[Bug 2020826] Re: VM detection is broken, leading to prompt to restart for microcode updates

Ubuntu Foundations Team Bug Bot 2020826 at bugs.launchpad.net
Mon May 29 08:14:12 UTC 2023 

The attachment "Debdiff for needrestart on mantic" seems to be a
debdiff.  The ubuntu-sponsors team has been subscribed to the bug report
so that they can review and hopefully sponsor the debdiff.  If the
attachment isn't a patch, please remove the "patch" flag from the
attachment, remove the "patch" tag, and if you are member of the
~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by
~brian-murray, for any issue please contact him.]

** Tags added: patch

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2020826

Title:
  VM detection is broken, leading to prompt to restart for microcode
  updates

Status in needrestart package in Ubuntu:
  In Progress
Status in needrestart source package in Kinetic:
  In Progress
Status in needrestart source package in Lunar:
  In Progress
Status in needrestart source package in Mantic:
  In Progress

Bug description:
  [Impact]

  VM detection in needrestart was quietly and subtly broken in version
  3.6 that ships in kinetic, lunar and mantic, where a spelling mistake
  had been made that incorrectly called /usr/bin/systemds-detect-virt
  over /usr/bin/systemd-detect-virt.

  This causes needrestart to think we are running in bare metal always,
  and it spends extra time checking microcode status, and sometimes
  prompting the user that their microcode is out of date, even know
  there is no way to apply microcode updates, which can mislead users
  each time they run apt install commands.

  The fix is to correct the spelling mistake.

  [Testcase]

  Start a VM, I used a m5.large on AWS, with either kinetic, lunar or
  mantic.

  If you run needrestart from your prompt, it checks for microcode. This
  run is on a system where the microcode package is at its latest, but
  on systems where it is out of date, you receive a curses prompt.

  $ /usr/sbin/needrestart -w -v
  [main] eval /etc/needrestart/needrestart.conf
  [main] needrestart v3.6
  [main] running in user mode
  [Core] Using UI 'NeedRestart::UI::stdio'...
  [main] systemd detected
  [ucode] using NeedRestart::uCode::AMD
  [ucode] using NeedRestart::uCode::Intel
  [uCode/AMD] #0 cpu vendor id mismatch
  [uCode/Intel] #0 current revision: 0x2006f05
  + + grep -oE [^[:space:]]+$
  iucode_tool --scan-system
  + sig=0x00050654
  + [ -r /sys/devices/system/cpu/cpu0/microcode/processor_flags ]
  + filter=-S
  + test -r /etc/needrestart/iucode.sh
  + . /etc/needrestart/iucode.sh
  + type bsdtar
  + IUCODE_TOOL_EXTRA_OPTIONS=
  + test -r /etc/default/intel-microcode
  + . /etc/default/intel-microcode
  + test  = no
  + [ -r /usr/share/misc/intel-microcode* ]
  + iucode_tool -l+  -Sgrep 0x00050654
   --ignore-broken -tb /lib/firmware/intel-ucode
  [uCode/Intel] #0 available revision: 0x2006e05

  The processor microcode seems to be up-to-date.

  If you install the test packages from the below ppa:

  https://launchpad.net/~mruffell/+archive/ubuntu/sf361263-test

  The expected output is to correctly register that we are running
  inside a VM and microcode checks can be skipped:

  $ /usr/sbin/needrestart -w -v
  [main] eval /etc/needrestart/needrestart.conf
  [main] needrestart v3.6
  [main] running in user mode
  [Core] Using UI 'NeedRestart::UI::stdio'...
  [main] systemd detected
  [main] vm detected
  [main] inside container or vm, skipping microcode checks

  [Where problems could occur]

  We are fixing a spelling mistake made in a previous commit, and not
  changing any functionality or behaviour. The spelling mistake changes
  invoking the incorrect /usr/bin/systemds-detect-virt to
  /usr/bin/systemd-detect-virt.

  Beforehand, /usr/bin/systemd-detect-virt would not exist, and thus
  return false. We would never enter the if statement, and thus never
  check to see if we are in a VM. By fixing the mistake, we now call
  /usr/bin/systemd-detect-virt, and if we are inside a VM, skip some
  unnecessary steps, like checking microcode versions.

  If a regression were to occur, it would cause needrestart to interpret
  running in a VM or bare metal differently, and may or may not prompt
  the user at the correct times to restart any services or the system.

  One thing to note is that needrestart is called automatically by apt
  after every install or remove invocation, and a regression could cause
  apt to return an error code, even when the packages were installed or
  removed correctly.

  [Other Info]

  Debian bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026026

  This was fixed in the below commit, currently not tagged to a release:

  commit 27bf4678bb92f68dfadd04ab04e96cba6ea2c376
  From: zxyrepf <53189615+zxyrepf at users.noreply.github.com>
  Date: Sun, 24 Jul 2022 08:30:19 +0000
  Subject: Fix VM detection regression introduced in f54d85c
  Link: https://github.com/liske/needrestart/commit/27bf4678bb92f68dfadd04ab04e96cba6ea2c376

  This fixes the regression introduced by:

  commit f54d85cab33c450b2d4e17eaf359a5c7470ef91d
  From: Thomas Liske <thomas at fiasko-nw.net>
  Date: Tue, 17 May 2022 15:38:42 +0200
  Subject: [Core] Use ImVirt for virtualization detection if not running
   on systemd (Debian Bug#984789 by Patrik Schindler <poc at pocnet.net>).
  Link: https://github.com/liske/needrestart/commit/f54d85cab33c450b2d4e17eaf359a5c7470ef91d

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/needrestart/+bug/2020826/+subscriptions

More information about the Ubuntu-sponsors mailing list