Bug#1013249: virtio_ring: module verification failed: signature and/or required key missing - tainting kernel
Package: src:linux Version: 5.18.5-1 Severity: normal User: debian-ri...@lists.debian.org Usertags: riscv64 X-Debbugs-Cc: debian-ri...@lists.debian.org Dear Maintainer, I do not expect a kernel module in a genuine Debian kernel package taints a kernel. But I see the following message in dmesg on QEMU RISCV64 virt machine: [8.038025] virtio_ring: module verification failed: signature and/or required key missing - tainting kernel The QEMU is running on Debian/testing amd64 with the following version: $ dpkg-query -W | fgrep qemu-system-misc qemu-system-misc1:7.0+dfsg-7 The QEMU is started as follows: qemu-system-riscv64 -machine virt,aclint=on,aia=none -m 4G -smp 4 -bios /usr/lib/riscv64-linux-gnu/opensbi/generic/fw_jump.elf -kernel /usr/lib/u-boot/qemu-riscv64_smode/uboot.elf -append "console=ttyS0 rw root=/dev/vda1" -netdev user,id=net0 -device virtio-net-pci,netdev=net0 -object rng-random,filename=/dev/urandom,id=rng0 -device virtio-rng-pci,rng=rng0 -drive if=virtio,file=debian-sid-riscv64.qcow2,index=0,format=qcow2,discard=unmap,detect-zeroes=unmap -- Package-specific info: ** Version: Linux version 5.18.0-2-riscv64 (debian-kernel@lists.debian.org) (gcc-11 (Debian 11.2.0-20) 11.2.0, GNU ld (GNU Binutils for Debian) 2.38) #1 SMP Debian 5.18.5-1 (2022-06-16) ** Command line: root=UUID=031c42a9-74c5-4b38-8e78-87d5f1141c24 rw noquiet root=/dev/vda1 net.ifnames=0 consoleblank=0 rw ** Tainted: E (8192) * unsigned module was loaded ** Kernel log: [0.00] Linux version 5.18.0-2-riscv64 (debian-kernel@lists.debian.org) (gcc-11 (Debian 11.2.0-20) 11.2.0, GNU ld (GNU Binutils for Debian) 2.38) #1 SMP Debian 5.18.5-1 (2022-06-16) [0.00] OF: fdt: Ignoring memory range 0x8000 - 0x8020 [0.00] Machine model: riscv-virtio,qemu [0.00] efi: UEFI not found. [0.00] NUMA: No NUMA configuration found [0.00] NUMA: Faking a node at [mem 0x8020-0x00017fff] [0.00] NUMA: NODE_DATA [mem 0x17ffedbc0-0x17ffeefff] [0.00] Zone ranges: [0.00] DMA32[mem 0x8020-0x] [0.00] Normal [mem 0x0001-0x00017fff] [0.00] Movable zone start for each node [0.00] Early memory node ranges [0.00] node 0: [mem 0x8020-0x00017fff] [0.00] Initmem setup node 0 [mem 0x8020-0x00017fff] [0.00] On node 0, zone DMA32: 512 pages in unavailable ranges [0.00] SBI specification v0.3 detected [0.00] SBI implementation ID=0x1 Version=0x1 [0.00] SBI TIME extension detected [0.00] SBI IPI extension detected [0.00] SBI RFENCE extension detected [0.00] SBI SRST extension detected [0.00] SBI HSM extension detected [0.00] riscv: base ISA extensions acdfhim [0.00] riscv: ELF capabilities acdfim [0.00] percpu: cpu 0 has no node -1 or node-local memory [0.00] percpu: Embedded 27 pages/cpu s72744 r8192 d29656 u110592 [0.00] pcpu-alloc: s72744 r8192 d29656 u110592 alloc=27*4096 [0.00] pcpu-alloc: [0] 0 [0] 1 [0] 2 [0] 3 [0.00] Fallback order for Node 0: 0 [0.00] Built 1 zonelists, mobility grouping on. Total pages: 1031688 [0.00] Policy zone: Normal [0.00] Kernel command line: root=UUID=031c42a9-74c5-4b38-8e78-87d5f1141c24 rw noquiet root=/dev/vda1 net.ifnames=0 consoleblank=0 rw [0.00] Unknown kernel command line parameters "noquiet", will be passed to user space. [0.00] Dentry cache hash table entries: 524288 (order: 10, 4194304 bytes, linear) [0.00] Inode-cache hash table entries: 262144 (order: 9, 2097152 bytes, linear) [0.00] mem auto-init: stack:off, heap alloc:on, heap free:off [0.00] software IO TLB: mapped [mem 0xfb73a000-0xff73a000] (64MB) [0.00] Memory: 2079280K/4192256K available (7539K kernel code, 5095K rwdata, 4096K rodata, 2456K init, 426K bss, 252764K reserved, 0K cma-reserved) [0.00] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=4, Nodes=1 [0.00] ftrace: allocating 28720 entries in 113 pages [0.00] ftrace: allocated 113 pages with 4 groups [0.00] trace event string verifier disabled [0.00] rcu: Hierarchical RCU implementation. [0.00] rcu: RCU restricting CPUs from NR_CPUS=8 to nr_cpu_ids=4. [0.00] Rude variant of Tasks RCU enabled. [0.00] Tracing variant of Tasks RCU enabled. [0.00] rcu: RCU calculated value of scheduler-enlistment delay is 25 jiffies. [0.00] rcu: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=4 [0.00] NR_IRQS: 64, nr_irqs: 64, preallocated irqs: 0 [0.00] riscv-intc: 64 local interrupts mapped [0.00] plic: plic@c00: mapped 53 interrupts with 4 handlers for 8 contexts. [0.00] riscv_timer_init_dt: Registering clocksource cpuid
Processed: Re: Setting the summary of the bug
Processing commands for cont...@bugs.debian.org: > summary 1012835 See > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012835#23 for a summary of > this bug Summary replaced with message bug 1012835 message Summary replaced with message bug 1012835 message Summary replaced with message bug 1012835 message > End of message, stopping processing here. Please contact me if you need assistance. -- 1012835: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012835 1013192: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013192 1013241: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013241 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Setting the summary of the bug
Processing commands for cont...@bugs.debian.org: > summary 1012835 23 Summary recorded from message bug 1012835 message 23 Summary recorded from message bug 1012835 message 23 Summary recorded from message bug 1012835 message 23 > End of message, stopping processing here. Please contact me if you need assistance. -- 1012835: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012835 1013192: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013192 1013241: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013241 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1012835: Summary
The random number generator has undergone a few important changes for [uptream] Linux 5.17 and 5.18, in an attempt to modernize both the code and the cryptography used. Details: https://www.zx2c4.com/projects/linux-rng-5.17-5.18/ The most visible aspect of this, and the likely reason for several bug reports, is that the size of the entropy pool went down from ~3000+ to 256. This is an intentional upstream change and NOT a bug in the Debian kernel. The 'wontfix' tag is therefor added to this bug (and therefor merged bugs). These changes have also been backported to other LTS kernels, including the 5.10 kernel used in Debian Bullseye. Almost the whole upstream 5.10.119 release consist of these changes. There have been extensive commit messages, so next to the above referenced document, ``git log v5.10.118..v5.10.119`` should give you (more) details. signature.asc Description: This is a digitally signed message part.
Processed: Tagging it as upstream
Processing commands for cont...@bugs.debian.org: > tag 1012835 upstream Bug #1012835 [src:linux] linux-image-5.10.0-15-amd64: entropy dropped to 256 from ~4k after 5.10.120-1 update Bug #1013192 [src:linux] linux-image-5.10.0-15-amd64: ridiculously small entropy pool Bug #1013241 [src:linux] upgrade-reports: kernel upgrade 5.10.0.9 to 5.10.0.15 Added tag(s) upstream. Added tag(s) upstream. Added tag(s) upstream. > End of message, stopping processing here. Please contact me if you need assistance. -- 1012835: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012835 1013192: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013192 1013241: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013241 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#1013241: upgrade-reports: kernel upgrade 5.10.0.9 to 5.10.0.15
Processing control commands: > merge -1 1013192 Bug #1013241 [src:linux] upgrade-reports: kernel upgrade 5.10.0.9 to 5.10.0.15 Bug #1013241 [src:linux] upgrade-reports: kernel upgrade 5.10.0.9 to 5.10.0.15 Marked as found in versions linux/5.10.120-1. Added tag(s) security and wontfix. Bug #1012835 [src:linux] linux-image-5.10.0-15-amd64: entropy dropped to 256 from ~4k after 5.10.120-1 update Bug #1013192 [src:linux] linux-image-5.10.0-15-amd64: ridiculously small entropy pool Merged 1012835 1013192 1013241 -- 1012835: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012835 1013192: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013192 1013241: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013241 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1013241: upgrade-reports: kernel upgrade 5.10.0.9 to 5.10.0.15
Control: merge -1 1013192 On zondag 19 juni 2022 22:09:08 CEST Paul Gevers wrote: > On 19-06-2022 21:48, NormanMurray wrote: > > > With 5.10.0.9, randomsound worked well to keep > > /proc/sys/kernel/random/entropy_avail up at set point and > > /proc/sys/kernel/random/poolsize at 4096 > > With 5.10.0.15, randomsound did > > not work to keep /proc/sys/kernel/random/entropy_avail up at set point > > and /proc/sys/kernel/random/poolsize was set at 256 I down graded back to > > 5.10.0.9 > > I've seen the same drop in entropy_avail, but the changelog mentioned a > lot of changes to random, so I interpreted that as being intended. I've > reassigned to the linux source package, as they can confirm that this is > not a bug, or treat it appropriately. See the bug with which this one will be merged for details, especially https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013192#19 This is an intentional change in the upstream kernel. signature.asc Description: This is a digitally signed message part.
Processed: Re: Bug#1013241: upgrade-reports: kernel upgrade 5.10.0.9 to 5.10.0.15
Processing control commands: > reassign -1 src:linux Bug #1013241 [upgrade-reports] upgrade-reports: kernel upgrade 5.10.0.9 to 5.10.0.15 Bug reassigned from package 'upgrade-reports' to 'src:linux'. Ignoring request to alter found versions of bug #1013241 to the same values previously set Ignoring request to alter fixed versions of bug #1013241 to the same values previously set -- 1013241: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013241 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Re: Bug#1013241: upgrade-reports: kernel upgrade 5.10.0.9 to 5.10.0.15
Control: reassign -1 src:linux Hi Norman, On 19-06-2022 21:48, NormanMurray wrote: Package: upgrade-reports Severity: normal X-Debbugs-Cc: nmur...@telusplanet.net With 5.10.0.9, randomsound worked well to keep /proc/sys/kernel/random/entropy_avail up at set point and /proc/sys/kernel/random/poolsize at 4096 With 5.10.0.15, randomsound did not work to keep /proc/sys/kernel/random/entropy_avail up at set point and /proc/sys/kernel/random/poolsize was set at 256 I down graded back to 5.10.0.9 I've seen the same drop in entropy_avail, but the changelog mentioned a lot of changes to random, so I interpreted that as being intended. I've reassigned to the linux source package, as they can confirm that this is not a bug, or treat it appropriately. Paul OpenPGP_signature Description: OpenPGP digital signature
Bug#1012741: modprobe: ERROR: could not insert 'crc_itu_t': Key was rejected by service
On Sat, 2022-06-18 at 16:21 +0200, Ben Hutchings wrote: > On Thu, 2022-06-16 at 01:28 +0200, Ben Hutchings wrote: > [...] > > > linux-image-4.19.0-17-amd64 4.19.194-1 > > lib/modules/4.19.0-17-amd64/kernel/drivers/dma/dw/dw_dmac_core.ko > > linux-image-4.19.0-17-amd64 4.19.194-2 > > lib/modules/4.19.0-17-amd64/kernel/drivers/dma/dw/dw_dmac_core.ko > > linux-image-4.19.0-17-amd64 4.19.194-3 > > lib/modules/4.19.0-17-amd64/kernel/drivers/dma/dw/dw_dmac_core.ko > [...] > > A significant pattern visible here is a short signature for the same > > module in multiple consecutive versions, where the module may have > > identical contents. That implies that this is a reproducible issue for > > certain inputs that cannot be worked around by re-running the signing > > process. > > > > However, I have *not* yet verified that all short signatures really are > > invalid. > > These module files are indeed identical, and their signatures are > rejected by the kernel. > > I'm now looking at whether the missing bytes are recoverable (e.g. are > they always zeroes). [...] I wrote a script to try all possible byte values for 2 bytes before or after the short signature. For this particular file, none of them producd a valid signature. So the short signatures seem to be corrupted in a more complex way. In the mean time, we have another security update coming which might not hit this bug again. But there are 28,679 signed binaries across the three architectures, so the probability is only about 65%. Ben. -- Ben Hutchings The most exhausting thing in life is being insincere. - Anne Morrow Lindberg signature.asc Description: This is a digitally signed message part
