Received: by 2002:a05:7412:e794:b0:fa:551:50a7 with SMTP id o20csp255716rdd; Tue, 9 Jan 2024 03:15:22 -0800 (PST) X-Google-Smtp-Source: AGHT+IEy9Uipu+ZtKiiwxf1QP7t7yxbYLC/gdpX+DBrSvFU7O2TQSPo8Cq00FUI9U0wW1BrNRh4j X-Received: by 2002:a50:d641:0:b0:557:f34:8b9b with SMTP id c1-20020a50d641000000b005570f348b9bmr2794067edj.9.1704798922689; Tue, 09 Jan 2024 03:15:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704798922; cv=none; d=google.com; s=arc-20160816; b=l9OjKGFb822Y1ISL1SkDI0pNW2r5CbyFwvvTfDCHRv60wwDQfC50pa0Vp34aAPP57K iTd4zIf/v4tnvraQXotumUnudn3oliK8nKzSQzrU6poFuqPgd6SVytCy5yk8a3BYQlIx BD4zJov6ktnQJVoOiXaNwpW1hPJyiMoB7WxLHA6qF9VXaIyIIf5dA459snX0ohm/Cj1M VDP0WUR+FnuSR6aB1FQeX7BRdADCcOMzIZ00GMtCmMJHG/fS0NOWhA/yg54tH7BMMPYW +7qBt7N3SZSevymTaHSdscnwytI1kWgtz1xgOp2E38lXqex/dXZB2q0bXHuLsE9asOVK xyKg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:in-reply-to:content-disposition:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:references :message-id:subject:cc:to:from:date:dkim-signature; bh=YgH27PJPgVjPvzpAXcrJ8iE0CTLGfA4M+6RNDqk9FxE=; fh=FmWSlTVF62icT/JTJMGDrq25pMHfteYqteMf7QBfRJ4=; b=An9wpjCF0bkQwubzEkMn/l63gsNAFq423k6JXODp80+nhHzpdqlvCsUouHEuB2TOOY aAtPU/4xFB7Dg3+E7Ptccz0AC726G51Xuyy+vGcqGgkf5+S4eafreOTUJmzb44YCMUTG orn0iPq5B7qbaYrw5CRX3gsVu6dol5fKmaV9vcN86HinI/8AHadyFZEjwNyNAqv7rGPD Jen6AjJ+AY8IuRwlTZb90rwzsYcILeI6veHXkqRylgDTUsQZ+qPanUG77c2hEQVhSwMt D+AQ1j/FNcjQ8WNbSaZuC82F7r2IztFOUeLvWUFXZLJ99SYf7B4mURY8Dmrcowr2EDO8 L4Pw== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail (test mode) header.i=@armlinux.org.uk header.s=pandora-2019 header.b=IOD3nAGD; spf=pass (google.com: domain of linux-kernel+bounces-20753-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-20753-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=armlinux.org.uk Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id u30-20020a50d51e000000b00558207a051bsi172422edi.317.2024.01.09.03.15.22 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Jan 2024 03:15:22 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-20753-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=fail (test mode) header.i=@armlinux.org.uk header.s=pandora-2019 header.b=IOD3nAGD; spf=pass (google.com: domain of linux-kernel+bounces-20753-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-20753-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=armlinux.org.uk Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 1EE221F23BA3 for ; Tue, 9 Jan 2024 11:15:22 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 2CBAE36B04; Tue, 9 Jan 2024 11:15:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=armlinux.org.uk header.i=@armlinux.org.uk header.b="IOD3nAGD" Received: from pandora.armlinux.org.uk (pandora.armlinux.org.uk [78.32.30.218]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 196B7360AE; Tue, 9 Jan 2024 11:15:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=armlinux.org.uk Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=armlinux.org.uk DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=armlinux.org.uk; s=pandora-2019; h=Sender:In-Reply-To:Content-Type: MIME-Version:References:Message-ID:Subject:Cc:To:From:Date:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=YgH27PJPgVjPvzpAXcrJ8iE0CTLGfA4M+6RNDqk9FxE=; b=IOD3nAGD3kWZCAgxZzkOarLMzA DZSscrMGoZz93KzLylaxCO3jWJJ+ydw60B0KlSR5jVi7qZkmHTwsDEM4nwNaoAKAMWNmAsN8n5Wy4 SN5JAldFXK/iQ+urMekl7mPlBAS4G+cU+G53eRsbUlMiz6QlYY6hanssYZNpQPcHCnnaxGIQfmoHe fjwa58gtGR+lhzaLQtzvH4xnFnq3PWBTGIsamqjqracsw6QXEm9w/BOssMuAQcQUw1Nj/X7w3jclE JUCbhMnpoebso2SdXMWFfjABkTfrvtPTMSoO9OMSW210fCyj5Bf68aeQ57LhKzm3oGeOb9+gro+MV orNMh02Q==; Received: from shell.armlinux.org.uk ([fd8f:7570:feb6:1:5054:ff:fe00:4ec]:37474) by pandora.armlinux.org.uk with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1rNA4X-00041C-1Y; Tue, 09 Jan 2024 11:15:05 +0000 Received: from linux by shell.armlinux.org.uk with local (Exim 4.94.2) (envelope-from ) id 1rNA4a-0004E8-51; Tue, 09 Jan 2024 11:15:08 +0000 Date: Tue, 9 Jan 2024 11:15:08 +0000 From: "Russell King (Oracle)" To: Dimitri John Ledkov , Masahiro Yamada Cc: linux-kernel@vger.kernel.org, linux-kbuild@vger.kernel.org Subject: Re: [BUG] SHA-3 causes kmod 28 to segfault Message-ID: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Sender: Russell King (Oracle) On Mon, Jan 08, 2024 at 10:09:49PM +0000, Russell King (Oracle) wrote: > On Mon, Jan 08, 2024 at 06:46:10PM +0000, Dimitri John Ledkov wrote: > > On Mon, 8 Jan 2024 at 18:30, Russell King (Oracle) > > wrote: > > > > > > On Mon, Jan 08, 2024 at 06:14:17PM +0000, Dimitri John Ledkov wrote: > > > > Hi, > > > > > > > > On Mon, 8 Jan 2024 at 16:38, Russell King (Oracle) > > > > wrote: > > > > > > > > > > Hi, > > > > > > > > > > When building 6.7 under Debian Oldstable with kmod 28, the installation > > > > > of modules fails during depmod with a SEGV. > > > > > > > > > > > > > What is your kernel configuration, and I hope you make config choices > > > > compatible with your target host OS. > > > > > > "target host OS" - that's a total misnomer. "host" is generally what > > > you're building under. "target" is generally what you're building _for_. > > > So I don't fully understand your comment. Maybe you meant "target _and_ > > > host" ? > > > > the kernel configuration you use, should target the operating system > > you are planning to use the given kernel on. > > Thank you for stating the damn obvious. I've been developing Linux > kernels for 30 years, I think I know this. > > > using bleeding edge kernel features, with an obsolete userspace often > > can have compatibility issues. > > You're still not being clear. I wonder whether you understand the > terms "target" and "host". > > > > > > Running under gdb: > > > > > > > > > > Program received signal SIGSEGV, Segmentation fault. > > > > > __strlen_sse2 () at ../sysdeps/x86_64/multiarch/strlen-vec.S:133 > > > > > > > > > > I have no further information as I can't remember how to get the debug > > > > > info for packages under Debian - and even if I could, it's probably a > > > > > bug in the kmod package that Debian will have absolutely no interest in > > > > > fixing (based on previous experience reporting bugs to Debian.) > > > > > > > > For latest kernel and latest kernel features support in kmod, latest > > > > kmod is required. I.e. patched with > > > > https://github.com/kmod-project/kmod/commit/510c8b7f7455c6613dd1706e5e41ec7b09cf6703 > > > > > > Would be nice if there was some documentation. Also, as kconfig provides > > > a mechanism to detect e.g. the version of tooling used to build the > > > kernel, it would've been nice to detect whether depmod was sufficiently > > > recent to support SHA3 and make the module signing SHA3 options depend > > > on that. > > > > > > Leaving this to a SEGV to indicate that something is wrong isn't user > > > friendly. > > > > > > > There is no ability to detect runtime kmod at build time, given the > > two are usually often not the same. > > Again, you CLEARLY don't understand the problem. I am *NOT* reporting > a problem on the target. I am reporting a problem on the *build* > *host*. > > > Can you please provide your config? > > Can you please explain how you chose it? > > No, because it's totally irrelevant to the problem I'm reporting. > > What I'm reporting to you is that _IF_ you build a kernel with the > SHA3 modsigning options on a HOST that has kmod 28, then depmod > SEGVs when _INSTALLING_ the modules to a directory on the _HOST_. > > This has *nothing* to do with the capabilities of the _TARGET_. > Whether the configuration matches the capabilities of the _TARGET_ > is *totally* irrelevant at _this_ stage. In fact, with the _HOST_ > depmod segfaulting, one can't complete the installation process > to even _think_ about transferring it to the _TARGET_. Here's a patch that checks the version of depmod on the _build_ _host_, preventing the use of the SHA3 module signing if it isn't recent enough, which causes make modules_install INSTALL_MOD_PATH=/foo/bar/bzz run on the _build_ _host_ to fail with a segfault. diff --git a/kernel/module/Kconfig b/kernel/module/Kconfig index 0ea1b2970a23..d2ba454026a9 100644 --- a/kernel/module/Kconfig +++ b/kernel/module/Kconfig @@ -223,6 +223,11 @@ config MODULE_SIG_ALL Sign all modules during make modules_install. Without this option, modules must be signed manually, using the scripts/sign-file tool. +config DEPMOD_VERSION + int + default $(depmod-version) + default 0 + comment "Do not forget to sign required modules with scripts/sign-file" depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL @@ -250,14 +255,17 @@ config MODULE_SIG_SHA512 config MODULE_SIG_SHA3_256 bool "Sign modules with SHA3-256" + depends on DEPMOD_VERSION > 28 select CRYPTO_SHA3 config MODULE_SIG_SHA3_384 bool "Sign modules with SHA3-384" + depends on DEPMOD_VERSION > 28 select CRYPTO_SHA3 config MODULE_SIG_SHA3_512 bool "Sign modules with SHA3-512" + depends on DEPMOD_VERSION > 28 select CRYPTO_SHA3 endchoice diff --git a/scripts/Kconfig.include b/scripts/Kconfig.include index 5a84b6443875..052f581c86da 100644 --- a/scripts/Kconfig.include +++ b/scripts/Kconfig.include @@ -63,3 +63,6 @@ ld-version := $(shell,set -- $(ld-info) && echo $2) cc-option-bit = $(if-success,$(CC) -Werror $(1) -E -x c /dev/null -o /dev/null,$(1)) m32-flag := $(cc-option-bit,-m32) m64-flag := $(cc-option-bit,-m64) + +# depmod version +depmod-version := $(shell,$(srctree)/scripts/depmod-version.sh) diff --git a/scripts/depmod-version.sh b/scripts/depmod-version.sh new file mode 100755 index 000000000000..32a8a6f6b737 --- /dev/null +++ b/scripts/depmod-version.sh @@ -0,0 +1,11 @@ +#!/bin/sh +# SPDX-License-Identifier: GPL-2.0 + +set -e + +: ${DEPMOD:=depmod} + +# legacy behavior: "depmod" in /sbin, no /sbin in PATH +PATH="$PATH:/sbin" + +LC_ALL=C "$DEPMOD" --version | sed -n '1s/kmod version //p' -- RMK's Patch system: https://www.armlinux.org.uk/developer/patches/ FTTP is here! 80Mbps down 10Mbps up. Decent connectivity at last!