Public bug reported:
Every time the kernel is upgraded and initrd is regenerated, some
modules are loaded. These modules are not necessary for the system to
run, take up memory and may even enlarge the attack surface when
(security-)issues were to be found in these modules.
How to reproduce on this Amazon EC2 instance:
--------------------------------------------------------------------------
# lsmod
[nothing]
# dpkg-reconfigure linux-image-3.2.0-38-virtual
Running depmod.
update-initramfs: deferring update (hook will be called later)
Examining /etc/kernel/postinst.d.
run-parts: executing /etc/kernel/postinst.d/apt-auto-removal 3.2.0-38-virtual
/boot/vmlinuz-3.2.0-38-virtual
run-parts: executing /etc/kernel/postinst.d/initramfs-tools 3.2.0-38-virtual
/boot/vmlinuz-3.2.0-38-virtual
update-initramfs: Generating /boot/initrd.img-3.2.0-38-virtual
run-parts: executing /etc/kernel/postinst.d/x-grub-legacy-ec2 3.2.0-38-virtual
/boot/vmlinuz-3.2.0-38-virtual
Searching for GRUB installation directory ... found: /boot/grub
Searching for default file ... found: /boot/grub/default
Testing for an existing GRUB menu.lst file ... found: /boot/grub/menu.lst
Searching for splash image ... none found, skipping ...
Found kernel: /boot/vmlinuz-3.2.0-38-virtual
Updating /boot/grub/menu.lst ... done
run-parts: executing /etc/kernel/postinst.d/zz-update-grub 3.2.0-38-virtual
/boot/vmlinuz-3.2.0-38-virtual
Generating grub.cfg ...
cat: /boot/grub/video.lst: No such file or directory
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition
device /dev/xvda1.
Found linux image: /boot/vmlinuz-3.2.0-38-virtual
Found initrd image: /boot/initrd.img-3.2.0-38-virtual
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition
device /dev/xvda1.
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition
device /dev/xvda1.
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition
device /dev/xvda1.
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition
device /dev/xvda1.
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition
device /dev/xvda1.
done
# lsmod
Module Size Used by
btrfs 638248 0
zlib_deflate 26622 1 btrfs
libcrc32c 12543 1 btrfs
ufs 78131 0
vfat 17308 0
msdos 17132 0
fat 55605 2 vfat,msdos
xfs 747494 0
ext2 67987 0
# grep -r ^[a-zA-Z] /etc/modules /etc/initramfs-tools/ /etc/modprobe.d/ | grep
-v blacklist
/etc/initramfs-tools/initramfs.conf:MODULES=list
/etc/initramfs-tools/initramfs.conf:BUSYBOX=y
/etc/initramfs-tools/initramfs.conf:COMPCACHE_SIZE=""
/etc/initramfs-tools/initramfs.conf:COMPRESS=gzip
/etc/initramfs-tools/initramfs.conf:BOOT=local
/etc/initramfs-tools/initramfs.conf:DEVICE=
/etc/initramfs-tools/initramfs.conf:NFSROOT=auto
/etc/initramfs-tools/update-initramfs.conf:update_initramfs=yes
/etc/initramfs-tools/update-initramfs.conf:backup_initramfs=no
# grep ^b /etc/modprobe.d/local.conf
blacklist btrfs
blacklist zlib_deflate
blacklist libcrc32c
blacklist crc32c
blacklist ufs
blacklist qnx4
blacklist hfsplus
blacklist hfs
blacklist minix
blacklist ntfs
blacklist vfat
blacklist msdos
blacklist fat
blacklist dm_crypt
--------------------------------------------------------------------------
Interestingly, none of these modules are included in the resulting
initrd:
# gzip -dc /boot/initrd* | cpio -it | grep kernel/
lib/modules/3.2.0-38-virtual/kernel/drivers
lib/modules/3.2.0-38-virtual/kernel/drivers/video
lib/modules/3.2.0-38-virtual/kernel/drivers/video/vga16fb.ko
lib/modules/3.2.0-38-virtual/kernel/drivers/video/vgastate.ko
lib/modules/3.2.0-38-virtual/kernel/drivers/video/vesafb.ko
lib/modules/3.2.0-38-virtual/kernel/drivers/md
lib/modules/3.2.0-38-virtual/kernel/drivers/md/dm-crypt.ko
lib/modules/3.2.0-38-virtual/kernel/crypto
lib/modules/3.2.0-38-virtual/kernel/crypto/xts.ko
lib/modules/3.2.0-38-virtual/kernel/crypto/gf128mul.ko
lib/modules/3.2.0-38-virtual/kernel/arch
lib/modules/3.2.0-38-virtual/kernel/arch/x86
lib/modules/3.2.0-38-virtual/kernel/arch/x86/crypto
lib/modules/3.2.0-38-virtual/kernel/arch/x86/crypto/aes-i586.ko
10837 blocks
Note: executing "update-initramfs -u -k `uname -r`" alone does NOT load
these modules!
Workaround:
Running "rmmod btrfs zlib_deflate libcrc32c ufs vfat msdos fat xfs ext2"
after every kernel upgrade.
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Description changed:
Every time the kernel is upgraded and initrd is regenerated, some
modules are loaded. These modules are not necessary for the system to
run, take up memory and may even enlarge the attack surface when
(security-)issues were to be found in these modules.
How to reproduce on this Amazon EC2 instance:
-
--------------------------------------------------------------------------------------------------
- # lsmod
+
+ --------------------------------------------------------------------------#
lsmod
[nothing]
# dpkg-reconfigure linux-image-3.2.0-38-virtual
Running depmod.
update-initramfs: deferring update (hook will be called later)
Examining /etc/kernel/postinst.d.
run-parts: executing /etc/kernel/postinst.d/apt-auto-removal 3.2.0-38-virtual
/boot/vmlinuz-3.2.0-38-virtual
run-parts: executing /etc/kernel/postinst.d/initramfs-tools 3.2.0-38-virtual
/boot/vmlinuz-3.2.0-38-virtual
update-initramfs: Generating /boot/initrd.img-3.2.0-38-virtual
run-parts: executing /etc/kernel/postinst.d/x-grub-legacy-ec2
3.2.0-38-virtual /boot/vmlinuz-3.2.0-38-virtual
Searching for GRUB installation directory ... found: /boot/grub
Searching for default file ... found: /boot/grub/default
Testing for an existing GRUB menu.lst file ... found: /boot/grub/menu.lst
Searching for splash image ... none found, skipping ...
Found kernel: /boot/vmlinuz-3.2.0-38-virtual
Updating /boot/grub/menu.lst ... done
run-parts: executing /etc/kernel/postinst.d/zz-update-grub 3.2.0-38-virtual
/boot/vmlinuz-3.2.0-38-virtual
Generating grub.cfg ...
cat: /boot/grub/video.lst: No such file or directory
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition
device /dev/xvda1.
Found linux image: /boot/vmlinuz-3.2.0-38-virtual
Found initrd image: /boot/initrd.img-3.2.0-38-virtual
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition
device /dev/xvda1.
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition
device /dev/xvda1.
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition
device /dev/xvda1.
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition
device /dev/xvda1.
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition
device /dev/xvda1.
done
-
# lsmod
Module Size Used by
btrfs 638248 0
zlib_deflate 26622 1 btrfs
libcrc32c 12543 1 btrfs
ufs 78131 0
vfat 17308 0
msdos 17132 0
fat 55605 2 vfat,msdos
xfs 747494 0
ext2 67987 0
-
# grep -r ^[a-zA-Z] /etc/modules /etc/initramfs-tools/ /etc/modprobe.d/ |
grep -v blacklist
/etc/initramfs-tools/initramfs.conf:MODULES=list
/etc/initramfs-tools/initramfs.conf:BUSYBOX=y
/etc/initramfs-tools/initramfs.conf:COMPCACHE_SIZE=""
/etc/initramfs-tools/initramfs.conf:COMPRESS=gzip
/etc/initramfs-tools/initramfs.conf:BOOT=local
/etc/initramfs-tools/initramfs.conf:DEVICE=
/etc/initramfs-tools/initramfs.conf:NFSROOT=auto
/etc/initramfs-tools/update-initramfs.conf:update_initramfs=yes
/etc/initramfs-tools/update-initramfs.conf:backup_initramfs=no
# grep ^b /etc/modprobe.d/local.conf
blacklist btrfs
blacklist zlib_deflate
blacklist libcrc32c
blacklist crc32c
blacklist ufs
blacklist qnx4
blacklist hfsplus
blacklist hfs
blacklist minix
blacklist ntfs
blacklist vfat
blacklist msdos
blacklist fat
blacklist dm_crypt
-
--------------------------------------------------------------------------------------------------
+ --------------------------------------------------------------------------
+
Interestingly, none of these modules are included in the resulting
initrd:
# gzip -dc /boot/initrd* | cpio -it | grep kernel/
lib/modules/3.2.0-38-virtual/kernel/drivers
lib/modules/3.2.0-38-virtual/kernel/drivers/video
lib/modules/3.2.0-38-virtual/kernel/drivers/video/vga16fb.ko
lib/modules/3.2.0-38-virtual/kernel/drivers/video/vgastate.ko
lib/modules/3.2.0-38-virtual/kernel/drivers/video/vesafb.ko
lib/modules/3.2.0-38-virtual/kernel/drivers/md
lib/modules/3.2.0-38-virtual/kernel/drivers/md/dm-crypt.ko
lib/modules/3.2.0-38-virtual/kernel/crypto
lib/modules/3.2.0-38-virtual/kernel/crypto/xts.ko
lib/modules/3.2.0-38-virtual/kernel/crypto/gf128mul.ko
lib/modules/3.2.0-38-virtual/kernel/arch
lib/modules/3.2.0-38-virtual/kernel/arch/x86
lib/modules/3.2.0-38-virtual/kernel/arch/x86/crypto
lib/modules/3.2.0-38-virtual/kernel/arch/x86/crypto/aes-i586.ko
10837 blocks
-
- Note: executing "update-initramfs -u -k `uname -r`" alone does NOT load these
modules!
+ Note: executing "update-initramfs -u -k `uname -r`" alone does NOT load
+ these modules!
Workaround:
Running "rmmod btrfs zlib_deflate libcrc32c ufs vfat msdos fat xfs ext2"
after every kernel upgrade.
** Description changed:
Every time the kernel is upgraded and initrd is regenerated, some
modules are loaded. These modules are not necessary for the system to
run, take up memory and may even enlarge the attack surface when
(security-)issues were to be found in these modules.
How to reproduce on this Amazon EC2 instance:
-
- --------------------------------------------------------------------------#
lsmod
+ --------------------------------------------------------------------------
+ # lsmod
[nothing]
# dpkg-reconfigure linux-image-3.2.0-38-virtual
Running depmod.
update-initramfs: deferring update (hook will be called later)
Examining /etc/kernel/postinst.d.
run-parts: executing /etc/kernel/postinst.d/apt-auto-removal 3.2.0-38-virtual
/boot/vmlinuz-3.2.0-38-virtual
run-parts: executing /etc/kernel/postinst.d/initramfs-tools 3.2.0-38-virtual
/boot/vmlinuz-3.2.0-38-virtual
update-initramfs: Generating /boot/initrd.img-3.2.0-38-virtual
run-parts: executing /etc/kernel/postinst.d/x-grub-legacy-ec2
3.2.0-38-virtual /boot/vmlinuz-3.2.0-38-virtual
Searching for GRUB installation directory ... found: /boot/grub
Searching for default file ... found: /boot/grub/default
Testing for an existing GRUB menu.lst file ... found: /boot/grub/menu.lst
Searching for splash image ... none found, skipping ...
Found kernel: /boot/vmlinuz-3.2.0-38-virtual
Updating /boot/grub/menu.lst ... done
run-parts: executing /etc/kernel/postinst.d/zz-update-grub 3.2.0-38-virtual
/boot/vmlinuz-3.2.0-38-virtual
Generating grub.cfg ...
cat: /boot/grub/video.lst: No such file or directory
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition
device /dev/xvda1.
Found linux image: /boot/vmlinuz-3.2.0-38-virtual
Found initrd image: /boot/initrd.img-3.2.0-38-virtual
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition
device /dev/xvda1.
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition
device /dev/xvda1.
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition
device /dev/xvda1.
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition
device /dev/xvda1.
/usr/sbin/grub-probe: warn: disk does not exist, so falling back to partition
device /dev/xvda1.
done
# lsmod
Module Size Used by
btrfs 638248 0
zlib_deflate 26622 1 btrfs
libcrc32c 12543 1 btrfs
ufs 78131 0
vfat 17308 0
msdos 17132 0
fat 55605 2 vfat,msdos
xfs 747494 0
ext2 67987 0
# grep -r ^[a-zA-Z] /etc/modules /etc/initramfs-tools/ /etc/modprobe.d/ |
grep -v blacklist
/etc/initramfs-tools/initramfs.conf:MODULES=list
/etc/initramfs-tools/initramfs.conf:BUSYBOX=y
/etc/initramfs-tools/initramfs.conf:COMPCACHE_SIZE=""
/etc/initramfs-tools/initramfs.conf:COMPRESS=gzip
/etc/initramfs-tools/initramfs.conf:BOOT=local
/etc/initramfs-tools/initramfs.conf:DEVICE=
/etc/initramfs-tools/initramfs.conf:NFSROOT=auto
/etc/initramfs-tools/update-initramfs.conf:update_initramfs=yes
/etc/initramfs-tools/update-initramfs.conf:backup_initramfs=no
# grep ^b /etc/modprobe.d/local.conf
blacklist btrfs
blacklist zlib_deflate
blacklist libcrc32c
blacklist crc32c
blacklist ufs
blacklist qnx4
blacklist hfsplus
blacklist hfs
blacklist minix
blacklist ntfs
blacklist vfat
blacklist msdos
blacklist fat
blacklist dm_crypt
--------------------------------------------------------------------------
-
Interestingly, none of these modules are included in the resulting
initrd:
# gzip -dc /boot/initrd* | cpio -it | grep kernel/
lib/modules/3.2.0-38-virtual/kernel/drivers
lib/modules/3.2.0-38-virtual/kernel/drivers/video
lib/modules/3.2.0-38-virtual/kernel/drivers/video/vga16fb.ko
lib/modules/3.2.0-38-virtual/kernel/drivers/video/vgastate.ko
lib/modules/3.2.0-38-virtual/kernel/drivers/video/vesafb.ko
lib/modules/3.2.0-38-virtual/kernel/drivers/md
lib/modules/3.2.0-38-virtual/kernel/drivers/md/dm-crypt.ko
lib/modules/3.2.0-38-virtual/kernel/crypto
lib/modules/3.2.0-38-virtual/kernel/crypto/xts.ko
lib/modules/3.2.0-38-virtual/kernel/crypto/gf128mul.ko
lib/modules/3.2.0-38-virtual/kernel/arch
lib/modules/3.2.0-38-virtual/kernel/arch/x86
lib/modules/3.2.0-38-virtual/kernel/arch/x86/crypto
lib/modules/3.2.0-38-virtual/kernel/arch/x86/crypto/aes-i586.ko
10837 blocks
Note: executing "update-initramfs -u -k `uname -r`" alone does NOT load
these modules!
Workaround:
Running "rmmod btrfs zlib_deflate libcrc32c ufs vfat msdos fat xfs ext2"
after every kernel upgrade.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1125597
Title:
Don't autoload unneeded modules
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1125597/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
