[Kernel-packages] [Bug 1869672] Re: Kdump broken since 4.15.0-65 on secureboot - purgatory cannot load

[Guilherme G. Piccoli]

** Changed in: linux (Ubuntu)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1869672

Title:
  Kdump broken since 4.15.0-65 on secureboot - purgatory cannot load

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Bionic:
  Fix Released

Bug description:
  [Impact]
  * Kdump kernel can't be loaded using Linux kernel 4.15.0-65 and newer on 
Bionic; kexec fails to load using the "new" kexec_file_load() syscall, showing 
the following messages in dmesg:

  kexec: Undefined symbol: __stack_chk_fail
  kexec-bzImage64: Loading purgatory failed

  * Reason for this was that backport from upstream commit b059f801a937
  ("x86/purgatory: Use CFLAGS_REMOVE rather than reset KBUILD_CFLAGS")
  makes use of a config option guard that wasn't backported to Ubuntu
  4.15.x series.

  * Also, we found another related issue, an undefined memcpy() symbol,
  that was related to the above patch too. We propose here a specific
  fix for Bionic, in the form of the patch attached in comment #18.

  [Test case]

  * Basically the test consists in booting a signed kernel in a secure
  boot environment (this is required given Ubuntu kernel is built with
  CONFIG_KEXEC_VERIFY_SIG so to use kexec_file_load() we must be in a
  proper signed/secure booted system). It works until 4.15.0-64, and
  starts to fail after this release, until the current proposed version
  4.15.0-97. We can also check kdump-tools service in the failing case,
  which shows:

  systemctl status kdump-tools
  [...]
  kdump-tools[895]: Starting kdump-tools: * Creating symlink 
/var/lib/kdump/vmlinuz
  kdump-tools[895]: * Creating symlink /var/lib/kdump/initrd.img
  kdump-tools[895]: kexec_file_load failed: Exec format error
  kdump-tools[895]: * failed to load kdump kernel
  [...]

  * With the patch attached in the LP, it works normally again and I was
  able to collect a kdump.

  [Regression potential]

  * Given the patch is quite simple and fixes the build of purgatory, I
  think the regression potential is low. One potential regression in
  future would be on backports to purgatory Makefile, making them more
  difficult/prone to errors; given purgatory is a pretty untouchable
  code, I consider the regression potential here to be really low.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1869672/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp