[Bug 1594035] Re: unable to shut down the system after suspend / resume

Loye Young 1594035 at bugs.launchpad.net
Fri Jul 1 17:45:36 UTC 2016 

Being a fellow pilgrim in the Way of the Penguin, I can confirm the
exact same facts as Mr. Pellegrino on clean install of Ubuntu Mate
16.04.

It appears that the swap partition is not actually encrypted at all.
Syslog shows that encryption failed, and "cryptsetup -v isLuks
/path/to/partition" shows not LUKS partition. This is so no matter which
path to the swap partition I use, including: /dev/disks/by-uuid/XXXX,
the device show by "grep /proc/swaps", or /dev/mapper/cryptswap1.

Looking at /var/log/syslog, I see that cryptsetup failed because
/dev/urandom is not available. ("grep crypt /var/log/syslog" for
details.)

Further, I notice that poweroff.target is disabled. When I enable it
(systemctl enable poweroff.target), shutdown works as expected unless
the computer has resumed from suspend.

The work around suggested by Mr. Pellegrino works, but of course that
means that swap is not encrypted, which is of course a security
vulnerability.

Here is my working theory: On boot-up, systemd tries to create an
encrypted swap, but when it cannot, systemd creates an unencrypted swap.
(Feature or bug? There would be competing considerations, so it is hard
to say.) After resume from suspend, which of course involves (on
suspend) writing RAM to swap and then (on resume) reading from swap to
RAM, the system thinks there should be an encrypted swap (because that's
what /etc/fstab and /etc/crypttab say), but can't find it and gets
confused when time comes to shutdown.

This being a security issue, it should be given attention.

** Changed in: systemd (Ubuntu)
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1594035

Title:
  unable to shut down the system after suspend / resume

Status in systemd package in Ubuntu:
  Confirmed

Bug description:
  In the case of a system that has gone through a suspend / resume
  cycle, the "shutdown now" command fails with the following output:

  $ shutdown now
  Failed to power off system via logind: Transaction is destructive.
  Failed to start poweroff.target: Interactive authentication required.
  See system logs and 'systemctl status poweroff.target' for details.
  Failed to open /dev/initctl: Permission denied
  Failed to talk to init daemon.

  ---

  $ systemctl status poweroff.target
  ● poweroff.target - Power-Off
     Loaded: loaded (/lib/systemd/system/poweroff.target; disabled; vendor preset:
     Active: inactive (dead)
       Docs: man:systemd.special(7)

  ---

  $ systemctl list-jobs
  JOB UNIT                                  TYPE  STATE  
  438 dev-mapper-cryptswap1.device          start running
  439 dev-mapper-cryptswap1.swap            start waiting
  436 systemd-cryptsetup at cryptswap1.service start running

  3 jobs listed.

  ---

  Steps to reproduce:

  1. Boot system
  2. User login to graphical session
  3. Close lid while on battery power triggering a suspend
  4. Open lid while on battery power triggering a resume
  5. Run "shutdown now" from a terminal. Note that the command must be run from the terminal to see output. Selecting "Shut Down..." from the system menu in the menu bar will hide the error output.
  6. Observe that the system fails to shut down

  Expected behavior:

  At step 6, the system should shut down gracefully.

  Note that the shutdown process works as expected if steps 3 and 4 are
  skipped. I suspect that something about the suspend / resume cycle
  during the session has an interaction effect with the shutdown
  process, preventing it from executing correctly.

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: systemd 229-4ubuntu6
  ProcVersionSignature: Ubuntu 4.4.0-24.43-generic 4.4.10
  Uname: Linux 4.4.0-24-generic x86_64
  ApportVersion: 2.20.1-0ubuntu2.1
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Sat Jun 18 18:04:26 2016
  EcryptfsInUse: Yes
  Lsusb:
   Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
   Bus 001 Device 003: ID 04f2:b550 Chicony Electronics Co., Ltd 
   Bus 001 Device 002: ID 8087:0a2a Intel Corp. 
   Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
  MachineType: System76, Inc. Lemur
  ProcEnviron:
   LANGUAGE=en_US
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-24-generic.efi.signed root=UUID=7aecd352-8a3f-4ce9-88b8-0fc048dc9660 ro quiet splash vt.handoff=7
  SourcePackage: systemd
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 11/29/2015
  dmi.bios.vendor: American Megatrends Inc.
  dmi.bios.version: 1.05.06RS76
  dmi.board.asset.tag: Tag 12345
  dmi.board.name: Lemur
  dmi.board.vendor: System76, Inc.
  dmi.board.version: lemu6
  dmi.chassis.asset.tag: No Asset Tag
  dmi.chassis.type: 10
  dmi.chassis.vendor: System76, Inc.
  dmi.chassis.version: N/A
  dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr1.05.06RS76:bd11/29/2015:svnSystem76,Inc.:pnLemur:pvrlemu6:rvnSystem76,Inc.:rnLemur:rvrlemu6:cvnSystem76,Inc.:ct10:cvrN/A:
  dmi.product.name: Lemur
  dmi.product.version: lemu6
  dmi.sys.vendor: System76, Inc.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1594035/+subscriptions

More information about the foundations-bugs mailing list