Turning COMPAT_32BIT_TIME off on s390x

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 2038583

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

This will notably affect libc6-s390

Studying this more, this is likely to only affect trying to run libc6-s390 that is from 18.04 bionic or older. As later versions of libc6-s390 wrap 64bit syscall, instead of calling 32bit syscall directly.

However, ideally we would drop all s390 (31 bit) binaries from Ubuntu, and turn off COMPAT / COMPAT_32BIT_TIME in the kernel.

Hello, since the "noble"/24.04 development just started, may I ask if you/IBM have/has any updates or an opinion if it is be okay to switch off COMPAT_32BIT_TIME?

(We would like to do switch this off for all architectures.)

My analysis based on public information is that 31bit binaries that are compiled against glibc 2.31 or earlier might be affected. Something like db2 version 9.7, 31bit s390 edition of it. Which is well out of support, and not sure if it was ever possible to run on Ubuntu.

Separately, please let me know if we still need to keep support for 31bit binaries on Ubuntu - as turning off CONFIG_COMPAT for 31bit binaries, and dropping compilation of biarch binaries will harden kernel & userspace, as well as ensure that s390x port is year 2038 ready ahead of x86.

TODO: Need to check if we can still compile and run 31bit xenial s390 binaries, on a kernel with COMPAT_32BIT_TIME turned off, to support launchpad build farm itself.

------- Comment From <email address hidden> 2023-11-30 06:45 EDT-------
Hi @Dimitri & @Frank,
yes, it does make sense to address the year 2038 time problem rather earlier than later - especially since there is an LTS release coming up that will be around for 10 or even more years.
We are also in favor of fixing this with noble.
Therefore, we are currently evaluating the solution suggested by Dimitri: ".. we would drop all s390 (31 bit) binaries from Ubuntu, and turn off COMPAT / COMPAT_32BIT_TIME in the kernel."

I will post an update as soon as I have double-checked with all affected parties on our side.

> TODO: Need to check if we can still compile and run 31bit xenial s390 binaries, on a kernel with COMPAT_32BIT_TIME turned off, to support launchpad build farm itself.

This is now complete. I believe we are capable of continue to building ESM/EOL releases, even with COMPAT turned off. Specifically to like continue building xenials' libc-s390 even if the host kernel in the build farm is noble+ kernel with compat turned off.

If it helps your analysis i can provide you a jammy kernel in a ppa that has compat turned off, such that you can empirically run anything you want and observe if things you think you might care about still work or not.

IBM Z are deployed for longer timeframes than usually anticipated. And I don't think we will ever be able to get a straight answer about this.

I am proposing to turn off both COMPAT and COMPAT_32BIT_TIME on s390x in noble.

If any useful production instances of software are identified that require either of these; and cannot run on Jammy, or in a VM, I will gladly SRU kernel config change to turn either or both of these options back on in noble.

Makes sense to me - I'm +1 for turning it off starting with noble.

------- Comment From <email address hidden> 2024-01-17 07:24 EDT-------
In the development team we agreed on disabling the 32 bit compat syscall layer in the kernel for IBM Z with Ubuntu 24.04.

Thx Andreas for your +1

Patch sent to the kernel team mailing list for review:

https://lists.ubuntu.com/archives/kernel-team/2024-January/148256.html

Patch applied to noble/linux master-next branch:

https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/noble/commit/?h=master-next&id=158ef97059945d5a7ba3942d88fa691adb46d465

Applied for 6.8.0-12.12, so included in -20 (that is atm still in -proposed).

This bug was fixed in the package linux - 6.8.0-20.20

---------------
linux (6.8.0-20.20) noble; urgency=medium

  * noble/linux: 6.8.0-20.20 -proposed tracker (LP: #2058221)

  * Noble update: v6.8.1 upstream stable release (LP: #2058224)
    - x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set
    - Documentation/hw-vuln: Add documentation for RFDS
    - x86/rfds: Mitigate Register File Data Sampling (RFDS)
    - KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests
    - Linux 6.8.1

  * Autopkgtest failures on amd64 (LP: #2048768)
    - [Packaging] update to clang-18

  * Miscellaneous Ubuntu changes
    - SAUCE: apparmor4.0.0: LSM stacking v39: fix build error with
      CONFIG_SECURITY=n
    - [Config] amd64: MITIGATION_RFDS=y

 -- Paolo Pisati <email address hidden> Mon, 18 Mar 2024 11:08:14 +0100