check and fix zkey required kernel modules locations in debs, udebs, and initramfs

Bug #1794346 reported by Dimitri John Ledkov on 2018-09-25
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu on IBM z Systems
Undecided
Unassigned
linux (Ubuntu)
Medium
Seth Forshee
s390-tools (Ubuntu)
Undecided
Unassigned

Bug Description

todo: check that these modules are included in the initramfs as well.

=== linux crypto-modules udeb task ==
linux-modules-4.18.0-8-generic has:
./lib/modules/4.18.0-8-generic/kernel/arch/s390/crypto/paes_s390.ko
./lib/modules/4.18.0-8-generic/kernel/drivers/s390/crypto/pkey.ko
./lib/modules/4.18.0-8-generic/kernel/drivers/s390/crypto/zcrypt.ko
./lib/modules/4.18.0-8-generic/kernel/drivers/s390/crypto/zcrypt_cex2a.ko
./lib/modules/4.18.0-8-generic/kernel/drivers/s390/crypto/zcrypt_cex4.ko
./lib/modules/4.18.0-8-generic/kernel/drivers/s390/crypto/zcrypt_pcixcc.ko

All of the above appear to be missing from the crypto-modules-4.18.0-8-generic-di, please ship them in crypto-modules udeb.

To avoid discrepancies as to what crypto is supported by the installed system, versus d-i environment, it would be nice to make udebs and linux-modules packages roughly the same.

Does it at all make sense to ship matching set of kernel/{arch,drivers}/s390/crypto/*.ko in crypto-modules udeb, as shilled in linux-modules deb?
===

CVE References

tags: added: zkey
description: updated
summary: - zkey - check required kernel modules
+ zkey - check and fix required kernel modules locations in debs, udebs,
+ and initramfs
summary: - zkey - check and fix required kernel modules locations in debs, udebs,
- and initramfs
+ check and fix zkey required kernel modules locations in debs, udebs, and
+ initramfs

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1794346

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Changed in linux (Ubuntu):
importance: Undecided → Medium
status: Incomplete → Triaged
tags: added: kernel-da-key
Dimitri John Ledkov (xnox) wrote :

linux-modules-4.18.0-8-generic has:
./lib/modules/4.18.0-8-generic/kernel/arch/s390/crypto/paes_s390.ko
./lib/modules/4.18.0-8-generic/kernel/drivers/s390/crypto/pkey.ko
./lib/modules/4.18.0-8-generic/kernel/drivers/s390/crypto/zcrypt.ko
./lib/modules/4.18.0-8-generic/kernel/drivers/s390/crypto/zcrypt_cex2a.ko
./lib/modules/4.18.0-8-generic/kernel/drivers/s390/crypto/zcrypt_cex4.ko
./lib/modules/4.18.0-8-generic/kernel/drivers/s390/crypto/zcrypt_pcixcc.ko

All of the above appear to be missing from the crypto-modules-4.18.0-8-generic-di, please ship them in crypto-modules udeb.

To avoid discrepancies as to what crypto is supported by the installed system, versus d-i environment, it would be nice to make udebs and linux-modules packages roughly the same.

Does it at all make sense to ship matching set of kernel/{arch,drivers}/s390/crypto/*.ko in crypto-modules udeb, as shilled in linux-modules deb?

description: updated
Changed in s390-tools (Ubuntu):
status: New → In Progress
Seth Forshee (sforshee) wrote :

I've updated the crypto-modules list to include these modules in the udeb.

As far as unifying the udebs and linux-modules packages, the udeb lists are in a format specified by kernel-wedge that afaict does not allow wildcards. Possibly we could add some tooling around all of it to automatically generate or update the udeb lists. We may be able to look into that but it's definitely not going to happen for cosmic.

Changed in s390-tools (Ubuntu):
assignee: nobody → Seth Forshee (sforshee)
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package s390-tools - 2.6.0-0ubuntu6

---------------
s390-tools (2.6.0-0ubuntu6) cosmic; urgency=medium

  * Add a zkeyadm group, and make it own the default zkey repository
    directories. LP: #1794290
  * Cherrypick zdev initramfs hook rename
  * Cherrypick zkey initramfs hook LP: #1794346
  * Make zkey package activate update-initramfs trigger

 -- Dimitri John Ledkov <email address hidden> Tue, 02 Oct 2018 14:15:29 +0100

Changed in s390-tools (Ubuntu):
status: Fix Committed → Fix Released
Seth Forshee (sforshee) on 2018-10-04
Changed in s390-tools (Ubuntu):
assignee: Seth Forshee (sforshee) → nobody
Changed in linux (Ubuntu):
assignee: nobody → Seth Forshee (sforshee)
status: Triaged → Fix Committed
Changed in ubuntu-z-systems:
status: New → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (60.2 KiB)

This bug was fixed in the package linux - 4.18.0-9.10

---------------
linux (4.18.0-9.10) cosmic; urgency=medium

  * linux: 4.18.0-9.10 -proposed tracker (LP: #1796346)

  * Cosmic update: v4.18.12 upstream stable release (LP: #1796139)
    - crypto: skcipher - Fix -Wstringop-truncation warnings
    - iio: adc: ina2xx: avoid kthread_stop() with stale task_struct
    - tsl2550: fix lux1_input error in low light
    - misc: ibmvmc: Use GFP_ATOMIC under spin lock
    - vmci: type promotion bug in qp_host_get_user_memory()
    - siox: don't create a thread without starting it
    - x86/numa_emulation: Fix emulated-to-physical node mapping
    - staging: rts5208: fix missing error check on call to rtsx_write_register
    - power: supply: axp288_charger: Fix initial constant_charge_current value
    - misc: sram: enable clock before registering regions
    - serial: sh-sci: Stop RX FIFO timer during port shutdown
    - uwb: hwa-rc: fix memory leak at probe
    - power: vexpress: fix corruption in notifier registration
    - iommu/amd: make sure TLB to be flushed before IOVA freed
    - Bluetooth: Add a new Realtek 8723DE ID 0bda:b009
    - USB: serial: kobil_sct: fix modem-status error handling
    - 6lowpan: iphc: reset mac_header after decompress to fix panic
    - iommu/msm: Don't call iommu_device_{,un}link from atomic context
    - s390/mm: correct allocate_pgste proc_handler callback
    - power: remove possible deadlock when unregistering power_supply
    - drm/amd/display/dc/dce: Fix multiple potential integer overflows
    - drm/amd/display: fix use of uninitialized memory
    - md-cluster: clear another node's suspend_area after the copy is finished
    - cxgb4: Fix the condition to check if the card is T5
    - RDMA/bnxt_re: Fix a couple off by one bugs
    - RDMA/i40w: Hold read semaphore while looking after VMA
    - RDMA/bnxt_re: Fix a bunch of off by one bugs in qplib_fp.c
    - IB/core: type promotion bug in rdma_rw_init_one_mr()
    - media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt()
    - IB/mlx4: Test port number before querying type.
    - powerpc/kdump: Handle crashkernel memory reservation failure
    - media: fsl-viu: fix error handling in viu_of_probe()
    - vhost_net: Avoid tx vring kicks during busyloop
    - media: staging/imx: fill vb2_v4l2_buffer field entry
    - IB/mlx5: Fix GRE flow specification
    - include/rdma/opa_addr.h: Fix an endianness issue
    - x86/tsc: Add missing header to tsc_msr.c
    - ARM: hwmod: RTC: Don't assume lock/unlock will be called with irq enabled
    - x86/entry/64: Add two more instruction suffixes
    - ARM: dts: ls1021a: Add missing cooling device properties for CPUs
    - scsi: target/iscsi: Make iscsit_ta_authentication() respect the output
      buffer size
    - thermal: i.MX: Allow thermal probe to fail gracefully in case of bad
      calibration.
    - scsi: klist: Make it safe to use klists in atomic context
    - scsi: ibmvscsi: Improve strings handling
    - scsi: target: Avoid that EXTENDED COPY commands trigger lock inversion
    - usb: wusbcore: security: cast sizeof to int for comparison
    - ath10k: sdio: use same endpoint id for all packets...

Changed in linux (Ubuntu):
status: Fix Committed → Fix Released
Changed in ubuntu-z-systems:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers