Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

linux module handling: support kernels without modules #38470

Merged
merged 1 commit into from Apr 12, 2018
Merged

linux module handling: support kernels without modules #38470

merged 1 commit into from Apr 12, 2018

Conversation

roberth
Copy link
Member

@roberth roberth commented Apr 5, 2018

Motivation for this change

A kernel without any modules used to be a problem. With this change you can make it work. Going without modules improves security and performance in specialized applications.

Example:

boot.kernelPackages = yourKernelPackagesWithoutModules;

boot.initrd.kernelModules = lib.mkForce [];
boot.initrd.availableKernelModules = lib.mkForce [];
boot.kernelModules = lib.mkForce [];
Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option build-use-sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Fits CONTRIBUTING.md.

@7c6f434c
Copy link
Member

7c6f434c commented Apr 5, 2018

I want to wait a bit for objections/requests for changes, please ping me if nothing happens after a couple of days.

@teto
Copy link
Member

teto commented Apr 6, 2018

Isn't it ok to just create an empty lib/modules folder ? (haven't looked much at the code)

@roberth
Copy link
Member Author

roberth commented Apr 6, 2018

@teto that was my first thought as well. Sadly, that by itself does solve the whole problem, for two reasons

  • The directory inside of it is still missing from the input. We need that directory to determine the kernel version.
  • For rootModules = [], you still need a special case, because you can't determine the kernel version.

The first one may be resolved by ensuring that the directory is always present, but the second one leads me to think that the solution in this PR is a bit more flexible.

@7c6f434c
Copy link
Member

7c6f434c commented Apr 6, 2018

I think that special-casing no-modules kernels sounds natural, because even if we create the modules directory during the kernel build, some tool will expect to have modules.alias.bin so maybe it is better to special case than to maintain a perfect empty mockup of the module-related things.

@roberth
Copy link
Member Author

roberth commented Apr 11, 2018

@7c6f434c ready for merge?

I want to wait a bit for objections/requests for changes, please ping me if nothing happens after a couple of days.

@7c6f434c 7c6f434c merged commit 38e04bb into NixOS:master Apr 12, 2018
aszlig added a commit that referenced this pull request Apr 12, 2018
@aszlig
kernel: Fix running kernels *with* modules
de581b9 
Pull request #38470 added support for running/building kernels without
modules. This got merged in 38e04bb but
unfortunately while this works perfectly on kernels without modules it
also makes sure that *every* kernel gets no modules.

So all of our VM tests fail since that merge with something like this:

machine# loading module loop...
machine# modprobe: FATAL: Module loop not found in directory /lib/modules/4.14.33
machine# loading module vfat...
machine# modprobe: FATAL: Module vfat not found in directory /lib/modules/4.14.33
machine# loading module nls_cp437...
machine# modprobe: FATAL: Module nls_cp437 not found in directory /lib/modules/4.14.33
machine# loading module nls_iso8859-1...
machine# modprobe: FATAL: Module nls_iso8859-1 not found in directory /lib/modules/4.14.33
machine# loading module fuse...
machine# modprobe: FATAL: Module fuse not found in directory /lib/modules/4.14.33
machine# loading module dm_mod...
machine# modprobe: FATAL: Module dm_mod not found in directory /lib/modules/4.14.33

I shortly tested this against the "misc" VM test and the test is working
again.

In the long term (and I currently don't have time for this) it would be
better to also have a VM test which tests a kernel without modules.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @roberth, @7c6f434c
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@7c6f434c 7c6f434c 7c6f434c approved these changes

Assignees
No one assigned
Labels
10.rebuild-darwin: 0 10.rebuild-linux: 0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@roberth @7c6f434c @teto @GrahamcOfBorg