481690 – Unsigned kmod-cmirror package module cause tainted kernel error

Bug 481690 - Unsigned kmod-cmirror package module cause tainted kernel error

Summary: Unsigned kmod-cmirror package module cause tainted kernel error

Keywords:
Status:	CLOSED CANTFIX
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	cmirror-kmod
Sub Component:
Version:	5.3
Hardware:	x86_64
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Chris Feist
QA Contact:	Cluster QE
Docs Contact:
URL:
Whiteboard:
Depends On:	500745 512153
Blocks:
TreeView+	depends on / blocked

Reported:	2009-01-27 03:07 UTC by Gary Case
Modified:	2016-04-26 13:52 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2009-07-15 12:12:08 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Gary Case 2009-01-27 03:07:27 UTC

The dm-log-clustered.ko module inside the kmod-cmirror(-xen) package is unsigned. This causes a tainted kernel with a /proc/sys/kernel/tainted value of 64. The error causes a problem for hardware certification, which checks for tainted kernels and fails a required test if 'tainted' is a non-zero value. This will also cause problems for our support staff, when everyone with Cluster Storage packages installed has sosreports that report tainted kernels.

Version-Release number of selected component (if applicable):
RHEL5.3 2.6.18-128 xen and bare metal kernel with the modules from
kmod-cmirror-0.1.21-10.el5.x86_64.rpm 
kmod-cmirror-xen-0.1.21-10.el5.x86_64.rpm

How reproducible:
Every time.

Steps to Reproduce:
1. Install RHEL 5.3 with Cluster Storage package group
2. Check contents of /proc/sys/kernel/tainted
3. Value is 64 (non-zero)

Also can simply insmod dm-log-clustered.ko for same kernel taint value.

Actual results:
Tainted kernel.

Expected results:
Non-tainted kernel when using only Red Hat provided software.

Additional info:
I only tested the x86_64 arch modules. Other arches may be signed.

Comment 2 abel0301 2009-02-11 02:46:44 UTC

It seems also still have the same behavior and problem by hardware certification test on RHEL 5.3 x86

Comment 5 Jean-Pierre Joerg 2009-05-06 17:40:31 UTC

I also meet this problem on Alcatel hw cert (hts 5.3).
If using xen kernel the info test is ok (no tainted kernel).
regards
/JPJ

Comment 8 Chris Feist 2009-05-21 15:20:24 UTC

Cmirror-kmod has been built against a new kernel which exports those symbols.

kmod-cmirror-0.1.21-14.el5

Comment 10 Chris Ward 2009-07-03 18:21:57 UTC

~~ Attention - RHEL 5.4 Beta Released! ~~

RHEL 5.4 Beta has been released! There should be a fix present in the Beta release that addresses this particular request. Please test and report back results here, at your earliest convenience. RHEL 5.4 General Availability release is just around the corner!

If you encounter any issues while testing Beta, please describe the issues you have encountered and set the bug into NEED_INFO. If you encounter new issues, please clone this bug to open a new issue and request it be reviewed for inclusion in RHEL 5.4 or a later update, if it is not of urgent severity.

Please do not flip the bug status to VERIFIED. Only post your verification results, and if available, update Verified field with the appropriate value.

Questions can be posted to this bug or your customer or partner representative.

Comment 11 Sandy Garza 2009-07-09 16:09:01 UTC

dm-log-clustered still taints the kernel if it is loaded in RHEL 5.4 beta.

Comment 15 Chris Feist 2009-07-15 12:12:08 UTC

After talking to Jon Masters, it isn't possible for us to use the kernel
signing key to build these modules.  So unfortunately, any module that is built
outside of the kernel will cause a taint with a value of '64'.

Note You need to log in before you can comment on or make changes to this bug.