On 2023-06-01 02:06, Greg KH wrote:
On Wed, May 31, 2023 at 10:12:40PM -0400, Luiz Capitulino wrote:Hi Paul, A number of stable kernels recently backported this upstream commit: """ commit 4ce1f694eb5d8ca607fed8542d32a33b4f1217a5 Author: Paul Moore <paul@xxxxxxxxxxxxxx> Date: Wed Apr 12 13:29:11 2023 -0400 selinux: ensure av_permissions.h is built when needed """ We're seeing a build issue with this commit where the "crash" tool will fail to start, it complains that the vmlinux image and /proc/version don't match. A minimum reproducer would be having "make" version before 4.3 and building the kernel with: $ make bzImages $ make modules Then compare the version strings in the bzImage and vmlinux images, we can use "strings" for this. For example, in the 5.10.181 kernel I get: $ strings vmlinux | egrep '^Linux version' Linux version 5.10.181 (ec2-user@ip-172-31-79-134.ec2.internal) (gcc (GCC) 7.3.1 20180712 (Red Hat 7.3.1-15), GNU ld version 2.29.1-31.amzn2) #2 SMP Thu Jun 1 01:26:38 UTC 2023 $ strings ./arch/x86_64/boot/bzImage | egrep 'ld version' 5.10.181 (ec2-user@ip-172-31-79-134.ec2.internal) (gcc (GCC) 7.3.1 20180712 (Red Hat 7.3.1-15), GNU ld version 2.29.1-31.amzn2) #1 SMP Thu Jun 1 01:23:59 UTC 2023 The version string in the bzImage doesn't have the "Linux version" part, but I think this is added by the kernel when printing. If you compare the strings, you'll see that they have a different build date and the "#1" and "#2" are different. This only happens with commit 4ce1f694eb5 applied and older "make", in my case I have "make" version 3.82. If I revert 4ce1f694eb5 or use "make" version 4.3 I get identical strings (except for the "Linux version" part): $ strings vmlinux | egrep '^Linux version' Linux version 5.10.181+ (ec2-user@ip-172-31-79-134.ec2.internal) (gcc (GCC) 7.3.1 20180712 (Red Hat 7.3.1-15), GNU ld version 2.29.1-31.amzn2) #1 SMP Thu Jun 1 01:29:11 UTC 2023 $ strings ./arch/x86_64/boot/bzImage | egrep 'ld version' 5.10.181+ (ec2-user@ip-172-31-79-134.ec2.internal) (gcc (GCC) 7.3.1 20180712 (Red Hat 7.3.1-15), GNU ld version 2.29.1-31.amzn2) #1 SMP Thu Jun 1 01:29:11 UTC 2023 Maybe the grouped target usage in 4ce1f694eb5 with older "make" is causing a rebuild of the vmlinux image in "make modules"? If yes, is this expected? I'm afraid this issue could be high impact for distros with older user-space.Is this issue also in 6.4-rc1 where this change came from?
Yes. I'm reporting this here because I'm more concerned with -stable kernels since they're more likely to be running on older user-space.
What about the other stable releases?
I tested against: 6.1.31, 5.15.114, 5.10.181 they all reproduce it. I'd guess any kernel having a backport of 4ce1f694eb5d8ca607fed8542d32a33b4f1217a5 will have this. One detail though, I tested once with "make binrpm-pkg" and didn't reproduce it. I think this could mean that it depends on the make targets you use to build the kernel. But "make bzImage", "make modules", "make modules_install" is pretty standard (or used to be). - Luiz
