Review for Source Package: qrtr
[Summary]
qrtr is the userspace part for IPC communication with qualcomm processors. It
is primarily used on mobile phones, but can also be relevant for ARM based
laptops, such as the Lenovo X13s.
MIR team ACK (pending security-team ACK), with some suggested
Recommended TODOs.
This does need a security review, so I'll assign ubuntu-security
List of specific binary packages to be promoted to main: libqrtr1, qrtr-tools
Specific binary packages built, but NOT to be promoted to main: None
Notes:
#0 requesting security review, because it's running a service as root, opening
controll sockets, parsing protocol packages and having no hardening features
enabled.
#1 This is needed for hardware enablement, no automatic testing can be
provided, but the hardware is available and a test case described in the ISO
tracker.
Required TODOs:
- None
Recommended TODOs:
#2 The package should get a team bug subscriber before being promoted
#3 Enablement of isolation/hardening features should be considered (e.g. as
part of the systemd service)
#4 Adding (hardware independent) smoke tests during build-/autopkgtests should
be considered, at least making sure the library can be compiled and loaded
correctly
#5 Consider helping out uptream with adding documentation/man pages
#6 Consider supporting the Debian maintainer with more timely package updates
after (rare) upstream releases are cut.
[Rationale, Duplication and Ownership]
There is no other package in main providing the same functionality.
A team is committed to own long term maintenance of this package.
The rationale given in the report seems valid and useful for Ubuntu
[Dependencies]
OK:
- no other Dependencies to MIR due to this
- src:qrtr checked with `check-mir`
- all dependencies can be found in `seeded-in-ubuntu` (already in main)
- none of the (potentially auto-generated) dependencies (Depends
and Recommends) that are present after build are not in main
- no -dev/-debug/-doc packages that need exclusion
- No dependencies in main that are only superficially tested requiring
more tests now.
Problems: None
[Embedded sources and static linking]
OK:
- no embedded source present
- no static linking
- does not have unexpected Built-Using entries
- not a go package, no extra constraints to consider in that regard
- not a rust package, no extra constraints to consider in that regard
Problems: None
[Security]
OK:
- history of CVEs does not look concerning
- does not use webkit1,2
- does not use lib*v8 directly
- does not process arbitrary web content
- does not use centralized online accounts
- does not integrate arbitrary javascript into the desktop
- does not deal with system authentication (eg, pam), etc)
- does not deal with security attestation (secure boot, tpm, signatures)
- does not deal with cryptography (en-/decryption, certificates,
signing, ...)
Problems:
- does run a daemon as root
- doesn't make appropriate (for its exposure) use of established risk
mitigation features (dropping permissions, using temporary environments,
restricted users/groups, seccomp, systemd isolation features,
apparmor, ...)
- does parse data formats (QIPCRTR network packets, QMI structures, ...) from
an untrusted source (userland).
- does expose any external endpoint (port/socket/... or similar)
[Common blockers]
OK:
- does not FTBFS currently
- This does seem to need special HW for build or test so it can't be
automatic at build or autopkgtest time. But as outlined
by the requester in [Quality assurance - testing] there:
- is hardware (Lenovo X13s) and a test plan or code (kernel & foundations,
http://iso.qa.ubuntu.com/qatracker/milestones/449/builds/288343/testcases)
- is community support to test this for Ubuntu
- no new python2 dependency
- not a Python package
- not a Go package
Problems:
- does not have a test suite that runs at build time
- does not have a non-trivial test suite that runs as autopkgtest
[Packaging red flags]
OK:
- Ubuntu does not carry a delta
- symbols tracking is in place.
- debian/watch is present and looks ok (if needed, e.g. non-native)
- the current release is packaged
- promoting this does not seem to cause issues for MOTUs that so far
maintained the package
- no massive Lintian warnings
- debian/rules is rather clean
- It is not on the lto-disabled list
Problems:
- Upstream update history is sporadic
- Debian/Ubuntu update history is slow
- some lintian warnings:
W: qrtr-tools: no-manual-page [usr/bin/qrtr-{cfg,lookup,ns}]
X: qrtr-tools: systemd-service-file-missing-hardening-features
[lib/systemd/system/qrtr-ns.service]
[Upstream red flags]
OK:
- no Errors/warnings during the build
- no incautious use of malloc/sprintf (as far as we can check it)
- no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH (usage is OK inside tests)
- no use of user nobody
- no use of setuid / setgid
- no dependency on webkit, qtwebkit, seed or libgoa-*
- no important open bugs (crashers, etc) in Debian or Ubuntu
- not part of the UI for extra checks
- no translation present, but none needed for this case (user visible)?
Problems: None
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to qrtr in Ubuntu.
https://bugs.launchpad.net/bugs/2038942
Title:
[MIR] protection-domain-mapper & qrtr
Status in protection-domain-mapper package in Ubuntu:
New
Status in qrtr package in Ubuntu:
New
Bug description:
[Availability]
The package protection-domain-mapper is already in Ubuntu universe.
The package protection-domain-mapper build for the architectures it is
designed to work on.
It currently builds and works for architectures: any, verified as working on
arm64
Link to package https://launchpad.net/ubuntu/+source/protection-domain-mapper
[Rationale]
- The package protection-domain-mapper is required in Ubuntu main for
ubuntu-desktop on ARM64, as it enables power-indicator (among other
things) on most Windows on Arm laptops (qcom based laptops ~7 SKUs
and more coming). There is no other way to implement this.
- protection-domain-mapper depends on qrtr for library and a systemd
service it provides.
- There is no other/better way to solve this that is already in main
or should go universe->main instead of this. As this is the only
implementation of talking to the qcom hardware.
- The package protection-domain-mapper is required in Ubuntu main no
later than today due to Mantic release, if we want to have the best
impression of Ubuntu Desktop in the live session on x13s.
- If that fails, having it fixed as SRU is the next best option.
[Security]
- No CVEs/security issues in this software in the past. This is a
reference open source implementation of these tools, which otherwise
are used on qcom Android devices
- no `suid` or `sgid` binaries no executables in `/sbin` and
`/usr/sbin`
- Package does install services: pd-mapper.service & qrtr-ns.service
which allow runtime access to the qcom hardware which are run as
root
- Security has been kept in mind and common isolation/risk-mitigation
patterns are in place utilizing the following features:
- Packages does not open privileged ports (ports < 1024).
- Package does not expose any external endpoints
- Packages does not contain extensions to security-sensitive software
(filters, scanners, plugins, UI skins, ...)
[Quality assurance - function/usage]
- The package works well right after install, i.e. power indicator
straight away starts to show accurate battery information
[Quality assurance - maintenance]
- The package is maintained well in Debian/Ubuntu/Upstream and does
not have too many, long-term & critical, open bugs
- Ubuntu
https://bugs.launchpad.net/ubuntu/+source/protection-domain-mapper/+bug
https://bugs.launchpad.net/ubuntu/+source/qrtr/+bug
- Debian
https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=protection-domain-mapper
https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=qrtr
- Upstream's bug tracker, e.g., GitHub Issues
- The package has important open bugs, listing them:
https://bugs.launchpad.net/ubuntu/+source/protection-domain-mapper/+bug/2038944
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1045729 upstream fix at
https://github.com/andersson/qrtr/pull/24/files
- The package does deal with exotic hardware, it is present at Lenovo
X13s to be able to test, fix and verify bugs as many users at
Canonical and Community have it. And it is available for purchase.
[Quality assurance - testing]
- The package does not run a test at build time because adequate
testing requires exotic hardware & specifically kernel driver loaded
- The package does not run an autopkgtest because testing requires
exotic hardware & specifically kernel driver loaded.
- The package does have not failing autopkgtests right now
- The package can not be well tested at build or autopkgtest time
because it requires exotic hardware to test. To make up for that:
- We have access to such hardware in the team (foundations & kernel)
- We will add a run-once manual test case to iso tracker to ensure
that "power indicator shows battery indicator %")
- We will execute this test case on every upload of
protection-domain-mapper qrtr and the underlying kernel, as well
as image milestone testing
- qrtr package is minimal and will be tested in a more wide
reaching solution context protection-device-mapper, that is
causing battery indicator to work.
[Quality assurance - packaging]
- debian/watch is present and works
- debian/control defines a correct Maintainer field
- This package does not yield massive lintian Warnings, Errors
https://udd.debian.org/lintian/?email1=&email2=&email3=&packages=qrtr&ignpackages=&format=html<_error=on<_warning=on<_information=on<_pedantic=on<_experimental=on<_overridden=on<_masked=on<_classification=on&lintian_tag=#all
lack of manpages, lack of systemd hardening features in systemd unit
https://udd.debian.org/lintian/?email1=&email2=&email3=&packages=protection-
domain-
mapper&ignpackages=&format=html<_error=on<_warning=on<_information=on<_pedantic=on<_experimental=on<_overridden=on<_masked=on<_classification=on&lintian_tag=#all
lack of manpage, lack of systemd hardening features in systemd unit
- Please link to a recent build log of the package
https://launchpad.net/ubuntu/+source/qrtr/1.0-2
https://launchpad.net/ubuntu/+source/protection-domain-mapper/1.0-4
- This package does not rely on obsolete or about to be demoted
packages.
- The package will be installed by default, but does not ask debconf
questions higher than medium
- Packaging and build is easy, link to debian/rules
https://salsa.debian.org/DebianOnMobile-team/protection-domain-
mapper/-/blob/debian/latest/debian/rules
https://salsa.debian.org/DebianOnMobile-
team/qrtr/-/blob/debian/latest/debian/rules
[UI standards]
- Application is not end-user facing (does not need translation)
[Dependencies]
- No further depends or recommends dependencies that are not yet in main
[Standards compliance]
- This package correctly follows FHS and Debian Policy
[Maintenance/Owner]
- The owning team will be kernel-packages and I have their
acknowledgement for that commitment
- This does not use static builds
- This does not use vendored code
- This does not use vendored code
- This package is not rust based
- The package successfully built during the most recent test rebuild
[Background information]
The Package description explains the package well
Upstream Name matches package name
Link to upstream project are: https://github.com/andersson/qrtr and
https://github.com/andersson/pd-mapper
This package unblocks announcement of Ubuntu Desktop on ARM64 Laptops
for the first time, on an arm64 laptop from a tier 1 OEM available for
sale now.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/protection-domain-mapper/+bug/2038942/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
