(#2050567) fix(fips): handle s390x OSTree systems #26
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
On s390x, the `BOOT_IMAGE` karg injected by the bootloader is not a path to the kernel image, but rather an integer describing the index of the menu entry selected. Because of the way the s390x bootloader works, there is no information retained about e.g. the path of the kernel that was loaded. This causes issues for the FIPS code which assumes that `BOOT_IMAGE` is a path to the kernel image to derive the HMAC path. In non-OSTree systems, this ends up working anyway, because the kernel is located at the root of the boot partition. In OSTree systems, this is not the case. However, OSTree systems use BLS configs, and they are named in reverse order of precedence (i.e. menu ordering). So from the `BOOT_IMAGE` integer, we can figure out which BLS entry was selected. Add some code to do just this on s390x. This isn't completely foolproof, because it presumes that (1) BLS configs were used to populate the bootloader (and that they were exactly in the same state they currently are when `zipl` was run), and (2) there are no other menu entries originating from outside the BLS configs. However, if these assumptions are wrong we would simply fail the boot, which is currently what is happening anyway. See also: openshift/os#546 ibm-s390-linux/s390-tools#78 Tested-by: Muhammad Adeel <muhammad.adeel@ibm.com> (cherry picked from commit 78557f0) Resolves: #2050567
systemd-rhel-bot
force-pushed
the
bz2050567
branch
from
0754b0d
to
df70af2
Compare
lnykryn
approved these changes
Feb 15, 2022
|
This was reworked as #28 (let's use that one instead). |
pvalena
pushed a commit
to pvalena/dracut-rhel9
that referenced
this pull request
Nov 14, 2023
in install_dependent_modules we use &path[kerneldirlen] as the key for inserting, let's do the same for checking. otherwise installing kernel module has circular dependency from a custom kernel module directory will cause infinite recursion and segfault. $ grep ipmi kbuilt/lib/modules/5.10.121/modules.dep kernel/drivers/char/ipmi/ipmi_msghandler.ko: kernel/drivers/char/ipmi/ipmi_devintf.ko: kernel/drivers/char/ipmi/ipmi_msghandler.ko $ grep ipmi kbuilt/lib/modules/5.10.121/modules.softdep softdep ipmi_msghandler post: ipmi_devintf $ ./dracut-install -D /tmp --kerneldir ~/working/kernel/linux-5.10.121/kbuilt/lib/modules/5.10.121 -m ipmi-devintf Segmentation fault (core dumped) (gdb) b install_dependent_modules Breakpoint 1 at 0x7db0: file src/install/dracut-install.c, line 1513. (gdb) bt #0 install_dependent_modules (modlist=0x0) at src/install/dracut-install.c:1513 #1 0x000055555555c027 in install_dependent_modules (modlist=modlist@entry=0x555555579e90) at src/install/dracut-install.c:1553 #2 0x000055555555bf1c in install_dependent_modules (modlist=0x5555555799d0) at src/install/dracut-install.c:1548 redhat-plumbers#3 0x000055555555c034 in install_dependent_modules (modlist=modlist@entry=0x55555557a3f0) at src/install/dracut-install.c:1554 redhat-plumbers#4 0x000055555555bf1c in install_dependent_modules (modlist=0x555555579d60) at src/install/dracut-install.c:1548 redhat-plumbers#5 0x000055555555c034 in install_dependent_modules (modlist=modlist@entry=0x55555557b170) at src/install/dracut-install.c:1554 redhat-plumbers#6 0x000055555555bf1c in install_dependent_modules (modlist=0x55555557a0f0) at src/install/dracut-install.c:1548 redhat-plumbers#7 0x000055555555c034 in install_dependent_modules (modlist=modlist@entry=0x555555575320) at src/install/dracut-install.c:1554 redhat-plumbers#8 0x000055555555bf1c in install_dependent_modules (modlist=0x55555557ab30) at src/install/dracut-install.c:1548 redhat-plumbers#9 0x000055555555c034 in install_dependent_modules (modlist=modlist@entry=0x55555557dd60) at src/install/dracut-install.c:1554 redhat-plumbers#10 0x000055555555bf1c in install_dependent_modules (modlist=0x55555557b640) at src/install/dracut-install.c:1548 redhat-plumbers#11 0x000055555555c034 in install_dependent_modules (modlist=modlist@entry=0x55555557e0f0) at src/install/dracut-install.c:1554 redhat-plumbers#12 0x000055555555bf1c in install_dependent_modules (modlist=0x55555557b9d0) at src/install/dracut-install.c:1548 redhat-plumbers#13 0x000055555555c034 in install_dependent_modules (modlist=modlist@entry=0x555555574340) at src/install/dracut-install.c:1554 redhat-plumbers#14 0x000055555555bf1c in install_dependent_modules (modlist=0x55555557cf70) at src/install/dracut-install.c:1548 redhat-plumbers#15 0x000055555555c034 in install_dependent_modules (modlist=modlist@entry=0x5555555768d0) at src/install/dracut-install.c:1554 redhat-plumbers#16 0x000055555555bf1c in install_dependent_modules (modlist=0x55555557d750) at src/install/dracut-install.c:1548 redhat-plumbers#17 0x000055555555c034 in install_dependent_modules (modlist=modlist@entry=0x55555557e700) at src/install/dracut-install.c:1554 redhat-plumbers#18 0x000055555555bf1c in install_dependent_modules (modlist=0x55555557de90) at src/install/dracut-install.c:1548 redhat-plumbers#19 0x000055555555c034 in install_dependent_modules (modlist=modlist@entry=0x555555581c90) at src/install/dracut-install.c:1554 redhat-plumbers#20 0x000055555555bf1c in install_dependent_modules (modlist=0x555555571e60) at src/install/dracut-install.c:1548 redhat-plumbers#21 0x000055555555c034 in install_dependent_modules (modlist=modlist@entry=0x55555556b620) at src/install/dracut-install.c:1554 redhat-plumbers#22 0x000055555555bf1c in install_dependent_modules (modlist=0x555555583000) at src/install/dracut-install.c:1548 redhat-plumbers#23 0x000055555555c034 in install_dependent_modules (modlist=modlist@entry=0x55555556b640) at src/install/dracut-install.c:1554 redhat-plumbers#24 0x000055555555bf1c in install_dependent_modules (modlist=0x555555571b40) at src/install/dracut-install.c:1548 redhat-plumbers#25 0x000055555555c034 in install_dependent_modules (modlist=modlist@entry=0x555555574100) at src/install/dracut-install.c:1554 redhat-plumbers#26 0x000055555555c4b0 in install_module (mod=mod@entry=0x555555573bc0) at src/install/dracut-install.c:1617 redhat-plumbers#27 0x000055555555c93d in install_modules (argc=argc@entry=1, argv=argv@entry=0x7fffffffd6e0) at src/install/dracut-install.c:1952 redhat-plumbers#28 0x000055555555862a in main (argc=<optimized out>, argv=0x7fffffffd6a8) at src/install/dracut-install.c:2090 Signed-off-by: runsisi <runsisi@hust.edu.cn>
pvalena
pushed a commit
to pvalena/dracut-rhel9
that referenced
this pull request
Nov 15, 2023
in install_dependent_modules we use &path[kerneldirlen] as the key for inserting, let's do the same for checking. otherwise installing kernel module has circular dependency from a custom kernel module directory will cause infinite recursion and segfault. $ grep ipmi kbuilt/lib/modules/5.10.121/modules.dep kernel/drivers/char/ipmi/ipmi_msghandler.ko: kernel/drivers/char/ipmi/ipmi_devintf.ko: kernel/drivers/char/ipmi/ipmi_msghandler.ko $ grep ipmi kbuilt/lib/modules/5.10.121/modules.softdep softdep ipmi_msghandler post: ipmi_devintf $ ./dracut-install -D /tmp --kerneldir ~/working/kernel/linux-5.10.121/kbuilt/lib/modules/5.10.121 -m ipmi-devintf Segmentation fault (core dumped) (gdb) b install_dependent_modules Breakpoint 1 at 0x7db0: file src/install/dracut-install.c, line 1513. (gdb) bt #0 install_dependent_modules (modlist=0x0) at src/install/dracut-install.c:1513 #1 0x000055555555c027 in install_dependent_modules (modlist=modlist@entry=0x555555579e90) at src/install/dracut-install.c:1553 #2 0x000055555555bf1c in install_dependent_modules (modlist=0x5555555799d0) at src/install/dracut-install.c:1548 redhat-plumbers#3 0x000055555555c034 in install_dependent_modules (modlist=modlist@entry=0x55555557a3f0) at src/install/dracut-install.c:1554 redhat-plumbers#4 0x000055555555bf1c in install_dependent_modules (modlist=0x555555579d60) at src/install/dracut-install.c:1548 redhat-plumbers#5 0x000055555555c034 in install_dependent_modules (modlist=modlist@entry=0x55555557b170) at src/install/dracut-install.c:1554 redhat-plumbers#6 0x000055555555bf1c in install_dependent_modules (modlist=0x55555557a0f0) at src/install/dracut-install.c:1548 redhat-plumbers#7 0x000055555555c034 in install_dependent_modules (modlist=modlist@entry=0x555555575320) at src/install/dracut-install.c:1554 redhat-plumbers#8 0x000055555555bf1c in install_dependent_modules (modlist=0x55555557ab30) at src/install/dracut-install.c:1548 redhat-plumbers#9 0x000055555555c034 in install_dependent_modules (modlist=modlist@entry=0x55555557dd60) at src/install/dracut-install.c:1554 redhat-plumbers#10 0x000055555555bf1c in install_dependent_modules (modlist=0x55555557b640) at src/install/dracut-install.c:1548 redhat-plumbers#11 0x000055555555c034 in install_dependent_modules (modlist=modlist@entry=0x55555557e0f0) at src/install/dracut-install.c:1554 redhat-plumbers#12 0x000055555555bf1c in install_dependent_modules (modlist=0x55555557b9d0) at src/install/dracut-install.c:1548 redhat-plumbers#13 0x000055555555c034 in install_dependent_modules (modlist=modlist@entry=0x555555574340) at src/install/dracut-install.c:1554 redhat-plumbers#14 0x000055555555bf1c in install_dependent_modules (modlist=0x55555557cf70) at src/install/dracut-install.c:1548 redhat-plumbers#15 0x000055555555c034 in install_dependent_modules (modlist=modlist@entry=0x5555555768d0) at src/install/dracut-install.c:1554 redhat-plumbers#16 0x000055555555bf1c in install_dependent_modules (modlist=0x55555557d750) at src/install/dracut-install.c:1548 redhat-plumbers#17 0x000055555555c034 in install_dependent_modules (modlist=modlist@entry=0x55555557e700) at src/install/dracut-install.c:1554 redhat-plumbers#18 0x000055555555bf1c in install_dependent_modules (modlist=0x55555557de90) at src/install/dracut-install.c:1548 redhat-plumbers#19 0x000055555555c034 in install_dependent_modules (modlist=modlist@entry=0x555555581c90) at src/install/dracut-install.c:1554 redhat-plumbers#20 0x000055555555bf1c in install_dependent_modules (modlist=0x555555571e60) at src/install/dracut-install.c:1548 redhat-plumbers#21 0x000055555555c034 in install_dependent_modules (modlist=modlist@entry=0x55555556b620) at src/install/dracut-install.c:1554 redhat-plumbers#22 0x000055555555bf1c in install_dependent_modules (modlist=0x555555583000) at src/install/dracut-install.c:1548 redhat-plumbers#23 0x000055555555c034 in install_dependent_modules (modlist=modlist@entry=0x55555556b640) at src/install/dracut-install.c:1554 redhat-plumbers#24 0x000055555555bf1c in install_dependent_modules (modlist=0x555555571b40) at src/install/dracut-install.c:1548 redhat-plumbers#25 0x000055555555c034 in install_dependent_modules (modlist=modlist@entry=0x555555574100) at src/install/dracut-install.c:1554 redhat-plumbers#26 0x000055555555c4b0 in install_module (mod=mod@entry=0x555555573bc0) at src/install/dracut-install.c:1617 redhat-plumbers#27 0x000055555555c93d in install_modules (argc=argc@entry=1, argv=argv@entry=0x7fffffffd6e0) at src/install/dracut-install.c:1952 redhat-plumbers#28 0x000055555555862a in main (argc=<optimized out>, argv=0x7fffffffd6a8) at src/install/dracut-install.c:2090 Signed-off-by: runsisi <runsisi@hust.edu.cn> (Cherry-picked commit: 7bb1f64b972586d86d82fcb23de4b979eab0ddfe) Resolves: RHEL-15821
pvalena
pushed a commit
that referenced
this pull request
Dec 14, 2023
in install_dependent_modules we use &path[kerneldirlen] as the key for inserting, let's do the same for checking. otherwise installing kernel module has circular dependency from a custom kernel module directory will cause infinite recursion and segfault. $ grep ipmi kbuilt/lib/modules/5.10.121/modules.dep kernel/drivers/char/ipmi/ipmi_msghandler.ko: kernel/drivers/char/ipmi/ipmi_devintf.ko: kernel/drivers/char/ipmi/ipmi_msghandler.ko $ grep ipmi kbuilt/lib/modules/5.10.121/modules.softdep softdep ipmi_msghandler post: ipmi_devintf $ ./dracut-install -D /tmp --kerneldir ~/working/kernel/linux-5.10.121/kbuilt/lib/modules/5.10.121 -m ipmi-devintf Segmentation fault (core dumped) (gdb) b install_dependent_modules Breakpoint 1 at 0x7db0: file src/install/dracut-install.c, line 1513. (gdb) bt #0 install_dependent_modules (modlist=0x0) at src/install/dracut-install.c:1513 #1 0x000055555555c027 in install_dependent_modules (modlist=modlist@entry=0x555555579e90) at src/install/dracut-install.c:1553 #2 0x000055555555bf1c in install_dependent_modules (modlist=0x5555555799d0) at src/install/dracut-install.c:1548 #3 0x000055555555c034 in install_dependent_modules (modlist=modlist@entry=0x55555557a3f0) at src/install/dracut-install.c:1554 #4 0x000055555555bf1c in install_dependent_modules (modlist=0x555555579d60) at src/install/dracut-install.c:1548 #5 0x000055555555c034 in install_dependent_modules (modlist=modlist@entry=0x55555557b170) at src/install/dracut-install.c:1554 #6 0x000055555555bf1c in install_dependent_modules (modlist=0x55555557a0f0) at src/install/dracut-install.c:1548 #7 0x000055555555c034 in install_dependent_modules (modlist=modlist@entry=0x555555575320) at src/install/dracut-install.c:1554 #8 0x000055555555bf1c in install_dependent_modules (modlist=0x55555557ab30) at src/install/dracut-install.c:1548 #9 0x000055555555c034 in install_dependent_modules (modlist=modlist@entry=0x55555557dd60) at src/install/dracut-install.c:1554 #10 0x000055555555bf1c in install_dependent_modules (modlist=0x55555557b640) at src/install/dracut-install.c:1548 #11 0x000055555555c034 in install_dependent_modules (modlist=modlist@entry=0x55555557e0f0) at src/install/dracut-install.c:1554 #12 0x000055555555bf1c in install_dependent_modules (modlist=0x55555557b9d0) at src/install/dracut-install.c:1548 #13 0x000055555555c034 in install_dependent_modules (modlist=modlist@entry=0x555555574340) at src/install/dracut-install.c:1554 #14 0x000055555555bf1c in install_dependent_modules (modlist=0x55555557cf70) at src/install/dracut-install.c:1548 #15 0x000055555555c034 in install_dependent_modules (modlist=modlist@entry=0x5555555768d0) at src/install/dracut-install.c:1554 #16 0x000055555555bf1c in install_dependent_modules (modlist=0x55555557d750) at src/install/dracut-install.c:1548 #17 0x000055555555c034 in install_dependent_modules (modlist=modlist@entry=0x55555557e700) at src/install/dracut-install.c:1554 #18 0x000055555555bf1c in install_dependent_modules (modlist=0x55555557de90) at src/install/dracut-install.c:1548 #19 0x000055555555c034 in install_dependent_modules (modlist=modlist@entry=0x555555581c90) at src/install/dracut-install.c:1554 #20 0x000055555555bf1c in install_dependent_modules (modlist=0x555555571e60) at src/install/dracut-install.c:1548 #21 0x000055555555c034 in install_dependent_modules (modlist=modlist@entry=0x55555556b620) at src/install/dracut-install.c:1554 #22 0x000055555555bf1c in install_dependent_modules (modlist=0x555555583000) at src/install/dracut-install.c:1548 #23 0x000055555555c034 in install_dependent_modules (modlist=modlist@entry=0x55555556b640) at src/install/dracut-install.c:1554 #24 0x000055555555bf1c in install_dependent_modules (modlist=0x555555571b40) at src/install/dracut-install.c:1548 #25 0x000055555555c034 in install_dependent_modules (modlist=modlist@entry=0x555555574100) at src/install/dracut-install.c:1554 #26 0x000055555555c4b0 in install_module (mod=mod@entry=0x555555573bc0) at src/install/dracut-install.c:1617 #27 0x000055555555c93d in install_modules (argc=argc@entry=1, argv=argv@entry=0x7fffffffd6e0) at src/install/dracut-install.c:1952 #28 0x000055555555862a in main (argc=<optimized out>, argv=0x7fffffffd6a8) at src/install/dracut-install.c:2090 Signed-off-by: runsisi <runsisi@hust.edu.cn> (Cherry-picked commit: 7bb1f64b972586d86d82fcb23de4b979eab0ddfe) Resolves: RHEL-15821
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.