Compare commits

...

No commits in common. "c8" and "c9s" have entirely different histories.
c8 ... c9s

27 changed files with 1056 additions and 723 deletions

23
.gitignore vendored
View File

@ -1 +1,22 @@
SOURCES/kmod-25.tar.xz /kmod-7.tar.xz
/kmod-8.tar.xz
/kmod-9.tar.xz
/kmod-10.tar.xz
/kmod-11.tar.xz
/kmod-12.tar.xz
/kmod-13.tar.xz
/kmod-14.tar.xz
/kmod-15.tar.xz
/kmod-16.tar.xz
/kmod-17.tar.xz
/kmod-18.tar.xz
/kmod-19.tar.xz
/kmod-20.tar.xz
/kmod-21.tar.xz
/kmod-22.tar.xz
/kmod-23.tar.xz
/kmod-24.tar.xz
/kmod-25.tar.xz
/kmod-26.tar.xz
/kmod-27.tar.xz
/kmod-28.tar.xz

View File

@ -1 +0,0 @@
761ee76bc31f5db10d470dad607a5f9d68acef68 SOURCES/kmod-25.tar.xz

View File

@ -0,0 +1,44 @@
From 5c22362b6b97af9c6b7587f0c3450001e9893115 Mon Sep 17 00:00:00 2001
From: Eugene Syromiatnikov <esyr@redhat.com>
Date: Tue, 13 Aug 2024 16:17:27 +0200
Subject: [PATCH] libkmod: avoid undefined behaviour in
libkmod-builtin.c:get_string
Static analysis has reported a potential UB:
kmod-31/libkmod/libkmod-builtin.c:125: use_invalid: Using "nullp", which points to an out-of-scope variable "buf".
# 123| size_t linesz = 0;
# 124|
# 125|-> while (!nullp) {
# 126| char buf[BUFSIZ];
# 127| ssize_t sz;
It seems to be indeed an UB, as nullp is getting assined an address
inside object buf, which has a lifetime of the while loop body,
and is not available outside of it (specifically, in the while
condition, where nullp is checked for NULL). Fix it by putting
buf definition in the outer block.
---
libkmod/libkmod-builtin.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libkmod/libkmod-builtin.c b/libkmod/libkmod-builtin.c
index fd0f549..40a7d61 100644
--- a/libkmod/libkmod-builtin.c
+++ b/libkmod/libkmod-builtin.c
@@ -105,11 +105,11 @@ static off_t get_string(struct kmod_builtin_iter *iter, off_t offset,
char **line, size_t *size)
{
int sv_errno;
+ char buf[BUFSIZ];
char *nullp = NULL;
size_t linesz = 0;
while (!nullp) {
- char buf[BUFSIZ];
ssize_t sz;
size_t partsz;
--
2.13.6

View File

@ -0,0 +1,38 @@
From d5950b0b5e66a5ec1c21b638dec3974056aaabeb Mon Sep 17 00:00:00 2001
From: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
Date: Sun, 25 Sep 2022 17:46:08 +0300
Subject: [PATCH] libkmod: do not crash on unknown signature algorithm
Example kernel module:
https://file-store.rosalinux.ru/download/7281f97e0c04c0f818ad3f936706f4a407e8dc7e
(/lib/modules/5.15.67-generic-1rosa2021.1-x86_64/kernel/drivers/usb/host/xhci-pci.ko.zst)
It is signed with Streebog 512.
libkmod v30 crashed in libkmod-module.c:2413 in this code:
n = kmod_module_info_append(list,
"sig_hashalgo", strlen("sig_hashalgo"),
sig_info.hash_algo, strlen(sig_info.hash_algo));
because strlen() got null.
---
libkmod/libkmod-signature.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c
index 4ae5af6..092f396 100644
--- a/libkmod/libkmod-signature.c
+++ b/libkmod/libkmod-signature.c
@@ -278,6 +278,9 @@ static bool fill_pkcs7(const char *mem, off_t size,
X509_ALGOR_get0(&o, NULL, NULL, dig_alg);
sig_info->hash_algo = pkey_hash_algo[obj_to_hash_algo(o)];
+ // hash algo has not been recognized
+ if (sig_info->hash_algo == NULL)
+ goto err3;
sig_info->id_type = pkey_id_type[modsig->id_type];
pvt = malloc(sizeof(*pvt));
--
2.13.6

View File

@ -0,0 +1,44 @@
From b9605c63b859adfffc0b4b9420d720aa323b90e9 Mon Sep 17 00:00:00 2001
From: Emil Velikov <emil.velikov@collabora.com>
Date: Mon, 6 Feb 2023 14:32:59 +0000
Subject: [PATCH] libkmod: error out on unknown hash algorithm
Currently if we see unknown algorithm, we'll do an OOB read in
pkey_hash_algo. This can happen for example if OPENSSL_NO_SM3 is set and
the kernel module uses a SM3 hash.
Cc: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
Cc: Lucas De Marchi <lucas.demarchi@intel.com>
Signed-off-by: Emil Velikov <emil.velikov@collabora.com>
Signed-off-by: Lucas De Marchi <lucas.de.marchi@gmail.com>
---
libkmod/libkmod-signature.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c
index 092f396..b749a81 100644
--- a/libkmod/libkmod-signature.c
+++ b/libkmod/libkmod-signature.c
@@ -219,6 +219,7 @@ static bool fill_pkcs7(const char *mem, off_t size,
unsigned char *key_id_str;
struct pkcs7_private *pvt;
const char *issuer_str;
+ int hash_algo;
size -= sig_len;
pkcs7_raw = mem + size;
@@ -277,7 +278,10 @@ static bool fill_pkcs7(const char *mem, off_t size,
X509_ALGOR_get0(&o, NULL, NULL, dig_alg);
- sig_info->hash_algo = pkey_hash_algo[obj_to_hash_algo(o)];
+ hash_algo = obj_to_hash_algo(o);
+ if (hash_algo < 0)
+ goto err3;
+ sig_info->hash_algo = pkey_hash_algo[hash_algo];
// hash algo has not been recognized
if (sig_info->hash_algo == NULL)
goto err3;
--
2.13.6

View File

@ -0,0 +1,29 @@
From 1cab02ecf6ee2a0aa34f3615dfd99c59f7e04e90 Mon Sep 17 00:00:00 2001
From: Seung-Woo Kim <sw0312.kim@samsung.com>
Date: Tue, 13 Apr 2021 20:23:14 +0900
Subject: [PATCH] libkmod: fix an overflow with wrong modules.builtin.modinfo
Fix a possbile overflow with exact PATH_MAX length modname
in wrong modules.builtin.modinfo.
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
---
libkmod/libkmod-builtin.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libkmod/libkmod-builtin.c b/libkmod/libkmod-builtin.c
index fc9a376..a75a542 100644
--- a/libkmod/libkmod-builtin.c
+++ b/libkmod/libkmod-builtin.c
@@ -246,7 +246,7 @@ bool kmod_builtin_iter_get_modname(struct kmod_builtin_iter *iter,
len = dot - line;
- if (len > PATH_MAX) {
+ if (len >= PATH_MAX) {
sv_errno = ENAMETOOLONG;
goto fail;
}
--
2.13.6

View File

@ -1,33 +0,0 @@
From c2996b5fa880e81f63c25e80a4157b2239e32c5d Mon Sep 17 00:00:00 2001
From: Michal Suchanek <msuchanek@suse.de>
Date: Mon, 10 Dec 2018 22:29:32 +0100
Subject: [PATCH 1/2] depmod: prevent module dependency files missing during
depmod invocation
depmod deletes the module dependency files before moving the temporary
files in their place. This results in user seeing no dependency files
while they are updated. Remove the unlink call. The rename call should
suffice to move the new file in place and unlink the old one. It should
also do both atomically so there is no window when no dependency file
exists.
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
---
tools/depmod.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/tools/depmod.c b/tools/depmod.c
index 989d9077926c..18c0d61b2db3 100644
--- a/tools/depmod.c
+++ b/tools/depmod.c
@@ -2451,7 +2451,6 @@ static int depmod_output(struct depmod *depmod, FILE *out)
break;
}
- unlinkat(dfd, itr->name, 0);
if (renameat(dfd, tmp, dfd, itr->name) != 0) {
err = -errno;
CRIT("renameat(%s, %s, %s, %s): %m\n",
--
2.33.0

View File

@ -1,62 +0,0 @@
From a06bacf500d56b72b5f9b121ebf7f6af9e3df185 Mon Sep 17 00:00:00 2001
From: Michal Suchanek <msuchanek@suse.de>
Date: Mon, 17 Dec 2018 23:46:28 +0100
Subject: [PATCH 2/2] depmod: prevent module dependency files corruption due to
parallel invocation.
Depmod does not use unique filename for temporary files. There is no
guarantee the user does not attempt to run mutiple depmod processes in
parallel. If that happens a temporary file might be created by
depmod(1st), truncated by depmod(2nd), and renamed to final name by
depmod(1st) resulting in corrupted file seen by user.
Due to missing mkstempat() this is more complex than it should be.
Adding PID and timestamp to the filename should be reasonably reliable.
Adding O_EXCL as mkstemp does fails creating the file rather than
corrupting existing file.
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
---
tools/depmod.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/tools/depmod.c b/tools/depmod.c
index 18c0d61b2db3..0f7e33ccfd59 100644
--- a/tools/depmod.c
+++ b/tools/depmod.c
@@ -29,6 +29,7 @@
#include <string.h>
#include <unistd.h>
#include <sys/stat.h>
+#include <sys/time.h>
#include <sys/utsname.h>
#include <shared/array.h>
@@ -2398,6 +2399,9 @@ static int depmod_output(struct depmod *depmod, FILE *out)
};
const char *dname = depmod->cfg->dirname;
int dfd, err = 0;
+ struct timeval tv;
+
+ gettimeofday(&tv, NULL);
if (out != NULL)
dfd = -1;
@@ -2416,11 +2420,12 @@ static int depmod_output(struct depmod *depmod, FILE *out)
int r, ferr;
if (fp == NULL) {
- int flags = O_CREAT | O_TRUNC | O_WRONLY;
+ int flags = O_CREAT | O_EXCL | O_WRONLY;
int mode = 0644;
int fd;
- snprintf(tmp, sizeof(tmp), "%s.tmp", itr->name);
+ snprintf(tmp, sizeof(tmp), "%s.%i.%li.%li", itr->name, getpid(),
+ tv.tv_usec, tv.tv_sec);
fd = openat(dfd, tmp, flags, mode);
if (fd < 0) {
ERR("openat(%s, %s, %o, %o): %m\n",
--
2.33.0

View File

@ -1,328 +0,0 @@
From 391b4714b495183baefa9cb10ac8e1600c166a59 Mon Sep 17 00:00:00 2001
From: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
Date: Fri, 1 Feb 2019 22:20:02 +0200
Subject: [PATCH] libkmod-signature: implement pkcs7 parsing with openssl
The patch adds data fetching from the PKCS#7 certificate using
openssl library (which is used by scripts/sign-file.c in the linux
kernel to sign modules).
In general the certificate can contain many signatures, but since
kmod (modinfo) supports only one signature at the moment, only first
one is taken.
With the current sign-file.c certificate doesn't contain signer
key's fingerprint, so "serial number" is used for the key id.
Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
---
Makefile.am | 4 +-
configure.ac | 11 ++
libkmod/libkmod-internal.h | 3 +
libkmod/libkmod-module.c | 3 +
libkmod/libkmod-signature.c | 197 +++++++++++++++++++++++++++++++++++-
5 files changed, 213 insertions(+), 5 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index 1ab1db585316..de1026f8bd46 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -35,6 +35,8 @@ SED_PROCESS = \
-e 's,@liblzma_LIBS\@,${liblzma_LIBS},g' \
-e 's,@zlib_CFLAGS\@,${zlib_CFLAGS},g' \
-e 's,@zlib_LIBS\@,${zlib_LIBS},g' \
+ -e 's,@openssl_CFLAGS\@,${openssl_CFLAGS},g' \
+ -e 's,@openssl_LIBS\@,${openssl_LIBS},g' \
< $< > $@ || rm $@
%.pc: %.pc.in Makefile
@@ -87,7 +89,7 @@ libkmod_libkmod_la_DEPENDENCIES = \
${top_srcdir}/libkmod/libkmod.sym
libkmod_libkmod_la_LIBADD = \
shared/libshared.la \
- ${liblzma_LIBS} ${zlib_LIBS}
+ ${liblzma_LIBS} ${zlib_LIBS} ${openssl_LIBS}
noinst_LTLIBRARIES += libkmod/libkmod-internal.la
libkmod_libkmod_internal_la_SOURCES = $(libkmod_libkmod_la_SOURCES)
diff --git a/configure.ac b/configure.ac
index fbc7391b2d1b..2e33380a0cc2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -106,6 +106,17 @@ AS_IF([test "x$with_zlib" != "xno"], [
])
CC_FEATURE_APPEND([with_features], [with_zlib], [ZLIB])
+AC_ARG_WITH([openssl],
+ AS_HELP_STRING([--with-openssl], [handle PKCS7 signatures @<:@default=disabled@:>@]),
+ [], [with_openssl=no])
+AS_IF([test "x$with_openssl" != "xno"], [
+ PKG_CHECK_MODULES([openssl], [openssl])
+ AC_DEFINE([ENABLE_OPENSSL], [1], [Enable openssl for modinfo.])
+], [
+ AC_MSG_NOTICE([openssl support not requested])
+])
+CC_FEATURE_APPEND([with_features], [with_openssl], [OPENSSL])
+
AC_ARG_WITH([bashcompletiondir],
AS_HELP_STRING([--with-bashcompletiondir=DIR], [Bash completions directory]),
[],
diff --git a/libkmod/libkmod-internal.h b/libkmod/libkmod-internal.h
index 346579c71aab..a65ddd156f18 100644
--- a/libkmod/libkmod-internal.h
+++ b/libkmod/libkmod-internal.h
@@ -188,5 +188,8 @@ struct kmod_signature_info {
const char *algo, *hash_algo, *id_type;
const char *sig;
size_t sig_len;
+ void (*free)(void *);
+ void *private;
};
bool kmod_module_signature_info(const struct kmod_file *file, struct kmod_signature_info *sig_info) _must_check_ __attribute__((nonnull(1, 2)));
+void kmod_module_signature_info_free(struct kmod_signature_info *sig_info) __attribute__((nonnull));
diff --git a/libkmod/libkmod-module.c b/libkmod/libkmod-module.c
index 889f26479a98..bffe715cdef4 100644
--- a/libkmod/libkmod-module.c
+++ b/libkmod/libkmod-module.c
@@ -2357,6 +2357,9 @@ KMOD_EXPORT int kmod_module_get_info(const struct kmod_module *mod, struct kmod_
ret = count;
list_error:
+ /* aux structures freed in normal case also */
+ kmod_module_signature_info_free(&sig_info);
+
if (ret < 0) {
kmod_module_info_free_list(*list);
*list = NULL;
diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c
index 429ffbd8a957..48d0145a7552 100644
--- a/libkmod/libkmod-signature.c
+++ b/libkmod/libkmod-signature.c
@@ -19,6 +19,10 @@
#include <endian.h>
#include <inttypes.h>
+#ifdef ENABLE_OPENSSL
+#include <openssl/cms.h>
+#include <openssl/ssl.h>
+#endif
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -115,15 +119,194 @@ static bool fill_default(const char *mem, off_t size,
return true;
}
-static bool fill_unknown(const char *mem, off_t size,
- const struct module_signature *modsig, size_t sig_len,
- struct kmod_signature_info *sig_info)
+#ifdef ENABLE_OPENSSL
+
+struct pkcs7_private {
+ CMS_ContentInfo *cms;
+ unsigned char *key_id;
+ BIGNUM *sno;
+};
+
+static void pkcs7_free(void *s)
+{
+ struct kmod_signature_info *si = s;
+ struct pkcs7_private *pvt = si->private;
+
+ CMS_ContentInfo_free(pvt->cms);
+ BN_free(pvt->sno);
+ free(pvt->key_id);
+ free(pvt);
+ si->private = NULL;
+}
+
+static int obj_to_hash_algo(const ASN1_OBJECT *o)
+{
+ int nid;
+
+ nid = OBJ_obj2nid(o);
+ switch (nid) {
+ case NID_md4:
+ return PKEY_HASH_MD4;
+ case NID_md5:
+ return PKEY_HASH_MD5;
+ case NID_sha1:
+ return PKEY_HASH_SHA1;
+ case NID_ripemd160:
+ return PKEY_HASH_RIPE_MD_160;
+ case NID_sha256:
+ return PKEY_HASH_SHA256;
+ case NID_sha384:
+ return PKEY_HASH_SHA384;
+ case NID_sha512:
+ return PKEY_HASH_SHA512;
+ case NID_sha224:
+ return PKEY_HASH_SHA224;
+ default:
+ return -1;
+ }
+ return -1;
+}
+
+static const char *x509_name_to_str(X509_NAME *name)
+{
+ int i;
+ X509_NAME_ENTRY *e;
+ ASN1_STRING *d;
+ ASN1_OBJECT *o;
+ int nid = -1;
+ const char *str;
+
+ for (i = 0; i < X509_NAME_entry_count(name); i++) {
+ e = X509_NAME_get_entry(name, i);
+ o = X509_NAME_ENTRY_get_object(e);
+ nid = OBJ_obj2nid(o);
+ if (nid == NID_commonName)
+ break;
+ }
+ if (nid == -1)
+ return NULL;
+
+ d = X509_NAME_ENTRY_get_data(e);
+ str = (const char *)ASN1_STRING_get0_data(d);
+
+ return str;
+}
+
+static bool fill_pkcs7(const char *mem, off_t size,
+ const struct module_signature *modsig, size_t sig_len,
+ struct kmod_signature_info *sig_info)
+{
+ const char *pkcs7_raw;
+ CMS_ContentInfo *cms;
+ STACK_OF(CMS_SignerInfo) *sis;
+ CMS_SignerInfo *si;
+ int rc;
+ ASN1_OCTET_STRING *key_id;
+ X509_NAME *issuer;
+ ASN1_INTEGER *sno;
+ ASN1_OCTET_STRING *sig;
+ BIGNUM *sno_bn;
+ X509_ALGOR *dig_alg;
+ X509_ALGOR *sig_alg;
+ const ASN1_OBJECT *o;
+ BIO *in;
+ int len;
+ unsigned char *key_id_str;
+ struct pkcs7_private *pvt;
+ const char *issuer_str;
+
+ size -= sig_len;
+ pkcs7_raw = mem + size;
+
+ in = BIO_new_mem_buf(pkcs7_raw, sig_len);
+
+ cms = d2i_CMS_bio(in, NULL);
+ if (cms == NULL) {
+ BIO_free(in);
+ return false;
+ }
+
+ BIO_free(in);
+
+ sis = CMS_get0_SignerInfos(cms);
+ if (sis == NULL)
+ goto err;
+
+ si = sk_CMS_SignerInfo_value(sis, 0);
+ if (si == NULL)
+ goto err;
+
+ rc = CMS_SignerInfo_get0_signer_id(si, &key_id, &issuer, &sno);
+ if (rc == 0)
+ goto err;
+
+ sig = CMS_SignerInfo_get0_signature(si);
+ if (sig == NULL)
+ goto err;
+
+ CMS_SignerInfo_get0_algs(si, NULL, NULL, &dig_alg, &sig_alg);
+
+ sig_info->sig = (const char *)ASN1_STRING_get0_data(sig);
+ sig_info->sig_len = ASN1_STRING_length(sig);
+
+ sno_bn = ASN1_INTEGER_to_BN(sno, NULL);
+ if (sno_bn == NULL)
+ goto err;
+
+ len = BN_num_bytes(sno_bn);
+ key_id_str = malloc(len);
+ if (key_id_str == NULL)
+ goto err2;
+ BN_bn2bin(sno_bn, key_id_str);
+
+ sig_info->key_id = (const char *)key_id_str;
+ sig_info->key_id_len = len;
+
+ issuer_str = x509_name_to_str(issuer);
+ if (issuer_str != NULL) {
+ sig_info->signer = issuer_str;
+ sig_info->signer_len = strlen(issuer_str);
+ }
+
+ X509_ALGOR_get0(&o, NULL, NULL, dig_alg);
+
+ sig_info->hash_algo = pkey_hash_algo[obj_to_hash_algo(o)];
+ sig_info->id_type = pkey_id_type[modsig->id_type];
+
+ pvt = malloc(sizeof(*pvt));
+ if (pvt == NULL)
+ goto err3;
+
+ pvt->cms = cms;
+ pvt->key_id = key_id_str;
+ pvt->sno = sno_bn;
+ sig_info->private = pvt;
+
+ sig_info->free = pkcs7_free;
+
+ return true;
+err3:
+ free(key_id_str);
+err2:
+ BN_free(sno_bn);
+err:
+ CMS_ContentInfo_free(cms);
+ return false;
+}
+
+#else /* ENABLE OPENSSL */
+
+static bool fill_pkcs7(const char *mem, off_t size,
+ const struct module_signature *modsig, size_t sig_len,
+ struct kmod_signature_info *sig_info)
{
sig_info->hash_algo = "unknown";
sig_info->id_type = pkey_id_type[modsig->id_type];
return true;
}
+#endif /* ENABLE OPENSSL */
+
#define SIG_MAGIC "~Module signature appended~\n"
/*
@@ -167,8 +350,14 @@ bool kmod_module_signature_info(const struct kmod_file *file, struct kmod_signat
switch (modsig->id_type) {
case PKEY_ID_PKCS7:
- return fill_unknown(mem, size, modsig, sig_len, sig_info);
+ return fill_pkcs7(mem, size, modsig, sig_len, sig_info);
default:
return fill_default(mem, size, modsig, sig_len, sig_info);
}
}
+
+void kmod_module_signature_info_free(struct kmod_signature_info *sig_info)
+{
+ if (sig_info->free)
+ sig_info->free(sig_info);
+}
--
2.20.1

View File

@ -1,83 +0,0 @@
From 52a0ba82e1ad180f9f91920db70a758fac49466a Mon Sep 17 00:00:00 2001
From: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
Date: Thu, 31 Oct 2019 20:12:53 +0200
Subject: [PATCH] modprobe: ignore builtin module on recursive removing
If there are built-in dependencies and any of them is built-in in
the kernel, modprobe -r fails with
modprobe: FATAL: Module module_name is builtin.
It makes sense to ignore such dependencies for the case when
removing is called for non-top level module.
Example: cifs module, it declares bunch of softdeps and the first
one fails on some kernel configs:
modprobe: FATAL: Module gcm is builtin.
Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
---
tools/modprobe.c | 18 ++++++++++++------
1 file changed, 12 insertions(+), 6 deletions(-)
diff --git a/tools/modprobe.c b/tools/modprobe.c
index a9e2331567af..44cd15c2bf57 100644
--- a/tools/modprobe.c
+++ b/tools/modprobe.c
@@ -353,7 +353,8 @@ static int rmmod_do_remove_module(struct kmod_module *mod)
return err;
}
-static int rmmod_do_module(struct kmod_module *mod, bool do_dependencies);
+static int rmmod_do_module(struct kmod_module *mod, bool do_dependencies,
+ bool ignore_builtin);
static int rmmod_do_deps_list(struct kmod_list *list, bool stop_on_errors)
{
@@ -361,7 +362,7 @@ static int rmmod_do_deps_list(struct kmod_list *list, bool stop_on_errors)
kmod_list_foreach_reverse(l, list) {
struct kmod_module *m = kmod_module_get_module(l);
- int r = rmmod_do_module(m, false);
+ int r = rmmod_do_module(m, false, true);
kmod_module_unref(m);
if (r < 0 && stop_on_errors)
@@ -371,7 +372,8 @@ static int rmmod_do_deps_list(struct kmod_list *list, bool stop_on_errors)
return 0;
}
-static int rmmod_do_module(struct kmod_module *mod, bool do_dependencies)
+static int rmmod_do_module(struct kmod_module *mod, bool do_dependencies,
+ bool ignore_builtin)
{
const char *modname = kmod_module_get_name(mod);
struct kmod_list *pre = NULL, *post = NULL;
@@ -401,8 +403,12 @@ static int rmmod_do_module(struct kmod_module *mod, bool do_dependencies)
}
goto error;
} else if (state == KMOD_MODULE_BUILTIN) {
- LOG("Module %s is builtin.\n", modname);
- err = -ENOENT;
+ if (ignore_builtin) {
+ err = 0;
+ } else {
+ LOG("Module %s is builtin.\n", modname);
+ err = -ENOENT;
+ }
goto error;
}
}
@@ -462,7 +468,7 @@ static int rmmod(struct kmod_ctx *ctx, const char *alias)
kmod_list_foreach(l, list) {
struct kmod_module *mod = kmod_module_get_module(l);
- err = rmmod_do_module(mod, true);
+ err = rmmod_do_module(mod, true, false);
kmod_module_unref(mod);
if (err < 0)
break;
--
2.24.0

View File

@ -1,116 +0,0 @@
From a11057201ed326a9e65e757202da960735e45799 Mon Sep 17 00:00:00 2001
From: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
Date: Fri, 16 Nov 2018 10:56:34 +0200
Subject: [PATCH] signature: do not report wrong data for pkc#7 signature
when PKC#7 signing method is used the old structure doesn't contain
any useful data, but the data are encoded in the certificate.
The info getting/showing code is not aware of that at the moment and
since 0 is a valid constant, shows, for example, wrong "md4" for the
hash algo.
The patch splits the 2 mothods of gethering the info and reports
"unknown" for the algo.
Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
---
libkmod/libkmod-module.c | 2 +-
libkmod/libkmod-signature.c | 56 +++++++++++++++++++++++++------------
2 files changed, 39 insertions(+), 19 deletions(-)
diff --git a/libkmod/libkmod-module.c b/libkmod/libkmod-module.c
index ee420f4ec2bf..889f26479a98 100644
--- a/libkmod/libkmod-module.c
+++ b/libkmod/libkmod-module.c
@@ -2273,7 +2273,7 @@ KMOD_EXPORT int kmod_module_get_info(const struct kmod_module *mod, struct kmod_
struct kmod_elf *elf;
char **strings;
int i, count, ret = -ENOMEM;
- struct kmod_signature_info sig_info;
+ struct kmod_signature_info sig_info = {};
if (mod == NULL || list == NULL)
return -ENOENT;
diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c
index 1f3e26dea203..429ffbd8a957 100644
--- a/libkmod/libkmod-signature.c
+++ b/libkmod/libkmod-signature.c
@@ -92,6 +92,38 @@ struct module_signature {
uint32_t sig_len; /* Length of signature data (big endian) */
};
+static bool fill_default(const char *mem, off_t size,
+ const struct module_signature *modsig, size_t sig_len,
+ struct kmod_signature_info *sig_info)
+{
+ size -= sig_len;
+ sig_info->sig = mem + size;
+ sig_info->sig_len = sig_len;
+
+ size -= modsig->key_id_len;
+ sig_info->key_id = mem + size;
+ sig_info->key_id_len = modsig->key_id_len;
+
+ size -= modsig->signer_len;
+ sig_info->signer = mem + size;
+ sig_info->signer_len = modsig->signer_len;
+
+ sig_info->algo = pkey_algo[modsig->algo];
+ sig_info->hash_algo = pkey_hash_algo[modsig->hash];
+ sig_info->id_type = pkey_id_type[modsig->id_type];
+
+ return true;
+}
+
+static bool fill_unknown(const char *mem, off_t size,
+ const struct module_signature *modsig, size_t sig_len,
+ struct kmod_signature_info *sig_info)
+{
+ sig_info->hash_algo = "unknown";
+ sig_info->id_type = pkey_id_type[modsig->id_type];
+ return true;
+}
+
#define SIG_MAGIC "~Module signature appended~\n"
/*
@@ -112,7 +144,6 @@ bool kmod_module_signature_info(const struct kmod_file *file, struct kmod_signat
const struct module_signature *modsig;
size_t sig_len;
-
size = kmod_file_get_size(file);
mem = kmod_file_get_contents(file);
if (size < (off_t)strlen(SIG_MAGIC))
@@ -134,21 +165,10 @@ bool kmod_module_signature_info(const struct kmod_file *file, struct kmod_signat
size < (int64_t)(modsig->signer_len + modsig->key_id_len + sig_len))
return false;
- size -= sig_len;
- sig_info->sig = mem + size;
- sig_info->sig_len = sig_len;
-
- size -= modsig->key_id_len;
- sig_info->key_id = mem + size;
- sig_info->key_id_len = modsig->key_id_len;
-
- size -= modsig->signer_len;
- sig_info->signer = mem + size;
- sig_info->signer_len = modsig->signer_len;
-
- sig_info->algo = pkey_algo[modsig->algo];
- sig_info->hash_algo = pkey_hash_algo[modsig->hash];
- sig_info->id_type = pkey_id_type[modsig->id_type];
-
- return true;
+ switch (modsig->id_type) {
+ case PKEY_ID_PKCS7:
+ return fill_unknown(mem, size, modsig, sig_len, sig_info);
+ default:
+ return fill_default(mem, size, modsig, sig_len, sig_info);
+ }
}
--
2.20.1

6
gating.yaml Normal file
View File

@ -0,0 +1,6 @@
--- !Policy
product_versions:
- rhel-9
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}

View File

@ -1,30 +1,33 @@
Name: kmod Name: kmod
Version: 25 Version: 28
Release: 20%{?dist} Release: 10%{?dist}
Summary: Linux kernel module management utilities Summary: Linux kernel module management utilities
Group: System Environment/Kernel
License: GPLv2+ License: GPLv2+
URL: http://git.kernel.org/?p=utils/kernel/kmod/kmod.git;a=summary URL: https://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git
Source0: https://www.kernel.org/pub/linux/utils/kernel/kmod/%{name}-%{version}.tar.xz Source0: https://www.kernel.org/pub/linux/utils/kernel/kmod/%{name}-%{version}.tar.xz
Source1: weak-modules Source1: weak-modules
Source2: depmod.conf.dist Source2: depmod.conf.dist
Exclusiveos: Linux Exclusiveos: Linux
Patch01: kmod-signature-do-not-report-wrong-data-for-pkc-7-signatu.patch Patch01: man-rmmod-explain-why-modprobe-r-is-more-useful.patch
Patch02: kmod-libkmod-signature-implement-pkcs7-parsing-with-opens.patch # v29~5 "libkmod: fix an overflow with wrong modules.builtin.modinfo"
Patch03: kmod-modprobe-ignore-builtin-module-on-recursive-removing.patch Patch02: 0001-libkmod-fix-an-overflow-with-wrong-modules.builtin.m.patch
Patch04: 0001-depmod-prevent-module-dependency-files-missing-durin.patch # v31~29 "libkmod: do not crash on unknown signature algorithm"
Patch05: 0002-depmod-prevent-module-dependency-files-corruption-du.patch Patch03: 0001-libkmod-do-not-crash-on-unknown-signature-algorithm.patch
# v31~18 "libkmod: error out on unknown hash algorithm"
Patch04: 0001-libkmod-error-out-on-unknown-hash-algorithm.patch
# v33~1 "libkmod: avoid undefined behaviour in libkmod-builtin.c:get_string"
Patch05: 0001-libkmod-avoid-undefined-behaviour-in-libkmod-builtin.patch
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) BuildRequires: gcc
BuildRequires: chrpath BuildRequires: chrpath
BuildRequires: zlib-devel BuildRequires: zlib-devel
BuildRequires: xz-devel BuildRequires: xz-devel
BuildRequires: libxslt BuildRequires: libxslt
BuildRequires: openssl-devel BuildRequires: openssl-devel
# Remove it as soon as no need for Patch02 anymore (Makefile.am updated) BuildRequires: make
BuildRequires: automake autoconf libtool BuildRequires: libzstd-devel
Provides: module-init-tools = 4.0-1 Provides: module-init-tools = 4.0-1
Obsoletes: module-init-tools < 4.0-1 Obsoletes: module-init-tools < 4.0-1
@ -39,7 +42,6 @@ examples of loaded and unloaded modules.
%package libs %package libs
Summary: Libraries to handle kernel module loading and unloading Summary: Libraries to handle kernel module loading and unloading
License: LGPLv2+ License: LGPLv2+
Group: System Environment/Libraries
%description libs %description libs
The kmod-libs package provides runtime libraries for any application that The kmod-libs package provides runtime libraries for any application that
@ -47,7 +49,6 @@ wishes to load or unload Linux kernel modules from the running system.
%package devel %package devel
Summary: Header files for kmod development Summary: Header files for kmod development
Group: Development/Libraries
Requires: %{name}-libs%{?_isa} = %{version}-%{release} Requires: %{name}-libs%{?_isa} = %{version}-%{release}
%description devel %description devel
@ -55,30 +56,26 @@ The kmod-devel package provides header files used for development of
applications that wish to load or unload Linux kernel modules. applications that wish to load or unload Linux kernel modules.
%prep %prep
%setup -q %autosetup -p1
%patch01 -p1
%patch02 -p1
%patch03 -p1
%patch04 -p1
%patch05 -p1
%build %build
export V=1
aclocal
autoreconf --install --symlink
%configure \ %configure \
--with-openssl \
--with-zlib \ --with-zlib \
--with-xz \ --with-xz \
--with-openssl --with-zstd
make %{?_smp_mflags}
%{make_build} V=1
%install %install
make install DESTDIR=$RPM_BUILD_ROOT %{make_install}
pushd $RPM_BUILD_ROOT/%{_mandir}/man5
pushd $RPM_BUILD_ROOT%{_mandir}/man5
ln -s modprobe.d.5.gz modprobe.conf.5.gz ln -s modprobe.d.5.gz modprobe.conf.5.gz
popd popd
rm -rf $RPM_BUILD_ROOT%{_libdir}/*.la find %{buildroot} -type f -name "*.la" -delete
mkdir -p $RPM_BUILD_ROOT%{_sbindir} mkdir -p $RPM_BUILD_ROOT%{_sbindir}
ln -sf ../bin/kmod $RPM_BUILD_ROOT%{_sbindir}/modprobe ln -sf ../bin/kmod $RPM_BUILD_ROOT%{_sbindir}/modprobe
ln -sf ../bin/kmod $RPM_BUILD_ROOT%{_sbindir}/modinfo ln -sf ../bin/kmod $RPM_BUILD_ROOT%{_sbindir}/modinfo
@ -91,16 +88,10 @@ mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/modprobe.d
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d
mkdir -p $RPM_BUILD_ROOT%{_prefix}/lib/modprobe.d mkdir -p $RPM_BUILD_ROOT%{_prefix}/lib/modprobe.d
mkdir -p $RPM_BUILD_ROOT/sbin install -pm 755 %{SOURCE1} $RPM_BUILD_ROOT%{_sbindir}/weak-modules
install -m 755 %{SOURCE1} $RPM_BUILD_ROOT%{_sbindir}/weak-modules
install -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d/dist.conf install -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d/dist.conf
%post libs -p /sbin/ldconfig
%postun libs -p /sbin/ldconfig
%files %files
%defattr(-,root,root,-)
%dir %{_sysconfdir}/depmod.d %dir %{_sysconfdir}/depmod.d
%dir %{_sysconfdir}/modprobe.d %dir %{_sysconfdir}/modprobe.d
%dir %{_prefix}/lib/modprobe.d %dir %{_prefix}/lib/modprobe.d
@ -119,7 +110,6 @@ install -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d/dist.conf
%doc NEWS README TODO %doc NEWS README TODO
%files libs %files libs
%{!?_licensedir:%global license %%doc}
%license COPYING %license COPYING
%{_libdir}/libkmod.so.* %{_libdir}/libkmod.so.*
@ -129,83 +119,77 @@ install -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d/dist.conf
%{_libdir}/libkmod.so %{_libdir}/libkmod.so
%changelog %changelog
* Wed Oct 11 2023 Eugene Syromiatnikov <esyr@redhat.com> - 25-20 * Thu Aug 15 2024 Eugene Syromiatnikov <esyr@redhat.com> - 28-10
- Fix issues discovered by static analysis
- Resolves: RHEL-34073
* Thu May 11 2023 Eugene Syromiatnikov <esyr@redhat.com> - 28-9
- Add symvers.xz support to weak-modules - Add symvers.xz support to weak-modules
- Resolves: RHEL-8903 - Resolves: rhbz#2192895
* Mon Nov 29 2021 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-19 * Thu Feb 9 2023 Yauheni Kaliuta <ykaliuta@redhat.com> - 28-8
- depmod: fix parallel execution issues - man/rmmod: explain why modprobe -r is more useful
Resolves: rhbz#2026938 Resolves: rhbz#2164253
* Fri Apr 16 2021 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-18 * Thu Oct 21 2021 Yauheni Kaliuta <ykaliuta@redhat.com> - 28-7
- weak-modules: do not require dracut wneh using --no-initramfs - Add RHEL gating configuration. Related: rhbz#1985100
Resolves: rhbz#1935416
* Fri Dec 18 2020 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-17 * Tue Aug 10 2021 Yauheni Kaliuta <ykaliuta@redhat.com> - 28-6
- weak-modules: reset compatible_modules if configuration is not valid - add default config.
Resolves: rhbz#1907855 Resolves: rhbz#1985100
* Mon Dec 9 2019 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-16 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 28-5
- weak-modules: update_modules_for_krel: always finish sandbox - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
- weak-modules: groupping: use dependencies of extra/ provider Related: rhbz#1991688
Resolves: rhbz#1778889
* Mon Dec 9 2019 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-15 * Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 28-4
- weak-modules: reverse checking order for add-kernel - Rebuilt for RHEL 9 BETA for openssl 3.0
Resolves: rhbz#1755196 Related: rhbz#1971065
* Mon Dec 2 2019 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-14 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 28-3
- modprobe: do not fail on built-in modules - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
Resolves: rhbz#1767513
* Tue Apr 16 2019 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-13 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 28-2
- weak-modules: handle independent modules in one run - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
Resolves: rhbz#1695763
* Tue Apr 2 2019 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-12 * Thu Jan 07 2021 Josh Boyer <jwboyer@fedoraproject.org> - 28-1
- weak-modules: use asterisk for kernel version in sandbox - New upstream v28
Resolves: rhbz#1689052 - Enable zstd support
- Resolves: rhbz#1913949
* Tue Feb 5 2019 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-11 * Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 27-3
- add PKCS7/openssl support. - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
Resolves: rhbz#1668459.
* Tue Dec 11 2018 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-10 * Wed Mar 25 2020 Yauheni Kaliuta <ykaliuta@fedoraproject.org> - 27-2
- weak-modules: group modules on add-kernel - add 0001-depmod-do-not-output-.bin-to-stdout.patch
- weak-modules: do not make groups if there are no extra modules Resolves: rhbz#1808430
Resolves: rhbz#1649211
* Tue Oct 2 2018 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-9 * Thu Feb 20 2020 Peter Robinson <pbrobinson@fedoraproject.org> - 27-1
- Rebuild with updated flags. - New upstream v27
Resolves: rhbz#1630574.
* Tue Sep 4 2018 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-8 * Mon Jan 20 2020 Yauheni Kaliuta <ykaliuta@fedoraproject.org> - 26-5
- weak-modules: fix initial state creation for dry-run - weak-modules: sync with RHEL
- weak-modules: check compatibility in a temporary directory
Resolves: rhbz#1622990.
* Tue Aug 28 2018 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-7 * Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 26-4
- weak-modules: use is_kernel_installed wrapper in update_modules_for_krel. - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
- weak-modules: more abstract symvers search implementation.
- weak-modules: use additional paths for System.map file.
Resolves: rhbz#1621306.
* Thu Aug 09 2018 Eugene Syromiatnikov <esyr@redhat.com> - 25-6 * Mon Feb 25 2019 Yauheni Kaliuta <yauheni.kaliuta@redhat.com> - 26-3
- weak-modules: check also for /lib/modules/$krel/symvers.gz as a possible - weak-modules: sync with RHEL
symvers file path.
Resolves: rhbz#1614119.
* Mon Jul 30 2018 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-5 * Sun Feb 24 2019 Yauheni Kaliuta <ykaliuta@fedoraproject.org> - 26-2
- weak-modules: handle versions with + and other special regex symbols - add PKCS7/openssl support (rhbz 1320921)
- weak-modules: fix misleading message when cannot find dracut.
Resolves: rhbz#1609372.
* Fri Jul 27 2018 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-4 * Sun Feb 24 2019 Yauheni Kaliuta <ykaliuta@fedoraproject.org> - 26-1
- fix dracut path, /usr/bin/dracut - Update to version 26 (rhbz 1673749)
* Wed Jul 25 2018 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-3 * Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 25-5
- Add depmod.d/dist.conf. - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
- Update weak-modules to RHEL version.
* Mon Oct 29 2018 James Antill <james.antill@redhat.com> - 25-4
- Remove ldconfig scriptlet, now done via. transfiletrigger in glibc (rhbz 1644063)
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 25-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 25-2 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 25-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

View File

@ -0,0 +1,58 @@
From 06fadcc6b17c3b9a534540dd6d74b0c5fb1d948d Mon Sep 17 00:00:00 2001
From: Yauheni Kaliuta <ykaliuta@redhat.com>
Date: Thu, 2 Feb 2023 15:47:36 +0200
Subject: [PATCH] man/rmmod: explain why modprobe -r is more useful
Improve user experience by explaining the option so the user may
not search explanations in other manpages (modprobe).
Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com>
Reviewed-by: Luis Chamberlain <mcgrof@kernel.org>
Signed-off-by: Lucas De Marchi <lucas.de.marchi@gmail.com>
---
man/rmmod.xml | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/man/rmmod.xml b/man/rmmod.xml
index e7c7e5f9e7dc..67bcbedd972b 100644
--- a/man/rmmod.xml
+++ b/man/rmmod.xml
@@ -52,7 +52,8 @@
want to use
<citerefentry>
<refentrytitle>modprobe</refentrytitle><manvolnum>8</manvolnum>
- </citerefentry> with the <option>-r</option> option instead.
+ </citerefentry> with the <option>-r</option> option instead
+ since it removes unused dependent modules as well.
</para>
</refsect1>
--- a/man/rmmod.8 2020-12-28 02:58:30.085851136 +0200
+++ b/man/rmmod.8 2023-02-09 16:55:55.967128297 +0200
@@ -2,12 +2,12 @@
.\" Title: rmmod
.\" Author: Jon Masters <jcm@jonmasters.org>
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\" Date: 12/27/2020
+.\" Date: 02/09/2023
.\" Manual: rmmod
.\" Source: kmod
.\" Language: English
.\"
-.TH "RMMOD" "8" "12/27/2020" "kmod" "rmmod"
+.TH "RMMOD" "8" "02/09/2023" "kmod" "rmmod"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -39,7 +39,7 @@
\fBmodprobe\fR(8)
with the
\fB\-r\fR
-option instead\&.
+option instead since it removes unused dependent modules as well\&.
.SH "OPTIONS"
.PP
\fB\-v\fR, \fB\-\-verbose\fR
--
2.39.1

1
sources Normal file
View File

@ -0,0 +1 @@
SHA512 (kmod-28.tar.xz) = 50646dc72675a5e17b01e327e3d41b972f18aaeac20c8b00983c4d099c6218f35c32c184a833a2d7f716755d6a86851c90913d2835874cef933bdc4a9722df9a

46
tests/libkmod/Makefile Normal file
View File

@ -0,0 +1,46 @@
# SPDX-License-Identifier: LGPL-2.1+
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Makefile of /CoreOS/libkmod
# Description: Test if libkmod working ok
# Author: Susant Sahani<susant@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
export TEST=/CoreOS/libkmod
export TESTVERSION=1.0
OBJS = test-libkmod.c
CFLAG = -Wall -g3
CC = gcc
LIBS = -lkmod -lcmocka
test-libkmod:${OBJ}
${CC} ${CFLAGS} ${INCLUDES} -o $@ ${OBJS} ${LIBS}
run: test-libkmod
./runtest.sh
clean:
-rm -f test-libkmod
.c.o:
${CC} ${CFLAGS} ${INCLUDES} -c $<
CC = gcc
include /usr/share/rhts/lib/rhts-make.include
$(METADATA): Makefile
@echo "Owner: Susant Sahani<susant@redhat.com>" > $(METADATA)
@echo "Name: $(TEST)" >> $(METADATA)
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
@echo "Path: $(TEST_DIR)" >> $(METADATA)
@echo "Description: Test libkmod works ok" >> $(METADATA)
@echo "Type: Sanity" >> $(METADATA)
@echo "TestTime: 5m" >> $(METADATA)
@echo "RunFor: libkmod" >> $(METADATA)
@echo "Requires: libkmod libkmod-devel" >> $(METADATA)
@echo "Priority: Normal" >> $(METADATA)
@echo "License: GPLv2" >> $(METADATA)
@echo "Confidential: no" >> $(METADATA)
@echo "Destructive: no" >> $(METADATA)
@echo "Releases: -Fedora 29" >> $(METADATA)
rhts-lint $(METADATA)

36
tests/libkmod/runtest.sh Executable file
View File

@ -0,0 +1,36 @@
#!/bin/bash
# SPDX-License-Identifier: LGPL-2.1+
# ~~~
# runtest.sh of libkmod
# Description: Tests for libkmod.
#
# Author: Susant Sahani <susant@redhat.com>
# Copyright (c) 2018 Red Hat, Inc.
# ~~~
# Include Beaker environment
. /usr/share/beakerlib/beakerlib.sh || exit 1
PACKAGE="kmod-devel"
IPIP="/usr/lib/modules/$(uname -r)/kernel/net/ipv4/ipip.ko.xz"
rlJournalStart
rlPhaseStartSetup
rlAssertRpm $PACKAGE
rlAssertExists "$IPIP"
rlRun "cp test-libkmod /usr/bin/"
rlPhaseEnd
rlPhaseStartTest
rlLog "Starting libkmod tests ..."
rlRun "/usr/bin/test-libkmod"
rlPhaseEnd
rlPhaseStartCleanup
rlRun "rm /usr/bin/test-libkmod"
rlLog "libkmod tests done"
rlPhaseEnd
rlJournalPrintText
rlJournalEnd
rlGetTestState

View File

@ -0,0 +1,79 @@
/* SPDX-License-Identifier: LGPL-2.1+
# ~~~
# Description: Tests libkmod
#
# Author: Susant Sahani <susant@redhat.com>
# Copyright (c) 2018 Red Hat, Inc.
# ~~~
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <libkmod.h>
#include <setjmp.h>
#include <inttypes.h>
#include <cmocka.h>
static int load_module(void **state) {
struct kmod_list *list = NULL;
struct kmod_ctx *ctx = NULL;
struct kmod_list *l;
int r;
assert_non_null((ctx = kmod_new(NULL, NULL)));
assert_return_code(kmod_module_new_from_lookup(ctx, "ipip", &list), 0);
kmod_list_foreach(l, list) {
struct kmod_module *mod = NULL;
mod = kmod_module_get_module(l);
assert_non_null(mod);
assert_return_code(kmod_module_probe_insert_module(mod, 0, NULL, NULL, NULL, NULL), 0);
}
free(ctx);
return 0;
}
static int remove_module(void **state) {
struct kmod_list *list = NULL;
struct kmod_ctx *ctx = NULL;
struct kmod_list *l;
int r;
assert_non_null((ctx = kmod_new(NULL, NULL)));
assert_return_code(kmod_module_new_from_lookup(ctx, "ipip", &list), 0);
kmod_list_foreach(l, list) {
struct kmod_module *mod = NULL;
mod = kmod_module_get_module(l);
assert_non_null(mod);
assert_return_code(kmod_module_remove_module(mod, 0), 0);
}
free(ctx);
return 0;
}
void test_load_module(void **state) {
load_module(NULL);
}
void test_remove_module(void **state) {
remove_module(NULL);
}
int main(int argc, char *argv[]) {
const struct CMUnitTest libmod_tests[] = {
cmocka_unit_test_teardown(test_load_module, remove_module),
cmocka_unit_test_setup(test_remove_module, load_module),
};
return cmocka_run_group_tests(libmod_tests, NULL, NULL);
}

79
tests/sanity/Makefile Normal file
View File

@ -0,0 +1,79 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Makefile of general/kmod/sanity
# Description: kmod test
#
# 2016-07-31
# Author: Chunyu Hu <chuhu@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2016 Red Hat, Inc.
#
# This copyrighted material is made available to anyone wishing
# to use, modify, copy, or redistribute it subject to the terms
# and conditions of the GNU General Public License version 2.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
# Boston, MA 02110-1301, USA.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
TENV=_env
ifeq ($(PKG_TOP_DIR),)
export PKG_TOP_DIR := $(shell p=$$PWD; while :; do \
[ -e $$p/env.mk -o -z "$$p" ] && { echo $$p; break; }; p=$${p%/*}; done)
export _TOP_DIR := $(shell p=$$PWD; while :; do \
[ -d $$p/.git -o -z "$$p" ] && { echo $$p; break; }; p=$${p%/*}; done)
-include $(PKG_TOP_DIR)/env.mk
endif
include $(TENV)
ifeq ($(_TOP_DIR),)
_TOP_DIR=/mnt/tests/$(TOPLEVEL_NAMESPACE)
endif
export TESTVERSION=1.0
BUILT_FILES=
FILES=$(TENV) $(METADATA) _env runtest.sh Makefile PURPOSE lib.sh
.PHONY: all install download clean
run: $(FILES) build
( set +o posix; . /usr/bin/rhts_environment.sh; \
. /usr/share/beakerlib/beakerlib.sh; \
. runtest.sh )
build: $(BUILT_FILES)
test -x runtest.sh || chmod a+x runtest.sh
clean:
rm -fr *~ $(BUILT_FILES)
include /usr/share/rhts/lib/rhts-make.include
$(METADATA): Makefile
@echo "Owner: Chunyu Hu <chuhu@redhat.com>" > $(METADATA)
@echo "Name: $(TEST)" >> $(METADATA)
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
@echo "Path: $(TEST_DIR)" >> $(METADATA)
@echo "Description: kmod kernel module check from kernel modules tools">> $(METADATA)
@echo "Type: Regression" >> $(METADATA)
@echo "TestTime: 1h" >> $(METADATA)
@echo "RunFor: kernel" >> $(METADATA)
@echo "Requires: kernel" >> $(METADATA)
@echo "Requires: sysstat perf trace-cmd" >> $(METADATA)
@echo "Requires: $(PACKAGE_NAME) python rpm wget" >> $(METADATA)
@echo "Priority: Normal" >> $(METADATA)
@echo "License: GPLv2" >> $(METADATA)
@echo "Confidential: no" >> $(METADATA)
@echo "Destructive: no" >> $(METADATA)
rhts-lint $(METADATA)

4
tests/sanity/PURPOSE Normal file
View File

@ -0,0 +1,4 @@
Defaults to testing currently running kernel modules tools on all architectures.
The test runs on any architecture, check normal kernel modules and compressed kernel modules for sanity

8
tests/sanity/_env Normal file
View File

@ -0,0 +1,8 @@
#This file was generated automatically,do not manually change it.
export TOPLEVEL_NAMESPACE=kernel
export PKG_NAMESPACE=kernel/general
export RELATIVE_PATH=kmod/sanity
export PACKAGE=general
export PACKAGE_NAME=general
export PKG_LIST=
export TEST=/kernel/general/kmod/sanity

258
tests/sanity/lib.sh Executable file
View File

@ -0,0 +1,258 @@
#!/bin/bash
dir_extra=/usr/lib/modules/$(uname -r)/extra
dir_updates=/usr/lib/modules/$(uname -r)/updates
dir_weak_updates=/usr/lib/modules/$(uname -r)/weak-updates
kmods=(base kmod_test_force kmod_test)
function kmod_log_warn()
{
echo "WARN: $*"
}
function kmod_log_pass()
{
echo "PASS: $*"
}
function kmod_log_fail()
{
echo "FAIL: $*"
}
function kmod_log_info()
{
echo "INFO: $*"
}
function kmod_log_err()
{
echo "ERR: $*"
}
function kmod_verify_exist()
{
local files=$*
local ret=0
local msg=0
local f=
for f in $files; do
if ! test -f $f; then
ret=$((ret + 1))
continue
fi
done
return $ret
}
function kmod_verify_loaded()
{
local kmods=$*
local ret=$?
for kmod in $kmods; do
lsmod | grep -w ${kmod/.ko/}
if [ $? -ne 0 ]; then
ret=$((ret+1))
continue
fi
done
return $ret
}
# tainted should be shown
function kmod_verify_dmesg()
{
local str="$1"
dmesg | grep -i "$str"
return $?
}
function kmod_verify_tainted()
{
local kmod=$1
shift
local taint_expect=$*
local ret=0
local checker=./parse_taint.sh
local tainted=$(cat /proc/sys/kernel/tainted)
kmod_log_info "Kernel taint value: $tainted"
local flag=
for flag in $taint_expect; do
$checker $tainted | grep -we $flag || ret=$((ret + 1))
done
return $ret
}
function kmod_verify_tainted_module()
{
local kmod=$1
shift
local taint_expect="$*"
local ret=0
if ! test -f /sys/module/$kmod/taint; then
kmod_log_info "Kmod taint value on module $kmod not supported"
kmod_log_info "$(ls /sys/module/$kmod/)"
return 0
fi
local kmod_tainted=$(cat /sys/module/$kmod/taint)
ret=$(( $ret + 1 ))
kmod_log_info "Kmod taint value: $kmod_tainted"
local flag=
local grep_exec="grep"
for flag in $*; do
grep_exec+=" -e $flag"
done
echo "$kmod_tainted" | $grep_exec
ret=$?
return $ret
}
function kmod_check_result()
{
local opt=$1
shift 1
local dir=$1
shift 1
local files=$*
case $opt in
compile)
for f in $files; do
if kmod_verify_exist $dir/$f; then
kmod_log_pass "File exist: $dir/$f"
else
kmod_log_fail "File does not exist: $dir/$f"
return 1
fi
done
;;
load)
for f in $files; do
if kmod_verify_loaded $f; then
kmod_log_fail $f not loaded
return 1
else
kmod_log_pass $f loaded
fi
done
;;
unload)
for f in $files; do
if ! kmod_verify_loaded $f; then
kmod_log_fail $f unloaded
return 1
else
kmod_log_pass $f not loaded
fi
done
;;
*)
;;
esac
return 0
}
# Locate the compiled kmods into several dirs for different
# tests.
function kmod_locate_extra()
{
local ret=0
if ! test -d $dir_extra; then
kmod_log_warn "$dir_extra does not exist."
return 1
fi
local f=
for f in $*; do
cp -f $f $dir_extra || ret=$((ret + 1))
done
depmod || ret=$((ret+1))
return $ret
}
function kmod_locate_updates()
{
local ret=0
if ! test -d $dir_updates; then
kmod_log_warn "$dir_updates does not exist."
return 1
fi
for f in $*; do
cp -f $f $dir_updates || ret=$((ret + 1))
done
depmod || ret=$((ret+1))
return $ret
}
function kmod_locate_weak_updates()
{
local ret=0
if ! test -d $dir_weak_updates; then
kmod_log_warn "$dir_weak_updates does not exist."
return 1
fi
for f in $*; do
cp -f $f $dir_weak_updates || ret=$((ret + 1))
done
depmod || ret=$((ret+1))
return $ret
}
function kmod_cleanup_all()
{
local ret=$?
for ko in ${kmod[*]}; do
test -f $dir_extra/${ko}.ko && rm -r $dir_extra/${ko}.ko
test -f $dir_weak_updates/${ko}.ko && rm -r $dir_weak_updates/${ko}.ko
test -f $dir_updates/${ko}.ko && rm -r $dir_extra/${ko}.ko
done
}
# The kmods should be loaded now.
function kmod_check_all_loaded()
{
local ret=$?
lsmod | grep base -w
ret=$(($ret + $?))
lsmod | grep -w kmod_test_dependency
ret=$(($ret + $?))
lsmod | grep -w kmod_test_force
ret=$(($ret + $?))
return $ret
}
function kmod_unload_all()
{
local ret=0
lsmod | grep -w kmod_test_force && rmmod kmod_test_force
lsmod | grep -w base && rmmod base
! lsmod | grep -w base
ret=$(($ret | $?))
! lsmod | grep -w kmod_test_force
ret=$(($ret | $?))
return $ret
}
function kmod_load_all()
{
local kmod=
kmod_unload_all || return $?
for kmod in $*; do
modprobe $kmod || return $?
done
}
function kmod_load_all_force()
{
local kmod=
kmod_unload_all || return $?
for kmod in $*; do
modprobe -f $kmod || return $?
dmesg | tail -n 10
done
}

70
tests/sanity/parse_taint.sh Executable file
View File

@ -0,0 +1,70 @@
# /bin/bash
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Copyright (c) 2015 Red Hat, Inc.
#
# This copyrighted material is made available to anyone wishing
# to use, modify, copy, or redistribute it subject to the terms
# and conditions of the GNU General Public License version 2.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
# Boston, MA 02110-1301, USA.
#
# Author: Chunyu Hu <chuhu@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
taint_mask=(
[0]="P (G=Gnu)TAINT_PROPRIETARY_MODULE"
[1]="F TAINT_FORCED_MODULE"
[2]="S TAINT_UNSAFE_SMP"
[3]="R TAINT_FORCED_RMMOD"
[4]="M TAINT_MACHINE_CHECK"
[5]="B TAINT_BAD_PAGE"
[6]="U TAINT_USER"
[7]="D TAINT_DIE"
[8]="A TAINT_OVERRIDDEN_ACPI_TABLE"
[9]="W TAINT_WARN"
[10]="C TAINT_CRAP"
[11]="I TAINT_FIRMWARE_WORKAROUND"
[12]="O TAINT_OOT_MODULE [RHEL7 ONLY]"
[13]="E TAINT_UNSIGNED_MODULE"
[14]="L TAINT_SOFTLOCKUP"
[15]="K TAINT_LIVEPATCH"
[16]="? TAINT_16"
[17]="? TAINT_17"
[18]="? TAINT_18"
[19]="? TAINT_19"
[20]="? TAINT_20"
[21]="? TAINT_21"
[22]="? TAINT_22"
[23]="? TAINT_23"
[24]="? TAINT_24"
[25]="? TAINT_25"
[26]="? TAINT_26"
[27]="? TAINT_BIT_BY_ZOMBIE"
[28]="H TAINT_HARDWARE_UNSUPPORTED"
[29]="T TAINT_TECH_PREVIEW"
[30]="? TAINT_RESERVED30"
[31]="? TAINT_RESERVED31"
)
function parse_taint(){
for mask in ${!taint_mask[*]};do
if (( ((1<<mask)) & taint_val )); then
echo "bit$mask: $((1<<mask)) ${taint_mask[$mask]}" |
awk '{printf "%-7s %-13s %-5s %s\n", $1 ,$2, $3, $4, $5, $6}'
fi
done
}
echo "Input: $taint_val"
taint_val=${1:-$(cat /proc/sys/kernel/tainted)}
parse_taint "$taint_val" | awk 'BEGIN{sum=0}{sum+=$2;print}END{printf "Sum: ";print sum}'

134
tests/sanity/runtest.sh Executable file
View File

@ -0,0 +1,134 @@
#!/bin/bash
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of kmod/sanity
# Description: Checking the basic function of kmod
# Author: Shaohui Deng <shdeng@redhat.com>
# Author: Chunyu Hu <chuhu@redhat.com>
# Update: Ziqian SUN <zsun@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2015 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Include Beaker environment
. /usr/share/beakerlib/beakerlib.sh || exit 1
. lib.sh
PACKAGE="kmod"
if [ -z $TESTARGS ]; then
export TESTARGS=$(rpm -q --queryformat '%{version}-%{release}\n' -qf /boot/config-$(uname -r))
fi
name=kernel
version=$(echo $TESTARGS | awk 'BEGIN {FS="-"} {print $1 }')
release=$(echo $TESTARGS | awk 'BEGIN {FS="-"} {print $2 }')
DEBUG=0
result=FAIL
FAIL=0
PASS=0
arch=`uname -m`
export TESTS=${TESTS:-kmod_load_insmod kmod_load_modprobe kmod_modinfo}
# Functions
function kmod_load_insmod()
{
local m
for m in ${existed_unloaded}; do
#local m_name=$(basename ${m//.ko}) won't work for compressed kmod
local m_name=$(basename ${m} | sed "s/.ko//;s/.xz//;s/.gz//")
rlRun "insmod $mod_path/$m"
rlRun "lsmod | grep ${m_name}"
rlRun "rmmod ${m_name}"
rlRun "lsmod | grep ${m_name}" 1-255
done
}
function kmod_load_modprobe()
{
rlRun "modprobe tun"
rlRun "modprobe -r tun"
}
function kmod_modinfo()
{
for m in ${existed_unloaded}; do
local m_name=$(basename ${m} | sed "s/.ko//;s/.xz//;s/.gz//")
rlRun "modinfo -l $m_name"
done
}
RunKmod() {
local tests
for tests in $@; do
rlPhaseStartTest $tests
case $tests in
load_unload_kernel_modules)
load_unload_kernl_modules_func
;;
load_unload_compressed_kernel_modules)
load_unload_compressed_kernel_module_func
;;
*)
$tests
;;
esac
rlPhaseEnd
done
}
rlJournalStart
rlPhaseStartSetup
mod_list="/kernel/net/ipv4/udp_tunnel.ko /kernel/net/wireless/lib80211.ko /kernel/net/wireless/ath/ath9k/ath9k.ko /kernel/net/ipv4/udp_tunnel.ko.xz /kernel/net/wireless/lib80211.ko.xz /kernel/net/wireless/ath/ath9k/ath9k.ko.xz"
if [[ -L /lib && -d /lib ]]; then
mod_path=/usr/lib/modules/`uname -r`/
else
mod_path=/lib/modules/`uname -r`/
fi
existed_unloaded=""
local m
for m in ${mod_list}; do
test -f $mod_path/$m && existed_unloaded+="$m "
done
[ -z "$existed_unloaded" ] && rlDie "There is no right module path to use : $mod_list"
rlPhaseEnd
rlPhaseStartTest
RunKmod $TESTS
rlPhaseEnd
if ! (lsmod | grep gre)
then
wparam="gre"
elif ! (lsmod | grep uwb)
then
wparam="uwb"
else
wparam="atm"
fi
rlPhaseStartTest "Modprobe with wrong parameter"
rlRun -l "modprobe $wparam BADPARAM=this_should_fail" 0-1
rlRun -l "dmesg | grep -i 'Unknown parameter' | grep 'BADPARAM' | grep '$wparam'"
rlPhaseEnd
rlPhaseStartCleanup
rlPhaseEnd
rlJournalPrintText
rlJournalEnd

18
tests/tests.yml Normal file
View File

@ -0,0 +1,18 @@
- hosts: localhost
tags:
- classic
roles:
- role: standard-test-beakerlib
tests:
- sanity
- libkmod
required_packages:
- kernel
- perf
- sysstat
- trace-cmd
- kmod
- kmod-devel
- gcc
- libcmocka
- libcmocka-devel

View File

@ -620,7 +620,6 @@ update_modules_for_krel() {
if ! validate_weak_links $krel && [[ -z "$force_update" ]]; then if ! validate_weak_links $krel && [[ -z "$force_update" ]]; then
global_link_state_restore $krel global_link_state_restore $krel
compatible_modules=()
fi fi
# add compatible to installed # add compatible to installed
@ -1153,7 +1152,7 @@ while :; do
shift shift
done done
if [ ! -x "$dracut" ] && [ -z "$no_initramfs" ] if [ ! -x "$dracut" ]
then then
echo "weak-modules: could not find dracut at $dracut" echo "weak-modules: could not find dracut at $dracut"
exit 1 exit 1