lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <ZB3wMuynKnQ1IFjb@bombadil.infradead.org>
Date:   Fri, 24 Mar 2023 11:47:14 -0700
From:   Luis Chamberlain <mcgrof@...nel.org>
To:     Lucas De Marchi <lucas.demarchi@...el.com>
Cc:     Vincenzo Palazzo <vincenzopalazzodev@...il.com>,
        Petr Mladek <pmladek@...e.com>,
        Petr Pavlu <petr.pavlu@...e.com>,
        Prarit Bhargava <prarit@...hat.com>,
        Vegard Nossum <vegard.nossum@...cle.com>,
        Borislav Petkov <bp@...en8.de>, NeilBrown <neilb@...e.de>,
        Goldwyn Rodrigues <rgoldwyn@...e.com>, david@...hat.com,
        mwilck@...e.com, linux-modules@...r.kernel.org,
        linux-kernel@...r.kernel.org, stable@...r.kernel.org,
        Lucas De Marchi <lucas.de.marchi@...il.com>,
        Ben Hutchings <benh@...ian.org>,
        Adam Manzanares <a.manzanares@...sung.com>
Subject: Re: [PATCH v2] module: Don't wait for GOING modules

On Thu, Mar 23, 2023 at 11:03:21PM -0700, Lucas De Marchi wrote:
> On Thu, Mar 23, 2023 at 08:08:49AM -0700, Luis Chamberlain wrote:
> > On Thu, Mar 23, 2023 at 8:02 AM Lucas De Marchi
> > <lucas.demarchi@...el.com> wrote:
> > > 
> > > On Wed, Mar 22, 2023 at 03:31:59PM -0700, Luis Chamberlain wrote:
> > > >On Sat, Mar 11, 2023 at 10:25:05PM -0800, Lucas De Marchi wrote:
> > > >> On Sat, Jan 21, 2023 at 02:40:20PM -0800, Luis Chamberlain wrote:
> > > >> > On Thu, Jan 19, 2023 at 04:58:53PM -0800, Luis Chamberlain wrote:
> > > >> > > On Thu, Jan 19, 2023 at 04:51:27PM -0800, Luis Chamberlain wrote:
> > > >> > > > On Thu, Jan 19, 2023 at 04:47:05PM +0100, Petr Mladek wrote:
> > > >> > > > > Yes, the -EINVAL error is strange. It is returned also in
> > > >> > > > > kernel/module/main.c on few locations. But neither of them
> > > >> > > > > looks like a good candidate.
> > > >> > > >
> > > >> > > > OK I updated to next-20230119 and I don't see the issue now.
> > > >> > > > Odd. It could have been an issue with next-20221207 which I was
> > > >> > > > on before.
> > > >> > > >
> > > >> > > > I'll run some more test and if nothing fails I'll send the fix
> > > >> > > > to Linux for rc5.
> > > >> > >
> > > >> > > Jeesh it just occured to me the difference, which I'll have to
> > > >> > > test next, for next-20221207 I had enabled module compression
> > > >> > > on kdevops with zstd.
> > > >> > >
> > > >> > > You can see the issues on kdevops git log with that... and I finally
> > > >> > > disabled it and the kmod test issue is gone. So it could be that
> > > >> > > but I just am ending my day so will check tomorrow if that was it.
> > > >> > > But if someone else beats me then great.
> > > >> > >
> > > >> > > With kdevops it should be a matter of just enabling zstd as I
> > > >> > > just bumped support for next-20230119 and that has module decompression
> > > >> > > disabled.
> > > >> >
> > > >> > So indeed, my suspcions were correct. There is one bug with
> > > >> > compression on debian:
> > > >> >
> > > >> > - gzip compressed modules don't end up in the initramfs
> > > >> >
> > > >> > There is a generic upstream kmod bug:
> > > >> >
> > > >> >  - modprobe --show-depends won't grok compressed modules so initramfs
> > > >> >    tools that use this as Debian likely are not getting module dependencies
> > > >> >    installed in their initramfs
> > > >>
> > > >> are you sure you have the relevant compression setting enabled
> > > >> in kmod?
> > > >>
> > > >> $ kmod --version
> > > >> kmod version 30
> > > >> +ZSTD +XZ +ZLIB +LIBCRYPTO -EXPERIMENTAL
> > > >
> > > >Debian has:
> > > >
> > > >kmod version 30
> > > >+ZSTD +XZ -ZLIB +LIBCRYPTO -EXPERIMENTAL
> > > 
> > >            ^ so... mind the minus :). It doesn't support zlib.
> > > 
> > > Change your kernel config to either compress the modules as xz or zstd.
> > 
> > Oh so then we should complain about these things if an initramfs is
> > detected with modules compressed using a compression algorithm which
> > modprobe installed does not support. What tool would do that?
> 
> I guess we could add that in depmod side as a dummy handler for when
> that config is off. Thoughts?

That sounds like a good solution, better than and complain before
allowing someone to boot and *not* be able to.

  Luis

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ