| 2013-02-14 22:08:32 |
Christian Kujau |
bug |
|
|
added bug |
| 2013-02-14 22:09:09 |
Christian Kujau |
description |
Every time the kernel is upgraded and initrd is regenerated, some modules are loaded. These modules are not necessary for the system to run, take up memory and may even enlarge the attack surface when (security-)issues were to be found in these modules.
How to reproduce on this Amazon EC2 instance:
--------------------------------------------------------------------------------------------------
# lsmod
[nothing]
# dpkg-reconfigure linux-image-3.2.0-38-virtual
Running depmod.
update-initramfs: deferring update (hook will be called later)
Examining /etc/kernel/postinst.d.
run-parts: executing /etc/kernel/postinst.d/apt-auto-removal 3.2.0-38-virtual /boot/vmlinuz-3.2.0-38-virtual
run-parts: executing /etc/kernel/postinst.d/initramfs-tools 3.2.0-38-virtual /boot/vmlinuz-3.2.0-38-virtual
update-initramfs: Generating /boot/initrd.img-3.2.0-38-virtual
run-parts: executing /etc/kernel/postinst.d/x-grub-legacy-ec2 3.2.0-38-virtual /boot/vmlinuz-3.2.0-38-virtual
Searching for GRUB installation directory ... found: /boot/grub
Searching for default file ... found: /boot/grub/default
Testing for an existing GRUB menu.lst file ... found: /boot/grub/menu.lst
Searching for splash image ... none found, skipping ...
Found kernel: /boot/vmlinuz-3.2.0-38-virtual
Updating /boot/grub/menu.lst ... done
run-parts: executing /etc/kernel/postinst.d/zz-update-grub 3.2.0-38-virtual /boot/vmlinuz-3.2.0-38-virtual
Generating grub.cfg ...
cat: /boot/grub/video.lst: No such file or directory
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition device /dev/xvda1.
Found linux image: /boot/vmlinuz-3.2.0-38-virtual
Found initrd image: /boot/initrd.img-3.2.0-38-virtual
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition device /dev/xvda1.
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition device /dev/xvda1.
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition device /dev/xvda1.
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition device /dev/xvda1.
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition device /dev/xvda1.
done
# lsmod
Module Size Used by
btrfs 638248 0
zlib_deflate 26622 1 btrfs
libcrc32c 12543 1 btrfs
ufs 78131 0
vfat 17308 0
msdos 17132 0
fat 55605 2 vfat,msdos
xfs 747494 0
ext2 67987 0
# grep -r ^[a-zA-Z] /etc/modules /etc/initramfs-tools/ /etc/modprobe.d/ | grep -v blacklist
/etc/initramfs-tools/initramfs.conf:MODULES=list
/etc/initramfs-tools/initramfs.conf:BUSYBOX=y
/etc/initramfs-tools/initramfs.conf:COMPCACHE_SIZE=""
/etc/initramfs-tools/initramfs.conf:COMPRESS=gzip
/etc/initramfs-tools/initramfs.conf:BOOT=local
/etc/initramfs-tools/initramfs.conf:DEVICE=
/etc/initramfs-tools/initramfs.conf:NFSROOT=auto
/etc/initramfs-tools/update-initramfs.conf:update_initramfs=yes
/etc/initramfs-tools/update-initramfs.conf:backup_initramfs=no
# grep ^b /etc/modprobe.d/local.conf
blacklist btrfs
blacklist zlib_deflate
blacklist libcrc32c
blacklist crc32c
blacklist ufs
blacklist qnx4
blacklist hfsplus
blacklist hfs
blacklist minix
blacklist ntfs
blacklist vfat
blacklist msdos
blacklist fat
blacklist dm_crypt
--------------------------------------------------------------------------------------------------
Interestingly, none of these modules are included in the resulting initrd:
# gzip -dc /boot/initrd* | cpio -it | grep kernel/
lib/modules/3.2.0-38-virtual/kernel/drivers
lib/modules/3.2.0-38-virtual/kernel/drivers/video
lib/modules/3.2.0-38-virtual/kernel/drivers/video/vga16fb.ko
lib/modules/3.2.0-38-virtual/kernel/drivers/video/vgastate.ko
lib/modules/3.2.0-38-virtual/kernel/drivers/video/vesafb.ko
lib/modules/3.2.0-38-virtual/kernel/drivers/md
lib/modules/3.2.0-38-virtual/kernel/drivers/md/dm-crypt.ko
lib/modules/3.2.0-38-virtual/kernel/crypto
lib/modules/3.2.0-38-virtual/kernel/crypto/xts.ko
lib/modules/3.2.0-38-virtual/kernel/crypto/gf128mul.ko
lib/modules/3.2.0-38-virtual/kernel/arch
lib/modules/3.2.0-38-virtual/kernel/arch/x86
lib/modules/3.2.0-38-virtual/kernel/arch/x86/crypto
lib/modules/3.2.0-38-virtual/kernel/arch/x86/crypto/aes-i586.ko
10837 blocks
Note: executing "update-initramfs -u -k `uname -r`" alone does NOT load these modules!
Workaround:
Running "rmmod btrfs zlib_deflate libcrc32c ufs vfat msdos fat xfs ext2" after every kernel upgrade. |
Every time the kernel is upgraded and initrd is regenerated, some modules are loaded. These modules are not necessary for the system to run, take up memory and may even enlarge the attack surface when (security-)issues were to be found in these modules.
How to reproduce on this Amazon EC2 instance:
--------------------------------------------------------------------------# lsmod
[nothing]
# dpkg-reconfigure linux-image-3.2.0-38-virtual
Running depmod.
update-initramfs: deferring update (hook will be called later)
Examining /etc/kernel/postinst.d.
run-parts: executing /etc/kernel/postinst.d/apt-auto-removal 3.2.0-38-virtual /boot/vmlinuz-3.2.0-38-virtual
run-parts: executing /etc/kernel/postinst.d/initramfs-tools 3.2.0-38-virtual /boot/vmlinuz-3.2.0-38-virtual
update-initramfs: Generating /boot/initrd.img-3.2.0-38-virtual
run-parts: executing /etc/kernel/postinst.d/x-grub-legacy-ec2 3.2.0-38-virtual /boot/vmlinuz-3.2.0-38-virtual
Searching for GRUB installation directory ... found: /boot/grub
Searching for default file ... found: /boot/grub/default
Testing for an existing GRUB menu.lst file ... found: /boot/grub/menu.lst
Searching for splash image ... none found, skipping ...
Found kernel: /boot/vmlinuz-3.2.0-38-virtual
Updating /boot/grub/menu.lst ... done
run-parts: executing /etc/kernel/postinst.d/zz-update-grub 3.2.0-38-virtual /boot/vmlinuz-3.2.0-38-virtual
Generating grub.cfg ...
cat: /boot/grub/video.lst: No such file or directory
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition device /dev/xvda1.
Found linux image: /boot/vmlinuz-3.2.0-38-virtual
Found initrd image: /boot/initrd.img-3.2.0-38-virtual
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition device /dev/xvda1.
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition device /dev/xvda1.
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition device /dev/xvda1.
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition device /dev/xvda1.
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition device /dev/xvda1.
done
# lsmod
Module Size Used by
btrfs 638248 0
zlib_deflate 26622 1 btrfs
libcrc32c 12543 1 btrfs
ufs 78131 0
vfat 17308 0
msdos 17132 0
fat 55605 2 vfat,msdos
xfs 747494 0
ext2 67987 0
# grep -r ^[a-zA-Z] /etc/modules /etc/initramfs-tools/ /etc/modprobe.d/ | grep -v blacklist
/etc/initramfs-tools/initramfs.conf:MODULES=list
/etc/initramfs-tools/initramfs.conf:BUSYBOX=y
/etc/initramfs-tools/initramfs.conf:COMPCACHE_SIZE=""
/etc/initramfs-tools/initramfs.conf:COMPRESS=gzip
/etc/initramfs-tools/initramfs.conf:BOOT=local
/etc/initramfs-tools/initramfs.conf:DEVICE=
/etc/initramfs-tools/initramfs.conf:NFSROOT=auto
/etc/initramfs-tools/update-initramfs.conf:update_initramfs=yes
/etc/initramfs-tools/update-initramfs.conf:backup_initramfs=no
# grep ^b /etc/modprobe.d/local.conf
blacklist btrfs
blacklist zlib_deflate
blacklist libcrc32c
blacklist crc32c
blacklist ufs
blacklist qnx4
blacklist hfsplus
blacklist hfs
blacklist minix
blacklist ntfs
blacklist vfat
blacklist msdos
blacklist fat
blacklist dm_crypt
--------------------------------------------------------------------------
Interestingly, none of these modules are included in the resulting initrd:
# gzip -dc /boot/initrd* | cpio -it | grep kernel/
lib/modules/3.2.0-38-virtual/kernel/drivers
lib/modules/3.2.0-38-virtual/kernel/drivers/video
lib/modules/3.2.0-38-virtual/kernel/drivers/video/vga16fb.ko
lib/modules/3.2.0-38-virtual/kernel/drivers/video/vgastate.ko
lib/modules/3.2.0-38-virtual/kernel/drivers/video/vesafb.ko
lib/modules/3.2.0-38-virtual/kernel/drivers/md
lib/modules/3.2.0-38-virtual/kernel/drivers/md/dm-crypt.ko
lib/modules/3.2.0-38-virtual/kernel/crypto
lib/modules/3.2.0-38-virtual/kernel/crypto/xts.ko
lib/modules/3.2.0-38-virtual/kernel/crypto/gf128mul.ko
lib/modules/3.2.0-38-virtual/kernel/arch
lib/modules/3.2.0-38-virtual/kernel/arch/x86
lib/modules/3.2.0-38-virtual/kernel/arch/x86/crypto
lib/modules/3.2.0-38-virtual/kernel/arch/x86/crypto/aes-i586.ko
10837 blocks
Note: executing "update-initramfs -u -k `uname -r`" alone does NOT load these modules!
Workaround:
Running "rmmod btrfs zlib_deflate libcrc32c ufs vfat msdos fat xfs ext2" after every kernel upgrade. |
|
| 2013-02-14 22:09:22 |
Christian Kujau |
description |
Every time the kernel is upgraded and initrd is regenerated, some modules are loaded. These modules are not necessary for the system to run, take up memory and may even enlarge the attack surface when (security-)issues were to be found in these modules.
How to reproduce on this Amazon EC2 instance:
--------------------------------------------------------------------------# lsmod
[nothing]
# dpkg-reconfigure linux-image-3.2.0-38-virtual
Running depmod.
update-initramfs: deferring update (hook will be called later)
Examining /etc/kernel/postinst.d.
run-parts: executing /etc/kernel/postinst.d/apt-auto-removal 3.2.0-38-virtual /boot/vmlinuz-3.2.0-38-virtual
run-parts: executing /etc/kernel/postinst.d/initramfs-tools 3.2.0-38-virtual /boot/vmlinuz-3.2.0-38-virtual
update-initramfs: Generating /boot/initrd.img-3.2.0-38-virtual
run-parts: executing /etc/kernel/postinst.d/x-grub-legacy-ec2 3.2.0-38-virtual /boot/vmlinuz-3.2.0-38-virtual
Searching for GRUB installation directory ... found: /boot/grub
Searching for default file ... found: /boot/grub/default
Testing for an existing GRUB menu.lst file ... found: /boot/grub/menu.lst
Searching for splash image ... none found, skipping ...
Found kernel: /boot/vmlinuz-3.2.0-38-virtual
Updating /boot/grub/menu.lst ... done
run-parts: executing /etc/kernel/postinst.d/zz-update-grub 3.2.0-38-virtual /boot/vmlinuz-3.2.0-38-virtual
Generating grub.cfg ...
cat: /boot/grub/video.lst: No such file or directory
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition device /dev/xvda1.
Found linux image: /boot/vmlinuz-3.2.0-38-virtual
Found initrd image: /boot/initrd.img-3.2.0-38-virtual
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition device /dev/xvda1.
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition device /dev/xvda1.
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition device /dev/xvda1.
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition device /dev/xvda1.
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition device /dev/xvda1.
done
# lsmod
Module Size Used by
btrfs 638248 0
zlib_deflate 26622 1 btrfs
libcrc32c 12543 1 btrfs
ufs 78131 0
vfat 17308 0
msdos 17132 0
fat 55605 2 vfat,msdos
xfs 747494 0
ext2 67987 0
# grep -r ^[a-zA-Z] /etc/modules /etc/initramfs-tools/ /etc/modprobe.d/ | grep -v blacklist
/etc/initramfs-tools/initramfs.conf:MODULES=list
/etc/initramfs-tools/initramfs.conf:BUSYBOX=y
/etc/initramfs-tools/initramfs.conf:COMPCACHE_SIZE=""
/etc/initramfs-tools/initramfs.conf:COMPRESS=gzip
/etc/initramfs-tools/initramfs.conf:BOOT=local
/etc/initramfs-tools/initramfs.conf:DEVICE=
/etc/initramfs-tools/initramfs.conf:NFSROOT=auto
/etc/initramfs-tools/update-initramfs.conf:update_initramfs=yes
/etc/initramfs-tools/update-initramfs.conf:backup_initramfs=no
# grep ^b /etc/modprobe.d/local.conf
blacklist btrfs
blacklist zlib_deflate
blacklist libcrc32c
blacklist crc32c
blacklist ufs
blacklist qnx4
blacklist hfsplus
blacklist hfs
blacklist minix
blacklist ntfs
blacklist vfat
blacklist msdos
blacklist fat
blacklist dm_crypt
--------------------------------------------------------------------------
Interestingly, none of these modules are included in the resulting initrd:
# gzip -dc /boot/initrd* | cpio -it | grep kernel/
lib/modules/3.2.0-38-virtual/kernel/drivers
lib/modules/3.2.0-38-virtual/kernel/drivers/video
lib/modules/3.2.0-38-virtual/kernel/drivers/video/vga16fb.ko
lib/modules/3.2.0-38-virtual/kernel/drivers/video/vgastate.ko
lib/modules/3.2.0-38-virtual/kernel/drivers/video/vesafb.ko
lib/modules/3.2.0-38-virtual/kernel/drivers/md
lib/modules/3.2.0-38-virtual/kernel/drivers/md/dm-crypt.ko
lib/modules/3.2.0-38-virtual/kernel/crypto
lib/modules/3.2.0-38-virtual/kernel/crypto/xts.ko
lib/modules/3.2.0-38-virtual/kernel/crypto/gf128mul.ko
lib/modules/3.2.0-38-virtual/kernel/arch
lib/modules/3.2.0-38-virtual/kernel/arch/x86
lib/modules/3.2.0-38-virtual/kernel/arch/x86/crypto
lib/modules/3.2.0-38-virtual/kernel/arch/x86/crypto/aes-i586.ko
10837 blocks
Note: executing "update-initramfs -u -k `uname -r`" alone does NOT load these modules!
Workaround:
Running "rmmod btrfs zlib_deflate libcrc32c ufs vfat msdos fat xfs ext2" after every kernel upgrade. |
Every time the kernel is upgraded and initrd is regenerated, some modules are loaded. These modules are not necessary for the system to run, take up memory and may even enlarge the attack surface when (security-)issues were to be found in these modules.
How to reproduce on this Amazon EC2 instance:
--------------------------------------------------------------------------
# lsmod
[nothing]
# dpkg-reconfigure linux-image-3.2.0-38-virtual
Running depmod.
update-initramfs: deferring update (hook will be called later)
Examining /etc/kernel/postinst.d.
run-parts: executing /etc/kernel/postinst.d/apt-auto-removal 3.2.0-38-virtual /boot/vmlinuz-3.2.0-38-virtual
run-parts: executing /etc/kernel/postinst.d/initramfs-tools 3.2.0-38-virtual /boot/vmlinuz-3.2.0-38-virtual
update-initramfs: Generating /boot/initrd.img-3.2.0-38-virtual
run-parts: executing /etc/kernel/postinst.d/x-grub-legacy-ec2 3.2.0-38-virtual /boot/vmlinuz-3.2.0-38-virtual
Searching for GRUB installation directory ... found: /boot/grub
Searching for default file ... found: /boot/grub/default
Testing for an existing GRUB menu.lst file ... found: /boot/grub/menu.lst
Searching for splash image ... none found, skipping ...
Found kernel: /boot/vmlinuz-3.2.0-38-virtual
Updating /boot/grub/menu.lst ... done
run-parts: executing /etc/kernel/postinst.d/zz-update-grub 3.2.0-38-virtual /boot/vmlinuz-3.2.0-38-virtual
Generating grub.cfg ...
cat: /boot/grub/video.lst: No such file or directory
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition device /dev/xvda1.
Found linux image: /boot/vmlinuz-3.2.0-38-virtual
Found initrd image: /boot/initrd.img-3.2.0-38-virtual
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition device /dev/xvda1.
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition device /dev/xvda1.
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition device /dev/xvda1.
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition device /dev/xvda1.
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition device /dev/xvda1.
done
# lsmod
Module Size Used by
btrfs 638248 0
zlib_deflate 26622 1 btrfs
libcrc32c 12543 1 btrfs
ufs 78131 0
vfat 17308 0
msdos 17132 0
fat 55605 2 vfat,msdos
xfs 747494 0
ext2 67987 0
# grep -r ^[a-zA-Z] /etc/modules /etc/initramfs-tools/ /etc/modprobe.d/ | grep -v blacklist
/etc/initramfs-tools/initramfs.conf:MODULES=list
/etc/initramfs-tools/initramfs.conf:BUSYBOX=y
/etc/initramfs-tools/initramfs.conf:COMPCACHE_SIZE=""
/etc/initramfs-tools/initramfs.conf:COMPRESS=gzip
/etc/initramfs-tools/initramfs.conf:BOOT=local
/etc/initramfs-tools/initramfs.conf:DEVICE=
/etc/initramfs-tools/initramfs.conf:NFSROOT=auto
/etc/initramfs-tools/update-initramfs.conf:update_initramfs=yes
/etc/initramfs-tools/update-initramfs.conf:backup_initramfs=no
# grep ^b /etc/modprobe.d/local.conf
blacklist btrfs
blacklist zlib_deflate
blacklist libcrc32c
blacklist crc32c
blacklist ufs
blacklist qnx4
blacklist hfsplus
blacklist hfs
blacklist minix
blacklist ntfs
blacklist vfat
blacklist msdos
blacklist fat
blacklist dm_crypt
--------------------------------------------------------------------------
Interestingly, none of these modules are included in the resulting initrd:
# gzip -dc /boot/initrd* | cpio -it | grep kernel/
lib/modules/3.2.0-38-virtual/kernel/drivers
lib/modules/3.2.0-38-virtual/kernel/drivers/video
lib/modules/3.2.0-38-virtual/kernel/drivers/video/vga16fb.ko
lib/modules/3.2.0-38-virtual/kernel/drivers/video/vgastate.ko
lib/modules/3.2.0-38-virtual/kernel/drivers/video/vesafb.ko
lib/modules/3.2.0-38-virtual/kernel/drivers/md
lib/modules/3.2.0-38-virtual/kernel/drivers/md/dm-crypt.ko
lib/modules/3.2.0-38-virtual/kernel/crypto
lib/modules/3.2.0-38-virtual/kernel/crypto/xts.ko
lib/modules/3.2.0-38-virtual/kernel/crypto/gf128mul.ko
lib/modules/3.2.0-38-virtual/kernel/arch
lib/modules/3.2.0-38-virtual/kernel/arch/x86
lib/modules/3.2.0-38-virtual/kernel/arch/x86/crypto
lib/modules/3.2.0-38-virtual/kernel/arch/x86/crypto/aes-i586.ko
10837 blocks
Note: executing "update-initramfs -u -k `uname -r`" alone does NOT load these modules!
Workaround:
Running "rmmod btrfs zlib_deflate libcrc32c ufs vfat msdos fat xfs ext2" after every kernel upgrade. |
|
| 2013-02-14 22:31:01 |
Brad Figg |
linux (Ubuntu): status |
New |
Incomplete |
|
| 2013-02-14 22:31:03 |
Brad Figg |
tags |
|
precise |
|
| 2013-02-15 00:04:47 |
Christian Kujau |
tags |
precise |
apport-collected precise |
|
| 2013-02-15 00:04:48 |
Christian Kujau |
description |
Every time the kernel is upgraded and initrd is regenerated, some modules are loaded. These modules are not necessary for the system to run, take up memory and may even enlarge the attack surface when (security-)issues were to be found in these modules.
How to reproduce on this Amazon EC2 instance:
--------------------------------------------------------------------------
# lsmod
[nothing]
# dpkg-reconfigure linux-image-3.2.0-38-virtual
Running depmod.
update-initramfs: deferring update (hook will be called later)
Examining /etc/kernel/postinst.d.
run-parts: executing /etc/kernel/postinst.d/apt-auto-removal 3.2.0-38-virtual /boot/vmlinuz-3.2.0-38-virtual
run-parts: executing /etc/kernel/postinst.d/initramfs-tools 3.2.0-38-virtual /boot/vmlinuz-3.2.0-38-virtual
update-initramfs: Generating /boot/initrd.img-3.2.0-38-virtual
run-parts: executing /etc/kernel/postinst.d/x-grub-legacy-ec2 3.2.0-38-virtual /boot/vmlinuz-3.2.0-38-virtual
Searching for GRUB installation directory ... found: /boot/grub
Searching for default file ... found: /boot/grub/default
Testing for an existing GRUB menu.lst file ... found: /boot/grub/menu.lst
Searching for splash image ... none found, skipping ...
Found kernel: /boot/vmlinuz-3.2.0-38-virtual
Updating /boot/grub/menu.lst ... done
run-parts: executing /etc/kernel/postinst.d/zz-update-grub 3.2.0-38-virtual /boot/vmlinuz-3.2.0-38-virtual
Generating grub.cfg ...
cat: /boot/grub/video.lst: No such file or directory
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition device /dev/xvda1.
Found linux image: /boot/vmlinuz-3.2.0-38-virtual
Found initrd image: /boot/initrd.img-3.2.0-38-virtual
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition device /dev/xvda1.
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition device /dev/xvda1.
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition device /dev/xvda1.
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition device /dev/xvda1.
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition device /dev/xvda1.
done
# lsmod
Module Size Used by
btrfs 638248 0
zlib_deflate 26622 1 btrfs
libcrc32c 12543 1 btrfs
ufs 78131 0
vfat 17308 0
msdos 17132 0
fat 55605 2 vfat,msdos
xfs 747494 0
ext2 67987 0
# grep -r ^[a-zA-Z] /etc/modules /etc/initramfs-tools/ /etc/modprobe.d/ | grep -v blacklist
/etc/initramfs-tools/initramfs.conf:MODULES=list
/etc/initramfs-tools/initramfs.conf:BUSYBOX=y
/etc/initramfs-tools/initramfs.conf:COMPCACHE_SIZE=""
/etc/initramfs-tools/initramfs.conf:COMPRESS=gzip
/etc/initramfs-tools/initramfs.conf:BOOT=local
/etc/initramfs-tools/initramfs.conf:DEVICE=
/etc/initramfs-tools/initramfs.conf:NFSROOT=auto
/etc/initramfs-tools/update-initramfs.conf:update_initramfs=yes
/etc/initramfs-tools/update-initramfs.conf:backup_initramfs=no
# grep ^b /etc/modprobe.d/local.conf
blacklist btrfs
blacklist zlib_deflate
blacklist libcrc32c
blacklist crc32c
blacklist ufs
blacklist qnx4
blacklist hfsplus
blacklist hfs
blacklist minix
blacklist ntfs
blacklist vfat
blacklist msdos
blacklist fat
blacklist dm_crypt
--------------------------------------------------------------------------
Interestingly, none of these modules are included in the resulting initrd:
# gzip -dc /boot/initrd* | cpio -it | grep kernel/
lib/modules/3.2.0-38-virtual/kernel/drivers
lib/modules/3.2.0-38-virtual/kernel/drivers/video
lib/modules/3.2.0-38-virtual/kernel/drivers/video/vga16fb.ko
lib/modules/3.2.0-38-virtual/kernel/drivers/video/vgastate.ko
lib/modules/3.2.0-38-virtual/kernel/drivers/video/vesafb.ko
lib/modules/3.2.0-38-virtual/kernel/drivers/md
lib/modules/3.2.0-38-virtual/kernel/drivers/md/dm-crypt.ko
lib/modules/3.2.0-38-virtual/kernel/crypto
lib/modules/3.2.0-38-virtual/kernel/crypto/xts.ko
lib/modules/3.2.0-38-virtual/kernel/crypto/gf128mul.ko
lib/modules/3.2.0-38-virtual/kernel/arch
lib/modules/3.2.0-38-virtual/kernel/arch/x86
lib/modules/3.2.0-38-virtual/kernel/arch/x86/crypto
lib/modules/3.2.0-38-virtual/kernel/arch/x86/crypto/aes-i586.ko
10837 blocks
Note: executing "update-initramfs -u -k `uname -r`" alone does NOT load these modules!
Workaround:
Running "rmmod btrfs zlib_deflate libcrc32c ufs vfat msdos fat xfs ext2" after every kernel upgrade. |
Every time the kernel is upgraded and initrd is regenerated, some modules are loaded. These modules are not necessary for the system to run, take up memory and may even enlarge the attack surface when (security-)issues were to be found in these modules.
How to reproduce on this Amazon EC2 instance:
--------------------------------------------------------------------------
# lsmod
[nothing]
# dpkg-reconfigure linux-image-3.2.0-38-virtual
Running depmod.
update-initramfs: deferring update (hook will be called later)
Examining /etc/kernel/postinst.d.
run-parts: executing /etc/kernel/postinst.d/apt-auto-removal 3.2.0-38-virtual /boot/vmlinuz-3.2.0-38-virtual
run-parts: executing /etc/kernel/postinst.d/initramfs-tools 3.2.0-38-virtual /boot/vmlinuz-3.2.0-38-virtual
update-initramfs: Generating /boot/initrd.img-3.2.0-38-virtual
run-parts: executing /etc/kernel/postinst.d/x-grub-legacy-ec2 3.2.0-38-virtual /boot/vmlinuz-3.2.0-38-virtual
Searching for GRUB installation directory ... found: /boot/grub
Searching for default file ... found: /boot/grub/default
Testing for an existing GRUB menu.lst file ... found: /boot/grub/menu.lst
Searching for splash image ... none found, skipping ...
Found kernel: /boot/vmlinuz-3.2.0-38-virtual
Updating /boot/grub/menu.lst ... done
run-parts: executing /etc/kernel/postinst.d/zz-update-grub 3.2.0-38-virtual /boot/vmlinuz-3.2.0-38-virtual
Generating grub.cfg ...
cat: /boot/grub/video.lst: No such file or directory
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition device /dev/xvda1.
Found linux image: /boot/vmlinuz-3.2.0-38-virtual
Found initrd image: /boot/initrd.img-3.2.0-38-virtual
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition device /dev/xvda1.
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition device /dev/xvda1.
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition device /dev/xvda1.
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition device /dev/xvda1.
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition device /dev/xvda1.
done
# lsmod
Module Size Used by
btrfs 638248 0
zlib_deflate 26622 1 btrfs
libcrc32c 12543 1 btrfs
ufs 78131 0
vfat 17308 0
msdos 17132 0
fat 55605 2 vfat,msdos
xfs 747494 0
ext2 67987 0
# grep -r ^[a-zA-Z] /etc/modules /etc/initramfs-tools/ /etc/modprobe.d/ | grep -v blacklist
/etc/initramfs-tools/initramfs.conf:MODULES=list
/etc/initramfs-tools/initramfs.conf:BUSYBOX=y
/etc/initramfs-tools/initramfs.conf:COMPCACHE_SIZE=""
/etc/initramfs-tools/initramfs.conf:COMPRESS=gzip
/etc/initramfs-tools/initramfs.conf:BOOT=local
/etc/initramfs-tools/initramfs.conf:DEVICE=
/etc/initramfs-tools/initramfs.conf:NFSROOT=auto
/etc/initramfs-tools/update-initramfs.conf:update_initramfs=yes
/etc/initramfs-tools/update-initramfs.conf:backup_initramfs=no
# grep ^b /etc/modprobe.d/local.conf
blacklist btrfs
blacklist zlib_deflate
blacklist libcrc32c
blacklist crc32c
blacklist ufs
blacklist qnx4
blacklist hfsplus
blacklist hfs
blacklist minix
blacklist ntfs
blacklist vfat
blacklist msdos
blacklist fat
blacklist dm_crypt
--------------------------------------------------------------------------
Interestingly, none of these modules are included in the resulting initrd:
# gzip -dc /boot/initrd* | cpio -it | grep kernel/
lib/modules/3.2.0-38-virtual/kernel/drivers
lib/modules/3.2.0-38-virtual/kernel/drivers/video
lib/modules/3.2.0-38-virtual/kernel/drivers/video/vga16fb.ko
lib/modules/3.2.0-38-virtual/kernel/drivers/video/vgastate.ko
lib/modules/3.2.0-38-virtual/kernel/drivers/video/vesafb.ko
lib/modules/3.2.0-38-virtual/kernel/drivers/md
lib/modules/3.2.0-38-virtual/kernel/drivers/md/dm-crypt.ko
lib/modules/3.2.0-38-virtual/kernel/crypto
lib/modules/3.2.0-38-virtual/kernel/crypto/xts.ko
lib/modules/3.2.0-38-virtual/kernel/crypto/gf128mul.ko
lib/modules/3.2.0-38-virtual/kernel/arch
lib/modules/3.2.0-38-virtual/kernel/arch/x86
lib/modules/3.2.0-38-virtual/kernel/arch/x86/crypto
lib/modules/3.2.0-38-virtual/kernel/arch/x86/crypto/aes-i586.ko
10837 blocks
Note: executing "update-initramfs -u -k `uname -r`" alone does NOT load these modules!
Workaround:
Running "rmmod btrfs zlib_deflate libcrc32c ufs vfat msdos fat xfs ext2" after every kernel upgrade.
---
AcpiTables:
AlsaDevices:
total 0
crw-rw---T 1 root audio 116, 1 Feb 8 15:01 seq
crw-rw---T 1 root audio 116, 33 Feb 8 15:01 timer
AplayDevices: Error: [Errno 2] No such file or directory
ApportVersion: 2.0.1-0ubuntu17.1
Architecture: i386
ArecordDevices: Error: [Errno 2] No such file or directory
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
CRDA: Error: [Errno 2] No such file or directory
DistroRelease: Ubuntu 12.04
IwConfig: Error: [Errno 2] No such file or directory
Lspci: Error: [Errno 2] No such file or directory
Lsusb: Error: [Errno 2] No such file or directory
MarkForUpload: True
Package: linux (not installed)
PciMultimedia:
ProcEnviron:
TERM=xterm-color
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcFB:
ProcKernelCmdLine: root=UUID=0145b26e-0d12-45a8-b22e-fc09c1eb2904 ro console=hvc0
ProcModules:
ProcVersionSignature: Ubuntu 3.2.0-38.59-virtual 3.2.37
RelatedPackageVersions:
linux-restricted-modules-3.2.0-38-virtual N/A
linux-backports-modules-3.2.0-38-virtual N/A
linux-firmware 1.79.2
RfKill: Error: [Errno 2] No such file or directory
Tags: precise
Uname: Linux 3.2.0-38-virtual i686
UpgradeStatus: Upgraded to precise on 2012-08-21 (177 days ago)
UserGroups:
WifiSyslog: |
|
| 2013-02-15 00:04:49 |
Christian Kujau |
attachment added |
|
BootDmesg.txt https://bugs.launchpad.net/bugs/1125597/+attachment/3529252/+files/BootDmesg.txt |
|
| 2013-02-15 00:04:50 |
Christian Kujau |
attachment added |
|
CurrentDmesg.txt https://bugs.launchpad.net/bugs/1125597/+attachment/3529253/+files/CurrentDmesg.txt |
|
| 2013-02-15 00:04:52 |
Christian Kujau |
attachment added |
|
ProcCpuinfo.txt https://bugs.launchpad.net/bugs/1125597/+attachment/3529254/+files/ProcCpuinfo.txt |
|
| 2013-02-15 00:04:53 |
Christian Kujau |
attachment added |
|
ProcInterrupts.txt https://bugs.launchpad.net/bugs/1125597/+attachment/3529255/+files/ProcInterrupts.txt |
|
| 2013-02-15 00:04:55 |
Christian Kujau |
attachment added |
|
UdevDb.txt https://bugs.launchpad.net/bugs/1125597/+attachment/3529256/+files/UdevDb.txt |
|
| 2013-02-15 00:04:57 |
Christian Kujau |
attachment added |
|
UdevLog.txt https://bugs.launchpad.net/bugs/1125597/+attachment/3529257/+files/UdevLog.txt |
|
| 2013-02-15 00:05:20 |
Christian Kujau |
linux (Ubuntu): status |
Incomplete |
Confirmed |
|
| 2013-02-15 15:47:47 |
Joseph Salisbury |
linux (Ubuntu): importance |
Undecided |
Medium |
|
