5298 – kmod 包处理国密算法签名的内核模块会崩溃

Bug 5298 - kmod 包处理国密算法签名的内核模块会崩溃

Summary: kmod 包处理国密算法签名的内核模块会崩溃

Status:	RESOLVED FIXED

Alias:	None

Product:	ANCK 5.10 Dev
Classification:	ANCK
Component:	ARCH(unspecified) (show other bugs)	ARCH(unspecified)
Sub Component:
Version:	5.10.y-14
Hardware:	All Linux

Importance:	P2-High S1-blocker
Target Milestone:	---
Assignee:	tj
QA Contact:	shuming

URL:
Whiteboard:
Keywords:

Duplicates (1):	5321 (view as bug list)
Depends on:
Blocks:

Reported:	2023-05-24 11:23 UTC by 陈晨
Modified:	2023-05-31 16:48 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description 陈晨 2023-05-24 11:23:48 UTC

kmod 中的一些用户空间程序（例如 depmod、modinfo）在处理国密签名的内核模块时会 core dump，导致内核 rpm post script 无法正常执行，安装该内核后无法正常生成 initramfs，导致发行版没有能力默认集成使用了国密算法签名内核模块的内核。

内核版本：
# uname -srm
Linux 5.10.134-14.an8.x86_64 x86_64

kmod 版本：
# rpm -q kmod
kmod-25-19.0.1.an8.x86_64

密钥生成（生成 ca.key 和 ca.cert）：
https://openanolis.github.io/whitebook-shangmi/kernel_ima.html#ima-%E5%95%86%E5%AF%86%E5%8C%96%E5%AE%9E%E8%B7%B5

模块签名（sign-file 使用了该内核 rpmbuild 后生成的 sign-file）：
https://openanolis.github.io/whitebook-shangmi/kernel_modsign.html#%E5%86%85%E6%A0%B8%E6%A8%A1%E5%9D%97%E7%AD%BE%E5%90%8D%E5%9B%BD%E5%AF%86%E5%AE%9E%E8%B7%B5


使用如下命令处理签名后的模块，有可能 core dump，需要修复：
# rpm -ql kmod | grep 'bin/'

Comment 1 tj alibaba_cloud_group

2023-05-25 16:06:46 UTC

fixed, https://gitee.com/src-anolis-os/kmod/pulls/9

Comment 2 陈晨 2023-05-29 12:03:47 UTC

*** Bug 5321 has been marked as a duplicate of this bug. ***

Comment 3 陈晨 2023-05-31 16:48:11 UTC

经过测试，此版本已经修复

# rpm -q kmod
kmod-25-19.0.2.an8.x86_64