AWS hibernation failure with KASLR enabled

Bug #1837469 reported by Kamal Mostafa on 2019-07-22
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux-aws (Ubuntu)
High
Unassigned

Bug Description

Observed during development and testing of AWS hibernation on Ubuntu linux-aws-bionic (4.15.0-1044.46):

There is a known issue when using On-Demand Hibernation related to KASLR (Kernel Address Space Layout Randomization). KASLR is a standard Linux kernel security feature which helps to mitigate exposure to and ramifications of yet-undiscovered memory access vulnerabilities by randomizing the base address value of the kernel. In a small percentage of tests, instances with KASLR enabled do not resume and become completely unusable after hibernation. Disabling KASLR, which is enabled by default, is known to avoid this issue. Please see (TBD AWS announcement) for additional details.

-----

Users affected by this issue may consider disabling KASLR as a work-around, as follows:

To disable KASLR on an instance, follow these steps to reboot with the 'nokaslr' kernel command line switch:

1. Edit the file /etc/default/grub.d/50-cloudimg-settings.cfg and add the word 'nokaslr' to the GRUB_CMDLINE_LINUX_DEFAULT string, e.g.:

      GRUB_CMDLINE_LINUX_DEFAULT="console=tty1 console=ttyS0 nvme_core.io_timeout=4294967295 nokaslr"

2. Run the command 'sudo update-grub'.

3. Reboot the instance.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers