[Bug 1974109] Re: [UBUNTU 22.04] zipl segfaults when "parameters=" is missing

Launchpad Bug Tracker 1974109 at bugs.launchpad.net
Tue Jan 10 19:46:41 UTC 2023 

This bug was fixed in the package s390-tools - 2.20.0-0ubuntu3.2

---------------
s390-tools (2.20.0-0ubuntu3.2) jammy; urgency=medium

  * Fix zipl segfaults when "parameters=" is missing (LP: #1974109) with:
    d/p/6ff8202f-zipl-Add-missing-check-for-a-nullpointer.patch
  * Add KVM Secure Execution Attestation Userspace Tool to enhance secure
    execution (hardware feature: FC 115) exploitation (LP: #1959987) with:
    d/p/38639269-libpv-New-library-for-PV-tools.patch
    d/p/3ab06d77-pvattest-Create-perform-and-verify-attestation-measu.patch
    d/p/26148740-pvattest-tools-Add-tool-for-attestation.patch
  * Fix re-enciphering of EP11 identity key of KMIP plugin (LP: #1990520) with:
    d/p/4e2ebe03-libseckey-Fix-re-enciphering-of-EP11-secure-key.patch
  * Fix KMIP plugin fails to connection to KMIP server (LP: #1990524) with:
    d/p/6c5c5f7e-libseckey-Adapt-keymgmt_match-implementation-to-Open.patch
  * d/p/5768d55-zipl-boot-add-secure-boot-trailer.patch
    Add secure boot trailer in zipl stage 3 to keep compatibility with
    upcoming IBM zSystems firmware updates. (LP: #1996069)
  * Add d/p/92b8409-dbginfo.sh-ensure-type-commands-compatible-with-dash.patch
    and d/p/9f93af6-dbginfo.sh-ensure-compatibility-with-bin-dash.patch
    to achieve dbginfo.sh compatibility with /bin/dash shell. (LP: #1996477)

 -- Frank Heimes <frank.heimes at canonical.com>  Wed, 16 Nov 2022 18:14:00
+0200

** Changed in: s390-tools (Ubuntu Jammy)
       Status: Fix Committed => Fix Released

** Changed in: s390-tools-signed (Ubuntu Jammy)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to s390-tools-signed in Ubuntu.
https://bugs.launchpad.net/bugs/1974109

Title:
  [UBUNTU 22.04] zipl segfaults when "parameters=" is missing

Status in Ubuntu on IBM z Systems:
  Fix Committed
Status in s390-tools package in Ubuntu:
  Fix Released
Status in s390-tools-signed package in Ubuntu:
  Fix Released
Status in s390-tools source package in Jammy:
  Fix Released
Status in s390-tools-signed source package in Jammy:
  Fix Released
Status in s390-tools source package in Kinetic:
  Fix Released
Status in s390-tools-signed source package in Kinetic:
  Fix Released

Bug description:
  SRU Justification:
  ------------------

  [Impact]

   * The zipl boot-loader tool segfaults if a section doesn't contain
     a "parameters =" line.

   * Adding a "parameters =" line makes the problem go away.

   * This is especially problematic when secure execution is set up,
     since the parameter is provided in the secure image
     and hence a zipl parameter is not needed.

  [Fix]

   * 6ff8202f 6ff8202fa9e172199e995298d336d9dd87ca8180 "zipl: Add
  missing check for a nullpointer."

  [Test Plan]

   * Setup a default Ubuntu Server for s390x test installation.

   * Backup the existing /etc/zipl.conf:
     cp /etc/zipl.conf ~

   * Edit /etc/zipl.conf and remove (or better comment out)
     'the parameters =' line:
     sudo vi /etc/zipl.conf
     and save the file.

   * Execute the zipl tool to re-write the zipl bootloader
     and it will segfault
     without the patch (like this):
     sudo zipl
     Using config file '/etc/zipl.conf'
     Segmentation fault

   * or complete successfully (like this):
     sudo zipl
     Using config file '/etc/zipl.conf'
     Building bootmap in '/boot'
     Adding IPL section 'ubuntu' (default)
     Preparing boot device: dasda (0101).
     Done.

  [Where problems could occur]

   * It's a patch that changes just one line,
     checks the existence of the parmline
     and only then computes it's length,
     and otherwise sets the length to 0.

   * Issues could occur if the compact/short if
     statement is wrong and for example the logic mixed up.

   * Or if somewhere else in the code a length of 0
     for the parameters line is not expected and will
     cause further issues.

   * Both cases can simply be covered by the above test.

  [Other Info]

   * The above fix is included in s390-tools v2.23
     and is with that incl. in the kinetic s390-tools version.
  __________

  ZIPL segfaults if a section doesn't contain a "parameter=" line.
  Adding that line makes the problem go away.

  This is especially a problem when secure execution is set up since the
  parameter is provided in the secure image and hence a zipl parameter
  is not needed.

  ---uname output---
  Linux linux6 5.15.0-27-generic #28-Ubuntu SMP Thu Apr 14 04:55:23 UTC 2022 s390x s390x s390x GNU/Linux

  Machine Type = z16

  ---Steps to Reproduce---
  Add a section to /etc/zipl.conf that doesn't have a parameter line.

  Userspace tool common name: zipl

  The userspace tool has the following bit modes: 64-bit

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1974109/+subscriptions

More information about the foundations-bugs mailing list