[Bug 2077929] Re: Failed to insert openafs module on ARM platform: Exec format error
Mauricio Faria de Oliveira
2077929 at bugs.launchpad.net
Tue Sep 3 20:46:00 UTC 2024
Thanks Chengen and Dan!
Chengen, please confirm whether this is tested and required for Focal
and Jammy.
I could not reproduce the issue on Azure arm64 VMs; maybe it's kernel
version related?
I see comments in the internal ticket that Noble/6.8 kernel can
reproduce it for sure.
Build testing in all archs and, if all OK, uploading to Noble.
Thanks again,
Mauricio
...
$ lsb_release -cs
focal
$ uname -m
aarch64
$ uname -rv
5.15.0-1071-azure #80~20.04.1-Ubuntu SMP Wed Aug 14 18:45:04 UTC 2024
$ sudo modprobe --verbose openafs
insmod /lib/modules/5.15.0-1071-azure/updates/dkms/openafs.ko
$ echo $?
0
$ sudo dmesg | tail
...
[ 563.393297] openafs: loading out-of-tree module taints kernel.
[ 563.393304] openafs: module license 'http://www.openafs.org/dl/license10.html' taints kernel.
[ 563.393305] Disabling lock debugging due to kernel taint
[ 563.394616] openafs: module verification failed: signature and/or required key missing - tainting kernel
[ 563.398053] Key type afs_pag registered
$ grep openafs /proc/modules
openafs 2887680 0 - Live 0x0000000000000000 (POE)
...
$ lsb_release -cs
jammy
$ uname -m
aarch64
$ uname -rv
6.5.0-1025-azure #26~22.04.1-Ubuntu SMP Thu Jul 11 23:50:09 UTC 2024
$ sudo modprobe --verbose openafs
$ echo $?
0
$ sudo dmesg | tail
$ sudo dmesg | grep openafs
[ 13.037005] openafs: loading out-of-tree module taints kernel.
[ 13.037010] openafs: module license 'http://www.openafs.org/dl/license10.html' taints kernel.
[ 13.037013] openafs: module verification failed: signature and/or required key missing - tainting kernel
[ 13.037014] openafs: module license taints kernel.
$ grep openafs /proc/modules
openafs 2908160 2 - Live 0x0000000000000000 (POE)
** Changed in: openafs (Ubuntu Jammy)
Status: In Progress => Incomplete
** Changed in: openafs (Ubuntu Focal)
Status: In Progress => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Sponsors, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2077929
Title:
Failed to insert openafs module on ARM platform: Exec format error
Status in openafs package in Ubuntu:
Fix Committed
Status in openafs source package in Focal:
Incomplete
Status in openafs source package in Jammy:
Incomplete
Status in openafs source package in Noble:
In Progress
Status in openafs source package in Oracular:
Fix Committed
Bug description:
[Impact]
The openafs module cannot be installed on the ARM platform, resulting in the following error:
insmod /lib/modules/6.5.0-1025-gcp/updates/dkms/openafs.ko
modprobe: ERROR: could not insert 'openafs': Exec format error
[Fix]
There is an upstream commit that addresses this issue:
commit 2f260825b96b76556aba82fc364c841357a23a7d
Author: Cheyenne Wills <cwills at sinenomine.net>
Date: Thu Mar 28 12:51:46 2024 -0400
Linux: Remove weak attribute for key_type_keyring
The reference to the Linux symbol key_type_keyring uses a weak
attribute to assist in determining if the symbol is exported. This
method was introduced in commit: 'keyring-updated-20080310' (b7fb842b1c)
as a way to detect if the symbol was exported by the Linux kernel. A
later commit: 'linux-keyring-export-check-20090701' (4ca66112c2)
introduced an autoconf test that eliminated the need for using the weak
attribute, but the commit did not remove the attribute.
On a Debian-12 system on ARM64 the use of the weak attribute in this
case causes an error when loading the kernel module:
"ERROR: could not insert 'openafs': Exec format error".
The error is due to the Linux module loader not supporting the
relocation entry type in the openafs kernel module for the
key_type_keyring. Further investigation showed that this problem could
occur with gcc-12 on a ARM64 system (see below for additional
information).
The code in osi_groups.c uses a pointer, __key_type_keyring, to the
key_type_keyring. When this symbol is exported by the Linux kernel, the
loader would resolve the address and __key_type_keyring would contain
the address. If the key_type_keyring symbol was not exported,
__key_type_keyring would be set to NULL (due to the weak attribute
associated with key_type_keyring).
Remove the weak attribute for key_type_keyring when the configure
test, introduced in the 4ca66112c2 commit, determines that the symbol
is exported (EXPORTED_KEY_TYPE_KEYRING is defined). When the symbol
isn't exported (pre Linux 2.6.22), just set the pointer,
__key_type_keyring to NULL.
NOTE:
The load error was reported on the openafs IRC channel by "clarkb"
The problem of loading the openafs kernel module was also observed
on a NixOS system as well, and is described in the NixOS ticket
https://github.com/NixOS/nixpkgs/issues/284501
A Debian-11 system did not have a problem loading the openafs kernel
module. Investigation of the differences between Debian-11 and Debian-12
showed that the problem is due to a series of fixes in the toolchain
(in particular gcc-12) to address 'Cortex-A53 erratum #843419', which
deals with how the ARM64 ADRP instruction is used. With gcc-12, the
code generated uses a R_AARCH64_ADR_GOT for this particular case (which
isn't supported by the Linux kernel module loader). Gcc-11 created a
R_AARCH64_ABS64 relocation entry type for the symbol.
[Test Plan]
1. Install the OpenAFS client using the command `sudo apt install openafs-client`.
2. Load the kernel module by running `sudo modprobe --verbose openafs`.
3. Confirm that the module loads successfully without any errors.
[Where problems could occur]
The patch removed the weak attribute from key_type_keyring.
Previously, commit #4ca66112c2 (linux-keyring-export-check-20090701) introduced an autoconf test that made the weak attribute unnecessary, but the attribute was not removed at that time.
If the patch causes a regression, it might prevent the openafs module from being installed successfully.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openafs/+bug/2077929/+subscriptions
More information about the Ubuntu-sponsors
mailing list