Bug 196871 (signedmodules)
| Summary: | signed modules patches prevent booting. | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Ronald Warsow <rwarsow> | ||||||
| Component: | kernel | Assignee: | David Howells <dhowells> | ||||||
| Status: | CLOSED RAWHIDE | QA Contact: | Brian Brock <bbrock> | ||||||
| Severity: | medium | Docs Contact: | |||||||
| Priority: | medium | ||||||||
| Version: | rawhide | CC: | davej, dchapman, horsley1953, james, nalin, redwolfe, wtogami | ||||||
| Target Milestone: | --- | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | All | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2006-08-08 18:34:06 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Bug Depends On: | |||||||||
| Bug Blocks: | 202464 | ||||||||
| Attachments: |
|
||||||||
|
Description
Ronald Warsow
2006-06-27 13:48:50 UTC
Created attachment 131599 [details]
digicam picture kernel panic
On x86_64 machine I am seeing this with 2.6.17-1.2318_FC6:
.....
switchroot: mount failed: No such file or directory
Kernel panic - not syncing: Attempted to kill init!
Call Trace: <ffffffff8026e86e>{dump_stack+18}
<ffffffff8028ffbe>{panic+134}
<ffffffff80215555>{do_exit+141}
<ffffffff8024c1a2>{debug_mutex_init+0}
[<000000000053d678>]
and a power switch is the only way out.
The signed modules code is broken. For some reason the modules end up signed with a different key than the one we use at build time. *** Bug 196905 has been marked as a duplicate of this bug. *** *** Bug 197014 has been marked as a duplicate of this bug. *** further datapoint: The FC6 kernel recompiled on FC5 also exhibits this problem, ruling out any toolchain/gpg issues. For now I'm disabling the signed modules patch in tomorrows rawhide. Leave this bug open, as the patch needs fixing at some point. Created attachment 131747 [details]
output from kernel 2.6.17-1.2328.fc6
it means ... from kernel (not enough sleep last night)
last line i could see was
starting udev....
...
(see digicam picture)
....
P.S.
- 2328.fc6
^^^ (tricky ?)
"- Disable the signed module patches for now, they need love."
i can't love it ....
Just for curiosity, what are the implications (orther than a new way to screw up releases :-) of signed modules? If I build my own kernel modules, will I be unable to load them? If I can build a module that will load anyway, wht is the point of signed modules, since a hacker to do the same thing (I presume the idea is to prevent hackers from installing bogus modules)? 2.6.17-1.2336.fc6 boot & works ! *** Bug 197071 has been marked as a duplicate of this bug. *** This appears to be due to the dia_update() crypto op changing its prototype, so that the calculation buffer appears displaced from where it ought to be in sha1_update(). should this bug not be closed ? for me it is gone since 2.6.17-1.2336.fc6 and we are now at 2.6.17-1.2510.fc6. sorry - i am not a kernel developer -, but maybe you spent a lot of time on "old" stuff... my "pains" are now at Bugzilla Bug 200638. thx. > should this bug not be closed ?
No, not yet. The fix is not yet applied - module signing is currently
disabled.
Should be fixed in todays rawhide. |