[Bionic] [PATCH 0/1] Kdump broken since 4.15.0-65 on secureboot - purgatory cannot load

Guilherme G. Piccoli gpiccoli at canonical.com
Fri Apr 24 14:39:52 UTC 2020 

BugLink: https://bugs.launchpad.net/bugs/1869672

[Impact]
* Kdump kernel can't be loaded using Linux kernel 4.15.0-65 and newer on
Bionic; kexec fails to load using the "new" kexec_file_load() syscall,
showing the following messages in dmesg:

kexec: Undefined symbol: __stack_chk_fail
kexec-bzImage64: Loading purgatory failed

* Reason for this was that backport from upstream commit b059f801a937
("x86/purgatory: Use CFLAGS_REMOVE rather than reset KBUILD_CFLAGS") makes
use of a config option guard that wasn't backported to Ubuntu 4.15.x series.

* Also, we found another related issue, an undefined memcpy() symbol, that
was related to the above patch too. We propose here a specific fix for
Bionic, in the form of the patch 1/1 in this thread.

[Test case]

* Basically the test consists in booting a signed kernel in a secure
boot environment (this is required given Ubuntu kernel is built with
CONFIG_KEXEC_VERIFY_SIG so to use kexec_file_load() we must be in a
proper signed/secure booted system). It works until 4.15.0-64, and
starts to fail after that release, until the current proposed version
4.15.0-97. We can also check kdump-tools service in the failing case,
which shows:

systemctl status kdump-tools
[...]
kdump-tools[895]: Starting kdump-tools: * Creating symlink /var/lib/kdump/vmlinuz
kdump-tools[895]: * Creating symlink /var/lib/kdump/initrd.img
kdump-tools[895]: kexec_file_load failed: Exec format error
kdump-tools[895]: * failed to load kdump kernel
[...]

* With the patch attached in the LP, it works normally again and
I was able to collect a kdump.

[Regression potential]

* Given the patch is quite simple and fixes the build of purgatory,
I think the regression potential is low. One potential regression in
future would be on backports to purgatory Makefile, making them more
difficult/prone to errors; given purgatory is a pretty untouchable code,
I consider the regression potential here to be really low.


Guilherme G. Piccoli (1):
  UBUNTU: SAUCE: x86/purgatory: Fix Makefile to prevent undefined
    symbols

 arch/x86/purgatory/Makefile    |  7 +++++--
 arch/x86/purgatory/purgatory.c |  6 ++++++
 arch/x86/purgatory/string.c    | 13 -------------
 3 files changed, 11 insertions(+), 15 deletions(-)
 delete mode 100644 arch/x86/purgatory/string.c

-- 
2.25.2

More information about the kernel-team mailing list