Ubuntu
kexec-tools package

[18.10 FEAT] Enable kexec_file_load system call - kexec-tools part

Bug #1783086 reported by bugproxy
20
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu on IBM z Systems
Fix Released
High
Canonical Kernel Team
kexec-tools (Ubuntu)
Fix Released
Undecided
Skipper Bug Screeners

Bug Description

FeatureFreeze Exception (FFE):
==============================

Reason, rationale and benefits:
-------------------------------

The feature is based on the combination of two tickets:
- 1783088
  this ticket for the kernel part was just created for completeness reasons
  this part of the functionality automatically came with kernel 4.17
  hence this LP ticket is 'Fix Released'
- 1783086
  this is the 'user space' part of the functionality that should be addressed by the FFE
  There was a little confusion if this belongs to the FeatureFreeze or KernelFreeze.
  Since it's a package maintained by the kernel team the misconception came up that it is not affected by the Feature, but by the Kernel Freeze,
  hence it was not processed in time and information was missing.

Without this patch the (new) "--kexec-file-syscall" option for s390x cannot be used with cosmic.
And the customer/partner needs to wait for the next d* release (means for several month).

This FFE now asks if the single commit (below) can be added to the kexec-tools (Ubuntu) of cosmic:

Description:
------------

commit d4a948c268272cf37c71be820fb02bf40e56292b
Author: Philipp Rudo <email address hidden>
Date: Wed May 16 14:27:18 2018 +0200

kexec/s390: Add support for kexec_file_load
Since kernel 4.17-rc2 s390 supports the kexec_file_load system call.
Add the new system call to kexec-tools and provide the -s (--kexec-file-syscall) option for s390 to support this new feature.

Impact / Risk:
--------------

Since the function / option is new and for s390(x) the risk is pretty low.
There are no APIs expected to break or existing functions that are expected to fail while introducing this.
Package dependencies will not change, nor the install/upgrade behaviour after this got added.

Testing of the code, test builds and verification was already done by IBM.
(see comment # 4)

_________________________

Provide a capability to load signed kernels. I.e. to boot signed kernels
- from a Linux based boot loader or initial boot image
- as required for secure/trusted boot mechanisms
- for kdump kernels

Function consist of 2 contributions
- kernel 4.17 (available)
- kexec-tools (currently not available)

See original description
bugproxy (bugproxy)
tags: added: architecture-s39064 bugnameltc-169877 severity-high targetmilestone-inin1810
Changed in ubuntu:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
affects: ubuntu → kexec-tools (Ubuntu)
Frank Heimes (fheimes)
Changed in ubuntu-z-systems:
status: New → Incomplete
importance: Undecided → High
Dimitri John Ledkov (xnox)
Changed in linux (Ubuntu):
status: New → Fix Committed
Dimitri John Ledkov (xnox)
no longer affects: linux (Ubuntu)
Revision history for this message
Dimitri John Ledkov (xnox) wrote :

kexec-tools is probably not the only/typical kexec utility these days. systemd provides kexec capability too. Has it been evaluated if any changes to systemd's kexec ability are required?

e.g. $ sudo systemctl kexec

Also given the related kernel patches, should we start looking into providing linux-signed kernels for s390x?

Revision history for this message
bugproxy (bugproxy) wrote : Comment bridged from LTC Bugzilla

------- Comment From <email address hidden> 2018-08-27 06:42 EDT-------
Due to the fact that Feature Freeze is gone..
Following update for the kexec-tool can be provided, even not the new version.

A backport would be required to the current used version 2.0.16.

https://github.com/horms/kexec-tools/releases

commit d4a948c268272cf37c71be820fb02bf40e56292b
Author: Philipp Rudo <email address hidden>
Date: Wed May 16 14:27:18 2018 +0200

kexec/s390: Add support for kexec_file_load

Since kernel 4.17-rc2 s390 supports the kexec_file_load system call. Add
the new system call to kexec-tools and provide the -s (--kexec-file-syscall)
option for s390 to support this new feature.

Is there a chance to get this for 18.10 ?

Frank Heimes (fheimes)
Changed in ubuntu-z-systems:
assignee: nobody → Canonical Kernel Team (canonical-kernel-team)
status: Incomplete → Triaged
Revision history for this message
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2018-08-27 08:11 EDT-------
(In reply to comment #6)
> kexec-tools is probably not the only/typical kexec utility these days.
> systemd provides kexec capability too. Has it been evaluated if any changes
> to systemd's kexec ability are required?
>
> e.g. $ sudo systemctl kexec
>
> Also given the related kernel patches, should we start looking into
> providing linux-signed kernels for s390x?

Well, the systemd integration uses the kexec program provided by
the kexec-tools, no?

The logical first step is to update to a kexec-tools package that includes
the kexec_file_load code for s390, the backport of the patch to the
18.04 package version should be trivial (famous last words..).

The second step is to look into building signed kernels.

Frank Heimes (fheimes)
information type: Private → Public
Revision history for this message
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2018-08-27 10:16 EDT-------
Addl. info for integration: The code was build and tested by IBM upfront.

Frank Heimes (fheimes)
description: updated
Changed in ubuntu-z-systems:
status: Triaged → New
Frank Heimes (fheimes)
tags: added: featurefreezeexception ffe
Revision history for this message
Steve Langasek (vorlon) wrote :

This sounds like a trivially self-contained feature addition, so FFe granted provided this gets uploaded before beta.

Changed in kexec-tools (Ubuntu):
status: New → Confirmed
Frank Heimes (fheimes)
Changed in ubuntu-z-systems:
status: New → Confirmed
Łukasz Zemczak (sil2100)
Changed in kexec-tools (Ubuntu):
status: Confirmed → Triaged
Dimitri John Ledkov (xnox)
Changed in kexec-tools (Ubuntu):
status: Triaged → Fix Committed
Frank Heimes (fheimes)
Changed in ubuntu-z-systems:
status: Confirmed → Fix Committed
Revision history for this message
Dimitri John Ledkov (xnox) wrote :

systemd-shutdown does use kexec tool, but it calls it with 'kexec --load' & 'kexec -e', it does not use 'kexec -s'.
Then again changing systemd shutdown, might be pre-mature, as we really don't have things to use with 'kexec -s' yet.

Revision history for this message
Thadeu Lima de Souza Cascardo (cascardo) wrote :

snapd will need that too, though it doesn't even support kexec yet, which breaks systemctl kexec already.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package kexec-tools - 1:2.0.16-1ubuntu3

---------------
kexec-tools (1:2.0.16-1ubuntu3) cosmic; urgency=medium

  * Fix for "Unhandled rela relocation: R_X86_64_PLT32" error. LP: #1791804

 -- Thadeu Lima de Souza Cascardo <email address hidden> Mon, 10 Sep 2018 16:46:00 -0300

Changed in kexec-tools (Ubuntu):
status: Fix Committed → Fix Released
Andrew Cloke (andrew-cloke)
Changed in ubuntu-z-systems:
status: Fix Committed → Fix Released
Revision history for this message
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2018-10-17 10:22 EDT-------
IBM Bugzilla status -> closed, Fix Released with Cosmic

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.