my $ret = system(qw(/usr/bin/systemd-detect-virt --vm --quiet));
- unless($? == -1 || $? & 127) {
- $is_vm = ($? >> 8) == 0;
- }
+ If you run needrestart from your prompt, it checks for microcode. This
+ run is on a system where the microcode package is at its latest, but on
+ systems where it is out of date, you receive a curses prompt.
- # check if we are inside of a container
- $ret = system(qw(/usr/bin/systemd-detect-virt --container --quiet));
- unless($? == -1 || $? & 127) {
- $is_container = ($? >> 8) == 0;
- }
- }
- elsif(eval "use ImVirt; 1;") {
- require ImVirt;
- ImVirt->import();
- my $imvirt = ImVirt::imv_get(ImVirt->IMV_PROB_DEFAULT);
+ $ /usr/sbin/needrestart -w -v
+ [main] eval /etc/needrestart/needrestart.conf
+ [main] needrestart v3.6
+ [main] running in user mode
+ [Core] Using UI 'NeedRestart::UI::stdio'...
+ [main] systemd detected
+ [ucode] using NeedRestart::uCode::AMD
+ [ucode] using NeedRestart::uCode::Intel
+ [uCode/AMD] #0 cpu vendor id mismatch
+ [uCode/Intel] #0 current revision: 0x2006f05
+ + + grep -oE [^[:space:]]+$
+ iucode_tool --scan-system
+ + sig=0x00050654
+ + [ -r /sys/devices/system/cpu/cpu0/microcode/processor_flags ]
+ + filter=-S
+ + test -r /etc/needrestart/iucode.sh
+ + . /etc/needrestart/iucode.sh
+ + type bsdtar
+ + IUCODE_TOOL_EXTRA_OPTIONS=
+ + test -r /etc/default/intel-microcode
+ + . /etc/default/intel-microcode
+ + test = no
+ + [ -r /usr/share/misc/intel-microcode* ]
+ + iucode_tool -l+ -Sgrep 0x00050654
+ --ignore-broken -tb /lib/firmware/intel-ucode
+ [uCode/Intel] #0 available revision: 0x2006e05
- $is_vm = $imvirt ne ImVirt->IMV_PHYSICAL;
- $is_container = $imvirt eq ImVirt->IMV_CONTAINER;
- }
- elsif (-r "/proc/1/environ") {
- # check if we are inside of a container (fallback)
- local $/;
- open(HENV, '<', '/proc/1/environ');
- $is_container = scalar(grep {/^container=/;} unpack("(Z*)*", <HENV>));
- close(HENV)
- }
+ The processor microcode seems to be up-to-date.
+ If you install the test packages from the below ppa:
- Thanks
+ https://launchpad.net/~mruffell/+archive/ubuntu/sf361263-test
+
+ The expected output is to correctly register that we are running inside
+ a VM and microcode checks can be skipped:
+
+ $ /usr/sbin/needrestart -w -v
+ [main] eval /etc/needrestart/needrestart.conf
+ [main] needrestart v3.6
+ [main] running in user mode
+ [Core] Using UI 'NeedRestart::UI::stdio'...
+ [main] systemd detected
+ [main] vm detected
+ [main] inside container or vm, skipping microcode checks
+
+ [Where problems could occur]
+
+ We are fixing a spelling mistake made in a previous commit, and not
+ changing any functionality or behaviour. The spelling mistake changes
+ invoking the incorrect /usr/bin/systemds-detect-virt to
+ /usr/bin/systemd-detect-virt.
+
+ Beforehand, /usr/bin/systemd-detect-virt would not exist, and thus
+ return false. We would never enter the if statement, and thus never
+ check to see if we are in a VM. By fixing the mistake, we now call
+ /usr/bin/systemd-detect-virt, and if we are inside a VM, skip some
+ unnecessary steps, like checking microcode versions.
+
+ If a regression were to occur, it would cause needrestart to interpret
+ running in a VM or bare metal differently, and may or may not prompt the
+ user at the correct times to restart any services or the system.
+
+ One thing to note is that needrestart is called automatically by apt
+ after every install or remove invocation, and a regression could cause
+ apt to return an error code, even when the packages were installed or
+ removed correctly.
+
+ [Other Info]
+
+ Debian bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026026
+
+ This was fixed in the below commit, currently not tagged to a release:
+
+ commit 27bf4678bb92f68dfadd04ab04e96cba6ea2c376
+ From: zxyrepf <53189615+zxyrepf at users.noreply.github.com>
+ Date: Sun, 24 Jul 2022 08:30:19 +0000
+ Subject: Fix VM detection regression introduced in f54d85c
+ Link: https://github.com/liske/needrestart/commit/27bf4678bb92f68dfadd04ab04e96cba6ea2c376
+
+ This fixes the regression introduced by:
+
+ commit f54d85cab33c450b2d4e17eaf359a5c7470ef91d
+ From: Thomas Liske <thomas at fiasko-nw.net>
+ Date: Tue, 17 May 2022 15:38:42 +0200
+ Subject: [Core] Use ImVirt for virtualization detection if not running
+ on systemd (Debian Bug#984789 by Patrik Schindler <poc at pocnet.net>).
+ Link: https://github.com/liske/needrestart/commit/f54d85cab33c450b2d4e17eaf359a5c7470ef91d
** Summary changed:
- typo systemds-detect-virt
+ VM detection is broken, leading to prompt to restart for microcode updates
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to needrestart in Ubuntu.
https://bugs.launchpad.net/bugs/2020826
Title:
VM detection is broken, leading to prompt to restart for microcode
updates
Status in needrestart package in Ubuntu:
In Progress
Status in needrestart source package in Kinetic:
In Progress
Status in needrestart source package in Lunar:
In Progress
Status in needrestart source package in Mantic:
In Progress
Bug description:
[Impact]
VM detection in needrestart was quietly and subtly broken in version
3.6 that ships in kinetic, lunar and mantic, where a spelling mistake
had been made that incorrectly called /usr/bin/systemds-detect-virt
over /usr/bin/systemd-detect-virt.
This causes needrestart to think we are running in bare metal always,
and it spends extra time checking microcode status, and sometimes
prompting the user that their microcode is out of date, even know
there is no way to apply microcode updates, which can mislead users
each time they run apt install commands.
The fix is to correct the spelling mistake.
[Testcase]
Start a VM, I used a m5.large on AWS, with either kinetic, lunar or
mantic.
If you run needrestart from your prompt, it checks for microcode. This
run is on a system where the microcode package is at its latest, but
on systems where it is out of date, you receive a curses prompt.
$ /usr/sbin/needrestart -w -v
[main] eval /etc/needrestart/needrestart.conf
[main] needrestart v3.6
[main] running in user mode
[Core] Using UI 'NeedRestart::UI::stdio'...
[main] systemd detected
[ucode] using NeedRestart::uCode::AMD
[ucode] using NeedRestart::uCode::Intel
[uCode/AMD] #0 cpu vendor id mismatch
[uCode/Intel] #0 current revision: 0x2006f05
+ + grep -oE [^[:space:]]+$
iucode_tool --scan-system
+ sig=0x00050654
+ [ -r /sys/devices/system/cpu/cpu0/microcode/processor_flags ]
+ filter=-S
+ test -r /etc/needrestart/iucode.sh
+ . /etc/needrestart/iucode.sh
+ type bsdtar
+ IUCODE_TOOL_EXTRA_OPTIONS=
+ test -r /etc/default/intel-microcode
+ . /etc/default/intel-microcode
+ test = no
+ [ -r /usr/share/misc/intel-microcode* ]
+ iucode_tool -l+ -Sgrep 0x00050654
--ignore-broken -tb /lib/firmware/intel-ucode
[uCode/Intel] #0 available revision: 0x2006e05
The processor microcode seems to be up-to-date.
If you install the test packages from the below ppa:
https://launchpad.net/~mruffell/+archive/ubuntu/sf361263-test
The expected output is to correctly register that we are running
inside a VM and microcode checks can be skipped:
$ /usr/sbin/needrestart -w -v
[main] eval /etc/needrestart/needrestart.conf
[main] needrestart v3.6
[main] running in user mode
[Core] Using UI 'NeedRestart::UI::stdio'...
[main] systemd detected
[main] vm detected
[main] inside container or vm, skipping microcode checks
[Where problems could occur]
We are fixing a spelling mistake made in a previous commit, and not
changing any functionality or behaviour. The spelling mistake changes
invoking the incorrect /usr/bin/systemds-detect-virt to
/usr/bin/systemd-detect-virt.
Beforehand, /usr/bin/systemd-detect-virt would not exist, and thus
return false. We would never enter the if statement, and thus never
check to see if we are in a VM. By fixing the mistake, we now call
/usr/bin/systemd-detect-virt, and if we are inside a VM, skip some
unnecessary steps, like checking microcode versions.
If a regression were to occur, it would cause needrestart to interpret
running in a VM or bare metal differently, and may or may not prompt
the user at the correct times to restart any services or the system.
One thing to note is that needrestart is called automatically by apt
after every install or remove invocation, and a regression could cause
apt to return an error code, even when the packages were installed or
removed correctly.
[Other Info]
Debian bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026026
This was fixed in the below commit, currently not tagged to a release:
commit 27bf4678bb92f68dfadd04ab04e96cba6ea2c376
From: zxyrepf <53189615+zxyrepf at users.noreply.github.com>
Date: Sun, 24 Jul 2022 08:30:19 +0000
Subject: Fix VM detection regression introduced in f54d85c
Link: https://github.com/liske/needrestart/commit/27bf4678bb92f68dfadd04ab04e96cba6ea2c376
This fixes the regression introduced by:
commit f54d85cab33c450b2d4e17eaf359a5c7470ef91d
From: Thomas Liske <thomas at fiasko-nw.net>
Date: Tue, 17 May 2022 15:38:42 +0200
Subject: [Core] Use ImVirt for virtualization detection if not running
on systemd (Debian Bug#984789 by Patrik Schindler <poc at pocnet.net>).
Link: https://github.com/liske/needrestart/commit/f54d85cab33c450b2d4e17eaf359a5c7470ef91d
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/needrestart/+bug/2020826/+subscriptions
More information about the foundations-bugs
mailing list