[UBUNTU 20.04] Secure Execution: Unable to start Qemu with "-no-reboot" option

Bug #1890154 reported by bugproxy on 2020-08-03
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu on IBM z Systems
Medium
Skipper Bug Screeners
qemu (Ubuntu)
Medium
Canonical Server Team
Focal
Medium
Unassigned

Bug Description

[Impact]

 * on s390x the transition from non-secure to secure is a program directed
   IPL. IPL "usually" was menat to load a system. Due to that the
   -no-reboot option blocks that transition.

 * It is required to check the IPL function code and allow this "kind of
   IPL" despite -no-reboot being set.

[Test Case]

 * Run a s390x protvirt qemu-kvm and add the option -no-reboot
   - without the fix this will fail

 * Note: We will need IBM to test this for the access to the required
   hardware and a secure-execution enabled kernel (as used in the bug
   report)

[Regression Potential]

 * The change is small and clear, but if anything then IPL actions like
   load&reboot should be affected.

[Other Info]

 * n/a

---

---Problem Description---
Secure Execution: Qemu fails to start with no output when "-no-reboot" option has been set.

---uname output---
Linux se1 5.4.0-37-generic #41-Ubuntu SMP Wed Jun 3 17:53:50 UTC 2020 s390x s390x s390x GNU/Linux

Machine Type = z15 8562

---Debugger---
A debugger is not configured

---Steps to Reproduce---
Run Qemu with "-no-reboot" option:
/usr/bin/qemu-system-s390x -kernel ./se.img -nographic -monitor none -machine accel=kvm -no-reboot

Userspace tool common name: qemu-system-s390x

The userspace tool has the following bit modes: 64

Userspace rpm: qemu-system-s390x

Userspace tool obtained from project website: na

Solution:

Fix is upstream for qemu

commit d1bb69db4ceb6897ef6a17bf263146b53a123632
Author: Christian Borntraeger <email address hidden>
AuthorDate: Tue Jul 21 06:32:02 2020 -0400
Commit: Cornelia Huck <email address hidden>
CommitDate: Fri Jul 24 08:35:22 2020 +0200

    s390x/protvirt: allow to IPL secure guests with -no-reboot

Related branches

CVE References

bugproxy (bugproxy) on 2020-08-03
tags: added: architecture-s39064 bugnameltc-186486 severity-medium targetmilestone-inin2004
Changed in ubuntu:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
affects: ubuntu → qemu (Ubuntu)
Changed in ubuntu-z-systems:
assignee: nobody → Canonical Foundations Team (canonical-foundations)
importance: Undecided → Medium
summary: - Secure Execution: Unable to start Qemu with "-no-reboot" option
+ [UBUNTU 20.04] Secure Execution: Unable to start Qemu with "-no-reboot"
+ option
Frank Heimes (fheimes) on 2020-08-03
Changed in ubuntu-z-systems:
assignee: Canonical Foundations Team (canonical-foundations) → Canonical Server Team (canonical-server)
Changed in qemu (Ubuntu):
assignee: Skipper Bug Screeners (skipper-screen-team) → Canonical Server Team (canonical-server)
Changed in ubuntu-z-systems:
assignee: Canonical Server Team (canonical-server) → Skipper Bug Screeners (skipper-screen-team)

The fixes line is wrong:
d1bb69db4ceb6897ef6a17bf263146b53a123632 references:
  Fixes: 4d226deafc44 ("s390x: protvirt: Support unpack facility")

That commit does not (yet) exists, at least by title that is instead:
commit c3347ed0d2ee42a7dcf7bfe7f9c3884a9596727a
Author: Janosch Frank <email address hidden>
Date: Mon Mar 23 04:36:06 2020 -0400
    s390x: protvirt: Support unpack facility

All that affected code naturally is in qemu 5.1 but we have backported it to 4.2 in Focal - therefore add a task for that.

tags: added: qemu-20.10
Changed in qemu (Ubuntu):
importance: Undecided → Medium
Changed in qemu (Ubuntu Focal):
importance: Undecided → Low
Changed in qemu (Ubuntu):
status: New → Triaged
Changed in qemu (Ubuntu Focal):
importance: Low → Medium
status: New → Triaged

------- Comment From <email address hidden> 2020-08-05 02:57 EDT-------
(In reply to comment #19)
> The fixes line is wrong:
> d1bb69db4ceb6897ef6a17bf263146b53a123632 references:
> Fixes: 4d226deafc44 ("s390x: protvirt: Support unpack facility")
>
> That commit does not (yet) exists, at least by title that is instead:
> commit c3347ed0d2ee42a7dcf7bfe7f9c3884a9596727a

Right, this is the proper commit for upstream. The other one, was a preliminary commit id in s390-next.

Frank Heimes (fheimes) on 2020-08-05
Changed in ubuntu-z-systems:
status: New → Triaged
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package qemu - 1:5.0-5ubuntu4

---------------
qemu (1:5.0-5ubuntu4) groovy; urgency=medium

  * xen: provide compat links to what libxen-dev reports where to find
    the binaries (LP: #1890005)
  * d/p/ubuntu/lp-1883984-target-s390x-Fix-SQXBR.patch: avoid crash on
    SQXBR (LP: #1883984)
  * d/p/lp-1890154-*: fix -no-reboot on s390x secure boot (LP: #1890154)

 -- Christian Ehrhardt <email address hidden> Mon, 03 Aug 2020 07:15:28 +0200

Changed in qemu (Ubuntu):
status: Triaged → Fix Released
description: updated
Frank Heimes (fheimes) on 2020-08-19
Changed in ubuntu-z-systems:
status: Triaged → In Progress

Hello bugproxy, or anyone else affected,

Accepted qemu into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/qemu/1:4.2-3ubuntu6.5 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in qemu (Ubuntu Focal):
status: Triaged → Fix Committed
tags: added: verification-needed verification-needed-focal

All autopkgtests for the newly accepted qemu (1:4.2-3ubuntu6.5) for focal have finished running.
The following regressions have been reported in tests triggered by the package:

ubuntu-image/1.9+20.04ubuntu1 (amd64)
systemd/245.4-4ubuntu3.2 (amd64, armhf, s390x, ppc64el)
livecd-rootfs/2.664.4 (amd64, arm64, s390x, ppc64el)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/focal/update_excuses.html#qemu

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Frank Heimes (fheimes) on 2020-08-24
Changed in ubuntu-z-systems:
status: In Progress → Fix Committed

------- Comment From <email address hidden> 2020-08-26 08:23 EDT-------
Ubuntu 20.04
Kernel 5.4.0-42-generic
QEMU emulator version 4.2.1 (Debian 1:4.2-3ubuntu6.5)

Test result: after the upgrade of Qemu the '-no-reboot' option can be used again even in secure-execution mode.
Thanks for the fix!

Frank Heimes (fheimes) on 2020-08-26
tags: added: verification-done verification-done-focal
removed: verification-needed verification-needed-focal

The power machines were unavailable today, but worked fine on the same build off a PPA a week ago.
s390x and x86 I was able to test and the result looks good.

The results look good only missing 19 tests due to a proxy issue in the surrounding test environment - those tests worked fine on a retry then.

prep (x86_64) : Pass 20 F/S/N 0/0/0 - RC 0 (16 min 43576 lin)
migrate (x86_64) : Pass 288 F/S/N 0/0/0 - RC 0 (83 min 219071 lin)
cross (x86_64) : Pass 30 F/S/N 0/1/2 - RC 0 (59 min 53974 lin)
misc (x86_64) : Pass 48 F/S/N 0/0/0 - RC 999 (17 min 37626 lin)
+19 that worked on retry

prep (s390x) : Pass 20 F/S/N 0/0/0 - RC 0 (11 min 30019 lin)
migrate (s390x) : Pass 268 F/S/N 0/5/0 - RC 0 (66 min 160035 lin)
cross (s390x) : Pass 23 F/S/N 0/2/1 - RC 1 (54 min 48034 lin)
misc (s390x) : Pass 67 F/S/N 0/0/0 - RC 0 (32 min 31951 lin)

Setting verified tags.

P.S. We are also waiting on the focal portion of bug 1892358 to get the autopkgtest blocks out of the way as well, but we wanted to have it a bit longer in -proposed anyway so that should be ok.

wrong bug to post that, well it tested this build but still ...

The verification of the Stable Release Update for qemu has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package qemu - 1:4.2-3ubuntu6.5

---------------
qemu (1:4.2-3ubuntu6.5) focal; urgency=medium

  * further stabilize qemu by importing patches of qemu v4.2.1
    Fixes (LP: #1891203) and (LP: #1891877)
    - d/p/stable/lp-1891877-*
    - as part of the stabilization this also fixes an
      riscv emulation issue due to the CVE-2020-13754 fixes via
      d/p/ubuntu/hw-riscv-Allow-64-bit-access-to-SiFive-CLINT.patch
  * fix s390x SQXBR emulation (LP: #1883984)
    - d/p/ubuntu/lp-1883984-target-s390x-Fix-SQXBR.patch
  * fix -no-reboot for s390x protvirt guests (LP: #1890154)
    - d/p/ubuntu/lp-1890154-s390x-protvirt-allow-to-IPL-secure-guests-with-*

 -- Christian Ehrhardt <email address hidden> Wed, 19 Aug 2020 13:40:49 +0200

Changed in qemu (Ubuntu Focal):
status: Fix Committed → Fix Released
Frank Heimes (fheimes) on 2020-09-16
Changed in ubuntu-z-systems:
status: Fix Committed → Fix Released

------- Comment From <email address hidden> 2020-09-16 03:03 EDT-------
IBM Bugzilla status-> closed, Fix Released with all requested distros.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers