Ubuntu
linux package

hibernation should be disallowed from the desktop when the installed kernel does not match the running kernel

Bug #350491 reported by Kees Cook
48
This bug affects 2 people
Affects Status Importance Assigned to Milestone
pm-utils
Won't Fix
Critical
linux (Ubuntu)
Invalid
High
Andy Whitcroft
Jaunty
Invalid
High
Andy Whitcroft
pm-utils (Debian)
Fix Released
Unknown
pm-utils (Ubuntu)
Fix Released
High
Andy Whitcroft
Jaunty
Fix Released
High
Andy Whitcroft

Bug Description

The desktop allows me to hibernate when it would fail on resume (i.e. a mismatch between the bootable kernel and the kernel the resume image was saved under).

ProblemType: Bug
Architecture: i386
DistroRelease: Ubuntu 9.04
Lsusb:
 Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
 Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
 Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
 Bus 002 Device 002: ID 413c:8000 Dell Computer Corp. BC02 Bluetooth USB Adapter
 Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
MachineType: Dell Computer Corporation Inspiron 8600
Package: linux-image-2.6.28-11-generic 2.6.28-11.38
ProcCmdLine: root=UUID=7c473bb8-1b58-4622-bc01-6fb0ea4f20a8 ro splash vga=0x323
ProcEnviron:
 PATH=(custom, user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.28-11.38-generic
SourcePackage: linux

===

SRU Justification [Jaunty]

Impact: performing a hibernate after a new kernel is installed may lead to a resume failure due to a kernel missmatch and any live data in the hibernate image will be lost

Fix Description: reinstate support honouring the "newly installed kernel" flag which prevents hibernate

Patch: http://launchpadlibrarian.net/26470639/jaunty-pm-utils-kernel-inhibit-hibernate

Risks: low, the flag-file simply inhibits hibernate using the normal inhibit mechanism

TEST CASE: see bug

See original description
Revision history for this message
Kees Cook (kees) wrote :
Vojtěch Trefný (vojtech.trefny)
Changed in linux (Ubuntu):
status: New → Confirmed
Revision history for this message
Matt Zimmerman (mdz) wrote :

I think this safety check got lost in migrating to pm-utils, since it was part of powermanagement-interface. See bug 14908 (no, that's not a typo) for details of how it used to work.

Probably this needs to be ported over to pm-utils. I happened to be talking with Andy about this last week, so passing to him for further processing.

Changed in linux (Ubuntu):
assignee: nobody → apw
importance: Undecided → High
status: Confirmed → Triaged
tags: added: regression-potential
Revision history for this message
Matt Zimmerman (mdz) wrote :

See bug 76424 for more history on this

Andy Whitcroft (apw)
Changed in linux (Ubuntu Jaunty):
status: Triaged → In Progress
Revision history for this message
Paul Sladen (sladen) wrote :

Hmm. This sounds familiar...

This secret was in having a '/var/run/do-not-hibernate' various and having a pmi/acpi-support propagate up the lack of a hibernate via dbus/HAL to gnome-powermanager when the new kernel didn't match the booted kernel.

Fedora since have something similar (but a little more indepth IIRC) which may/may not already be included in pm-utils. If it is, it may only need grub parsing fixing.

Steve Beattie (sbeattie)
tags: added: regression-release
removed: regression-potential
Revision history for this message
In , Freedesktop-bugs (freedesktop-bugs) wrote :

Forwarding from ubuntu:

1) Apply kernel update (but don't immediately reboot, as you're working)
2) have to move somewhere, hibernate laptop
3) power on laptop to restore from hibernate
4) since the hibernated image does not correspond to the current kernel version, the image will be discarded and a regular boot is done

Result: All data that hasn't been saved is lost, filesystems can be corrupted and need fsck. In severity this corresponds to a hard system crash.

proposed fix: boot old kernel if hibernate exists or prevent hibernation when a new kernel version has been installed.

Revision history for this message
In , Freedesktop-bugs (freedesktop-bugs) wrote :

My suggestion on ubuntu's side for dealing with this problem:

1) Whenever you hibernate, save a copy of the grub menu.lst to a backup location
2) Change menu.lst to boot the currently running kernel by default, with a label simply reading "Resume from Hibernation".
3) If possible, add a warning message to the grub menu that booting any other option will result in a loss of the hibernated state
4) On resume from hibernation, restore the backup menu.lst from step 1.

In this way, no attempt to boot an incorrect kernel will be made until the user explicitly requests it, ie, as part of a manual reboot.

Revision history for this message
Andy Whitcroft (apw) wrote :

In the original form this check simply prevented hibernate from working, this would have pretty much been silent with no user feedback given on failure. I am going to propose that for Jaunty we simply reinstate that level of fix, silently preventing hibernate. For Karmic we should probabally can use the notification systems to provide a reason to the user.

Revision history for this message
Andy Whitcroft (apw) wrote :

Ok here is the debdiff for Karmic to ensure we do not hibernate when there is an installed but un-booted kernel. This simply checks for the kernel flag file and inhibits the hibernate at the pm-hibernate level. This will not be reported directly, a later update for gnome-power-manager will fix that.

Revision history for this message
Andy Whitcroft (apw) wrote :

Here is the corresponding debdiff for Jaunty.

Revision history for this message
Andy Whitcroft (apw) wrote :

@main-sponsors -- looking to get sponsorship for this change to both karmic, and for sru for jaunty. debdiffs for both are includes in the preceeding comments.

This will not fix the lack of notification. That is triggered by what appears to be a bug in gnome-power-manager, and I will file a new bug with patches for that.

description: updated
Revision history for this message
Andy Whitcroft (apw) wrote :

Filed bug #374919 to cover the lack of notification of the hibernate failure.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package pm-utils - 1.2.5-2ubuntu3

---------------
pm-utils (1.2.5-2ubuntu3) karmic; urgency=low

  * debian/000record: add for the kernel to prevent hibernates if it has
    been upgraded. Else we will fail during resume and data may be lost.
    LP: #350491.

 -- Andy Whitcroft <email address hidden> Fri, 08 May 2009 16:50:17 +0100

Changed in pm-utils (Ubuntu):
status: New → Fix Released
Revision history for this message
Martin Pitt (pitti) wrote :

Accepted pm-utils into jaunty-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in pm-utils (Ubuntu Jaunty):
status: New → Fix Committed
tags: added: verification-needed
Changed in pm-utils (Ubuntu Jaunty):
assignee: nobody → Andy Whitcroft (apw)
importance: Undecided → High
Revision history for this message
Andy Whitcroft (apw) wrote :

The kernel is correctly generating the agreed upon flag file, therefore closing the kernel tasks invalid.

Changed in pm-utils (Ubuntu):
assignee: nobody → Andy Whitcroft (apw)
importance: Undecided → High
Changed in linux (Ubuntu):
status: In Progress → Invalid
Changed in linux (Ubuntu Jaunty):
status: In Progress → Invalid
Revision history for this message
Martin Pitt (pitti) wrote :

Anyone who could test the update in -proposed? It's sitting there for 4 months already.

Revision history for this message
Martin Pitt (pitti) wrote :

I will remove this from -proposed soon if there is nobody interested in verifying this.

Revision history for this message
Steve Beattie (sbeattie) wrote :

I have reproduced the behavior of allowing the user to hibernate their system after the kernel has been upgraded with the version of pm-utils in jaunty, 1.2.2.4-0ubuntu4, and can confirm that the version of pm-utils in jaunty-proposed, 1.2.2.4-0ubuntu5, does prevent hibernation from occurring, if without any explanation. I also verified that after a kernel upgrade, the version of pm-utils in jaunty-proposed continues to allow suspension to occur, and verified that hibernate and suspend continue to work when booted without an installed kernel update. (My system apparently doesn't support the suspend-hybrid option, so I could not test that it continued to function). I saw no regressions in behavior.

tags: added: verification-done
removed: verification-needed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package pm-utils - 1.2.2.4-0ubuntu5

---------------
pm-utils (1.2.2.4-0ubuntu5) jaunty-proposed; urgency=low

  * debian/000record: add for the kernel to prevent hibernates if it has
    been upgraded. Else we will fail during resume and data may be lost.
    LP: #350491.

 -- Andy Whitcroft <email address hidden> Fri, 08 May 2009 16:41:05 +0100

Changed in pm-utils (Ubuntu Jaunty):
status: Fix Committed → Fix Released
Revision history for this message
In , Xstej70 (xstej70) wrote :

(In reply to comment #1)
> My suggestion on ubuntu's side for dealing with this problem:
>
> 1) Whenever you hibernate, save a copy of the grub menu.lst to a backup
> location
> 2) Change menu.lst to boot the currently running kernel by default, with a
> label simply reading "Resume from Hibernation".
> 3) If possible, add a warning message to the grub menu that booting any other
> option will result in a loss of the hibernated state
> 4) On resume from hibernation, restore the backup menu.lst from step 1.
>
> In this way, no attempt to boot an incorrect kernel will be made until the user
> explicitly requests it, ie, as part of a manual reboot.
>

I am running Arch and whenever there is a kernel upgrade, the menu.lst doesn't get changed. The entry is the same, but you would automatically boot the new kernel.
I would suggest to make checks for installed and running kernel versions and if they do not match, simply do not allow to hibernate. This would be the safest solution upstream, because the menu.lst method may not work on some distros (like Arch) or there may not even be a menu.lst (like on Ubuntu 9.10 where the default loader is grub2, or any other distro using a loader other than grub-there are still some lilos I would guess).
The should still be a configuration option to alllow for hibernation, even if the kernels do not match. If the distro developer would want to activate hibernation even after a kernel upgrade, he would have to find a solution compatible with his distro's boot system.

Revision history for this message
In , Martin Pitt (pitti) wrote :

This is hard to fix upstream in pm-utils, since it requires interaction with the distribution's kernel package.

In Ubuntu we solved that by installing /usr/lib/pm-utils/sleep.d/000record which aborts hibernation when /var/run/do-not-hibernate is set. Our kernel package's postinst creates that stamp file.

I think this should be closed upstream as "NOTOURBUG".

Bug Watch Updater (bug-watch-updater)
Changed in pm-utils:
status: Unknown → Confirmed
Bug Watch Updater (bug-watch-updater)
Changed in pm-utils (Debian):
status: Unknown → New
Revision history for this message
Jeremy Nickurak (nickurak) wrote :

This still feels like the wrong solution. We have to have the currently running kernel available anyways, so why not just boot that on resume, and keep hibernation working? Configurations that have ubuntu hibernate on a critical battery shortage will suffer data loss right now anyways, even with the prevent-hibernation fix.

If you're going to hibernate, just fix grub's configuration so that it has to boot the correct kernel (or at least provides a warning message if the user tries to boot anything else). Everything just works right, the right kernel always loads, no data loss.

> Problem persists in intrepid. Seems to be the best of all possible options is:
> 1) Whenever you hibernate, save a copy of the grub menu.lst to a backup location
> 2) Change menu.lst to boot the currently running kernel by default, with a label simply reading "Resume from Hibernation".
> 3) If possible, add a warning message to the grub menu that booting any other option will result in a loss of the hibernated state
> 4) On resume from hibernation, restore the backup menu.lst from step 1.

Revision history for this message
Jeremy Nickurak (nickurak) wrote :

This also covers the case of hibernation being broken by a user-error of not understanding that selecting the wrong action in grub will result in data loss when there's an active hibernated session somewhere.

My comment was made quite a while ago, so a modification to work with grub2 would be required...

Revision history for this message
Michel D'HOOGE (michel-dhooge) wrote :

@Jeremy: I'd say that your proposal follows the KISS principle, which is good. However, there are many cases where people have two or more completely separated systems on their HDD. And in those cases, you don't want to prevent users to boot into another system. Especially when one system has been put on hold in order to use another one.

Bug Watch Updater (bug-watch-updater)
Changed in pm-utils (Debian):
status: New → Fix Committed
Bug Watch Updater (bug-watch-updater)
Changed in pm-utils (Debian):
status: Fix Committed → Fix Released
Revision history for this message
In , vlowther (victor-lowther) wrote :

Every distro has their own way of telling what the installed kernel is vs. what the running kernel is, tweaks to their bootloader configuration, and (depending on your architecture and/or personal preference) a variery of different bootloaders to choose from. It is up to the distributions to solve this, not pm-utils.

Revision history for this message
Jeremy Nickurak (nickurak) wrote :

@Michael When a machine is hibernated, that swap partition can't be touched, or we lose everything. That can easily happen when the swap partition is used by another Linux. And http://www.faqs.org/docs/Linux-mini/Swap-Space.html describes a method to share the same swap with Windows and Linux, suggesting even booting Windows might not be reliable.

My suggestion is to treat hibernate as a suspend. Attempting to do anything other than resume the currently running kernel is a bad idea, and should be strongly cautioned against as a potential cause of data loss, especially where the machine hibernated automatically as a result of power loss.

BTW, upstream pm-utils says this is the distribution's responsibility to handle.

I'll reopen the pm-utils task. Disabling hibernate still results in data loss when the system is set up to hibernate in response to a failure in power or battery. Strictly speaking, the fix presented here solves the immediate problem, but it'll have to be undone to solve the other problem. If you really want, I'll open a separate task for it though.

Jeremy Nickurak (nickurak)
Changed in pm-utils (Ubuntu):
status: Fix Released → Confirmed
Revision history for this message
Matt Zimmerman (mdz) wrote :

@Jeremy, please open a separate bug (not a new task on this bug) for the issue with unclean shutdown when hibernation is disabled. Thank you.

Changed in pm-utils (Ubuntu):
status: Confirmed → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in pm-utils:
status: Confirmed → Invalid
Bug Watch Updater (bug-watch-updater)
Changed in pm-utils:
importance: Unknown → Critical
status: Invalid → Won't Fix
Bug Watch Updater (bug-watch-updater)
Changed in pm-utils:
importance: Critical → Unknown
Bug Watch Updater (bug-watch-updater)
Changed in pm-utils:
importance: Unknown → Critical
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.