Public bug reported:
---Problem Description---
Summary
=======
New IBM HW with Crypto Accelerator cards attached
Kernel level: 5.14
Core dump when configuring the ibmca engine with libica = libica.so.4 in the
openssl.cnf file in the engine section.
The problem only occurs with OpenSSL 3.0 and is immediately reproducible.
Details
=======
HINT: To be able to receive core dump files at all it is needed to change the
/etc/systemd/system.conf file entry DefaultLimitCORE=0:infinity to read
DefaultLimitCORE=infinity:infinity
On a system with ibmca engine configured system wide, when trying to use
the libica.so.4 to support the ibmca engine the sshd daemon dumps core
upon the first login attempt.
# openssl engine -c
(dynamic) Dynamic engine loading support
(ibmca) Ibmca hardware engine support
[RSA, DSA, DH]
Debug Data
==========
core dump file in the attachments.
Contact Information = christian.r...@de.ibm.com
---uname output---
Linux system 5.14.
---Debugger---
A debugger is not configured
---Steps to Reproduce---
1.) Edit /etc/systemd/system.conf file to allow core dumps:
Change the line DefaultLimitCORE=0:infinity
to read DefaultLimitCORE=infinity:infinity
2.) run: systemctl daemon-reload
systemctl restart systemd-coredump.socket
3.) Run the /usr/share/doc/openssl-ibmca/ibmca-engine-opensslconfig perl script
4.) Edit the /etc/pki/tls file near the end to contain the line
to back the ibmca engine by the libica.so.4 library as outlined in the
/usr/share/doc/openssl-ibmca/README.md file
5.) Run: openssl engine -c
6.) Keep the current session open for subsequently stepping back to the
original openssl.cnf!
7.) Open up a new ssh session to the system under test
and watch the login to fail with broken pipe
8.) On the remaining session, run
coreumpctl list / coredumpctl dump
Userspace tool common name: openssl-ibmca
Userspace rpm: openssl-ibmca-2.2.2-1.el9.s390x
The userspace tool has the following bit modes: 64bit
Userspace tool obtained from project website: na
** Affects: linux (Ubuntu)
Importance: Undecided
Assignee: Skipper Bug Screeners (skipper-screen-team)
Status: New
** Tags: architecture-s39064 bugnameltc-197386 severity-critical
targetmilestone-inin---
** Tags added: architecture-s39064 bugnameltc-197386 severity-critical
targetmilestone-inin---
** Changed in: ubuntu
Assignee: (unassigned) => Skipper Bug Screeners (skipper-screen-team)
** Package changed: ubuntu => linux (Ubuntu)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1967141
Title:
[UBUNTU 22.04] ibmca engine with libica = libica.so.4 - sshd dumps
core (openssl-ibmca)
Status in linux package in Ubuntu:
New
Bug description:
---Problem Description---
Summary
=======
New IBM HW with Crypto Accelerator cards attached
Kernel level: 5.14
Core dump when configuring the ibmca engine with libica = libica.so.4 in the
openssl.cnf file in the engine section.
The problem only occurs with OpenSSL 3.0 and is immediately reproducible.
Details
=======
HINT: To be able to receive core dump files at all it is needed to change the
/etc/systemd/system.conf file entry DefaultLimitCORE=0:infinity to read
DefaultLimitCORE=infinity:infinity
On a system with ibmca engine configured system wide, when trying to
use the libica.so.4 to support the ibmca engine the sshd daemon dumps
core upon the first login attempt.
# openssl engine -c
(dynamic) Dynamic engine loading support
(ibmca) Ibmca hardware engine support
[RSA, DSA, DH]
Debug Data
==========
core dump file in the attachments.
Contact Information = christian.r...@de.ibm.com
---uname output---
Linux system 5.14.
---Debugger---
A debugger is not configured
---Steps to Reproduce---
1.) Edit /etc/systemd/system.conf file to allow core dumps:
Change the line DefaultLimitCORE=0:infinity
to read DefaultLimitCORE=infinity:infinity
2.) run: systemctl daemon-reload
systemctl restart systemd-coredump.socket
3.) Run the /usr/share/doc/openssl-ibmca/ibmca-engine-opensslconfig perl
script
4.) Edit the /etc/pki/tls file near the end to contain the line
to back the ibmca engine by the libica.so.4 library as outlined in the
/usr/share/doc/openssl-ibmca/README.md file
5.) Run: openssl engine -c
6.) Keep the current session open for subsequently stepping back to the
original openssl.cnf!
7.) Open up a new ssh session to the system under test
and watch the login to fail with broken pipe
8.) On the remaining session, run
coreumpctl list / coredumpctl dump
Userspace tool common name: openssl-ibmca
Userspace rpm: openssl-ibmca-2.2.2-1.el9.s390x
The userspace tool has the following bit modes: 64bit
Userspace tool obtained from project website: na
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1967141/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
