Update fixes for exported symbol versions

Linus has re-enable CONFIG_MODVERSIONS, but also weakened the version matching. Apply his match but then revert the weakening. Also add a proposed fix for missing version CRCs, which gives them a default value of zero. Since buildcheck.py now checks for this, we should detect all unversioned symbols at build time.
2016-12-02 23:13:17 +00:00 · 2016-12-02 23:13:17 +00:00 · 2431e89ed3
parent 8789780466
commit 2431e89ed3
6 changed files with 118 additions and 62 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -16,7 +16,9 @@ linux (4.9~rc7-1~exp1) UNRELEASED; urgency=medium
    - [x86] kbuild: enable modversions for symbols exported from assembly
    - [powerpc] Remove Mac-on-Linux hooks
    - [powerpc*] Fix missing CRCs, add yet more asm-prototypes.h declarations
-    - Revert "Fix subtle CONFIG_MODVERSIONS problems"
+    - Re-enable CONFIG_MODVERSIONS in a slightly weaker form
+    - default exported asm symbols to zero
+    - module: Disable matching missing version CRC
  * debian/bin/buildcheck.py: Add check for symbols with version CRC of 0

 -- Uwe Kleine-König <ukleinek@debian.org>  Thu, 17 Nov 2016 09:55:16 +0100
--- a/debian/patches/bugfix/all/default-exported-asm-symbols-to-zero.patch
+++ b/debian/patches/bugfix/all/default-exported-asm-symbols-to-zero.patch
@ -0,0 +1,32 @@
+From: Arnd Bergmann <arnd@arndb.de>
+Date: Fri, 02 Dec 2016 13:40:27 +0100
+Subject: default exported asm symbols to zero
+Origin: https://lkml.kernel.org/r/8452191.39CeLIHTBT@wuerfel
+
+With binutils-2.16 and before, a weak missing symbol was kept during the
+final link, and a missing CRC for an export would lead to that CRC
+being treated as zero implicitly. With binutils-2.17, the crc
+symbol gets dropped, and any module trying to use it will fail to
+load.
+
+This sets the weak CRC symbol to zero explicitly, making it defined
+in vmlinux, which in turn lets us load the modules referring to
+that CRC.
+
+The comment above the __CRC_SYMBOL macro suggests that this was
+always the intention, although it also seems that all symbols
+defined in C have a correct CRC these days, and only the exports
+that are now done in assembly need this.
+
+Signed-off-by: Arnd Bergmann <arnd@arndb.de>
+---
+--- a/include/asm-generic/export.h
+++ b/include/asm-generic/export.h
+@@ -54,6 +54,7 @@ KSYM(__kstrtab_\name):
+ KSYM(__kcrctab_\name):
+ 	__put KSYM(__crc_\name)
+ 	.weak KSYM(__crc_\name)
+	.set KSYM(__crc_\name), 0
+ 	.previous
+ #endif
+ #endif
--- a/debian/patches/bugfix/all/module-disable-matching-missing-version-crc.patch
+++ b/debian/patches/bugfix/all/module-disable-matching-missing-version-crc.patch
@ -0,0 +1,23 @@
+From: Ben Hutchings <ben@decadent.org.uk>
+Date: Fri, 02 Dec 2016 23:06:18 +0000
+Subject: module: Disable matching missing version CRC
+Forwarded: not-needed
+
+This partly reverts commit cd3caefb4663e3811d37cc2afad3cce642d60061.
+We want to fail closed if a symbol version CRC is missing, as the
+alternative may allow subverting module signing.
+---
+--- a/kernel/module.c
+++ b/kernel/module.c
+@@ -1301,9 +1301,8 @@ static int check_version(Elf_Shdr *sechd
+ 		goto bad_version;
+ 	}
+ 
+-	/* Broken toolchain. Warn once, then let it go.. */
+-	pr_warn_once("%s: no symbol version for %s\n", mod->name, symname);
+-	return 1;
+	pr_warn("%s: no symbol version for %s\n", mod->name, symname);
+	return 0;
+ 
+ bad_version:
+ 	pr_warn("%s: disagrees about version of symbol %s\n",
--- a/debian/patches/bugfix/all/re-enable-config_modversions-in-a-slightly-weaker-fo.patch
+++ b/debian/patches/bugfix/all/re-enable-config_modversions-in-a-slightly-weaker-fo.patch
@ -0,0 +1,57 @@
+From: Linus Torvalds <torvalds@linux-foundation.org>
+Date: Tue, 29 Nov 2016 15:20:14 -0800
+Subject: Re-enable CONFIG_MODVERSIONS in a slightly weaker form
+Origin: https://git.kernel.org/linus/faaae2a581435f32781a105dda3501df388fddcb
+
+This enables CONFIG_MODVERSIONS again, but allows for missing symbol CRC
+information in order to work around the issue that newer binutils
+versions seem to occasionally drop the CRC on the floor.  binutils 2.26
+seems to work fine, while binutils 2.27 seems to break MODVERSIONS of
+symbols that have been defined in assembler files.
+
+[ We've had random missing CRC's before - it may be an old problem that
+  just is now reliably triggered with the weak asm symbols and a new
+  version of binutils ]
+
+Some day I really do want to remove MODVERSIONS entirely.  Sadly, today
+does not appear to be that day: Debian people apparently do want the
+option to enable MODVERSIONS to make it easier to have external modules
+across kernel versions, and this seems to be a fairly minimal fix for
+the annoying problem.
+
+Cc: Ben Hutchings <ben@decadent.org.uk>
+Acked-by: Michal Marek <mmarek@suse.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+---
+ init/Kconfig    | 1 -
+ kernel/module.c | 5 +++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/init/Kconfig b/init/Kconfig
+index c4fbc1e55c25..34407f15e6d3 100644
+--- a/init/Kconfig
+++ b/init/Kconfig
+@@ -1945,7 +1945,6 @@ config MODULE_FORCE_UNLOAD
+ 
+ config MODVERSIONS
+ 	bool "Module versioning support"
+-	depends on BROKEN
+ 	help
+ 	  Usually, you have to use modules compiled with your kernel.
+ 	  Saying Y here makes it sometimes possible to use modules
+diff --git a/kernel/module.c b/kernel/module.c
+index f57dd63186e6..0e54d5bf0097 100644
+--- a/kernel/module.c
+++ b/kernel/module.c
+@@ -1301,8 +1301,9 @@ static int check_version(Elf_Shdr *sechdrs,
+ 		goto bad_version;
+ 	}
+ 
+-	pr_warn("%s: no symbol version for %s\n", mod->name, symname);
+-	return 0;
+	/* Broken toolchain. Warn once, then let it go.. */
+	pr_warn_once("%s: no symbol version for %s\n", mod->name, symname);
+	return 1;
+ 
+ bad_version:
+ 	pr_warn("%s: disagrees about version of symbol %s\n",
--- a/debian/patches/bugfix/all/revert-fix-subtle-config_modversions-problems.patch
+++ b/debian/patches/bugfix/all/revert-fix-subtle-config_modversions-problems.patch
@ -1,60 +0,0 @@
-From: Ben Hutchings <ben@decadent.org.uk>
-Date: Fri, 2 Dec 2016 00:07:04 +0000
-Subject: Revert "Fix subtle CONFIG_MODVERSIONS problems"
-
-This reverts commit cd3caefb4663e3811d37cc2afad3cce642d60061.
-
-On Fri, 2016-11-25 at 10:01 -0800, Linus Torvalds wrote:
-[...]
-> > What else do people *actually* use it for? Preventing mismatched modules
-> > when .git version is not attached and release version of the kernel has
-> > not been bumped. Is that it?
-> 
-> It used to be very useful for avoiding loading stale modules and then
-> wasting days on debugging something that wasn't the case when you had
-> forgotten to do "make modules_install". Change some subtle internal
-> ABI issue (add/remove a parameter, whatever) and it would really help.
-> 
-> These days, for me, LOCALVERSION_AUTO and module signing are what I
-> personally tend to use.
->
-> The modversions stuff may just be too painful to bother with. Very few
-> people probably use it, and the ones that do likely don't have any
-> overriding reason why.
-[...]
-
-Debian has some strong reasons:
-
-1. Changing the release string requires any out-of-tree modules to be
-upgraded (at least rebuilt) on end-user systems.  So we try to avoid
-doing that during the lifetime of a stable release, i.e. we don't let
-the release string change.  Also, the release string is reflected in
-package names (e.g. linux-image-4.8.0-1-amd64), and introducing new
-package names requires manual approval by the Debian archive team.
-
-2. We want to allow ABI breaks for "internal" symbols used only by in-
-tree modules, as those breaks will be resolved by rebooting to complete
-the upgrade.  But we need a run-time check to prevent loading an
-incompatible module before the reboot.
-
-3. So far as I can see, module signing doesn't work for a distribution
-kernel with out-of-tree modules as there has to be a trust path from a
-built-in certificate to the module signing certificate.  So signature
-enforcement will have to be disabled on systems that use out-of-tree
-modules, thus it's not a substitute for modversions.
---
- init/Kconfig | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/init/Kconfig b/init/Kconfig
-index c4fbc1e55c25..34407f15e6d3 100644
--- a/init/Kconfig
-+++ b/init/Kconfig
-@@ -1945,7 +1945,6 @@ config MODULE_FORCE_UNLOAD
- 
- config MODVERSIONS
- 	bool "Module versioning support"
-	depends on BROKEN
- 	help
- 	  Usually, you have to use modules compiled with your kernel.
- 	  Saying Y here makes it sometimes possible to use modules
--- a/debian/patches/series
+++ b/debian/patches/series
@ -102,7 +102,9 @@ bugfix/alpha/revert-alpha-move-exports-to-actual-definitions.patch
 bugfix/x86/x86-kbuild-enable-modversions-for-symbols-exported-f.patch
 bugfix/powerpc/powerpc-remove-mac-on-linux-hooks.patch
 bugfix/powerpc/powerpc-fix-missing-crcs-add-yet-more-asm-prototypes.patch
-bugfix/all/revert-fix-subtle-config_modversions-problems.patch
+bugfix/all/re-enable-config_modversions-in-a-slightly-weaker-fo.patch
+bugfix/all/default-exported-asm-symbols-to-zero.patch
+bugfix/all/module-disable-matching-missing-version-crc.patch

 # ABI maintenance