OpenVZ Forum


Home » General » Support » Disable module support in kernel
Disable module support in kernel [message #1512] Fri, 10 February 2006 15:30 Go to next message
steffen.zieger is currently offline  steffen.zieger
Messages: 43
Registered: February 2006
Location: Germany, Stuttgart
Member
Hello,

I've tried to install openvz-kernel 2.6.8-022.064.1.

In my .config, module support is disabled. If I'm trying to compile my kernel, compiling is aborted with an error message (have a look at http://bugzilla.openvz.org/show_bug.cgi?id=96).

If module support is enabled, everything works fine.

Is any patch available, to compile the kernel with module support disabled?

TIA,
Steffen
Re: Disable module support in kernel [message #1515 is a reply to message #1512] Fri, 10 February 2006 16:36 Go to previous messageGo to next message
dim is currently offline  dim
Messages: 344
Registered: August 2005
Senior Member
Patch is attached to bugzilla. Bug is not closed till next kernel release.


http://static.openvz.org/openvz_userbar_en.gif
Re: Disable module support in kernel [message #1517 is a reply to message #1515] Fri, 10 February 2006 21:47 Go to previous messageGo to next message
steffen.zieger is currently offline  steffen.zieger
Messages: 43
Registered: February 2006
Location: Germany, Stuttgart
Member
dim wrote on Fri, 10 February 2006 17:36

Patch is attached to bugzilla. Bug is not closed till next kernel release.



Well, maybe it is, but I'm not able to find any link on Bug 52 to download a file.

Is it only me?

TIA,
Steffen
Re: Disable module support in kernel [message #1551 is a reply to message #1517] Mon, 13 February 2006 07:32 Go to previous messageGo to next message
dev is currently offline  dev
Messages: 1693
Registered: September 2005
Location: Moscow
Senior Member

bug #96 is about gcc4.x compilation
bug #52 is about compilation _without_ virtualization.

I suppose you compile kernel _with_ virtualization. So it have nothing to do with both bugs.

So can you provide your build error messages and .config file?


http://static.openvz.org/userbars/openvz-developer.png
Re: Disable module support in kernel [message #1558 is a reply to message #1551] Mon, 13 February 2006 10:43 Go to previous messageGo to next message
steffen.zieger is currently offline  steffen.zieger
Messages: 43
Registered: February 2006
Location: Germany, Stuttgart
Member
dev wrote on Mon, 13 February 2006 08:32

bug #96 is about gcc4.x compilation
bug #52 is about compilation _without_ virtualization.

I suppose you compile kernel _with_ virtualization. So it have nothing to do with both bugs.

So can you provide your build error messages and .config file?


Have a look at bug #52. It's about broken Kconfig depends, not about compiling openvz-patched kernel without virtualization (does anybody wants this and, if yes, why? Smile).

The error messages are the same shown in comment #2 on bug #52. If I disable module support (CONFIG_MODULES=no) ve.c breaks compile because the storage size of no_module isn't known.

Trust me, bug #52 is the right bug, but I'm not able to find download links for the diffs mentioned in that bug.

TIA,
Steffen
Re: Disable module support in kernel [message #1559 is a reply to message #1558] Mon, 13 February 2006 10:50 Go to previous messageGo to next message
dev is currently offline  dev
Messages: 1693
Registered: September 2005
Location: Moscow
Senior Member

Oh, I see. we only partially fixed it Sad
Out of curiosity, why do you want to compile without modules so much?


http://static.openvz.org/userbars/openvz-developer.png
Re: Disable module support in kernel [message #1560 is a reply to message #1559] Mon, 13 February 2006 11:39 Go to previous messageGo to next message
steffen.zieger is currently offline  steffen.zieger
Messages: 43
Registered: February 2006
Location: Germany, Stuttgart
Member
dev wrote on Mon, 13 February 2006 11:50

Oh, I see. we only partially fixed it Sad
Out of curiosity, why do you want to compile without modules so much?


Because it's a server. Some rootkits are using modules to hide process and files. But if module support is disabled, there isn't any possibility to use modules.

And: I need no module support on a server. It _is_ an error coming from openvz, so it should be fixed.

What about that diffs mentioned in bug #52? Can I get them anywhere, so I can try them. Maybe I can help, fixing this bugs.
But I don't like to do work twice, so this is my main reason, why I'm wanting this diffs.

TIA,
Steffen
Re: Disable module support in kernel [message #1562 is a reply to message #1560] Mon, 13 February 2006 13:17 Go to previous messageGo to next message
dev is currently offline  dev
Messages: 1693
Registered: September 2005
Location: Moscow
Senior Member

inside the VPS module loading is prohibited.
This is the reason, why we don't care.
In host we don't recommend to run anything, except for ssh maybe.
But I see your concern.

I have these patches. Where can I sent them to you?


http://static.openvz.org/userbars/openvz-developer.png
Re: Disable module support in kernel [message #1563 is a reply to message #1562] Mon, 13 February 2006 13:22 Go to previous messageGo to next message
steffen.zieger is currently offline  steffen.zieger
Messages: 43
Registered: February 2006
Location: Germany, Stuttgart
Member
dev wrote on Mon, 13 February 2006 14:17

inside the VPS module loading is prohibited.
This is the reason, why we don't care.
In host we don't recommend to run anything, except for ssh maybe.
But I see your concern.

I have these patches. Where can I sent them to you?



steffen at steffenspage dot de.

I'm thinking about securing the host. SSH is written by human, maintained by humans... failures may exist. If I'm able to disable some _bad_ things, I want to.
That's all.

Thanks for helping. Will report if it's working.
And: OpenVZ is great work. Thanks for it.

HAND,
Steffen
Re: Disable module support in kernel [message #1564 is a reply to message #1563] Mon, 13 February 2006 13:36 Go to previous messageGo to next message
dev is currently offline  dev
Messages: 1693
Registered: September 2005
Location: Moscow
Senior Member

thank you too!
I sent you patches. They are against older kernel, but should apply with minimal efforts.
I didn't commit them only becaause, had no time and didn't think it is really required by anyone Smile


http://static.openvz.org/userbars/openvz-developer.png

[Updated on: Mon, 13 February 2006 13:36]

Report message to a moderator

Re: Disable module support in kernel [message #1566 is a reply to message #1564] Mon, 13 February 2006 15:43 Go to previous messageGo to next message
steffen.zieger is currently offline  steffen.zieger
Messages: 43
Registered: February 2006
Location: Germany, Stuttgart
Member
Ok, here is the first error message, for which I couldn't find a patch in bug #52.

kernel/built-in.o: In function `init_ve_sysfs':
vecalls.c:(.text+0x23598): undefined reference to `sysfs_fs_type'
make: *** [.tmp_vmlinux1] Error 1


This message appears, if sysfs-option is selected and openvz isn't compiled as module.

HTH,
Steffen

PS: Will have a look at it later this day.
Re: Disable module support in kernel [message #1567 is a reply to message #1566] Mon, 13 February 2006 15:51 Go to previous messageGo to next message
steffen.zieger is currently offline  steffen.zieger
Messages: 43
Registered: February 2006
Location: Germany, Stuttgart
Member
The order of VPS filesystem and Virtuozzo Disk Quota under File systems is wrong.

Try to select VPS filesystem if Virtuozzo Disk Quota support is not selected in kernel.
You can't because it is not shown.

Now select Virtuozzo Disk Quota support as module.
Try to compile VPS filesystem in the kernel (not as module).
You can't because Virtuozzo Disk Quota is a module.

Select Virtuozzo Disk Quota support.
Over Virtuozzo Disk Quota support you can find VPS filesystem?!?

This is all tested with menuconfig.

So, maybe the appearance of the options is dissordered or something else is wrong. Smile

Is VPS filesystem support needed for Virtuozzo Disk Quota support? If yes, there is a problem with Kconfig depends Smile

Hope you understand, what I mean.

[Updated on: Mon, 13 February 2006 15:52]

Report message to a moderator

Re: Disable module support in kernel [message #1568 is a reply to message #1566] Mon, 13 February 2006 16:19 Go to previous messageGo to next message
dev is currently offline  dev
Messages: 1693
Registered: September 2005
Location: Moscow
Senior Member

just remove "static" in fs/sysfs/mount.c in line:
static struct file_system_type sysfs_fs_type = {


http://static.openvz.org/userbars/openvz-developer.png
Re: Disable module support in kernel [message #1569 is a reply to message #1568] Mon, 13 February 2006 19:07 Go to previous messageGo to next message
steffen.zieger is currently offline  steffen.zieger
Messages: 43
Registered: February 2006
Location: Germany, Stuttgart
Member
dev wrote on Mon, 13 February 2006 17:19

just remove "static" in fs/sysfs/mount.c in line:
static struct file_system_type sysfs_fs_type = {


Thanks. Fixed that problem.

HAND,
Steffen
Re: Disable module support in kernel [message #1571 is a reply to message #1567] Mon, 13 February 2006 19:09 Go to previous messageGo to next message
steffen.zieger is currently offline  steffen.zieger
Messages: 43
Registered: February 2006
Location: Germany, Stuttgart
Member
steffen.zieger wrote on Mon, 13 February 2006 16:51

...Order of VPS filesystem and Virtuozzo Disk Quota Support...


I've changed the order of both entries.
Have a look at this patch, please.
It should applies against 2.6.8-022.064


--- linux-2.6.8-openvz-022.064.orig/fs/Kconfig  2006-02-13 14:53:58.000000000 +0100
+++ linux-2.6.8-openvz-022.064/fs/Kconfig       2006-02-13 19:56:28.767007536 +0100
@@ -442,18 +442,10 @@
          need this functionality say Y here. Note that you will need recent
          quota utilities (>= 3.01) for new quota format with this kernel.

-config SIM_FS
-       tristate "VPS filesystem"
-       depends on VZ_QUOTA
-       default m
-       help
-         This file system is a part of Virtuozzo. It intoduces a fake
-         superblock and blockdev to VE to hide real device and show
-         statfs results taken from quota.
-
 config VZ_QUOTA
        tristate "Virtuozzo Disk Quota support"
        depends on QUOTA
+       select VZ_DEV
        default m
        help
          Virtuozzo Disk Quota imposes disk quota on directories with their
@@ -474,6 +466,15 @@
        depends on VZ_QUOTA!=n
        default y

+config SIM_FS
+       tristate "VPS filesystem"
+       depends on VZ_QUOTA
+       default m
+       help
+         This file system is a part of Virtuozzo. It introduces a fake
+         superblock and blockdev to VE to hide real device and show
+         statfs results taken from quota.
+
 config QUOTACTL
        bool
        depends on XFS_QUOTA || QUOTA


HTH,
Steffen
Re: Disable module support in kernel [message #1572 is a reply to message #1571] Mon, 13 February 2006 19:13 Go to previous messageGo to next message
dev is currently offline  dev
Messages: 1693
Registered: September 2005
Location: Moscow
Senior Member

patch looks correct, but does it change anything? Smile
if so, than it is probably kernel config bug... Or maybe I miss something?


http://static.openvz.org/userbars/openvz-developer.png
Re: Disable module support in kernel [message #1573 is a reply to message #1572] Mon, 13 February 2006 19:29 Go to previous messageGo to next message
steffen.zieger is currently offline  steffen.zieger
Messages: 43
Registered: February 2006
Location: Germany, Stuttgart
Member
dev wrote on Mon, 13 February 2006 20:13

patch looks correct, but does it change anything? Smile
if so, than it is probably kernel config bug... Or maybe I miss something?


Indeed it changes things.

Run `make menuconfig` -> File Systems -> Quota Support.

Have a look at it before and after applying this patch.
VPS filesystem is getting an sub-entry of Virtuozzo Quota Disk Support as the Kconfig stated.

Well, it's clearing things up. No feature-addition or bug-fixing-thingie.

Everything is compiling nicely as long as CONFIG_MODULE=y.
OpenVz is fully integrated in kernel, no modules. This wasn't possible without applying this patches you send me (will tell later which one Smile ).

If I'm disabling module support (CONFIG_MODULE=n) compile breaks with this error message (mostly the same as in bug #52)

Quote:

CC kernel/ve.o
kernel/ve.c:42: error: variable `no_module' has initializer but incomplete type
kernel/ve.c:42: error: unknown field `state' specified in initializer
kernel/ve.c:42: error: `MODULE_STATE_GOING' undeclared here (not in a function)
kernel/ve.c:42: warning: excess elements in struct initializer
kernel/ve.c:42: warning: (near initialization for `no_module')
kernel/ve.c:42: error: storage size of `no_module' isn't known
make[1]: *** [kernel/ve.o] Error 1
make: *** [kernel] Error 2



Patches used:
diff-module-20051118 (should fix CONFIG_MODULE=n)
diff-ve-calls-20051019 (CONFIG_VE_CALLS=y)
diff-vzdev-20051021-2 (CONFIG_VE_NETDEV=y)

HTH,
Steffen
Re: Disable module support in kernel [message #1574 is a reply to message #1573] Mon, 13 February 2006 19:33 Go to previous messageGo to next message
dev is currently offline  dev
Messages: 1693
Registered: September 2005
Location: Moscow
Senior Member

add these 2 lines from kernel/ve.c:

+#ifdef CONFIG_MODULES
struct module no_module = { .state = MODULE_STATE_GOING };
EXPORT_SYMBOL(no_module);
+#endif

Embarassed


http://static.openvz.org/userbars/openvz-developer.png
Re: Disable module support in kernel [message #1575 is a reply to message #1574] Mon, 13 February 2006 22:23 Go to previous messageGo to next message
steffen.zieger is currently offline  steffen.zieger
Messages: 43
Registered: February 2006
Location: Germany, Stuttgart
Member
Adding these 2 lines fixed the compile problem.

Are there any patches left, which I can check, if everything is working on this subject?

I will test, if the kernel is running without problems and if virtualization is working. If there are any errors, I will tell.

After testing the kernel, I will try (hopefully) any possible combination of OpenVZ as module or not compiled in.

HAND,
Steffen
Re: Disable module support in kernel [message #1581 is a reply to message #1512] Mon, 13 February 2006 23:26 Go to previous messageGo to next message
devnu11 is currently offline  devnu11
Messages: 64
Registered: September 2005
Location: USA
Member

Interesting, I like this approach of no modules to "tighten" hardware node. I've never custom compiled my own kernel except with Gentoo wiki. Anyone know of a nice Wiki/HowTo which would be helpful? Once I get started I'll worry about the patches and how to apply them. Steffen, you have the right idea, security is paramount Razz Closing possible threats before they happen is great. TIA

Just Because You Have One, Doesn't Mean You Have To Be One!
Re: Disable module support in kernel [message #1582 is a reply to message #1575] Tue, 14 February 2006 07:32 Go to previous messageGo to next message
dev is currently offline  dev
Messages: 1693
Registered: September 2005
Location: Moscow
Senior Member

I have no more patches, the latter were from my mind already Smile
Thanks a lot! If there will be any other problems give me to know, I will help with it.


http://static.openvz.org/userbars/openvz-developer.png
Re: Disable module support in kernel [message #1583 is a reply to message #1581] Tue, 14 February 2006 07:34 Go to previous messageGo to next message
dev is currently offline  dev
Messages: 1693
Registered: September 2005
Location: Moscow
Senior Member

Once Steffen is ready, I hope he will gather a full patch.


http://static.openvz.org/userbars/openvz-developer.png
Re: Disable module support in kernel [message #1587 is a reply to message #1583] Tue, 14 February 2006 10:40 Go to previous messageGo to next message
steffen.zieger is currently offline  steffen.zieger
Messages: 43
Registered: February 2006
Location: Germany, Stuttgart
Member
dev wrote on Tue, 14 February 2006 08:34

Once Steffen is ready, I hope he will gather a full patch.


Sure. Here it is.

This patch should applies cleanly against 2.6.8-022.064.
OpenVZ-2.6.8-022.064-no-module-support.diff


If you're running into an error message about check_stack_overflow (as I've done because of my self-created .config) have a look at bug #96

My "test most OpenVZ as modules or compiled in"-test is mostly successful. If you can find any errors, please let me know.

HTH,
Steffen
Re: Disable module support in kernel [message #1588 is a reply to message #1587] Tue, 14 February 2006 10:49 Go to previous messageGo to next message
steffen.zieger is currently offline  steffen.zieger
Messages: 43
Registered: February 2006
Location: Germany, Stuttgart
Member
Ah, I've forgotten to mentioned, that this patch also fixes the Kconfig-order of VPS filesystem and Virtuozzo Disk Quota support.
This is, as I think, only visible if you're building your kernel config with menuconfig.

HAND,
Steffen
Re: Disable module support in kernel [message #2548 is a reply to message #1588] Sun, 09 April 2006 21:19 Go to previous messageGo to next message
duswil is currently offline  duswil
Messages: 77
Registered: January 2006
Member
I didn't see any patches for the /etc/init.d/vz script, so I made one that supports the lack of modules. It could be taken farther to automatically detect things, but in this case, it's up to the user to handle dependencies and such. All it does is add some IF statements and a boolean.

The diff is attached.
Re: Disable module support in kernel [message #2556 is a reply to message #2548] Mon, 10 April 2006 06:36 Go to previous message
dev is currently offline  dev
Messages: 1693
Registered: September 2005
Location: Moscow
Senior Member

duswil, can you please post patches to devel@openvz.org


http://static.openvz.org/userbars/openvz-developer.png
Previous Topic: Moving a real server installation to a VPS
Next Topic: * SOLVED * Device eth0 has different MAC address than expected
Goto Forum:
  


Current Time: Fri Oct 24 09:08:25 GMT 2025

Total time taken to generate the page: 0.13461 seconds