APPLIED: [Bionic] [PATCH 0/1] Kdump broken since 4.15.0-65 on secureboot - purgatory cannot load

Khaled Elmously khalid.elmously at canonical.com
Wed May 13 05:13:42 UTC 2020 

On 2020-04-24 11:39:52 , Guilherme G. Piccoli wrote:
> BugLink: https://bugs.launchpad.net/bugs/1869672
> 
> [Impact]
> * Kdump kernel can't be loaded using Linux kernel 4.15.0-65 and newer on
> Bionic; kexec fails to load using the "new" kexec_file_load() syscall,
> showing the following messages in dmesg:
> 
> kexec: Undefined symbol: __stack_chk_fail
> kexec-bzImage64: Loading purgatory failed
> 
> * Reason for this was that backport from upstream commit b059f801a937
> ("x86/purgatory: Use CFLAGS_REMOVE rather than reset KBUILD_CFLAGS") makes
> use of a config option guard that wasn't backported to Ubuntu 4.15.x series.
> 
> * Also, we found another related issue, an undefined memcpy() symbol, that
> was related to the above patch too. We propose here a specific fix for
> Bionic, in the form of the patch 1/1 in this thread.
> 
> [Test case]
> 
> * Basically the test consists in booting a signed kernel in a secure
> boot environment (this is required given Ubuntu kernel is built with
> CONFIG_KEXEC_VERIFY_SIG so to use kexec_file_load() we must be in a
> proper signed/secure booted system). It works until 4.15.0-64, and
> starts to fail after that release, until the current proposed version
> 4.15.0-97. We can also check kdump-tools service in the failing case,
> which shows:
> 
> systemctl status kdump-tools
> [...]
> kdump-tools[895]: Starting kdump-tools: * Creating symlink /var/lib/kdump/vmlinuz
> kdump-tools[895]: * Creating symlink /var/lib/kdump/initrd.img
> kdump-tools[895]: kexec_file_load failed: Exec format error
> kdump-tools[895]: * failed to load kdump kernel
> [...]
> 
> * With the patch attached in the LP, it works normally again and
> I was able to collect a kdump.
> 
> [Regression potential]
> 
> * Given the patch is quite simple and fixes the build of purgatory,
> I think the regression potential is low. One potential regression in
> future would be on backports to purgatory Makefile, making them more
> difficult/prone to errors; given purgatory is a pretty untouchable code,
> I consider the regression potential here to be really low.
> 
> 
> Guilherme G. Piccoli (1):
>   UBUNTU: SAUCE: x86/purgatory: Fix Makefile to prevent undefined
>     symbols
> 
>  arch/x86/purgatory/Makefile    |  7 +++++--
>  arch/x86/purgatory/purgatory.c |  6 ++++++
>  arch/x86/purgatory/string.c    | 13 -------------
>  3 files changed, 11 insertions(+), 15 deletions(-)
>  delete mode 100644 arch/x86/purgatory/string.c
> 
> -- 
> 2.25.2
> 
> 
> -- 
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team

More information about the kernel-team mailing list