lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20241115083940.GA3971@francesco-nb>
Date: Fri, 15 Nov 2024 09:39:40 +0100
From: Francesco Dolcini <francesco@...cini.it>
To: Greg KH <gregkh@...uxfoundation.org>
Cc: Parth Pancholi <parth105105@...il.com>,
	Masahiro Yamada <masahiroy@...nel.org>,
	Nathan Chancellor <nathan@...nel.org>,
	Nicolas Schier <nicolas@...sle.eu>,
	Parth Pancholi <parth.pancholi@...adex.com>,
	linux-kbuild@...r.kernel.org, linux-kernel@...r.kernel.org,
	stable@...r.kernel.org,
	Francesco Dolcini <francesco.dolcini@...adex.com>
Subject: Re: [PATCH v2] kbuild: switch from lz4c to lz4 for compression

Hello Greg,

On Thu, Nov 14, 2024 at 05:02:01PM +0100, Greg KH wrote:
> On Thu, Nov 14, 2024 at 03:56:44PM +0100, Parth Pancholi wrote:
> > From: Parth Pancholi <parth.pancholi@...adex.com>
> > 
> > Replace lz4c with lz4 for kernel image compression.
> > Although lz4 and lz4c are functionally similar, lz4c has been deprecated
> > upstream since 2018. Since as early as Ubuntu 16.04 and Fedora 25, lz4
> > and lz4c have been packaged together, making it safe to update the
> > requirement from lz4c to lz4.
> > 
> > Consequently, some distributions and build systems, such as OpenEmbedded,
> > have fully transitioned to using lz4. OpenEmbedded core adopted this
> > change in commit fe167e082cbd ("bitbake.conf: require lz4 instead of
> > lz4c"), causing compatibility issues when building the mainline kernel
> > in the latest OpenEmbedded environment, as seen in the errors below.
> > 
> > This change also updates the LZ4 compression commands to make it backward
> > compatible by replacing stdin and stdout with the '-' option, due to some
> > unclear reason, the stdout keyword does not work for lz4 and '-' works for
> > both. In addition, this modifies the legacy '-c1' with '-9' which is also
> > compatible with both. This fixes the mainline kernel build failures with
> > the latest master OpenEmbedded builds associated with the mentioned
> > compatibility issues.
> > 
> > LZ4     arch/arm/boot/compressed/piggy_data
> > /bin/sh: 1: lz4c: not found
> > ...
> > ...
> > ERROR: oe_runmake failed
> > 
> > Cc: stable@...r.kernel.org
> 
> What bug does this resolve that it needs to be backported to stable
> kernels?

This is not solving any existing actual bug, and therefore there is no
fixes tag.

The issue here is that the kernel build system is using lz4c, that is
deprecated since 2018, and now distributions are actively moving away from it. 

openSUSE Tumbleweed and OE already removed it, so you would not be able
to compile a stable kernel on such distribution when using lz4 unless we
backport such a patch.

Everything should be properly documented in the commit message already.

My understanding is that something like that would be a reason for
backporting to stable, if my understanding is not correct we'll remove
the cc:stable and send a v3.

Francesco

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ