test_095_kernel_symbols_missing_proc_modules failed with 4.15 KVM kernel

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1764980

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Hi Po-Hsu,

I'm not sure why this test is failing on linux-kvm. I've modified the test in question to dump the contents of /proc/modules when the test fails in qrt commit https://git.launchpad.net/qa-regression-testing/commit/?id=b47b677b9f99af9539558044ccdb9b4769f1732e ; if we can get a re-run of the tests with a version of qrt that includes that commit, that give me more information as to what's going wrong.

We're not seeing this with the generic kernel, so marking that invalid.

Thanks!

I've reproduced this with the 4.15 linux-kvm kernel. I'm not sure why it's doing this, though:

  ubuntu@sec-bionic-amd64:~$ sudo cat /proc/modules
  kvm_intel 200704 - - Live 0x0000000000000000
  pata_acpi 12288 - - Live 0x0000000000000000
  ubuntu@sec-bionic-amd64:~$ cat /proc/version_signature
  Ubuntu 4.15.0-1004.4-kvm 4.15.15

with the regular 4.15 kernel, on the same host:

  ubuntu@sec-bionic-amd64:~$ cat /proc/version_signature
  Ubuntu 4.15.0-15.16-generic 4.15.15
  ubuntu@sec-bionic-amd64:~$ sudo head -5 /proc/modules
  nf_conntrack_netlink 40960 0 - Live 0xffffffffc05bb000
  nf_conntrack 131072 1 nf_conntrack_netlink, Live 0xffffffffc058d000
  libcrc32c 16384 1 nf_conntrack, Live 0xffffffffc0556000
  nfnetlink 16384 6 nf_conntrack_netlink, Live 0xffffffffc054d000
  snd_hda_codec_generic 73728 1 - Live 0xffffffffc0538000

Digging around in /sys/modules, it looks like the /proc/modules/MODULE/sections/ tree isn't present in linux-kvm, which is indicating that CONFIG_KALLSYMS is not set. I *think* this is the difference that is causing the /proc/modules addresses to always be zero, at least in the 4.15 kernel, but I haven't tracked down codepaths enough to ensure that's the case.

I have checked the kernel config for 4.15 linux-kvm, it's true that:
# CONFIG_KALLSYMS is not set

Do you want me to test it with the config enabled? I can build a test kernel for this.

I've now added a check for whether CONFIG_KALLSYMS is enabled in the running kernel and adjusted the expected test results based on that, in qrt commit https://git.launchpad.net/qa-regression-testing/commit/?id=cde457932459a525c75126db8a8d4b7262d4da24 . This should address this failing test case, though it may need to be modified to take into account differing behavior for the 4.4 linux-kvm kernel.

Po-Hsu, sure, that would be great if you could build and test a kernel with CONFIG_KALLSYMS to check that that's actually the config option that is causing the behavior. Thanks!

Test result without CONFIG_KALLSYMS and CONFIG_KALLSYMS_ALL enabled:

ubuntu@gummo:~$ sudo cat /proc/modules
signpost 12288 - - Live 0x0000000000000000 (OE)
fuse 77824 - - Live 0x0000000000000000
kvm_intel 180224 - - Live 0x0000000000000000
btrfs 819200 - - Live 0x0000000000000000
xor 20480 - - Live 0x0000000000000000
zstd_decompress 77824 - - Live 0x0000000000000000
zstd_compress 159744 - - Live 0x0000000000000000
xxhash 12288 - - Live 0x0000000000000000
lzo_compress 12288 - - Live 0x0000000000000000
raid6_pq 106496 - - Live 0x0000000000000000
pata_acpi 12288 - - Live 0x0000000000000000
ubuntu@gummo:~$ cat /proc/version_signature
Ubuntu 4.15.0-1008.8-kvm 4.15.17

Test result with CONFIG_KALLSYMS and CONFIG_KALLSYMS_ALL enabled:

ubuntu@gummo:~$ sudo cat /proc/modules
fuse 94208 3 - Live 0xffffffffc0560000
kvm_intel 196608 0 - Live 0xffffffffc052f000
btrfs 913408 0 - Live 0xffffffffc044f000
xor 24576 1 btrfs, Live 0xffffffffc0444000
zstd_decompress 86016 1 btrfs, Live 0xffffffffc042a000
zstd_compress 172032 1 btrfs, Live 0xffffffffc03fb000
xxhash 16384 2 zstd_decompress,zstd_compress, Live 0xffffffffc03f4000
lzo_compress 16384 1 btrfs, Live 0xffffffffc03ef000
raid6_pq 114688 1 btrfs, Live 0xffffffffc03ce000
pata_acpi 16384 0 - Live 0xffffffffc03c6000
ubuntu@gummo:~$ cat /proc/version_signature
Ubuntu 4.15.0-1009.9-kvm 4.15.17

Looks like this config option is the cause.
I also noticed that it was enabled in Xenial KVM, which explains why it passed with it.

If you think this config should be enabled for Bionic KVM as well, I will send to patch to the mailing list.
Thanks

The test kernel can be found here:
http://people.canonical.com/~phlin/kernel/lp-1764980/

Hi Po-Hsu,

Thanks for double-checking, that's appreciated! The security team does not have an opinion on whether CONFIG_KALLSYMS and CONFIG_KALLSYMS_ALL should be enabled, from a security/hardening standpoint. It may be useful from the kernel team's perspective, to make debugging kernel oops bug reports easier.

Thanks again!

OK,
since we already have this fixed in the qa-regression-testing repo and there is no specific request from the security team, I will just leave it as-is.

Thanks for fixing this.

I have found another issue with the 4.4 KVM kernel, bug 1769054