Bug 481690

Summary: Unsigned kmod-cmirror package module cause tainted kernel error
Product: Red Hat Enterprise Linux 5 Reporter: Gary Case <gcase>
Component: cmirror-kmodAssignee: Chris Feist <cfeist>
Status: CLOSED CANTFIX QA Contact: Cluster QE <mspqa-list>
Severity: high Docs Contact:
Priority: high    
Version: 5.3CC: abel.cm.lee, cward, edamato, jjoerg, mfuruta, rlandry, sandy.garza, syeghiay
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-07-15 12:12:08 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 500745, 512153    
Bug Blocks:    

Description Gary Case 2009-01-27 03:07:27 UTC 
The dm-log-clustered.ko module inside the kmod-cmirror(-xen) package is unsigned. This causes a tainted kernel with a /proc/sys/kernel/tainted value of 64. The error causes a problem for hardware certification, which checks for tainted kernels and fails a required test if 'tainted' is a non-zero value. This will also cause problems for our support staff, when everyone with Cluster Storage packages installed has sosreports that report tainted kernels.

Version-Release number of selected component (if applicable):
RHEL5.3 2.6.18-128 xen and bare metal kernel with the modules from
kmod-cmirror-0.1.21-10.el5.x86_64.rpm 
kmod-cmirror-xen-0.1.21-10.el5.x86_64.rpm

How reproducible:
Every time.

Steps to Reproduce:
1. Install RHEL 5.3 with Cluster Storage package group
2. Check contents of /proc/sys/kernel/tainted
3. Value is 64 (non-zero)

Also can simply insmod dm-log-clustered.ko for same kernel taint value.

Actual results:
Tainted kernel.

Expected results:
Non-tainted kernel when using only Red Hat provided software.

Additional info:
I only tested the x86_64 arch modules. Other arches may be signed.
Comment 2 abel0301 2009-02-11 02:46:44 UTC 
It seems also still have the same behavior and problem by hardware certification test on RHEL 5.3 x86
Comment 5 Jean-Pierre Joerg 2009-05-06 17:40:31 UTC 
I also meet this problem on Alcatel hw cert (hts 5.3).
If using xen kernel the info test is ok (no tainted kernel).
regards
/JPJ
Comment 8 Chris Feist 2009-05-21 15:20:24 UTC 
Cmirror-kmod has been built against a new kernel which exports those symbols.

kmod-cmirror-0.1.21-14.el5
Comment 10 Chris Ward 2009-07-03 18:21:57 UTC 
~~ Attention - RHEL 5.4 Beta Released! ~~

RHEL 5.4 Beta has been released! There should be a fix present in the Beta release that addresses this particular request. Please test and report back results here, at your earliest convenience. RHEL 5.4 General Availability release is just around the corner!

If you encounter any issues while testing Beta, please describe the issues you have encountered and set the bug into NEED_INFO. If you encounter new issues, please clone this bug to open a new issue and request it be reviewed for inclusion in RHEL 5.4 or a later update, if it is not of urgent severity.

Please do not flip the bug status to VERIFIED. Only post your verification results, and if available, update Verified field with the appropriate value.

Questions can be posted to this bug or your customer or partner representative.
Comment 11 Sandy Garza 2009-07-09 16:09:01 UTC 
dm-log-clustered still taints the kernel if it is loaded in RHEL 5.4 beta.
Comment 15 Chris Feist 2009-07-15 12:12:08 UTC 
After talking to Jon Masters, it isn't possible for us to use the kernel
signing key to build these modules.  So unfortunately, any module that is built
outside of the kernel will cause a taint with a value of '64'.