Hi Paul,
A number of stable kernels recently backported this upstream commit:
""" commit 4ce1f694eb5d8ca607fed8542d32a33b4f1217a5 Author: Paul Moore paul@paul-moore.com Date: Wed Apr 12 13:29:11 2023 -0400
selinux: ensure av_permissions.h is built when needed """
We're seeing a build issue with this commit where the "crash" tool will fail to start, it complains that the vmlinux image and /proc/version don't match.
A minimum reproducer would be having "make" version before 4.3 and building the kernel with:
$ make bzImages $ make modules
Then compare the version strings in the bzImage and vmlinux images, we can use "strings" for this. For example, in the 5.10.181 kernel I get:
$ strings vmlinux | egrep '^Linux version' Linux version 5.10.181 (ec2-user@ip-172-31-79-134.ec2.internal) (gcc (GCC) 7.3.1 20180712 (Red Hat 7.3.1-15), GNU ld version 2.29.1-31.amzn2) #2 SMP Thu Jun 1 01:26:38 UTC 2023
$ strings ./arch/x86_64/boot/bzImage | egrep 'ld version' 5.10.181 (ec2-user@ip-172-31-79-134.ec2.internal) (gcc (GCC) 7.3.1 20180712 (Red Hat 7.3.1-15), GNU ld version 2.29.1-31.amzn2) #1 SMP Thu Jun 1 01:23:59 UTC 2023
The version string in the bzImage doesn't have the "Linux version" part, but I think this is added by the kernel when printing. If you compare the strings, you'll see that they have a different build date and the "#1" and "#2" are different.
This only happens with commit 4ce1f694eb5 applied and older "make", in my case I have "make" version 3.82.
If I revert 4ce1f694eb5 or use "make" version 4.3 I get identical strings (except for the "Linux version" part):
$ strings vmlinux | egrep '^Linux version' Linux version 5.10.181+ (ec2-user@ip-172-31-79-134.ec2.internal) (gcc (GCC) 7.3.1 20180712 (Red Hat 7.3.1-15), GNU ld version 2.29.1-31.amzn2) #1 SMP Thu Jun 1 01:29:11 UTC 2023
$ strings ./arch/x86_64/boot/bzImage | egrep 'ld version' 5.10.181+ (ec2-user@ip-172-31-79-134.ec2.internal) (gcc (GCC) 7.3.1 20180712 (Red Hat 7.3.1-15), GNU ld version 2.29.1-31.amzn2) #1 SMP Thu Jun 1 01:29:11 UTC 2023
Maybe the grouped target usage in 4ce1f694eb5 with older "make" is causing a rebuild of the vmlinux image in "make modules"? If yes, is this expected?
I'm afraid this issue could be high impact for distros with older user-space.
- Luiz