Checkbox Provider - Base

Catting the SecureBoot efivar in /sys hangs

Bug #1896119 reported by Jeff Lane  on 2020-09-17

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Checkbox Provider - Base	Fix Released	Medium	Jeff Lane 	Checkbox Provider - Base 0.56.0
	linux (Ubuntu)	Incomplete	Undecided	Unassigned

Bug Description

During testing, a machine locked up appearing to hang on the secure boot mode test. Looking at the test logs, both of the things that use boot_mode_test.py have triggered this issue:

miscellanea/reboot_firmware crashed
miscellanea/secure_boot_mode crashed

as this doesn't do much beyond open up a file in efivars, this is puzzling behaviour. Need to figure out what would trigger this and how to work around it.

Related branches

~bladernr/plainbox-provider-checkbox:1896119-boot_mode_test-hang

Merged into plainbox-provider-checkbox:master at revision 6fdde642454ca3c330342423c6c1692d54e79df9

Jonathan Cave (community): Approve on 2021-01-08

Revision history for this message

Fabio Augusto Miranda Martins (fabio.martins) wrote on 2021-01-07:

Attempting to run:
cat /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c
hangs.

hexdump barfs:
$ hexdump /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c
hexdump: /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c: Interrupted system call

Trying under sudo makes no difference.

stracing that cat request results in:
fstat(1, {st_mode=S_IFIFO|0600, st_size=0, ...}) = 0
openat(AT_FDCWD, "/sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=5, ...}) = 0
fadvise64(3, 0, 0, POSIX_FADV_SEQUENTIAL) = 0
mmap(NULL, 139264, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd9ca513000
read(3, 0x7fd9ca514000, 131072) = -1 EINTR (Interrupted system call)
read(3, 0x7fd9ca514000, 131072) = -1 EINTR (Interrupted system call)
read(3, 0x7fd9ca514000, 131072) = -1 EINTR (Interrupted system call)
read(3, 0x7fd9ca514000, 131072) = -1 EINTR (Interrupted system call)

With that Interrupted system call just spinning repeating over and over until I stop it.

Revision history for this message

Jeff Lane  (bladernr) wrote on 2021-01-07:

At this point, this is not a problem I can fix. It's very much tied to their hardware, and to the kernel on that hardware. This is the only instance of this I have ever seen, anywhere, over literally thousands of test runs, and it is very easily reproduced manually by simply catting the efi variable for SecureBoot, so it exists outside the test suite.

I've added a kernel task, if there's any fix to be had here, it would have to occur there.

Changed in plainbox-provider-checkbox:
status:	New → Invalid

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2021-01-07: Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1896119

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status:	New → Incomplete

Jeff Lane  (bladernr) on 2021-01-07

summary:

- secure boot test locks machine up
+ Catting the SecureBoot efivar in /sys hangs

Revision history for this message

Jeff Lane  (bladernr) wrote on 2021-01-07:

after some more commentary from the customer, I'm still not convinced that this isn't related to the hardware itself, HOWEVER, while doing a bit more deubgging I noticed that the boot_mode_test.py script opens files but does not properly close them (expecting python to close them on exit?)

So while this may or may not resolve the hang that was reported when the secureboot test runs, I can at least fix this a bit so that we properly close the files after reading them.

Changed in plainbox-provider-checkbox:
status:	Invalid → Incomplete
status:	Incomplete → Fix Committed
status:	Fix Committed → In Progress
importance:	Undecided → Medium
assignee:	nobody → Jeff Lane (bladernr)
milestone:	none → 0.57.0

Revision history for this message

Jeff Lane  (bladernr) wrote on 2021-01-07:

For context, the update from the customer was that

cat /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c

actually works fine UNTIL he runs the cert suite, after which point it hangs.

So I wonder if not properly closing the file leaves this in a bad state somehow once the script is killed with a ctrl-c...

As I said, I'm still not convinced this actually solves the issue, but we'll see. I do hope this is all the issue is.

Jeff Lane  (bladernr) on 2021-01-08

Changed in plainbox-provider-checkbox:
status:	In Progress → Fix Committed

Sylvain Pineau (sylvain-pineau) on 2021-01-14

Changed in plainbox-provider-checkbox:
milestone:	0.57.0 → 0.56.0

Devices Certification Bot (ce-certification-qa) on 2021-01-26

Changed in plainbox-provider-checkbox:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.