-
Bug
-
Resolution: Unresolved
-
Normal
-
CentOS Stream 10
-
kernel-6.12.0-75.el10
-
No
-
Moderate
-
3
-
rhel-kernel-ft-plumbers-1
-
ssg_core_kernel
-
2
-
12
-
5
-
None
-
CentOS Stream
-
CK-February-2025, CK-March-2025, CK-April-2025
-
All
-
None
-
Merge Request passes all submitter checks, Merge Request finished CI testing, Merge Request passed CI testing, Merge Request approved by peer review
The issue
CentOS Stream 9 and 10 kernels select CONFIG_MODULE_COMPRESS_NONE and not CONFIG_MODULE_COMPRESS_XZ. The modules are actually compressed with XZ and their names end in .ko.xz
For whatever reason the compression is done as a separate step in the RPM spec files and related scripts. CONFIG_MODULE_COMPRESS_NONE must be set to have the kernel makefiles leave the modules uncompressed at first (*.ko)
The impact
There are two side effects.
First off, the reason that it works in the first place is that kmod (modprobe, insmod, etc.) will notice that the kernel doesn't support compressed modules and will seamlessly decompress them in userspace and it will give the kernel the decompressed module binary to load.
But the low-level side effect is that the module is loaded using the init_module() syscall which reads the binary from user memory. When a module doesn't need to be decompressed, it's loaded using the finit_module() syscall which reads a file directly.
kmod (versions 31+) read /sys/modules/compression to know what compression method the kernel supports. With CONFIG_MODULE_COMPRESS_NONE that file doesn't exist.
Side effect 1 of using init_module()
During boot, as udev detects platform devices, some of them have one instance per logical processor. udev will send parallel requests for the same module as many times as there are devices. For example on a large system with 500 cores+hyperthreading it'll send 1000 requests for some modules. Now Linus Torvalds added a guard for that in kernel 6.5 in finit_module() by deduplicating the requests based on filesystem inode of the module. Using init_module circumvents that meaning there's a momentary spike in vmalloc memory use in the kernel resulting in errors in the logs:
vmap allocation for size 188416 failed: use vmalloc=<size> to increase size
+a stack trace. It tends to be harmless. Note vmalloc= doesn't actually exist anymore.
Side effect 2
There are security mechanisms also based on the filesystem inode of the module which will reject some requests if init_module() is used. I haven't looked at the details.
Solution
CONFIG_MODULE_COMPRESS_XZ should be enabled to match the compression method actually used.
Either the .spec file and related scripts need to be adapted to work with .ko.xz files or the kernel can be patched to leave the modules uncompressed during make modules_install. This is easy:
diff --git a/scripts/Makefile.modinst b/scripts/Makefile.modinst index 0afd75472679..135a9a59db89 100644 --- a/scripts/Makefile.modinst +++ b/scripts/Makefile.modinst @@ -51,9 +51,6 @@ $(foreach x, %:, $(if $(findstring $x, $(dst)), \ $(error module installation path cannot contain '$x'))) suffix-y := -suffix-$(CONFIG_MODULE_COMPRESS_GZIP) := .gz -suffix-$(CONFIG_MODULE_COMPRESS_XZ) := .xz -suffix-$(CONFIG_MODULE_COMPRESS_ZSTD) := .zst modules := $(patsubst $(extmod_prefix)%.o, $(dst)/%.ko$(suffix-y), $(modules)) install-$(CONFIG_MODULES) += $(modules)
- links to
-
RHSA-2025:146361
kernel bug fix and enhancement update
