installer does not support iSCSI iBFT

Bug #1817321 reported by Mauricio Faria de Oliveira on 2019-02-22
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Mauricio Faria de Oliveira
Bionic
Undecided
Unassigned
Cosmic
Undecided
Unassigned
Disco
Undecided
Mauricio Faria de Oliveira

Bug Description

[Impact]

 * It's not possible to access iBFT (iSCSI Boot Firmware Table) information
   (settings for network interface, initiator, and target) in the installer
   because the 'iscsi_ibft' module is not present in udeb packages.

 * Even if it was, the installer does not handle iBFT information at all,
   thus any settings are ignored, and iSCSI-related configuration has to
   be done manually or with workarounds.

 * This impacts user-experience and automatic installation on systems and
   deployments which actually do provide the iBFT feature and information,
   but cannot use it practically.

 * With proper iBFT support in the installer (kernel module in udeb package
   and automatic iSCSI-related configuration) users will be able to rely on
   iBFT to install/deploy Ubuntu on their servers and datacenters.

 * These fixes add the 'iscsi_ibft' kernel module in the scsi-modules udeb,
   and configure network/iSCSI according to iBFT information in disk-detect.

   This is done in disk-detect so that the iSCSI LUNs are detected as disks
   (useful in case of no other disks in the system so the installer doesn't
   complain nor wait too long) and that any partman-related preseed options
   are not required and may be still available for the user.

[Test Case]

 * linux package / kernel module in udeb:

   $ dpkg-deb -c scsi-modules_*.udeb | grep iscsi_ibft.ko

   Check the module loads in the installer environment.
   See comment with example for disco.

 * d-i/hw-detect package:
   (to be done)

[Regression Potential]

 * linux package: low, the kernel module is not loaded by default,
   and only checks whether iBFT information is present in firmware,
   then exposes that in sysfs in read-only mode.

 * d-i/hw-detect:
   (to be done)

[Other Info]

 * This has been verified both by the developer with a simple iSCSI
   iBFT environment (2 VMs: iSCSI target & initiator with UEFI+iPXE)
   and by an user with system/firmware that supports iBFT for iSCSI.

Test for scsi-modules udeb in Disco:
---

Check the original/modified udeb contents:

$ dpkg-deb -c scsi-modules-4.19.0-13-generic-di_4.19.0-13.14_amd64.udeb | grep iscsi_ibft.ko
$

$ dpkg-deb -c scsi-modules-4.19.0-13-generic-di_4.19.0-13.14+test20190221b1_amd64.udeb | grep iscsi_ibft.ko
-rw-r--r-- root/root 17393 2019-02-21 19:27 ./lib/modules/4.19.0-13-generic/kernel/drivers/firmware/iscsi_ibft.ko

Check the module loads in the installer:

$ wget http://archive.ubuntu.com/ubuntu/dists/disco/main/installer-amd64/current/images/netboot/ubuntu-installer/amd64/{linux,initrd.gz}

$ virt-install \
> --name disco-ibft \
> --vcpus 2 \
> --memory 1024 \
> --network user,model=virtio \
> --graphics none \
> --disk none \
> --boot kernel=linux,initrd=initrd.gz,kernel_args='console=ttyS0'

After network configuration, udeb download/install, in users/password, select go back and exit to shell.

Original udeb already downloaded and does not contain module:

~ # grep 'retrieving scsi.modules' /var/log/syslog
Feb 22 13:08:57 anna[1509]: DEBUG: retrieving scsi-modules-4.19.0-13-generic-di 4.19.0-13.14

~ # modinfo -n iscsi_ibft
modinfo: ERROR: Module iscsi_ibft not found.

Download modified udeb, install, test module load:

~ # wget https://.../scsi-modules-4.19.0-13-generic-di_4.19.0-13.14+test20190221b1_amd64.udeb

~ # udpkg -i scsi-modules-4.19.0-13-generic-di_4.19.0-13.14+test20190221b1_amd64.udeb
~ # depmod -a

~ # modinfo -n iscsi_ibft
/lib/modules/4.19.0-13-generic/kernel/drivers/firmware/iscsi_ibft.ko

~ # modprobe iscsi_ibft

~ # lsmod | grep ^iscsi_ibft
iscsi_ibft 16384 0

Changed in linux (Ubuntu):
assignee: nobody → Mauricio Faria de Oliveira (mfo)

linux patch posted to the kernel-team mailing list:

[B/C/D/Unstable][PATCH] UBUNTU: d-i: add iscsi_ibft to scsi-modules
https://lists.ubuntu.com/archives/kernel-team/2019-February/098745.html

Changed in linux (Ubuntu):
status: New → Confirmed
Changed in linux (Ubuntu Cosmic):
status: New → In Progress
Changed in linux (Ubuntu Disco):
status: Confirmed → In Progress
Changed in linux (Ubuntu Bionic):
status: New → In Progress
Seth Forshee (sforshee) on 2019-02-25
Changed in linux (Ubuntu Disco):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Bionic):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Cosmic):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 5.0.0-7.8

---------------
linux (5.0.0-7.8) disco; urgency=medium

  * linux: 5.0.0-7.8 -proposed tracker (LP: #1818519)

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

  * unnecessary request_queue freeze (LP: #1815733)
    - block: avoid setting nr_requests to current value
    - block: avoid setting none scheduler if it's already none

  * Miscellaneous Ubuntu changes
    - SAUCE: selftests: net: Don't fail test_vxlan_under_vrf on xfail
    - update dkms package versions

  [ Upstream Kernel Changes ]

  * Rebase to v5.0

 -- Seth Forshee <email address hidden> Mon, 04 Mar 2019 08:46:10 -0600

Changed in linux (Ubuntu Disco):
status: Fix Committed → Fix Released

Installer (non-kernel) patches submitted to Debian for feedback.
- disk-detect: https://bugs.debian.org/924675
- partman-iscsi: https://bugs.debian.org/924680

Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-cosmic' to 'verification-done-cosmic'. If the problem still exists, change the tag 'verification-needed-cosmic' to 'verification-failed-cosmic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-cosmic
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-bionic

bionic-proposed verification done;
iscsi_ibft.ko is present in udeb and loads correctly.
---

$ uname -rv
4.15.0-47-generic #50-Ubuntu SMP Wed Mar 13 10:44:52 UTC 2019

$ apt-get download scsi-modules-4.15.0-47-generic-di

$ dpkg-deb -c scsi-modules-4.15.0-47-generic-di_4.15.0-47.50_amd64.udeb | grep ibft
-rw-r--r-- root/root 17086 2019-03-13 04:37 ./lib/modules/4.15.0-47-generic/kernel/drivers/firmware/iscsi_ibft.ko

$ dpkg-deb -x scsi-modules-4.15.0-47-generic-di_4.15.0-47.50_amd64.udeb udeb

$ sudo insmod udeb/lib/modules/4.15.0-47-generic/kernel/drivers/scsi/iscsi_boot_sysfs.ko
$ sudo insmod udeb/lib/modules/4.15.0-47-generic/kernel/drivers/firmware/iscsi_ibft.ko

$ dmesg | grep -i ibft
[ 297.999505] No iBFT detected.

tags: added: verification-done-bionic
removed: verification-needed-bionic

cosmic-proposed verification done;
iscsi_ibft.ko is present in udeb and loads correctly.
---

$ uname -rv
4.18.0-17-generic #18-Ubuntu SMP Wed Mar 13 14:34:40 UTC 2019

$ apt-get download scsi-modules-4.18.0-17-generic-di

$ dpkg-deb -c scsi-modules-4.18.0-17-generic-di_4.18.0-17.18_amd64.udeb | grep ibft
-rw-r--r-- root/root 17257 2019-03-13 11:52 ./lib/modules/4.18.0-17-generic/kernel/drivers/firmware/iscsi_ibft.ko

$ dpkg-deb -x scsi-modules-4.18.0-17-generic-di_4.18.0-17.18_amd64.udeb udeb

$ sudo insmod udeb/lib/modules/4.18.0-17-generic/kernel/drivers/scsi/iscsi_boot_sysfs.ko
$ sudo insmod udeb/lib/modules/4.18.0-17-generic/kernel/drivers/firmware/iscsi_ibft.ko

$ dmesg | grep -i ibft
[ 117.143116] No iBFT detected.

tags: added: verification-done-cosmic
removed: verification-needed-cosmic
Launchpad Janitor (janitor) wrote :
Download full text (25.4 KiB)

This bug was fixed in the package linux - 4.15.0-47.50

---------------
linux (4.15.0-47.50) bionic; urgency=medium

  * linux: 4.15.0-47.50 -proposed tracker (LP: #1819716)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync getabis
    - [Packaging] update helper scripts
    - [Packaging] resync retpoline extraction

  * C++ demangling support missing from perf (LP: #1396654)
    - [Packaging] fix a mistype

  * arm-smmu-v3 arm-smmu-v3.3.auto: CMD_SYNC timeout (LP: #1818162)
    - iommu/arm-smmu-v3: Fix unexpected CMD_SYNC timeout

  * Crash in nvme_irq_check() when using threaded interrupts (LP: #1818747)
    - nvme-pci: fix out of bounds access in nvme_cqe_pending

  * CVE-2019-9213
    - mm: enforce min addr even if capable() in expand_downwards()

  * CVE-2019-3460
    - Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt

  * amdgpu with mst WARNING on blanking (LP: #1814308)
    - drm/amd/display: Don't use dc_link in link_encoder
    - drm/amd/display: Move wait for hpd ready out from edp power control.
    - drm/amd/display: eDP sequence BL off first then DP blank.
    - drm/amd/display: Fix unused variable compilation error
    - drm/amd/display: Fix warning about misaligned code
    - drm/amd/display: Fix MST dp_blank REG_WAIT timeout

  * tun/tap: unable to manage carrier state from userland (LP: #1806392)
    - tun: implement carrier change

  * CVE-2019-8980
    - exec: Fix mem leak in kernel_read_file

  * raw_skew in timer from the ubuntu_kernel_selftests failed on Bionic
    (LP: #1811194)
    - selftest: timers: Tweak raw_skew to SKIP when ADJ_OFFSET/other clock
      adjustments are in progress

  * [Packaging] Allow overlay of config annotations (LP: #1752072)
    - [Packaging] config-check: Add an include directive

  * CVE-2019-7308
    - bpf: move {prev_,}insn_idx into verifier env
    - bpf: move tmp variable into ax register in interpreter
    - bpf: enable access to ax register also from verifier rewrite
    - bpf: restrict map value pointer arithmetic for unprivileged
    - bpf: restrict stack pointer arithmetic for unprivileged
    - bpf: restrict unknown scalars of mixed signed bounds for unprivileged
    - bpf: fix check_map_access smin_value test when pointer contains offset
    - bpf: prevent out of bounds speculation on pointer arithmetic
    - bpf: fix sanitation of alu op with pointer / scalar type from different
      paths
    - bpf: add various test cases to selftests

  * CVE-2017-5753
    - bpf: properly enforce index mask to prevent out-of-bounds speculation
    - bpf: fix inner map masking to prevent oob under speculation

  * BPF: kernel pointer leak to unprivileged userspace (LP: #1815259)
    - bpf/verifier: disallow pointer subtraction

  * squashfs hardening (LP: #1816756)
    - squashfs: more metadata hardening
    - squashfs metadata 2: electric boogaloo
    - squashfs: more metadata hardening
    - Squashfs: Compute expected length from inode size rather than block length

  * efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted (LP: #1814982)
    - efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted

  * Update ENA driver to version 2.0.3K (LP: #1816806)...

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (5.0 KiB)

This bug was fixed in the package linux - 4.18.0-17.18

---------------
linux (4.18.0-17.18) cosmic; urgency=medium

  * linux: 4.18.0-17.18 -proposed tracker (LP: #1819624)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync getabis
    - [Packaging] update helper scripts

  * C++ demangling support missing from perf (LP: #1396654)
    - [Packaging] fix a mistype

  * arm-smmu-v3 arm-smmu-v3.3.auto: CMD_SYNC timeout (LP: #1818162)
    - iommu/arm-smmu-v3: Fix unexpected CMD_SYNC timeout

  * Crash in nvme_irq_check() when using threaded interrupts (LP: #1818747)
    - nvme-pci: fix out of bounds access in nvme_cqe_pending

  * CVE-2019-9003
    - ipmi: fix use-after-free of user->release_barrier.rda

  * CVE-2019-9162
    - netfilter: nf_nat_snmp_basic: add missing length checks in ASN.1 cbs

  * CVE-2019-9213
    - mm: enforce min addr even if capable() in expand_downwards()

  * CVE-2019-3460
    - Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt

  * tun/tap: unable to manage carrier state from userland (LP: #1806392)
    - tun: implement carrier change

  * CVE-2019-8980
    - exec: Fix mem leak in kernel_read_file

  * [Packaging] Allow overlay of config annotations (LP: #1752072)
    - [Packaging] config-check: Add an include directive

  * amdgpu with mst WARNING on blanking (LP: #1814308)
    - drm/amd/display: Fix MST dp_blank REG_WAIT timeout

  * CVE-2019-7308
    - bpf: move {prev_,}insn_idx into verifier env
    - bpf: move tmp variable into ax register in interpreter
    - bpf: enable access to ax register also from verifier rewrite
    - bpf: restrict map value pointer arithmetic for unprivileged
    - bpf: restrict stack pointer arithmetic for unprivileged
    - bpf: restrict unknown scalars of mixed signed bounds for unprivileged
    - bpf: fix check_map_access smin_value test when pointer contains offset
    - bpf: prevent out of bounds speculation on pointer arithmetic
    - bpf: fix sanitation of alu op with pointer / scalar type from different
      paths
    - bpf: add various test cases to test_verifier
    - bpf: add various test cases to selftests

  * CVE-2017-5753
    - bpf: fix inner map masking to prevent oob under speculation

  * Use memblock quirk instead of delayed allocation for GICv3 LPI tables
    (LP: #1816425)
    - efi/arm: Revert "Defer persistent reservations until after paging_init()"
    - arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve
      table

  * efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted (LP: #1814982)
    - efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted

  * Update ENA driver to version 2.0.3K (LP: #1816806)
    - net: ena: update driver version from 2.0.2 to 2.0.3
    - net: ena: fix race between link up and device initalization
    - net: ena: fix crash during failed resume from hibernation

  * Silent "Unknown key" message when pressing keyboard backlight hotkey
    (LP: #1817063)
    - platform/x86: dell-wmi: Ignore new keyboard backlight change event

  * CVE-2018-19824
    - ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c

  * CVE-2019-3459
    - Bluetooth: Verify that l2cap_get...

Read more...

Changed in linux (Ubuntu Cosmic):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.