Bug 959090

Summary: kernel-vanilla-devel refers to patched kernel-devel
Product: [openSUSE] openSUSE Tumbleweed Reporter: Sebastian Herbszt <sebastian.herbszt>
Component: KernelAssignee: Michal Marek <mmarek>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: mmarek, tiwai
Version: Current   
Target Milestone: ---   
Hardware: x86-64   
OS: openSUSE 12.3   
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Sebastian Herbszt 2015-12-14 22:43:51 UTC
Loading the following module results in a warning on 4.4.0-rc4-1.g923c13b-vanilla but not on 4.4.0-rc4-1.g923c13b-default.

[   62.421172] init_module()
[   62.421187] ------------[ cut here ]------------
[   62.421202] WARNING: CPU: 0 PID: 1939 at ../kernel/module.c:1124 module_put+0xac/0xc0()
[   62.421205] Modules linked in: h(O) xfs libcrc32c dm_mod irda crc_ccitt sr_mod cdrom ata_generic vmw_balloon ppdev joydev floppy e1000 pcspkr 8250_fintek fjes parport_pc parport ata_piix shpchp i2c_piix4 acpi_cpufreq vmw_vmci battery mptctl ac tpm_tis tpm button sg vmwgfx mptspi mptscsih mptbase scsi_transport_spi ttm drm_kms_helper drm fb_sys_fops sysimgblt sysfillrect syscopyarea scsi_dh_alua scsi_dh_emc scsi_dh_rdac scsi_dh_hp_sw
[   62.421267] CPU: 0 PID: 1939 Comm: insmod Tainted: G           O    4.4.0-rc4-1.g923c13b-vanilla #1
[   62.421272] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/02/2012
[   62.421276]  ffffffff81a5cee9 ffff88003721fcc8 ffffffff8137ada9 0000000000000000
[   62.421283]  ffff88003721fd00 ffffffff8107c1f2 ffffffffa0289000 ffffffffa0289000
[   62.421288]  ffff880037219600 0000000000000001 ffffffffa0289000 ffff88003721fd10
[   62.421293] Call Trace:
[   62.421309]  [<ffffffff8137ada9>] dump_stack+0x4b/0x72
[   62.421320]  [<ffffffff8107c1f2>] warn_slowpath_common+0x82/0xc0
[   62.421328]  [<ffffffff8107c2ea>] warn_slowpath_null+0x1a/0x20
[   62.421334]  [<ffffffff810fd52c>] module_put+0xac/0xc0
[   62.421345]  [<ffffffff811810d7>] do_init_module+0xd5/0x1e5
[   62.421352]  [<ffffffff81101f99>] load_module+0x15d9/0x1b30
[   62.421359]  [<ffffffff810fe190>] ? __symbol_put+0x50/0x50
[   62.421369]  [<ffffffff81102615>] SyS_init_module+0x125/0x160
[   62.421380]  [<ffffffff816a4db6>] entry_SYSCALL_64_fastpath+0x16/0x75
[   62.421385] ---[ end trace 5e2217ea63923545 ]---

#include <linux/module.h>
#include <linux/kernel.h>

int init_module(void)
        printk(KERN_INFO "init_module()\n");
        return 0;

void cleanup_module(void)
        printk(KERN_INFO "cleanup_module()\n");

Comment 1 Takashi Iwai 2015-12-16 07:33:14 UTC
I could reproduce this on KVM.

I thought it's easy to spot out, but I seem wrong.  When I build the kernel locally with the same config, this problem doesn't appear.  So it's something sneaked in package level, a quite subtle difference.
Comment 2 Takashi Iwai 2015-12-17 15:26:45 UTC
It looks even more weird.  Something odd happens at compiling the test module.

On a working kernel module, init_module and cleanup_module are at offset 180 and 338, respectively:
% readelf --all sg.ko
Relocation section '.rela.gnu.linkonce.this_module' at offset 0x10e38 contains 2 entries:
  Offset          Info           Type           Sym. Value    Sym. Name + Addend
000000000180  00a100000001 R_X86_64_64       0000000000000000 init_module + 0
000000000338  009700000001 R_X86_64_64       0000000000000000 cleanup_module + 0

Meanwhile the broken test module has a wrong offset for exit_module 340:
% readelf --all foo.ko
Relocation section '.rela.gnu.linkonce.this_module' at offset 0xc80 contains 2 entries:
  Offset          Info           Type           Sym. Value    Sym. Name + Addend
000000000180  001900000001 R_X86_64_64       0000000000000000 init_module + 0
000000000340  001700000001 R_X86_64_64       0000000000000060 cleanup_module + 0

And, the offset 0x340 is conflicting with the original refcnt field (next to exit) in struct module.  Thus the refcnt is overwritten in apply_relocations(), which leads to a negative value, and triggers this bug.
Comment 3 Takashi Iwai 2015-12-17 15:43:11 UTC
OK, now I figured out.  It's unwind_info field that is added by patches.suse/stack-unwind.  That is, struct module is incompatible between vanilla and default due to this.   And, kernel-vanilla-devel refers to kernel-devel that is used commonly by all flavors and built from patched tree.

So, as of now, external module build for vanilla kernel is screwed up utterly.
Michal, shouldn't we have kernel-devel-vanilla independently from other flavors?
Comment 4 Michal Marek 2015-12-17 16:51:27 UTC
Thanks for debugging this. There are actually more things to be fixed:

/lib/modules/*-vanilla/source needs to point to the vanilla source tree
/usr/src/linux-obj/*/vanilla/Makefile needs to use the vanilla source tree

It probably never worked :-(.
Comment 5 Michal Marek 2016-01-22 15:15:15 UTC
Fixed in git:
cd33617c84d2 rpm/kernel-source.spec.in: Install kernel-macros for kernel-source-vanilla
2d2ec7f70da5 rpm/kernel-binary.spec.in: Fix paths in kernel-vanilla-devel (bsc#959090).
fbbc98940cbe rpm/kernel-binary.spec.in: Fix kernel-vanilla-devel dependency (bsc#959090)
Comment 7 Swamp Workflow Management 2016-02-25 20:20:05 UTC
SUSE-SU-2016:0585-1: An update that solves 17 vulnerabilities and has 54 fixes is now available.

Category: security (important)
Bug References: 812259,855062,867583,899908,902606,924919,935087,937261,937444,938577,940338,940946,941363,942476,943989,944749,945649,947953,949440,949936,950292,951199,951392,951615,952579,952976,954992,955118,955354,955654,956514,956708,957525,957988,957990,958463,958886,958951,959090,959146,959190,959257,959364,959399,959436,959463,959629,960221,960227,960281,960300,961202,961257,961500,961509,961516,961588,961971,962336,962356,962788,962965,963449,963572,963765,963767,963825,964230,964821,965344,965840
CVE References: CVE-2013-7446,CVE-2015-0272,CVE-2015-5707,CVE-2015-7550,CVE-2015-7799,CVE-2015-8215,CVE-2015-8539,CVE-2015-8543,CVE-2015-8550,CVE-2015-8551,CVE-2015-8569,CVE-2015-8575,CVE-2015-8660,CVE-2015-8767,CVE-2015-8785,CVE-2016-0723,CVE-2016-2069
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    kernel-default-3.12.53-60.30.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    kernel-docs-3.12.53-60.30.2, kernel-obs-build-3.12.53-60.30.2
SUSE Linux Enterprise Server 12-SP1 (src):    kernel-default-3.12.53-60.30.1, kernel-source-3.12.53-60.30.1, kernel-syms-3.12.53-60.30.1, kernel-xen-3.12.53-60.30.1, lttng-modules-2.7.0-3.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.53-60.30.1
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12-SP1_Update_3-1-2.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    kernel-default-3.12.53-60.30.1, kernel-source-3.12.53-60.30.1, kernel-syms-3.12.53-60.30.1, kernel-xen-3.12.53-60.30.1
Comment 8 Swamp Workflow Management 2016-03-16 14:18:27 UTC
SUSE-SU-2016:0785-1: An update that solves 10 vulnerabilities and has 66 fixes is now available.

Category: security (important)
Bug References: 812259,816099,855062,867583,884701,899908,922071,937444,940338,940946,941363,943989,945219,947953,949752,950292,951155,955308,955654,956084,956514,957525,957986,959090,959146,959257,959463,959629,959709,960174,960227,960458,960561,960629,961257,961500,961509,961516,961588,961658,961971,962336,962356,962788,962965,963193,963449,963572,963746,963765,963767,963825,963960,964201,964730,965199,965344,965830,965840,965891,966026,966094,966278,966437,966471,966693,966864,966910,967802,968018,968074,968206,968230,968234,968253,969112
CVE References: CVE-2013-7446,CVE-2015-5707,CVE-2015-8709,CVE-2015-8767,CVE-2015-8785,CVE-2015-8812,CVE-2016-0723,CVE-2016-0774,CVE-2016-2069,CVE-2016-2384
Sources used:
SUSE Linux Enterprise Workstation Extension 12 (src):    kernel-default-3.12.55-52.42.1
SUSE Linux Enterprise Software Development Kit 12 (src):    kernel-docs-3.12.55-52.42.2, kernel-obs-build-3.12.55-52.42.2
SUSE Linux Enterprise Server 12 (src):    kernel-default-3.12.55-52.42.1, kernel-source-3.12.55-52.42.1, kernel-syms-3.12.55-52.42.1, kernel-xen-3.12.55-52.42.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.55-52.42.1
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12_Update_12-1-2.1
SUSE Linux Enterprise Desktop 12 (src):    kernel-default-3.12.55-52.42.1, kernel-source-3.12.55-52.42.1, kernel-syms-3.12.55-52.42.1, kernel-xen-3.12.55-52.42.1