APPLIED: [Bionic] [PATCH 0/1] Kdump broken since 4.15.0-65 on secureboot - purgatory cannot load
Khaled Elmously
khalid.elmously at canonical.com
Wed May 13 05:13:42 UTC 2020
On 2020-04-24 11:39:52 , Guilherme G. Piccoli wrote:
> BugLink: https://bugs.launchpad.net/bugs/1869672
>
> [Impact]
> * Kdump kernel can't be loaded using Linux kernel 4.15.0-65 and newer on
> Bionic; kexec fails to load using the "new" kexec_file_load() syscall,
> showing the following messages in dmesg:
>
> kexec: Undefined symbol: __stack_chk_fail
> kexec-bzImage64: Loading purgatory failed
>
> * Reason for this was that backport from upstream commit b059f801a937
> ("x86/purgatory: Use CFLAGS_REMOVE rather than reset KBUILD_CFLAGS") makes
> use of a config option guard that wasn't backported to Ubuntu 4.15.x series.
>
> * Also, we found another related issue, an undefined memcpy() symbol, that
> was related to the above patch too. We propose here a specific fix for
> Bionic, in the form of the patch 1/1 in this thread.
>
> [Test case]
>
> * Basically the test consists in booting a signed kernel in a secure
> boot environment (this is required given Ubuntu kernel is built with
> CONFIG_KEXEC_VERIFY_SIG so to use kexec_file_load() we must be in a
> proper signed/secure booted system). It works until 4.15.0-64, and
> starts to fail after that release, until the current proposed version
> 4.15.0-97. We can also check kdump-tools service in the failing case,
> which shows:
>
> systemctl status kdump-tools
> [...]
> kdump-tools[895]: Starting kdump-tools: * Creating symlink /var/lib/kdump/vmlinuz
> kdump-tools[895]: * Creating symlink /var/lib/kdump/initrd.img
> kdump-tools[895]: kexec_file_load failed: Exec format error
> kdump-tools[895]: * failed to load kdump kernel
> [...]
>
> * With the patch attached in the LP, it works normally again and
> I was able to collect a kdump.
>
> [Regression potential]
>
> * Given the patch is quite simple and fixes the build of purgatory,
> I think the regression potential is low. One potential regression in
> future would be on backports to purgatory Makefile, making them more
> difficult/prone to errors; given purgatory is a pretty untouchable code,
> I consider the regression potential here to be really low.
>
>
> Guilherme G. Piccoli (1):
> UBUNTU: SAUCE: x86/purgatory: Fix Makefile to prevent undefined
> symbols
>
> arch/x86/purgatory/Makefile | 7 +++++--
> arch/x86/purgatory/purgatory.c | 6 ++++++
> arch/x86/purgatory/string.c | 13 -------------
> 3 files changed, 11 insertions(+), 15 deletions(-)
> delete mode 100644 arch/x86/purgatory/string.c
>
> --
> 2.25.2
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list