Update fixes for exported symbol versions
Linus has re-enable CONFIG_MODVERSIONS, but also weakened the version matching. Apply his match but then revert the weakening. Also add a proposed fix for missing version CRCs, which gives them a default value of zero. Since buildcheck.py now checks for this, we should detect all unversioned symbols at build time.
This commit is contained in:
parent
8789780466
commit
2431e89ed3
|
@ -16,7 +16,9 @@ linux (4.9~rc7-1~exp1) UNRELEASED; urgency=medium
|
|||
- [x86] kbuild: enable modversions for symbols exported from assembly
|
||||
- [powerpc] Remove Mac-on-Linux hooks
|
||||
- [powerpc*] Fix missing CRCs, add yet more asm-prototypes.h declarations
|
||||
- Revert "Fix subtle CONFIG_MODVERSIONS problems"
|
||||
- Re-enable CONFIG_MODVERSIONS in a slightly weaker form
|
||||
- default exported asm symbols to zero
|
||||
- module: Disable matching missing version CRC
|
||||
* debian/bin/buildcheck.py: Add check for symbols with version CRC of 0
|
||||
|
||||
-- Uwe Kleine-König <ukleinek@debian.org> Thu, 17 Nov 2016 09:55:16 +0100
|
||||
|
|
|
@ -0,0 +1,32 @@
|
|||
From: Arnd Bergmann <arnd@arndb.de>
|
||||
Date: Fri, 02 Dec 2016 13:40:27 +0100
|
||||
Subject: default exported asm symbols to zero
|
||||
Origin: https://lkml.kernel.org/r/8452191.39CeLIHTBT@wuerfel
|
||||
|
||||
With binutils-2.16 and before, a weak missing symbol was kept during the
|
||||
final link, and a missing CRC for an export would lead to that CRC
|
||||
being treated as zero implicitly. With binutils-2.17, the crc
|
||||
symbol gets dropped, and any module trying to use it will fail to
|
||||
load.
|
||||
|
||||
This sets the weak CRC symbol to zero explicitly, making it defined
|
||||
in vmlinux, which in turn lets us load the modules referring to
|
||||
that CRC.
|
||||
|
||||
The comment above the __CRC_SYMBOL macro suggests that this was
|
||||
always the intention, although it also seems that all symbols
|
||||
defined in C have a correct CRC these days, and only the exports
|
||||
that are now done in assembly need this.
|
||||
|
||||
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
|
||||
---
|
||||
--- a/include/asm-generic/export.h
|
||||
+++ b/include/asm-generic/export.h
|
||||
@@ -54,6 +54,7 @@ KSYM(__kstrtab_\name):
|
||||
KSYM(__kcrctab_\name):
|
||||
__put KSYM(__crc_\name)
|
||||
.weak KSYM(__crc_\name)
|
||||
+ .set KSYM(__crc_\name), 0
|
||||
.previous
|
||||
#endif
|
||||
#endif
|
|
@ -0,0 +1,23 @@
|
|||
From: Ben Hutchings <ben@decadent.org.uk>
|
||||
Date: Fri, 02 Dec 2016 23:06:18 +0000
|
||||
Subject: module: Disable matching missing version CRC
|
||||
Forwarded: not-needed
|
||||
|
||||
This partly reverts commit cd3caefb4663e3811d37cc2afad3cce642d60061.
|
||||
We want to fail closed if a symbol version CRC is missing, as the
|
||||
alternative may allow subverting module signing.
|
||||
---
|
||||
--- a/kernel/module.c
|
||||
+++ b/kernel/module.c
|
||||
@@ -1301,9 +1301,8 @@ static int check_version(Elf_Shdr *sechd
|
||||
goto bad_version;
|
||||
}
|
||||
|
||||
- /* Broken toolchain. Warn once, then let it go.. */
|
||||
- pr_warn_once("%s: no symbol version for %s\n", mod->name, symname);
|
||||
- return 1;
|
||||
+ pr_warn("%s: no symbol version for %s\n", mod->name, symname);
|
||||
+ return 0;
|
||||
|
||||
bad_version:
|
||||
pr_warn("%s: disagrees about version of symbol %s\n",
|
57
debian/patches/bugfix/all/re-enable-config_modversions-in-a-slightly-weaker-fo.patch
vendored
Normal file
57
debian/patches/bugfix/all/re-enable-config_modversions-in-a-slightly-weaker-fo.patch
vendored
Normal file
|
@ -0,0 +1,57 @@
|
|||
From: Linus Torvalds <torvalds@linux-foundation.org>
|
||||
Date: Tue, 29 Nov 2016 15:20:14 -0800
|
||||
Subject: Re-enable CONFIG_MODVERSIONS in a slightly weaker form
|
||||
Origin: https://git.kernel.org/linus/faaae2a581435f32781a105dda3501df388fddcb
|
||||
|
||||
This enables CONFIG_MODVERSIONS again, but allows for missing symbol CRC
|
||||
information in order to work around the issue that newer binutils
|
||||
versions seem to occasionally drop the CRC on the floor. binutils 2.26
|
||||
seems to work fine, while binutils 2.27 seems to break MODVERSIONS of
|
||||
symbols that have been defined in assembler files.
|
||||
|
||||
[ We've had random missing CRC's before - it may be an old problem that
|
||||
just is now reliably triggered with the weak asm symbols and a new
|
||||
version of binutils ]
|
||||
|
||||
Some day I really do want to remove MODVERSIONS entirely. Sadly, today
|
||||
does not appear to be that day: Debian people apparently do want the
|
||||
option to enable MODVERSIONS to make it easier to have external modules
|
||||
across kernel versions, and this seems to be a fairly minimal fix for
|
||||
the annoying problem.
|
||||
|
||||
Cc: Ben Hutchings <ben@decadent.org.uk>
|
||||
Acked-by: Michal Marek <mmarek@suse.com>
|
||||
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
||||
---
|
||||
init/Kconfig | 1 -
|
||||
kernel/module.c | 5 +++--
|
||||
2 files changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/init/Kconfig b/init/Kconfig
|
||||
index c4fbc1e55c25..34407f15e6d3 100644
|
||||
--- a/init/Kconfig
|
||||
+++ b/init/Kconfig
|
||||
@@ -1945,7 +1945,6 @@ config MODULE_FORCE_UNLOAD
|
||||
|
||||
config MODVERSIONS
|
||||
bool "Module versioning support"
|
||||
- depends on BROKEN
|
||||
help
|
||||
Usually, you have to use modules compiled with your kernel.
|
||||
Saying Y here makes it sometimes possible to use modules
|
||||
diff --git a/kernel/module.c b/kernel/module.c
|
||||
index f57dd63186e6..0e54d5bf0097 100644
|
||||
--- a/kernel/module.c
|
||||
+++ b/kernel/module.c
|
||||
@@ -1301,8 +1301,9 @@ static int check_version(Elf_Shdr *sechdrs,
|
||||
goto bad_version;
|
||||
}
|
||||
|
||||
- pr_warn("%s: no symbol version for %s\n", mod->name, symname);
|
||||
- return 0;
|
||||
+ /* Broken toolchain. Warn once, then let it go.. */
|
||||
+ pr_warn_once("%s: no symbol version for %s\n", mod->name, symname);
|
||||
+ return 1;
|
||||
|
||||
bad_version:
|
||||
pr_warn("%s: disagrees about version of symbol %s\n",
|
|
@ -1,60 +0,0 @@
|
|||
From: Ben Hutchings <ben@decadent.org.uk>
|
||||
Date: Fri, 2 Dec 2016 00:07:04 +0000
|
||||
Subject: Revert "Fix subtle CONFIG_MODVERSIONS problems"
|
||||
|
||||
This reverts commit cd3caefb4663e3811d37cc2afad3cce642d60061.
|
||||
|
||||
On Fri, 2016-11-25 at 10:01 -0800, Linus Torvalds wrote:
|
||||
[...]
|
||||
> > What else do people *actually* use it for? Preventing mismatched modules
|
||||
> > when .git version is not attached and release version of the kernel has
|
||||
> > not been bumped. Is that it?
|
||||
>
|
||||
> It used to be very useful for avoiding loading stale modules and then
|
||||
> wasting days on debugging something that wasn't the case when you had
|
||||
> forgotten to do "make modules_install". Change some subtle internal
|
||||
> ABI issue (add/remove a parameter, whatever) and it would really help.
|
||||
>
|
||||
> These days, for me, LOCALVERSION_AUTO and module signing are what I
|
||||
> personally tend to use.
|
||||
>
|
||||
> The modversions stuff may just be too painful to bother with. Very few
|
||||
> people probably use it, and the ones that do likely don't have any
|
||||
> overriding reason why.
|
||||
[...]
|
||||
|
||||
Debian has some strong reasons:
|
||||
|
||||
1. Changing the release string requires any out-of-tree modules to be
|
||||
upgraded (at least rebuilt) on end-user systems. So we try to avoid
|
||||
doing that during the lifetime of a stable release, i.e. we don't let
|
||||
the release string change. Also, the release string is reflected in
|
||||
package names (e.g. linux-image-4.8.0-1-amd64), and introducing new
|
||||
package names requires manual approval by the Debian archive team.
|
||||
|
||||
2. We want to allow ABI breaks for "internal" symbols used only by in-
|
||||
tree modules, as those breaks will be resolved by rebooting to complete
|
||||
the upgrade. But we need a run-time check to prevent loading an
|
||||
incompatible module before the reboot.
|
||||
|
||||
3. So far as I can see, module signing doesn't work for a distribution
|
||||
kernel with out-of-tree modules as there has to be a trust path from a
|
||||
built-in certificate to the module signing certificate. So signature
|
||||
enforcement will have to be disabled on systems that use out-of-tree
|
||||
modules, thus it's not a substitute for modversions.
|
||||
---
|
||||
init/Kconfig | 1 -
|
||||
1 file changed, 1 deletion(-)
|
||||
|
||||
diff --git a/init/Kconfig b/init/Kconfig
|
||||
index c4fbc1e55c25..34407f15e6d3 100644
|
||||
--- a/init/Kconfig
|
||||
+++ b/init/Kconfig
|
||||
@@ -1945,7 +1945,6 @@ config MODULE_FORCE_UNLOAD
|
||||
|
||||
config MODVERSIONS
|
||||
bool "Module versioning support"
|
||||
- depends on BROKEN
|
||||
help
|
||||
Usually, you have to use modules compiled with your kernel.
|
||||
Saying Y here makes it sometimes possible to use modules
|
|
@ -102,7 +102,9 @@ bugfix/alpha/revert-alpha-move-exports-to-actual-definitions.patch
|
|||
bugfix/x86/x86-kbuild-enable-modversions-for-symbols-exported-f.patch
|
||||
bugfix/powerpc/powerpc-remove-mac-on-linux-hooks.patch
|
||||
bugfix/powerpc/powerpc-fix-missing-crcs-add-yet-more-asm-prototypes.patch
|
||||
bugfix/all/revert-fix-subtle-config_modversions-problems.patch
|
||||
bugfix/all/re-enable-config_modversions-in-a-slightly-weaker-fo.patch
|
||||
bugfix/all/default-exported-asm-symbols-to-zero.patch
|
||||
bugfix/all/module-disable-matching-missing-version-crc.patch
|
||||
|
||||
# ABI maintenance
|
||||
|
||||
|
|
Loading…
Reference in New Issue