Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

[Software] Building kernel module for cloud image

If none of the specific sub-forums seem right for your thread, ask here.
Post Reply
Message
Author
tuper
Posts: 1
Joined: 2022-11-28 09:34

[Software] Building kernel module for cloud image

#1 Post by tuper »

Hello,

I am trying to compile the can/vcan kernel modules for use in the 5.10.0-18-cloud-amd64 debian image. I have tried compiling both out-of-tree and in-tree, and in both cases I am able to load the modules with insmod without errors, but I always run into the following error within a few seconds of loading the modules:

Code: Select all

[1008706.795419] ------------[ cut here ]------------
[1008706.795422] kernel BUG at net/netlink/af_netlink.c:1363!
[1008706.806879] invalid opcode: 0000 [#1] SMP PTI
[1008706.817764] CPU: 0 PID: 44486 Comm: sshd Tainted: G           OE     5.10.0-18-cloud-amd64 #1 Debian 5.10.140-1
[1008706.837544] Hardware name: Xen HVM domU, BIOS 4.11.amazon 08/24/2006
[1008706.852178] RIP: 0010:netlink_has_listeners+0x72/0x80
[1008706.861878] Code: e8 43 4e 9d ff 44 89 e0 41 5c c3 cc cc cc cc 45 31 e4 48 0f a3 72 10 41 0f 92 c4 e8 28 4e 9d ff 44 89 e0 41 5c c3 cc cc cc cc <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 90 0f 1f 44 00 00 41 54 41
[1008706.896553] RSP: 0018:ffffa4598044fe68 EFLAGS: 00010202
[1008706.908566] RAX: 0000000000000001 RBX: ffff926d42e4bdc0 RCX: ffffffffbce18580
[1008706.927814] RDX: 00000000000000ff RSI: 0000000000000004 RDI: ffff926d44e449c0
[1008706.944358] RBP: ffff926d42141e00 R08: ffff926d42141f4c R09: ffff926d42e4be40
[1008706.959444] R10: 0000000000000008 R11: ffff926d4251b610 R12: 0000000000000000
[1008706.973276] R13: ffff926d411c9920 R14: ffff926d80412900 R15: 0000000000000000
[1008706.987055] FS:  00007f354c6fb900(0000) GS:ffff926dbda00000(0000) knlGS:0000000000000000
[1008707.000253] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[1008707.012842] CR2: 00007f354ccc3420 CR3: 0000000003c06004 CR4: 00000000001706b0
[1008707.028009] Call Trace:
[1008707.034677]  __sk_free+0xb4/0x110
[1008707.043377]  inet_release+0x42/0x80
[1008707.051415]  __sock_release+0x3d/0xb0
[1008707.060923]  sock_close+0x11/0x20
[1008707.068436]  __fput+0x95/0x240
[1008707.076094]  task_work_run+0x65/0xa0
[1008707.083523]  exit_to_user_mode_prepare+0x11c/0x120
[1008707.095301]  syscall_exit_to_user_mode+0x28/0x150
[1008707.103467]  entry_SYSCALL_64_after_hwframe+0x61/0xc6
[1008707.115987] RIP: 0033:0x7f354cbe06a7
[1008707.123406] Code: 44 00 00 48 8b 15 e9 d7 0d 00 f7 d8 64 89 02 b8 ff ff ff ff eb bc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 8b 15 b9 d7 0d 00 f7 d8 64 89 02 b8
[1008707.159034] RSP: 002b:00007ffc01a2a468 EFLAGS: 00000217 ORIG_RAX: 0000000000000003
[1008707.180470] RAX: 0000000000000000 RBX: 00007ffc01a2a4d8 RCX: 00007f354cbe06a7
[1008707.203090] RDX: 0000000000000000 RSI: 000055e67d4e1dc8 RDI: 0000000000000004
[1008707.217432] RBP: 00007ffc01a2aab0 R08: 0000000000000000 R09: 0000000000000000
[1008707.231115] R10: 0000000000000005 R11: 0000000000000217 R12: 000055e67d4e3c00
[1008707.259739] R13: 0000000000000002 R14: 0000000000000004 R15: 000000000000000a
[1008707.275284] Modules linked in: can(OE) xt_conntrack nft_chain_nat xt_MASQUERADE nf_nat nf_conntrack_netlink nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xfrm_user xfrm_algo nft_counter xt_addrtype nft_compat nf_tables nfnetlink br_netfilter bridge stp llc overlay intel_rapl_msr intel_rapl_common iosf_mbi crct10dif_pclmul crc32_pclmul ghash_clmulni_intel nls_ascii nls_cp437 aesni_intel vfat fat crypto_simd cryptd glue_helper rapl evdev serio_raw button fuse configfs ip_tables x_tables autofs4 btrfs blake2b_generic xor zstd_compress raid6_pq libcrc32c ata_generic ata_piix libata xen_netfront xen_blkfront crc32c_intel scsi_mod
[1008707.414015] ---[ end trace 1c83027d0e08cde6 ]---
[1008707.441639] RIP: 0010:netlink_has_listeners+0x72/0x80
[1008707.452830] Code: e8 43 4e 9d ff 44 89 e0 41 5c c3 cc cc cc cc 45 31 e4 48 0f a3 72 10 41 0f 92 c4 e8 28 4e 9d ff 44 89 e0 41 5c c3 cc cc cc cc <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 90 0f 1f 44 00 00 41 54 41
[1008707.531310] RSP: 0018:ffffa4598044fe68 EFLAGS: 00010202
[1008707.544856] RAX: 0000000000000001 RBX: ffff926d42e4bdc0 RCX: ffffffffbce18580
[1008707.565789] RDX: 00000000000000ff RSI: 0000000000000004 RDI: ffff926d44e449c0
[1008707.582928] RBP: ffff926d42141e00 R08: ffff926d42141f4c R09: ffff926d42e4be40
[1008707.596606] R10: 0000000000000008 R11: ffff926d4251b610 R12: 0000000000000000
[1008707.613234] R13: ffff926d411c9920 R14: ffff926d80412900 R15: 0000000000000000
[1008707.628982] FS:  00007f354c6fb900(0000) GS:ffff926dbda00000(0000) knlGS:0000000000000000
[1008707.645206] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[1008707.657319] CR2: 00007f354ccc3420 CR3: 0000000003c06004 CR4: 00000000001706b0
For reference, these are the steps I followed to build the modules:

Code: Select all

wget http://deb.debian.org/debian/pool/main/l/linux/linux_5.10.140-1.dsc
wget http://deb.debian.org/debian/pool/main/l/linux/linux_5.10.140.orig.tar.xz
wget http://deb.debian.org/debian/pool/main/l/linux/linux_5.10.140-1.debian.tar.xz
dpkg-source -x linux_5.10.140-1.dsc
cd linux_5.10.140/
KERNEL_VERSION=$(cut -d ' ' -f 3 < /proc/version)
cp -v "/boot/config-${KERNEL_VERSION}" ".config"
cp /usr/src/linux-headers-$(uname -r)/Module.symvers .
make menuconfig # (add can + vcan)
make modules_prepare
make -C $PWD M=$PWD/net/can/
sudo make -C $PWD M=$PWD/net/can/ modules_install
make -C $PWD M=$PWD/drivers/net/can/
sudo make -C $PWD M=$PWD/drivers/net/can/ modules_install
sudo depmod -a
One thing I noticed is that the modules_install make step places the modules in `/lib/modules/5.10.140/...` instead of `/lib/modules/5.10.0-18-cloud-amd64/`, which leads me to believe that I'm compiling for the wrong kernel version. However, my understanding is that 5.10.0-18-cloud-amd64 is just 5.10.140 with some config changes

Any help/advice would be greatly appreciated!

codejp3
Posts: 24
Joined: 2022-12-28 06:29
Been thanked: 2 times

Re: [Software] Building kernel module for cloud image

#2 Post by codejp3 »

While I'm not familiar with the cloud image you are compiling for, but invalid opcode: 0000 indicates that it tried to execute a NULL instead of a proper pointer to a function to actually do something. SMP PTI indicates that it is an issue with Page Table Isolation (hardening for the Spectre/Meltdown vulnerability).

Looking at the code on and around line 1363 in net/netlink/af_netlink.c for kernel 5.10.140

it's intentionally kicking out the kernel bug on:

Code: Select all

BUG_ON(!netlink_is_kernel(sk));
It appears as though the current socket passed is not the kernel owner, and therefore kicks out the kernel bug instead of actually doing anything.

You may need to pass a kernel parameter, possibly "nopti" or "pti-off" to disable the Page Table Isolation protection, or drastically with "mitigations=off" to disable ALL protections (highly advise against this).

It will lessen the security of the kernel, but it should get past this kernel bug.

Post Reply