** Description changed:
- Thank you for reading this report.
- This may caused by bugs in kernel, not in kdump. If so, I will report this to
kernel team.
- I need your comment to solve this.
+ [Impact]
+ * Kdump kernel can't be loaded using Linux kernel 4.15.0-65 and newer on
Bionic; kexec fails to load using the "new" kexec_file_load() syscall, showing
the following messages in dmesg:
- [Impact]
- * Kdump kernel can't be loaded using linux kernel 4.15.0-76.
+ kexec: Undefined symbol: __stack_chk_fail
+ kexec-bzImage64: Loading purgatory failed
- [Environment]
- Description: Ubuntu 18.04.4 LTS
- Release: 18.04
+ * Reason for this was that backport from upstream commit b059f801a937
+ ("x86/purgatory: Use CFLAGS_REMOVE rather than reset KBUILD_CFLAGS")
+ makes use of a config option guard that wasn't backported to Ubuntu
+ 4.15.x series.
- uname:
- Linux ubuntu 4.15.0-76-generic #86-Ubuntu SMP Fri Jan 17 17:24:28 UTC 2020
x86_64 x86_64 x86_64 GNU/Linux
-
- Secure boot is enabled.
-
- Versions:
- * kexec-tools/bionic-updates,now 1:2.0.16-1ubuntu1.1
- * kdump-tools/bionic-updates,now 1:1.6.5-1ubuntu1~18.04.4
+ * Also, we found another related issue, an undefined memcpy() symbol,
+ that was related to the above patch too. We propose here a specific fix
+ for Bionic, in the form of the patch attached in comment #18.
[Test case]
- 1)After OS booted, run systemctl status kdump-tools shows these messages
below:
- ....
- ● kdump-tools.service - Kernel crash dump capture service
- Loaded: loaded (/lib/systemd/system/kdump-tools.service; enabled; vendor
preset: enabled)
- Active: active (exited) since Fri 2020-03-27 16:40:31 JST; 5min ago
- Process: 895 ExecStart=/etc/init.d/kdump-tools start (code=exited,
status=0/SUCCESS)
- Main PID: 895 (code=exited, status=0/SUCCESS)
+ * Basically the test consists in booting a signed kernel in a secure
+ boot environment (this is required given Ubuntu kernel is built with
+ CONFIG_KEXEC_VERIFY_SIG so to use kexec_file_load() we must be in a
+ proper signed/secure booted system). It works until 4.15.0-64, and
+ starts to fail after this release, until the current proposed version
+ 4.15.0-97. We can also check kdump-tools service in the failing case,
+ which shows:
- Mar 27 16:40:31 ubuntu systemd[1]: Starting Kernel crash dump capture
service...
- Mar 27 16:40:31 ubuntu kdump-tools[895]: Starting kdump-tools: * Creating
symlink /var/lib/kdump/vmlinuz
- Mar 27 16:40:31 ubuntu kdump-tools[895]: * Creating symlink
/var/lib/kdump/initrd.img
- Mar 27 16:40:31 ubuntu kdump-tools[895]: kexec_file_load failed: Exec format
error
- Mar 27 16:40:31 ubuntu kdump-tools[895]: * failed to load kdump kernel
- Mar 27 16:40:31 ubuntu systemd[1]: Started Kernel crash dump capture service.
- ....
+ systemctl status kdump-tools
+ [...]
+ kdump-tools[895]: Starting kdump-tools: * Creating symlink
/var/lib/kdump/vmlinuz
+ kdump-tools[895]: * Creating symlink /var/lib/kdump/initrd.img
+ kdump-tools[895]: kexec_file_load failed: Exec format error
+ kdump-tools[895]: * failed to load kdump kernel
+ [...]
- 2)Run kexec directly:
- $ sudo /sbin/kexec -p --command-line="/boot/vmlinuz-4.15.0-76-generic
root=UUID=29a89ad8-8923-435e-a88c-aaf5cb379568 ro mce=ignore_ce reset_devices
systemd.unit=kdump-tools-dump.service nr_cpus=1 irqpoll nousb
ata_piix.prefer_ms_hyperv=0" --initrd=/boot/initrd.img-4.15.0-76-generic
/boot/vmlinuz-4.15.0-64-generic
+ * With the patch attached in the LP, it works normally again and I was
+ able to collect a kdump.
- Then,these messages are shown:
- Cannot open /proc/kcore: Operation not permitted
- Cannot read /proc/kcore: Operation not permitted
- Cannot load /boot/vmlinuz-4.15.0-76-generic
+ [Regression potential]
- On dmesg, these messages are shown:
- ....
- [ 538.524718] Lockdown: /proc/kcore is restricted; see man kernel_lockdown.7
- ....
-
- 3) Changing OS kernel to older one(I used 4.15.0-64), kdump kernel can
- be loaded.
-
- $ sudo systemctl status kdump-tools
- ● kdump-tools.service - Kernel crash dump capture service
- Loaded: loaded (/lib/systemd/system/kdump-tools.service; enabled; vendor
preset: enabled)
- Active: active (exited) since Wed 2020-03-25 13:39:03 JST; 5 days ago
- Main PID: 832 (code=exited, status=0/SUCCESS)
- Tasks: 0 (limit: 4915)
- CGroup: /system.slice/kdump-tools.service
-
- Mar 25 13:39:02 ubuntu systemd[1]: Starting Kernel crash dump capture
service...
- Mar 25 13:39:02 ubuntu kdump-tools[832]: Starting kdump-tools: * Creating
symlink /var/lib/kdump/vmlinuz
- Mar 25 13:39:02 ubuntu kdump-tools[832]: * Creating symlink
/var/lib/kdump/initrd.img
- Mar 25 13:39:03 ubuntu kdump-tools[832]: * loaded kdump kernel
- Mar 25 13:39:03 ubuntu kdump-tools[938]: loaded kdump kernel
- Mar 25 13:39:03 ubuntu systemd[1]: Started Kernel crash dump capture service.
+ * Given the patch is quite simple and fixes the build of purgatory, I
+ think the regression potential is low. One potential regression in
+ future would be on backports to purgatory Makefile, making them more
+ difficult/prone to errors; given purgatory is a pretty untouchable code,
+ I consider the regression potential here to be really low.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1869672
Title:
Kdump broken since 4.15.0-65 on secureboot - purgatory cannot load
Status in linux package in Ubuntu:
In Progress
Status in linux source package in Bionic:
In Progress
Status in makedumpfile source package in Bionic:
In Progress
Bug description:
[Impact]
* Kdump kernel can't be loaded using Linux kernel 4.15.0-65 and newer on
Bionic; kexec fails to load using the "new" kexec_file_load() syscall, showing
the following messages in dmesg:
kexec: Undefined symbol: __stack_chk_fail
kexec-bzImage64: Loading purgatory failed
* Reason for this was that backport from upstream commit b059f801a937
("x86/purgatory: Use CFLAGS_REMOVE rather than reset KBUILD_CFLAGS")
makes use of a config option guard that wasn't backported to Ubuntu
4.15.x series.
* Also, we found another related issue, an undefined memcpy() symbol,
that was related to the above patch too. We propose here a specific
fix for Bionic, in the form of the patch attached in comment #18.
[Test case]
* Basically the test consists in booting a signed kernel in a secure
boot environment (this is required given Ubuntu kernel is built with
CONFIG_KEXEC_VERIFY_SIG so to use kexec_file_load() we must be in a
proper signed/secure booted system). It works until 4.15.0-64, and
starts to fail after this release, until the current proposed version
4.15.0-97. We can also check kdump-tools service in the failing case,
which shows:
systemctl status kdump-tools
[...]
kdump-tools[895]: Starting kdump-tools: * Creating symlink
/var/lib/kdump/vmlinuz
kdump-tools[895]: * Creating symlink /var/lib/kdump/initrd.img
kdump-tools[895]: kexec_file_load failed: Exec format error
kdump-tools[895]: * failed to load kdump kernel
[...]
* With the patch attached in the LP, it works normally again and I was
able to collect a kdump.
[Regression potential]
* Given the patch is quite simple and fixes the build of purgatory, I
think the regression potential is low. One potential regression in
future would be on backports to purgatory Makefile, making them more
difficult/prone to errors; given purgatory is a pretty untouchable
code, I consider the regression potential here to be really low.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1869672/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
