FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian Kernel

 
 
LinkBack Thread Tools
 
Old 03-12-2010, 06:11 AM
Dennis Hoppe
 
Default Bug#573531: drbd8-modules-2.6.26-2-amd64: Can not load drbd module

Package: drbd8-modules-2.6.26-2-amd64
Version: 2.6.26+8.0.14-6+lenny1
Severity: important

*** Please type your report below this line ***

Hello,

after installing the security update for linux-image-2.6.26-2-amd
(2.6.26-21lenny4) my hole cluster was going down, because the drbd
module could not be loaded.

hotkey@beta:~$ lsmod | grep drbd

hotkey@beta:~$ sudo modprobe drbd
FATAL: Error inserting drbd
(/lib/modules/2.6.26-2-xen-amd64/extra/drbd8/drbd/drbd.ko): Unknown
symbol in module, or unknown parameter (see dmesg)

hotkey@beta:~$ sudo tail /var/log/syslog
...
Mar 12 07:59:15 beta kernel: [ 148.854821] drbd: disagrees about
version of symbol cn_add_callback
Mar 12 07:59:15 beta kernel: [ 148.854824] drbd: Unknown symbol
cn_add_callback

I decided to purge drbd8-modules-2.6.26-2-amd64 and installed
drbd8-source. After that i was able to load the drbd module.

Regards, Dennis

-- System Information:
Debian Release: 5.0.4
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-2-xen-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages drbd8-modules-2.6.26-2-amd64 depends on:
ii linux-image-2.6.26-2-amd 2.6.26-21lenny4 Linux 2.6.26 image on AMD64

drbd8-modules-2.6.26-2-amd64 recommends no packages.

drbd8-modules-2.6.26-2-amd64 suggests no packages.

-- no debconf information
 
Old 03-12-2010, 01:25 PM
Ben Hutchings
 
Default Bug#573531: drbd8-modules-2.6.26-2-amd64: Can not load drbd module

On Fri, 2010-03-12 at 08:11 +0100, Dennis Hoppe wrote:
> Package: drbd8-modules-2.6.26-2-amd64
> Version: 2.6.26+8.0.14-6+lenny1
> Severity: important
>
> *** Please type your report below this line ***
>
> Hello,
>
> after installing the security update for linux-image-2.6.26-2-amd
> (2.6.26-21lenny4) my hole cluster was going down, because the drbd
> module could not be loaded.
>
> hotkey@beta:~$ lsmod | grep drbd
>
> hotkey@beta:~$ sudo modprobe drbd
> FATAL: Error inserting drbd
> (/lib/modules/2.6.26-2-xen-amd64/extra/drbd8/drbd/drbd.ko): Unknown
> symbol in module, or unknown parameter (see dmesg)
>
> hotkey@beta:~$ sudo tail /var/log/syslog
> ...
> Mar 12 07:59:15 beta kernel: [ 148.854821] drbd: disagrees about
> version of symbol cn_add_callback
> Mar 12 07:59:15 beta kernel: [ 148.854824] drbd: Unknown symbol
> cn_add_callback
>
> I decided to purge drbd8-modules-2.6.26-2-amd64 and installed
> drbd8-source. After that i was able to load the drbd module.

This is a known bug and will be fixed shortly by security updates to
drbd8 and linux-modules-extra-2.6.

Ben.

--
Ben Hutchings
If God had intended Man to program,
we'd have been born with serial I/O ports.
 
Old 03-15-2010, 02:30 PM
David Miller
 
Default Bug#573531: drbd8-modules-2.6.26-2-amd64: Can not load drbd module

I've also been bitten by this bug - noticed it last Friday and it
doesn't seem to be fixed this morning.


Is there an ETA on a fix with packages?

Thanks,

--- David



--
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4B9E5297.3070301@metheus.org">http://lists.debian.org/4B9E5297.3070301@metheus.org
 
Old 03-15-2010, 03:56 PM
dann frazier
 
Default Bug#573531: drbd8-modules-2.6.26-2-amd64: Can not load drbd module

On Mon, Mar 15, 2010 at 11:30:31AM -0400, David Miller wrote:
> I've also been bitten by this bug - noticed it last Friday and it
> doesn't seem to be fixed this morning.
>
> Is there an ETA on a fix with packages?

Packages are now available in the security repo (an apt-get upgrade
should suffice).

I'm hoping to get a CVE ID before sending out a formal DSA.



--
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20100315165651.GA15324@lackof.org">http://lists.debian.org/20100315165651.GA15324@lackof.org
 
Old 03-15-2010, 04:15 PM
Vincendon Bruno
 
Default Bug#573531: drbd8-modules-2.6.26-2-amd64: Can not load drbd module

Hello,
what about the drbd8-modules-2.6-amd64 package ? We were happy to switch from
the "drbd8-source/ module source building" when we upgraded to Lenny...

Thank you

Le 15/03/2010 17:56, dann frazier a écrit :

On Mon, Mar 15, 2010 at 11:30:31AM -0400, David Miller wrote:

I've also been bitten by this bug - noticed it last Friday and it
doesn't seem to be fixed this morning.

Is there an ETA on a fix with packages?


Packages are now available in the security repo (an apt-get upgrade
should suffice).

I'm hoping to get a CVE ID before sending out a formal DSA.








--
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4B9E6B1A.5070805@lma.cnrs-mrs.fr">http://lists.debian.org/4B9E6B1A.5070805@lma.cnrs-mrs.fr
 
Old 03-15-2010, 04:50 PM
Moritz Muehlenhoff
 
Default Bug#573531: drbd8-modules-2.6.26-2-amd64: Can not load drbd module

On 2010-03-15, dann frazier <dannf@debian.org> wrote:
> On Mon, Mar 15, 2010 at 11:30:31AM -0400, David Miller wrote:
>> I've also been bitten by this bug - noticed it last Friday and it
>> doesn't seem to be fixed this morning.
>>
>> Is there an ETA on a fix with packages?
>
> Packages are now available in the security repo (an apt-get upgrade
> should suffice).
>
> I'm hoping to get a CVE ID before sending out a formal DSA.

Why? That should be covered by the CVE ID for the original connector
security bug.

Cheers,
Moritz


--
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: slrnhpsss2.2br.jmm@inutil.org">http://lists.debian.org/slrnhpsss2.2br.jmm@inutil.org
 
Old 03-15-2010, 05:06 PM
Ben Hutchings
 
Default Bug#573531: drbd8-modules-2.6.26-2-amd64: Can not load drbd module

On Mon, Mar 15, 2010 at 06:15:06PM +0100, Vincendon Bruno wrote:
> Hello,
> what about the drbd8-modules-2.6-amd64 package ? We were happy to switch
> from the "drbd8-source/ module source building" when we upgraded to
> Lenny...

All the drbd8 packages will be updated at the same time.

Ben.

--
Ben Hutchings
It is a miracle that curiosity survives formal education. - Albert Einstein



--
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20100315180648.GP2763@decadent.org.uk">http://lists.debian.org/20100315180648.GP2763@decadent.org.uk
 
Old 03-15-2010, 05:39 PM
Moritz Muehlenhoff
 
Default Bug#573531: drbd8-modules-2.6.26-2-amd64: Can not load drbd module

On Mon, Mar 15, 2010 at 12:13:06PM -0600, dann frazier wrote:
> On Mon, Mar 15, 2010 at 06:50:58PM +0100, Moritz Muehlenhoff wrote:
> > On 2010-03-15, dann frazier <dannf@debian.org> wrote:
> > > On Mon, Mar 15, 2010 at 11:30:31AM -0400, David Miller wrote:
> > >> I've also been bitten by this bug - noticed it last Friday and it
> > >> doesn't seem to be fixed this morning.
> > >>
> > >> Is there an ETA on a fix with packages?
> > >
> > > Packages are now available in the security repo (an apt-get upgrade
> > > should suffice).
> > >
> > > I'm hoping to get a CVE ID before sending out a formal DSA.
> >
> > Why? That should be covered by the CVE ID for the original connector
> > security bug.
>
> Just to make sure we're talking about the same thing...
>
> One reason for this upload is to deal with the ABI breakage from the
> kernel upload which fixed CVE-2009-3725. I agree that no additional
> CVE is warranted to deal with that.
>
> However, as part of fixing this, we discovered that drbd contains a
> security issue as well. This issue is in the same class as the issues
> covered by CVE-2009-3725. However, CVE-2009-3725 has an explicit list
> of 4 subsystems it covers, and drbd is not one of them.

Ack. But since the underlying issue is identical I don't think a separate
CVE ID is warranted. The CVE description can still be updated later if
needed.

Cheers,
Moritz


--
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20100315183958.GA4315@galadriel.inutil.org">http://lists.debian.org/20100315183958.GA4315@galadriel.inutil.org
 
Old 03-15-2010, 06:42 PM
dann frazier
 
Default Bug#573531: drbd8-modules-2.6.26-2-amd64: Can not load drbd module

On Mon, Mar 15, 2010 at 02:45:13PM -0400, David Miller wrote:
> dann frazier wrote:
>> On Mon, Mar 15, 2010 at 11:30:31AM -0400, David Miller wrote:
>>
>>> I've also been bitten by this bug - noticed it last Friday and it
>>> doesn't seem to be fixed this morning.
>>>
>>> Is there an ETA on a fix with packages?
>>>
>>
>> Packages are now available in the security repo (an apt-get upgrade
>> should suffice).
>>
>> I'm hoping to get a CVE ID before sending out a formal DSA.
>>
>
> Am I doing something st00pid, as usual?

No - turns out we had a typo that prevents apt from upgrading. A new
version is currently being built and should be released later today.



--
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20100315194220.GE15324@lackof.org">http://lists.debian.org/20100315194220.GE15324@lackof.org
 
Old 03-15-2010, 06:45 PM
Moritz Muehlenhoff
 
Default Bug#573531: drbd8-modules-2.6.26-2-amd64: Can not load drbd module

On Mon, Mar 15, 2010 at 01:39:08PM -0600, dann frazier wrote:
> On Mon, Mar 15, 2010 at 07:39:58PM +0100, Moritz Muehlenhoff wrote:
> > On Mon, Mar 15, 2010 at 12:13:06PM -0600, dann frazier wrote:
> > > On Mon, Mar 15, 2010 at 06:50:58PM +0100, Moritz Muehlenhoff wrote:
> > > > On 2010-03-15, dann frazier <dannf@debian.org> wrote:
> > > > > On Mon, Mar 15, 2010 at 11:30:31AM -0400, David Miller wrote:
> > > > >> I've also been bitten by this bug - noticed it last Friday and it
> > > > >> doesn't seem to be fixed this morning.
> > > > >>
> > > > >> Is there an ETA on a fix with packages?
> > > > >
> > > > > Packages are now available in the security repo (an apt-get upgrade
> > > > > should suffice).
> > > > >
> > > > > I'm hoping to get a CVE ID before sending out a formal DSA.
> > > >
> > > > Why? That should be covered by the CVE ID for the original connector
> > > > security bug.
> > >
> > > Just to make sure we're talking about the same thing...
> > >
> > > One reason for this upload is to deal with the ABI breakage from the
> > > kernel upload which fixed CVE-2009-3725. I agree that no additional
> > > CVE is warranted to deal with that.
> > >
> > > However, as part of fixing this, we discovered that drbd contains a
> > > security issue as well. This issue is in the same class as the issues
> > > covered by CVE-2009-3725. However, CVE-2009-3725 has an explicit list
> > > of 4 subsystems it covers, and drbd is not one of them.
> >
> > Ack. But since the underlying issue is identical I don't think a separate
> > CVE ID is warranted. The CVE description can still be updated later if
> > needed.
>
> I would agree with the above if the same fix for issues 1-4 also fixed
> this issue - but in this case, it doesn't.
>
> All of these fixes required an underlying change in the connector
> subsystem (allowing the passing of creds into the callback). But,
> *using* that change requires a separate change in each subsystem. It
> is completely possible to fix one subsystem and leave the others
> unfixed. They will compile fine, though there would be a non-fatal
> compiler warning that could go unnoticed.
>
> I don't think it makes sense to go back and add drbd to the CVE after
> the fact, because it changes the semantics. It is quite possible that
> some other vendor is out there shipping drbd and has already fixed
> CVE-2009-3725. Doing an update instead of a new CVE may cause this
> additional issue to go unnoticed/unfixed.
>
> In other words I think that, once distros have fixed a CVE, it isn't
> ok to add more fixes to that CVE which contradict the distro's
> statement that the CVE is fixed. Particularly when a new CVE could be
> used instead.
>
> For some precedence, see the recent regression fixes in
> CVE-2009-453[6-8]. Those are fixes for regressions introduced by
> previous CVE fixes - but they chose to allocate new CVEs instead of
> updating the existing ones. I'm sure we could dig up precedence to
> the contrary - CVE-2010-0307 might be an example, if we consider
> 1dfc76ec to be a security fix vs. just a regression.
>
> That said, it really is MITRE's call - so we'll see how they respond
> to my request. If they prefer to update the existing CVE, that's fine
> by me.

Ok. But I recommend against holding back the update until a CVE is
assigned. MITRE isn't working properly these days, we already needed
to release several DSA w/o CVE IDs being assigned so far. Just write
"Not yet available" as done for DSA 2013, DSA 2016 and DSA 2008.

Cheers,
Moritz


--
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20100315194546.GA2406@galadriel.inutil.org">http://lists.debian.org/20100315194546.GA2406@galadriel.inutil.org
 

Thread Tools




All times are GMT. The time now is 03:08 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org