lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 8 Jan 2024 18:46:10 +0000
From: Dimitri John Ledkov <dimitri.ledkov@...onical.com>
To: "Russell King (Oracle)" <linux@...linux.org.uk>
Cc: linux-kernel@...r.kernel.org
Subject: Re: [BUG] SHA-3 causes kmod 28 to segfault

On Mon, 8 Jan 2024 at 18:30, Russell King (Oracle)
<linux@...linux.org.uk> wrote:
>
> On Mon, Jan 08, 2024 at 06:14:17PM +0000, Dimitri John Ledkov wrote:
> > Hi,
> >
> > On Mon, 8 Jan 2024 at 16:38, Russell King (Oracle)
> > <linux@...linux.org.uk> wrote:
> > >
> > > Hi,
> > >
> > > When building 6.7 under Debian Oldstable with kmod 28, the installation
> > > of modules fails during depmod with a SEGV.
> > >
> >
> > What is your kernel configuration, and I hope you make config choices
> > compatible with your target host OS.
>
> "target host OS" - that's a total misnomer. "host" is generally what
> you're building under. "target" is generally what you're building _for_.
> So I don't fully understand your comment. Maybe you meant "target _and_
> host" ?

the kernel configuration you use, should target the operating system
you are planning to use the given kernel on.
using bleeding edge kernel features, with an obsolete userspace often
can have compatibility issues.

>
> > > Running under gdb:
> > >
> > > Program received signal SIGSEGV, Segmentation fault.
> > > __strlen_sse2 () at ../sysdeps/x86_64/multiarch/strlen-vec.S:133
> > >
> > > I have no further information as I can't remember how to get the debug
> > > info for packages under Debian - and even if I could, it's probably a
> > > bug in the kmod package that Debian will have absolutely no interest in
> > > fixing (based on previous experience reporting bugs to Debian.)
> >
> > For latest kernel and latest kernel features support in kmod, latest
> > kmod is required. I.e. patched with
> > https://github.com/kmod-project/kmod/commit/510c8b7f7455c6613dd1706e5e41ec7b09cf6703
>
> Would be nice if there was some documentation. Also, as kconfig provides
> a mechanism to detect e.g. the version of tooling used to build the
> kernel, it would've been nice to detect whether depmod was sufficiently
> recent to support SHA3 and make the module signing SHA3 options depend
> on that.
>
> Leaving this to a SEGV to indicate that something is wrong isn't user
> friendly.
>

There is no ability to detect runtime kmod at build time, given the
two are usually often not the same.

Can you please provide your config?
Can you please explain how you chose it?
As both oldconfig, and menuconfig should have offered you
MODULE_SIG_SHA256 as the default choice, if you chose to enable
automatic module signing with an ephemeral key.
Please note that SHA256 is recommended and sufficient through 2030 and
beyond, as of now.

If you want to use SHA3, SM3, or GOST you need to have appropriate
builds of openssl and kmod to support those.

-- 
Dimitri

Sent from Ubuntu Pro
https://ubuntu.com/pro

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ