Ubuntu
s390-tools package

[UBUNTU 22.04] zipl segfaults when "parameters=" is missing

Bug #1974109 reported by bugproxy
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Ubuntu on IBM z Systems
Fix Released
Medium
Skipper Bug Screeners
s390-tools (Ubuntu)
Fix Released
Medium
Unassigned
Jammy
Fix Released
Medium
Unassigned
Kinetic
Fix Released
Medium
Unassigned
s390-tools-signed (Ubuntu)
Fix Released
Medium
Unassigned
Jammy
Fix Released
Medium
Unassigned
Kinetic
Fix Released
Medium
Unassigned

Bug Description

SRU Justification:
------------------

[Impact]

 * The zipl boot-loader tool segfaults if a section doesn't contain
   a "parameters =" line.

 * Adding a "parameters =" line makes the problem go away.

 * This is especially problematic when secure execution is set up,
   since the parameter is provided in the secure image
   and hence a zipl parameter is not needed.

[Fix]

 * 6ff8202f 6ff8202fa9e172199e995298d336d9dd87ca8180 "zipl: Add missing check for a nullpointer."

[Test Plan]

 * Setup a default Ubuntu Server for s390x test installation.

 * Backup the existing /etc/zipl.conf:
   cp /etc/zipl.conf ~

 * Edit /etc/zipl.conf and remove (or better comment out)
   'the parameters =' line:
   sudo vi /etc/zipl.conf
   and save the file.

 * Execute the zipl tool to re-write the zipl bootloader
   and it will segfault
   without the patch (like this):
   sudo zipl
   Using config file '/etc/zipl.conf'
   Segmentation fault

 * or complete successfully (like this):
   sudo zipl
   Using config file '/etc/zipl.conf'
   Building bootmap in '/boot'
   Adding IPL section 'ubuntu' (default)
   Preparing boot device: dasda (0101).
   Done.

[Where problems could occur]

 * It's a patch that changes just one line,
   checks the existence of the parmline
   and only then computes it's length,
   and otherwise sets the length to 0.

 * Issues could occur if the compact/short if
   statement is wrong and for example the logic mixed up.

 * Or if somewhere else in the code a length of 0
   for the parameters line is not expected and will
   cause further issues.

 * Both cases can simply be covered by the above test.

[Other Info]

 * The above fix is included in s390-tools v2.23
   and is with that incl. in the kinetic s390-tools version.
__________

ZIPL segfaults if a section doesn't contain a "parameter=" line.
Adding that line makes the problem go away.

This is especially a problem when secure execution is set up since the parameter is provided in the secure image and hence a zipl parameter is not needed.

---uname output---
Linux linux6 5.15.0-27-generic #28-Ubuntu SMP Thu Apr 14 04:55:23 UTC 2022 s390x s390x s390x GNU/Linux

Machine Type = z16

---Steps to Reproduce---
Add a section to /etc/zipl.conf that doesn't have a parameter line.

Userspace tool common name: zipl

The userspace tool has the following bit modes: 64-bit

See original description
bugproxy (bugproxy)
tags: added: architecture-s39064 bugnameltc-198062 severity-medium targetmilestone-inin---
Changed in ubuntu:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
affects: ubuntu → linux (Ubuntu)
Frank Heimes (fheimes)
affects: linux (Ubuntu) → s390-tools (Ubuntu)
Changed in ubuntu-z-systems:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
Frank Heimes (fheimes)
Changed in s390-tools (Ubuntu):
assignee: Skipper Bug Screeners (skipper-screen-team) → nobody
Changed in ubuntu-z-systems:
status: New → Incomplete
Revision history for this message
bugproxy (bugproxy) wrote : Comment bridged from LTC Bugzilla

------- Comment From <email address hidden> 2022-06-01 06:56 EDT-------
@Frank: The problem could not be analyzed in detail yet and we do not have an ETA for a fix. Therefore, it doesn't make sense to wait for this to be included in your upcoming s390-tools "bundle" update.

Revision history for this message
Frank Heimes (fheimes) wrote :

Is it correct that the following commit fixes this?
"zipl: Add missing check for a nullpointer."
https://github.com/ibm-s390-linux/s390-tools/commit/6ff8202fa9e172199e995298d336d9dd87ca8180

Revision history for this message
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2022-08-17 02:31 EDT-------
Yes, that commit is the mentioned fix patch.

Frank Heimes (fheimes)
description: updated
Revision history for this message
Frank Heimes (fheimes) wrote :

A patched s390-tools package (version 2.20.0-0ubuntu3.2) got successfully build
and is available via the following PPA for further testing:
https://launchpad.net/~fheimes/+archive/ubuntu/lp1974109+lp1959987
(the PPA also incl. s390-tools-signed 2.20.0-0ubuntu3.2 to fulfill dependencies)

Revision history for this message
Frank Heimes (fheimes) wrote :

Please see the debdiffs attached
and notice that this s390-tools update incl. the fixes for this bug (LP#1974109) and LP#1959987.

Revision history for this message
Frank Heimes (fheimes) wrote :
Revision history for this message
Frank Heimes (fheimes) wrote :
Changed in ubuntu-z-systems:
status: Incomplete → In Progress
Changed in s390-tools (Ubuntu):
status: New → In Progress
Changed in s390-tools-signed (Ubuntu):
status: New → In Progress
Changed in s390-tools (Ubuntu):
importance: Undecided → Medium
Changed in s390-tools-signed (Ubuntu):
importance: Undecided → Medium
Changed in ubuntu-z-systems:
importance: Undecided → Medium
Brian Murray (brian-murray)
Changed in s390-tools (Ubuntu Jammy):
status: New → In Progress
importance: Undecided → Medium
Changed in s390-tools-signed (Ubuntu Jammy):
status: New → In Progress
importance: Undecided → Medium
Changed in s390-tools-signed (Ubuntu Kinetic):
status: In Progress → Fix Released
Changed in s390-tools (Ubuntu Kinetic):
status: In Progress → Fix Released
bugproxy (bugproxy)
tags: added: targetmilestone-inin2204
removed: targetmilestone-inin---
Revision history for this message
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2022-09-05 11:49 EDT-------
verified.

zipl now does not segfault anymore when no parmline was provided.

Revision history for this message
Simon Chopin (schopin) wrote :

Uploaded to Jammy. I'll let you drive the verification :)

Changed in s390-tools (Ubuntu Jammy):
status: In Progress → Fix Committed
Changed in s390-tools-signed (Ubuntu Jammy):
status: In Progress → Fix Committed
Frank Heimes (fheimes)
Changed in ubuntu-z-systems:
status: In Progress → Fix Committed
Revision history for this message
Simon Chopin (schopin) wrote :

Re-uploaded to Jammy with some new fixes (and fixed the -signed changelog)

Revision history for this message
Łukasz Zemczak (sil2100) wrote : Please test proposed package

Hello bugproxy, or anyone else affected,

Accepted s390-tools into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/s390-tools/2.20.0-0ubuntu3.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

tags: added: verification-needed verification-needed-jammy
Revision history for this message
Łukasz Zemczak (sil2100) wrote :

Hello bugproxy, or anyone else affected,

Accepted s390-tools-signed into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/s390-tools-signed/2.20.0-0ubuntu3.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Revision history for this message
Frank Heimes (fheimes) wrote :

I successfully verified the packages s390-tools*3.2_s390x.deb on jammy (see attachment).

Hence updating the tags accordingly ...

tags: added: verification-done verification-done-jammy
removed: verification-needed verification-needed-jammy
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package s390-tools - 2.20.0-0ubuntu3.2

---------------
s390-tools (2.20.0-0ubuntu3.2) jammy; urgency=medium

  * Fix zipl segfaults when "parameters=" is missing (LP: #1974109) with:
    d/p/6ff8202f-zipl-Add-missing-check-for-a-nullpointer.patch
  * Add KVM Secure Execution Attestation Userspace Tool to enhance secure
    execution (hardware feature: FC 115) exploitation (LP: #1959987) with:
    d/p/38639269-libpv-New-library-for-PV-tools.patch
    d/p/3ab06d77-pvattest-Create-perform-and-verify-attestation-measu.patch
    d/p/26148740-pvattest-tools-Add-tool-for-attestation.patch
  * Fix re-enciphering of EP11 identity key of KMIP plugin (LP: #1990520) with:
    d/p/4e2ebe03-libseckey-Fix-re-enciphering-of-EP11-secure-key.patch
  * Fix KMIP plugin fails to connection to KMIP server (LP: #1990524) with:
    d/p/6c5c5f7e-libseckey-Adapt-keymgmt_match-implementation-to-Open.patch
  * d/p/5768d55-zipl-boot-add-secure-boot-trailer.patch
    Add secure boot trailer in zipl stage 3 to keep compatibility with
    upcoming IBM zSystems firmware updates. (LP: #1996069)
  * Add d/p/92b8409-dbginfo.sh-ensure-type-commands-compatible-with-dash.patch
    and d/p/9f93af6-dbginfo.sh-ensure-compatibility-with-bin-dash.patch
    to achieve dbginfo.sh compatibility with /bin/dash shell. (LP: #1996477)

 -- Frank Heimes <email address hidden> Wed, 16 Nov 2022 18:14:00 +0200

Changed in s390-tools (Ubuntu Jammy):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package s390-tools-signed - 2.20.0-0ubuntu3.2

---------------
s390-tools-signed (2.20.0-0ubuntu3.2) jammy; urgency=medium

  * Rebuild against 2.20.0-0ubuntu3.2:
    LP: #1974109, LP: #1959987, LP: #1990520,
    LP: #1990524, LP: #1996069, LP: #1996477

 -- Frank Heimes <email address hidden> Wed, 16 Nov 2022 18:27:10 +0200

Changed in s390-tools-signed (Ubuntu Jammy):
status: Fix Committed → Fix Released
Revision history for this message
Brian Murray (brian-murray) wrote : Update Released

The verification of the Stable Release Update for s390-tools has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Frank Heimes (fheimes)
Changed in ubuntu-z-systems:
status: Fix Committed → Fix Released
Revision history for this message
bugproxy (bugproxy) wrote : Comment bridged from LTC Bugzilla

------- Comment From <email address hidden> 2023-01-15 11:03 EDT-------
Fix has been released to jammy -updates, therefore we can close this bug.
Thanks everyone for your work!

==> Changing the status to: CLOSED

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.