Public bug reported:
Impact: When testing patches for bug 1834476, a bug was observed whereby
modprobe was someties attempting to load the unsigned nvidia modules in
/lib/modules/$(uname -r)/kernel/nvidia-N/bits rather than the signed
modules from /lib/modules/$(uname -r)/kernel/nvidia-N. This appears to
be because depmod is not deterministic in which module will be preferred
when duplicate modules of the same name exist.
Fix: The unsigned modules are no longer needed after the signed modules
have been generated, so update the build script to remove the unsigned
modules.
Test Case: Confirm that the ko files are found in /lib/modules/$(uname
-r)/kernel/nvidia-N but not in /lib/modules/$(uname
-r)/kernel/nvidia-N/bits. Confirm that the modules are signed and
loadable by the kernel under lockdown (or when booted with
modules.sig_enforce=y), and that modprobe consistently loads the modules
from the expected path after depmod.
Regression Potential: The modules being removed are an intermediate
build artifact and not meant to be loaded, so no regressions are
expected. However, if for some reason linking the intermediate unsigned
module was successful but generation of the signed module was not, the
user would have been left with a module that could potentially be loaded
(if not booted under UEFI secure boot) and would now be left with no
modules. This is not the intended behavior and never occurred in my
testing, so it's not a case we should be concerned about.
** Affects: linux (Ubuntu)
Importance: Medium
Assignee: Seth Forshee (sforshee)
Status: Fix Committed
** Affects: linux (Ubuntu Disco)
Importance: Medium
Assignee: Seth Forshee (sforshee)
Status: In Progress
** Also affects: linux (Ubuntu Disco)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Disco)
Status: New => In Progress
** Changed in: linux (Ubuntu Disco)
Importance: Undecided => Medium
** Changed in: linux (Ubuntu Disco)
Assignee: (unassigned) => Seth Forshee (sforshee)
** Summary changed:
- depmod may prefer unsigne l-r-m nvidia modules to signed modules
+ depmod may prefer unsigned l-r-m nvidia modules to signed modules
** Changed in: linux (Ubuntu)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1834479
Title:
depmod may prefer unsigned l-r-m nvidia modules to signed modules
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1834479/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
