Bug 479200 - [Broadcom 5.4 feat] Please add pcie_set_readrq() to the rhel5_drivers_pci_pcie_ga kernel symbol whitelist
Summary: [Broadcom 5.4 feat] Please add pcie_set_readrq() to the rhel5_drivers_pci_pci...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel
Version: 5.4
Hardware: All
OS: Linux
high
high
Target Milestone: rc
: 5.4
Assignee: Jon Masters
QA Contact: Red Hat Kernel QE team
URL:
Whiteboard:
Depends On:
Blocks: 458757 483784
TreeView+ depends on / blocked
 
Reported: 2009-01-07 22:19 UTC by Matt Carlson
Modified: 2010-03-17 10:24 UTC (History)
12 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-09-02 08:25:09 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)
whitelist patch (3.62 KB, application/octet-stream)
2009-04-23 09:19 UTC, Jon Masters
no flags Details
add-pcie-set-readrq-to-kABI (9.25 KB, patch)
2009-05-05 21:47 UTC, Jon Masters
no flags Details | Diff


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2009:1243 0 normal SHIPPED_LIVE Important: Red Hat Enterprise Linux 5.4 kernel security and bug fix update 2009-09-01 08:53:34 UTC

Description Matt Carlson 2009-01-07 22:19:07 UTC
Description of problem:

KMOD compliant binary RPMs generated for the tg3 driver fail to install because the pcie_set_readrq() function is not an approved kernel function to use.

Version-Release number of selected component (if applicable):

Found on RHEL 5.2.  Symbol still missing from whitelist in RHEL 5.3.

How reproducible:

Always.

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

[root@unixgrp-01 x86_64]# rpm -qp --requires kmod-brcm-tg3-3.92n-1.x86_64.rpm
rpmlib(VersionedDependencies) <= 3.0.3-1
/sbin/depmod
/sbin/depmod
/bin/sh
/bin/sh
/bin/sh
rpmlib(PayloadFilesHavePrefix) <= 4.0-1
rpmlib(CompressedFileNames) <= 3.0.4-1
kernel(rhel5_net_core_ga) = c186a7dc043c903564c2dd9ed49d8847b7043c86
kernel(rhel5_drivers_pci_ga) = 88a9a7f6575f2f00a7ca4ac83a9f3a2c81641290
kernel(rhel5_net_ethernet_ga) = d17ace18cf21997af17e0b1057679e4819e5b1fc
kernel(rhel5_lib_ga) = ff25b583d6d314edd98f7c9533c5867194b3d30d
ksym(pcie_set_readrq) = 231bad94
kernel(rhel5_mm_ga) = d5edc1b3d2a4f2bf8ce28d7f4dbeab27cfeb19bd
kernel(rhel5_arch_x86_64_mm_ga) = ca7f91963b9397351659241974f92dc85546f8ca
kernel(rhel5_kernel_ga) = 84d69198cf51b494e38d9d0a54e52607c8a507e2
kernel(rhel5_kernel_irq_ga) = b26b8899fe5a26f79915c27d493dd911b2bde668
kernel(rhel5_arch_x86_64_kernel_ga) = 880dbfce5086d666f5bab6ad642c0323fcdabd90
kernel(rhel5_vmlinux_ga) = 78f928da689a93ecf2e044fc0ced6b3eaedf5c19
kernel(rhel5_net_sched_ga) = f59ed7ca1ff4a5999cc750181083f8e6dd78c491
kernel(rhel5_kernel_module_ga) = a74a9d2bf87d13d6b9412698dc2728248ca92523

Comment 1 Andrius Benokraitis 2009-01-08 23:06:52 UTC
Adding HP since they are usually interested in this driver.

Comment 2 RHEL Program Management 2009-03-26 17:26:42 UTC
This request was evaluated by Red Hat Product Management for
inclusion, but this component is not scheduled to be updated in
the current Red Hat Enterprise Linux release. If you would like
this request to be reviewed for the next minor release, ask your
support representative to set the next rhel-x.y flag to "?".

Comment 3 Andrius Benokraitis 2009-03-26 18:15:29 UTC
moving to component kernel where it probably should have been to begin with.

Comment 4 Matt Carlson 2009-04-20 21:10:06 UTC
For those people who are watching this bug, can you confirm that this bug will be fixed in RHEL 5.4 and RHEL 6.0?

Comment 5 Jon Masters 2009-04-23 09:19:08 UTC
Created attachment 340908 [details]
whitelist patch

Comment 6 Kevin Stansell 2009-04-24 18:45:55 UTC
Andrius, can you confirm if this will be in 5.4 and 6.0?  Thanks.

Comment 7 John Jarvis 2009-04-24 18:59:05 UTC
This is approved for RHEL 5.4.

Comment 8 Jon Masters 2009-05-05 21:47:48 UTC
Created attachment 342542 [details]
add-pcie-set-readrq-to-kABI

Comment 9 Matt Carlson 2009-05-05 22:54:59 UTC
I'm curious.  Is this patch something an end user could apply to a stock RHEL 5.2 or RHEL 5.3 system, or will this only work as part of a series of patches to get an RHEL 5.3 system to RHEL 5.4?

Comment 10 Andrius Benokraitis 2009-05-11 15:09:02 UTC
Kevin - This is planned for RHEL 5.4. As for RHEL 6.0, I'm not quite sure what the strategy will be for RHEL 6.0 yet. I would assume that the current RHEL 5 whitelist will be evaluated for RHEL 6.0.

Matt - I don't believe a customer can do this. This is a patch that is housed somewhere in the kernel, and if a user changed this, it would render the kernel as tainted (unsupported). That is my understanding.

Comment 11 Matt Carlson 2009-05-12 23:45:07 UTC
Hi Andrius.  Actually, if I understand the situation correctly, the kernel would be tainted anyways, since nobody but RedHat has the private keys required to sign modules appropriately.  The taint type reflects this I think.

As far as I can tell, there would be two places that need to be modified: the whitelist in the toplevel kernel directory and the ksyms tarball in the same location.  Assuming it is just that easy, the technical side is pretty trivial to work around.

The whitelists seem only to be used during module builds and during RPM installations.  To work around the problem then (assuming the above patch indeed solves the problem), I'd need to patch the local build system, and then patch the target system before attempting to install the resulting binary RPM.

But I'm wondering how agreeable RedHat would find this plan.  I don't think there would be any way for RedHat to detect that this type of modification had happened, so it might make problem triaging harder.  Without a z-stream update to correct the problem though, I don't see many alternatives.

Can you speak for a moment about how RedHat views the "supportability" of such a modified system?

Comment 12 Matt Carlson 2009-05-12 23:49:44 UTC
I think I pushed the send button too soon.  I wouldn't even need to patch the target system.  Since the symbol would be included in the ..._pcie_... whitelist section during build time, the explicit mention of the offending symbol would disappear from the RPM's dependancy list.

Comment 13 Don Zickus 2009-05-14 19:34:52 UTC
in kernel-2.6.18-148.el5
You can download this test kernel from http://people.redhat.com/dzickus/el5

Please do NOT transition this bugzilla state to VERIFIED until our QE team
has sent specific instructions indicating when to do so.  However feel free
to provide a comment indicating that this fix has been verified.

Comment 16 Chris Ward 2009-06-14 23:19:41 UTC
~~ Attention Partners RHEL 5.4 Partner Alpha Released! ~~

RHEL 5.4 Partner Alpha has been released on partners.redhat.com. There should
be a fix present that addresses this particular request. Please test and report back your results here, at your earliest convenience. Our Public Beta release is just around the corner!

If you encounter any issues, please set the bug back to the ASSIGNED state and
describe the issues you encountered. If you have verified the request functions as expected, please set your Partner ID in the Partner field above to indicate successful test results. Do not flip the bug status to VERIFIED. Further questions can be directed to your Red Hat Partner Manager. Thanks!

Comment 17 Chris Ward 2009-07-03 18:19:22 UTC
~~ Attention - RHEL 5.4 Beta Released! ~~

RHEL 5.4 Beta has been released! There should be a fix present in the Beta release that addresses this particular request. Please test and report back results here, at your earliest convenience. RHEL 5.4 General Availability release is just around the corner!

If you encounter any issues while testing Beta, please describe the issues you have encountered and set the bug into NEED_INFO. If you encounter new issues, please clone this bug to open a new issue and request it be reviewed for inclusion in RHEL 5.4 or a later update, if it is not of urgent severity.

Please do not flip the bug status to VERIFIED. Only post your verification results, and if available, update Verified field with the appropriate value.

Questions can be posted to this bug or your customer or partner representative.

Comment 18 Matt Carlson 2009-07-08 18:13:11 UTC
Now the whitelisting is complaining about consume_skb().  The tg3 driver uses dev_kfree_skb() which is defined to be consume_skb().  Can we add this to the whitelists too?

Comment 19 Andrius Benokraitis 2009-07-08 18:18:50 UTC
Yikes, it's really late to be requesting another whitelist item at this point in the 5.4 devel cycle. I need to get with jon and others to confirm.

Comment 20 Matt Carlson 2009-07-08 23:31:11 UTC
For the record, this was introduced in RHEL 5.4.  RHEL 5.3 and earlier defined dev_kfree_skb to use kfree_skb() instead.  This is a widely used function too.

[mcarlson@xw6200 net]$ grep dev_kfree_skb drivers/net/* | wc -l
429

It's gonna hurt any KMP efforts if this doesn't get in. :)

Comment 21 Andrius Benokraitis 2009-07-09 02:42:15 UTC
So Matt - it sounds like the dependency changed between 5.3 and 5.4 then?

Comment 24 Matt Carlson 2009-07-09 16:25:19 UTC
Yes, the dependancy lists have changed from 5.3 to 5.4.  The new dependancy is caused by the kernel headers redefining dev_kfree_skb() from kfree_skb(), which was in the whitelists, to consume_skb() which apparently is not in the whitelists.

I guess I just want to make sure it is clear that it isn't a driver change flagging the new error.

Comment 27 Andrius Benokraitis 2009-07-13 04:15:16 UTC
Setting back to ASSIGNED so that the follow-up patch can be considered for a post-Beta Snapshot by jcm.

Comment 31 Don Zickus 2009-07-21 19:36:30 UTC
in kernel-2.6.18-159.el5
You can download this test kernel from http://people.redhat.com/dzickus/el5

Please do NOT transition this bugzilla state to VERIFIED until our QE team
has sent specific instructions indicating when to do so.  However feel free
to provide a comment indicating that this fix has been verified.

Comment 33 Matt Carlson 2009-07-27 17:29:09 UTC
We've verified that the test kernel fixes all KMP whitelist problems with the latest tg3 driver.  Thanks for getting this in.

Comment 35 errata-xmlrpc 2009-09-02 08:25:09 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2009-1243.html

Comment 36 Jon Masters 2010-03-17 10:24:36 UTC
Resetting "NEEDINFO" flags since this bug is now closed. The Bugzilla team have
been made aware that the flag was not cleared automatically before and are
going to investigate for any similar bugs.


Note You need to log in before you can comment on or make changes to this bug.