Compare commits

..

No commits in common. "c9" and "c8" have entirely different histories.
c9 ... c8

14 changed files with 723 additions and 297 deletions

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/kmod-28.tar.xz SOURCES/kmod-25.tar.xz

View File

@ -1 +1 @@
0acec2b6aea3e6eb71f0b549b0ff0abcac5da004 SOURCES/kmod-28.tar.xz 761ee76bc31f5db10d470dad607a5f9d68acef68 SOURCES/kmod-25.tar.xz

View File

@ -0,0 +1,33 @@
From c2996b5fa880e81f63c25e80a4157b2239e32c5d Mon Sep 17 00:00:00 2001
From: Michal Suchanek <msuchanek@suse.de>
Date: Mon, 10 Dec 2018 22:29:32 +0100
Subject: [PATCH 1/2] depmod: prevent module dependency files missing during
depmod invocation
depmod deletes the module dependency files before moving the temporary
files in their place. This results in user seeing no dependency files
while they are updated. Remove the unlink call. The rename call should
suffice to move the new file in place and unlink the old one. It should
also do both atomically so there is no window when no dependency file
exists.
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
---
tools/depmod.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/tools/depmod.c b/tools/depmod.c
index 989d9077926c..18c0d61b2db3 100644
--- a/tools/depmod.c
+++ b/tools/depmod.c
@@ -2451,7 +2451,6 @@ static int depmod_output(struct depmod *depmod, FILE *out)
break;
}
- unlinkat(dfd, itr->name, 0);
if (renameat(dfd, tmp, dfd, itr->name) != 0) {
err = -errno;
CRIT("renameat(%s, %s, %s, %s): %m\n",
--
2.33.0

View File

@ -1,44 +0,0 @@
From 5c22362b6b97af9c6b7587f0c3450001e9893115 Mon Sep 17 00:00:00 2001
From: Eugene Syromiatnikov <esyr@redhat.com>
Date: Tue, 13 Aug 2024 16:17:27 +0200
Subject: [PATCH] libkmod: avoid undefined behaviour in
libkmod-builtin.c:get_string
Static analysis has reported a potential UB:
kmod-31/libkmod/libkmod-builtin.c:125: use_invalid: Using "nullp", which points to an out-of-scope variable "buf".
# 123| size_t linesz = 0;
# 124|
# 125|-> while (!nullp) {
# 126| char buf[BUFSIZ];
# 127| ssize_t sz;
It seems to be indeed an UB, as nullp is getting assined an address
inside object buf, which has a lifetime of the while loop body,
and is not available outside of it (specifically, in the while
condition, where nullp is checked for NULL). Fix it by putting
buf definition in the outer block.
---
libkmod/libkmod-builtin.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libkmod/libkmod-builtin.c b/libkmod/libkmod-builtin.c
index fd0f549..40a7d61 100644
--- a/libkmod/libkmod-builtin.c
+++ b/libkmod/libkmod-builtin.c
@@ -105,11 +105,11 @@ static off_t get_string(struct kmod_builtin_iter *iter, off_t offset,
char **line, size_t *size)
{
int sv_errno;
+ char buf[BUFSIZ];
char *nullp = NULL;
size_t linesz = 0;
while (!nullp) {
- char buf[BUFSIZ];
ssize_t sz;
size_t partsz;
--
2.13.6

View File

@ -1,38 +0,0 @@
From d5950b0b5e66a5ec1c21b638dec3974056aaabeb Mon Sep 17 00:00:00 2001
From: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
Date: Sun, 25 Sep 2022 17:46:08 +0300
Subject: [PATCH] libkmod: do not crash on unknown signature algorithm
Example kernel module:
https://file-store.rosalinux.ru/download/7281f97e0c04c0f818ad3f936706f4a407e8dc7e
(/lib/modules/5.15.67-generic-1rosa2021.1-x86_64/kernel/drivers/usb/host/xhci-pci.ko.zst)
It is signed with Streebog 512.
libkmod v30 crashed in libkmod-module.c:2413 in this code:
n = kmod_module_info_append(list,
"sig_hashalgo", strlen("sig_hashalgo"),
sig_info.hash_algo, strlen(sig_info.hash_algo));
because strlen() got null.
---
libkmod/libkmod-signature.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c
index 4ae5af6..092f396 100644
--- a/libkmod/libkmod-signature.c
+++ b/libkmod/libkmod-signature.c
@@ -278,6 +278,9 @@ static bool fill_pkcs7(const char *mem, off_t size,
X509_ALGOR_get0(&o, NULL, NULL, dig_alg);
sig_info->hash_algo = pkey_hash_algo[obj_to_hash_algo(o)];
+ // hash algo has not been recognized
+ if (sig_info->hash_algo == NULL)
+ goto err3;
sig_info->id_type = pkey_id_type[modsig->id_type];
pvt = malloc(sizeof(*pvt));
--
2.13.6

View File

@ -1,44 +0,0 @@
From b9605c63b859adfffc0b4b9420d720aa323b90e9 Mon Sep 17 00:00:00 2001
From: Emil Velikov <emil.velikov@collabora.com>
Date: Mon, 6 Feb 2023 14:32:59 +0000
Subject: [PATCH] libkmod: error out on unknown hash algorithm
Currently if we see unknown algorithm, we'll do an OOB read in
pkey_hash_algo. This can happen for example if OPENSSL_NO_SM3 is set and
the kernel module uses a SM3 hash.
Cc: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
Cc: Lucas De Marchi <lucas.demarchi@intel.com>
Signed-off-by: Emil Velikov <emil.velikov@collabora.com>
Signed-off-by: Lucas De Marchi <lucas.de.marchi@gmail.com>
---
libkmod/libkmod-signature.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c
index 092f396..b749a81 100644
--- a/libkmod/libkmod-signature.c
+++ b/libkmod/libkmod-signature.c
@@ -219,6 +219,7 @@ static bool fill_pkcs7(const char *mem, off_t size,
unsigned char *key_id_str;
struct pkcs7_private *pvt;
const char *issuer_str;
+ int hash_algo;
size -= sig_len;
pkcs7_raw = mem + size;
@@ -277,7 +278,10 @@ static bool fill_pkcs7(const char *mem, off_t size,
X509_ALGOR_get0(&o, NULL, NULL, dig_alg);
- sig_info->hash_algo = pkey_hash_algo[obj_to_hash_algo(o)];
+ hash_algo = obj_to_hash_algo(o);
+ if (hash_algo < 0)
+ goto err3;
+ sig_info->hash_algo = pkey_hash_algo[hash_algo];
// hash algo has not been recognized
if (sig_info->hash_algo == NULL)
goto err3;
--
2.13.6

View File

@ -1,29 +0,0 @@
From 1cab02ecf6ee2a0aa34f3615dfd99c59f7e04e90 Mon Sep 17 00:00:00 2001
From: Seung-Woo Kim <sw0312.kim@samsung.com>
Date: Tue, 13 Apr 2021 20:23:14 +0900
Subject: [PATCH] libkmod: fix an overflow with wrong modules.builtin.modinfo
Fix a possbile overflow with exact PATH_MAX length modname
in wrong modules.builtin.modinfo.
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
---
libkmod/libkmod-builtin.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libkmod/libkmod-builtin.c b/libkmod/libkmod-builtin.c
index fc9a376..a75a542 100644
--- a/libkmod/libkmod-builtin.c
+++ b/libkmod/libkmod-builtin.c
@@ -246,7 +246,7 @@ bool kmod_builtin_iter_get_modname(struct kmod_builtin_iter *iter,
len = dot - line;
- if (len > PATH_MAX) {
+ if (len >= PATH_MAX) {
sv_errno = ENAMETOOLONG;
goto fail;
}
--
2.13.6

View File

@ -0,0 +1,62 @@
From a06bacf500d56b72b5f9b121ebf7f6af9e3df185 Mon Sep 17 00:00:00 2001
From: Michal Suchanek <msuchanek@suse.de>
Date: Mon, 17 Dec 2018 23:46:28 +0100
Subject: [PATCH 2/2] depmod: prevent module dependency files corruption due to
parallel invocation.
Depmod does not use unique filename for temporary files. There is no
guarantee the user does not attempt to run mutiple depmod processes in
parallel. If that happens a temporary file might be created by
depmod(1st), truncated by depmod(2nd), and renamed to final name by
depmod(1st) resulting in corrupted file seen by user.
Due to missing mkstempat() this is more complex than it should be.
Adding PID and timestamp to the filename should be reasonably reliable.
Adding O_EXCL as mkstemp does fails creating the file rather than
corrupting existing file.
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
---
tools/depmod.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/tools/depmod.c b/tools/depmod.c
index 18c0d61b2db3..0f7e33ccfd59 100644
--- a/tools/depmod.c
+++ b/tools/depmod.c
@@ -29,6 +29,7 @@
#include <string.h>
#include <unistd.h>
#include <sys/stat.h>
+#include <sys/time.h>
#include <sys/utsname.h>
#include <shared/array.h>
@@ -2398,6 +2399,9 @@ static int depmod_output(struct depmod *depmod, FILE *out)
};
const char *dname = depmod->cfg->dirname;
int dfd, err = 0;
+ struct timeval tv;
+
+ gettimeofday(&tv, NULL);
if (out != NULL)
dfd = -1;
@@ -2416,11 +2420,12 @@ static int depmod_output(struct depmod *depmod, FILE *out)
int r, ferr;
if (fp == NULL) {
- int flags = O_CREAT | O_TRUNC | O_WRONLY;
+ int flags = O_CREAT | O_EXCL | O_WRONLY;
int mode = 0644;
int fd;
- snprintf(tmp, sizeof(tmp), "%s.tmp", itr->name);
+ snprintf(tmp, sizeof(tmp), "%s.%i.%li.%li", itr->name, getpid(),
+ tv.tv_usec, tv.tv_sec);
fd = openat(dfd, tmp, flags, mode);
if (fd < 0) {
ERR("openat(%s, %s, %o, %o): %m\n",
--
2.33.0

View File

@ -0,0 +1,328 @@
From 391b4714b495183baefa9cb10ac8e1600c166a59 Mon Sep 17 00:00:00 2001
From: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
Date: Fri, 1 Feb 2019 22:20:02 +0200
Subject: [PATCH] libkmod-signature: implement pkcs7 parsing with openssl
The patch adds data fetching from the PKCS#7 certificate using
openssl library (which is used by scripts/sign-file.c in the linux
kernel to sign modules).
In general the certificate can contain many signatures, but since
kmod (modinfo) supports only one signature at the moment, only first
one is taken.
With the current sign-file.c certificate doesn't contain signer
key's fingerprint, so "serial number" is used for the key id.
Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
---
Makefile.am | 4 +-
configure.ac | 11 ++
libkmod/libkmod-internal.h | 3 +
libkmod/libkmod-module.c | 3 +
libkmod/libkmod-signature.c | 197 +++++++++++++++++++++++++++++++++++-
5 files changed, 213 insertions(+), 5 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index 1ab1db585316..de1026f8bd46 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -35,6 +35,8 @@ SED_PROCESS = \
-e 's,@liblzma_LIBS\@,${liblzma_LIBS},g' \
-e 's,@zlib_CFLAGS\@,${zlib_CFLAGS},g' \
-e 's,@zlib_LIBS\@,${zlib_LIBS},g' \
+ -e 's,@openssl_CFLAGS\@,${openssl_CFLAGS},g' \
+ -e 's,@openssl_LIBS\@,${openssl_LIBS},g' \
< $< > $@ || rm $@
%.pc: %.pc.in Makefile
@@ -87,7 +89,7 @@ libkmod_libkmod_la_DEPENDENCIES = \
${top_srcdir}/libkmod/libkmod.sym
libkmod_libkmod_la_LIBADD = \
shared/libshared.la \
- ${liblzma_LIBS} ${zlib_LIBS}
+ ${liblzma_LIBS} ${zlib_LIBS} ${openssl_LIBS}
noinst_LTLIBRARIES += libkmod/libkmod-internal.la
libkmod_libkmod_internal_la_SOURCES = $(libkmod_libkmod_la_SOURCES)
diff --git a/configure.ac b/configure.ac
index fbc7391b2d1b..2e33380a0cc2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -106,6 +106,17 @@ AS_IF([test "x$with_zlib" != "xno"], [
])
CC_FEATURE_APPEND([with_features], [with_zlib], [ZLIB])
+AC_ARG_WITH([openssl],
+ AS_HELP_STRING([--with-openssl], [handle PKCS7 signatures @<:@default=disabled@:>@]),
+ [], [with_openssl=no])
+AS_IF([test "x$with_openssl" != "xno"], [
+ PKG_CHECK_MODULES([openssl], [openssl])
+ AC_DEFINE([ENABLE_OPENSSL], [1], [Enable openssl for modinfo.])
+], [
+ AC_MSG_NOTICE([openssl support not requested])
+])
+CC_FEATURE_APPEND([with_features], [with_openssl], [OPENSSL])
+
AC_ARG_WITH([bashcompletiondir],
AS_HELP_STRING([--with-bashcompletiondir=DIR], [Bash completions directory]),
[],
diff --git a/libkmod/libkmod-internal.h b/libkmod/libkmod-internal.h
index 346579c71aab..a65ddd156f18 100644
--- a/libkmod/libkmod-internal.h
+++ b/libkmod/libkmod-internal.h
@@ -188,5 +188,8 @@ struct kmod_signature_info {
const char *algo, *hash_algo, *id_type;
const char *sig;
size_t sig_len;
+ void (*free)(void *);
+ void *private;
};
bool kmod_module_signature_info(const struct kmod_file *file, struct kmod_signature_info *sig_info) _must_check_ __attribute__((nonnull(1, 2)));
+void kmod_module_signature_info_free(struct kmod_signature_info *sig_info) __attribute__((nonnull));
diff --git a/libkmod/libkmod-module.c b/libkmod/libkmod-module.c
index 889f26479a98..bffe715cdef4 100644
--- a/libkmod/libkmod-module.c
+++ b/libkmod/libkmod-module.c
@@ -2357,6 +2357,9 @@ KMOD_EXPORT int kmod_module_get_info(const struct kmod_module *mod, struct kmod_
ret = count;
list_error:
+ /* aux structures freed in normal case also */
+ kmod_module_signature_info_free(&sig_info);
+
if (ret < 0) {
kmod_module_info_free_list(*list);
*list = NULL;
diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c
index 429ffbd8a957..48d0145a7552 100644
--- a/libkmod/libkmod-signature.c
+++ b/libkmod/libkmod-signature.c
@@ -19,6 +19,10 @@
#include <endian.h>
#include <inttypes.h>
+#ifdef ENABLE_OPENSSL
+#include <openssl/cms.h>
+#include <openssl/ssl.h>
+#endif
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -115,15 +119,194 @@ static bool fill_default(const char *mem, off_t size,
return true;
}
-static bool fill_unknown(const char *mem, off_t size,
- const struct module_signature *modsig, size_t sig_len,
- struct kmod_signature_info *sig_info)
+#ifdef ENABLE_OPENSSL
+
+struct pkcs7_private {
+ CMS_ContentInfo *cms;
+ unsigned char *key_id;
+ BIGNUM *sno;
+};
+
+static void pkcs7_free(void *s)
+{
+ struct kmod_signature_info *si = s;
+ struct pkcs7_private *pvt = si->private;
+
+ CMS_ContentInfo_free(pvt->cms);
+ BN_free(pvt->sno);
+ free(pvt->key_id);
+ free(pvt);
+ si->private = NULL;
+}
+
+static int obj_to_hash_algo(const ASN1_OBJECT *o)
+{
+ int nid;
+
+ nid = OBJ_obj2nid(o);
+ switch (nid) {
+ case NID_md4:
+ return PKEY_HASH_MD4;
+ case NID_md5:
+ return PKEY_HASH_MD5;
+ case NID_sha1:
+ return PKEY_HASH_SHA1;
+ case NID_ripemd160:
+ return PKEY_HASH_RIPE_MD_160;
+ case NID_sha256:
+ return PKEY_HASH_SHA256;
+ case NID_sha384:
+ return PKEY_HASH_SHA384;
+ case NID_sha512:
+ return PKEY_HASH_SHA512;
+ case NID_sha224:
+ return PKEY_HASH_SHA224;
+ default:
+ return -1;
+ }
+ return -1;
+}
+
+static const char *x509_name_to_str(X509_NAME *name)
+{
+ int i;
+ X509_NAME_ENTRY *e;
+ ASN1_STRING *d;
+ ASN1_OBJECT *o;
+ int nid = -1;
+ const char *str;
+
+ for (i = 0; i < X509_NAME_entry_count(name); i++) {
+ e = X509_NAME_get_entry(name, i);
+ o = X509_NAME_ENTRY_get_object(e);
+ nid = OBJ_obj2nid(o);
+ if (nid == NID_commonName)
+ break;
+ }
+ if (nid == -1)
+ return NULL;
+
+ d = X509_NAME_ENTRY_get_data(e);
+ str = (const char *)ASN1_STRING_get0_data(d);
+
+ return str;
+}
+
+static bool fill_pkcs7(const char *mem, off_t size,
+ const struct module_signature *modsig, size_t sig_len,
+ struct kmod_signature_info *sig_info)
+{
+ const char *pkcs7_raw;
+ CMS_ContentInfo *cms;
+ STACK_OF(CMS_SignerInfo) *sis;
+ CMS_SignerInfo *si;
+ int rc;
+ ASN1_OCTET_STRING *key_id;
+ X509_NAME *issuer;
+ ASN1_INTEGER *sno;
+ ASN1_OCTET_STRING *sig;
+ BIGNUM *sno_bn;
+ X509_ALGOR *dig_alg;
+ X509_ALGOR *sig_alg;
+ const ASN1_OBJECT *o;
+ BIO *in;
+ int len;
+ unsigned char *key_id_str;
+ struct pkcs7_private *pvt;
+ const char *issuer_str;
+
+ size -= sig_len;
+ pkcs7_raw = mem + size;
+
+ in = BIO_new_mem_buf(pkcs7_raw, sig_len);
+
+ cms = d2i_CMS_bio(in, NULL);
+ if (cms == NULL) {
+ BIO_free(in);
+ return false;
+ }
+
+ BIO_free(in);
+
+ sis = CMS_get0_SignerInfos(cms);
+ if (sis == NULL)
+ goto err;
+
+ si = sk_CMS_SignerInfo_value(sis, 0);
+ if (si == NULL)
+ goto err;
+
+ rc = CMS_SignerInfo_get0_signer_id(si, &key_id, &issuer, &sno);
+ if (rc == 0)
+ goto err;
+
+ sig = CMS_SignerInfo_get0_signature(si);
+ if (sig == NULL)
+ goto err;
+
+ CMS_SignerInfo_get0_algs(si, NULL, NULL, &dig_alg, &sig_alg);
+
+ sig_info->sig = (const char *)ASN1_STRING_get0_data(sig);
+ sig_info->sig_len = ASN1_STRING_length(sig);
+
+ sno_bn = ASN1_INTEGER_to_BN(sno, NULL);
+ if (sno_bn == NULL)
+ goto err;
+
+ len = BN_num_bytes(sno_bn);
+ key_id_str = malloc(len);
+ if (key_id_str == NULL)
+ goto err2;
+ BN_bn2bin(sno_bn, key_id_str);
+
+ sig_info->key_id = (const char *)key_id_str;
+ sig_info->key_id_len = len;
+
+ issuer_str = x509_name_to_str(issuer);
+ if (issuer_str != NULL) {
+ sig_info->signer = issuer_str;
+ sig_info->signer_len = strlen(issuer_str);
+ }
+
+ X509_ALGOR_get0(&o, NULL, NULL, dig_alg);
+
+ sig_info->hash_algo = pkey_hash_algo[obj_to_hash_algo(o)];
+ sig_info->id_type = pkey_id_type[modsig->id_type];
+
+ pvt = malloc(sizeof(*pvt));
+ if (pvt == NULL)
+ goto err3;
+
+ pvt->cms = cms;
+ pvt->key_id = key_id_str;
+ pvt->sno = sno_bn;
+ sig_info->private = pvt;
+
+ sig_info->free = pkcs7_free;
+
+ return true;
+err3:
+ free(key_id_str);
+err2:
+ BN_free(sno_bn);
+err:
+ CMS_ContentInfo_free(cms);
+ return false;
+}
+
+#else /* ENABLE OPENSSL */
+
+static bool fill_pkcs7(const char *mem, off_t size,
+ const struct module_signature *modsig, size_t sig_len,
+ struct kmod_signature_info *sig_info)
{
sig_info->hash_algo = "unknown";
sig_info->id_type = pkey_id_type[modsig->id_type];
return true;
}
+#endif /* ENABLE OPENSSL */
+
#define SIG_MAGIC "~Module signature appended~\n"
/*
@@ -167,8 +350,14 @@ bool kmod_module_signature_info(const struct kmod_file *file, struct kmod_signat
switch (modsig->id_type) {
case PKEY_ID_PKCS7:
- return fill_unknown(mem, size, modsig, sig_len, sig_info);
+ return fill_pkcs7(mem, size, modsig, sig_len, sig_info);
default:
return fill_default(mem, size, modsig, sig_len, sig_info);
}
}
+
+void kmod_module_signature_info_free(struct kmod_signature_info *sig_info)
+{
+ if (sig_info->free)
+ sig_info->free(sig_info);
+}
--
2.20.1

View File

@ -0,0 +1,83 @@
From 52a0ba82e1ad180f9f91920db70a758fac49466a Mon Sep 17 00:00:00 2001
From: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
Date: Thu, 31 Oct 2019 20:12:53 +0200
Subject: [PATCH] modprobe: ignore builtin module on recursive removing
If there are built-in dependencies and any of them is built-in in
the kernel, modprobe -r fails with
modprobe: FATAL: Module module_name is builtin.
It makes sense to ignore such dependencies for the case when
removing is called for non-top level module.
Example: cifs module, it declares bunch of softdeps and the first
one fails on some kernel configs:
modprobe: FATAL: Module gcm is builtin.
Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
---
tools/modprobe.c | 18 ++++++++++++------
1 file changed, 12 insertions(+), 6 deletions(-)
diff --git a/tools/modprobe.c b/tools/modprobe.c
index a9e2331567af..44cd15c2bf57 100644
--- a/tools/modprobe.c
+++ b/tools/modprobe.c
@@ -353,7 +353,8 @@ static int rmmod_do_remove_module(struct kmod_module *mod)
return err;
}
-static int rmmod_do_module(struct kmod_module *mod, bool do_dependencies);
+static int rmmod_do_module(struct kmod_module *mod, bool do_dependencies,
+ bool ignore_builtin);
static int rmmod_do_deps_list(struct kmod_list *list, bool stop_on_errors)
{
@@ -361,7 +362,7 @@ static int rmmod_do_deps_list(struct kmod_list *list, bool stop_on_errors)
kmod_list_foreach_reverse(l, list) {
struct kmod_module *m = kmod_module_get_module(l);
- int r = rmmod_do_module(m, false);
+ int r = rmmod_do_module(m, false, true);
kmod_module_unref(m);
if (r < 0 && stop_on_errors)
@@ -371,7 +372,8 @@ static int rmmod_do_deps_list(struct kmod_list *list, bool stop_on_errors)
return 0;
}
-static int rmmod_do_module(struct kmod_module *mod, bool do_dependencies)
+static int rmmod_do_module(struct kmod_module *mod, bool do_dependencies,
+ bool ignore_builtin)
{
const char *modname = kmod_module_get_name(mod);
struct kmod_list *pre = NULL, *post = NULL;
@@ -401,8 +403,12 @@ static int rmmod_do_module(struct kmod_module *mod, bool do_dependencies)
}
goto error;
} else if (state == KMOD_MODULE_BUILTIN) {
- LOG("Module %s is builtin.\n", modname);
- err = -ENOENT;
+ if (ignore_builtin) {
+ err = 0;
+ } else {
+ LOG("Module %s is builtin.\n", modname);
+ err = -ENOENT;
+ }
goto error;
}
}
@@ -462,7 +468,7 @@ static int rmmod(struct kmod_ctx *ctx, const char *alias)
kmod_list_foreach(l, list) {
struct kmod_module *mod = kmod_module_get_module(l);
- err = rmmod_do_module(mod, true);
+ err = rmmod_do_module(mod, true, false);
kmod_module_unref(mod);
if (err < 0)
break;
--
2.24.0

View File

@ -0,0 +1,116 @@
From a11057201ed326a9e65e757202da960735e45799 Mon Sep 17 00:00:00 2001
From: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
Date: Fri, 16 Nov 2018 10:56:34 +0200
Subject: [PATCH] signature: do not report wrong data for pkc#7 signature
when PKC#7 signing method is used the old structure doesn't contain
any useful data, but the data are encoded in the certificate.
The info getting/showing code is not aware of that at the moment and
since 0 is a valid constant, shows, for example, wrong "md4" for the
hash algo.
The patch splits the 2 mothods of gethering the info and reports
"unknown" for the algo.
Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
---
libkmod/libkmod-module.c | 2 +-
libkmod/libkmod-signature.c | 56 +++++++++++++++++++++++++------------
2 files changed, 39 insertions(+), 19 deletions(-)
diff --git a/libkmod/libkmod-module.c b/libkmod/libkmod-module.c
index ee420f4ec2bf..889f26479a98 100644
--- a/libkmod/libkmod-module.c
+++ b/libkmod/libkmod-module.c
@@ -2273,7 +2273,7 @@ KMOD_EXPORT int kmod_module_get_info(const struct kmod_module *mod, struct kmod_
struct kmod_elf *elf;
char **strings;
int i, count, ret = -ENOMEM;
- struct kmod_signature_info sig_info;
+ struct kmod_signature_info sig_info = {};
if (mod == NULL || list == NULL)
return -ENOENT;
diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c
index 1f3e26dea203..429ffbd8a957 100644
--- a/libkmod/libkmod-signature.c
+++ b/libkmod/libkmod-signature.c
@@ -92,6 +92,38 @@ struct module_signature {
uint32_t sig_len; /* Length of signature data (big endian) */
};
+static bool fill_default(const char *mem, off_t size,
+ const struct module_signature *modsig, size_t sig_len,
+ struct kmod_signature_info *sig_info)
+{
+ size -= sig_len;
+ sig_info->sig = mem + size;
+ sig_info->sig_len = sig_len;
+
+ size -= modsig->key_id_len;
+ sig_info->key_id = mem + size;
+ sig_info->key_id_len = modsig->key_id_len;
+
+ size -= modsig->signer_len;
+ sig_info->signer = mem + size;
+ sig_info->signer_len = modsig->signer_len;
+
+ sig_info->algo = pkey_algo[modsig->algo];
+ sig_info->hash_algo = pkey_hash_algo[modsig->hash];
+ sig_info->id_type = pkey_id_type[modsig->id_type];
+
+ return true;
+}
+
+static bool fill_unknown(const char *mem, off_t size,
+ const struct module_signature *modsig, size_t sig_len,
+ struct kmod_signature_info *sig_info)
+{
+ sig_info->hash_algo = "unknown";
+ sig_info->id_type = pkey_id_type[modsig->id_type];
+ return true;
+}
+
#define SIG_MAGIC "~Module signature appended~\n"
/*
@@ -112,7 +144,6 @@ bool kmod_module_signature_info(const struct kmod_file *file, struct kmod_signat
const struct module_signature *modsig;
size_t sig_len;
-
size = kmod_file_get_size(file);
mem = kmod_file_get_contents(file);
if (size < (off_t)strlen(SIG_MAGIC))
@@ -134,21 +165,10 @@ bool kmod_module_signature_info(const struct kmod_file *file, struct kmod_signat
size < (int64_t)(modsig->signer_len + modsig->key_id_len + sig_len))
return false;
- size -= sig_len;
- sig_info->sig = mem + size;
- sig_info->sig_len = sig_len;
-
- size -= modsig->key_id_len;
- sig_info->key_id = mem + size;
- sig_info->key_id_len = modsig->key_id_len;
-
- size -= modsig->signer_len;
- sig_info->signer = mem + size;
- sig_info->signer_len = modsig->signer_len;
-
- sig_info->algo = pkey_algo[modsig->algo];
- sig_info->hash_algo = pkey_hash_algo[modsig->hash];
- sig_info->id_type = pkey_id_type[modsig->id_type];
-
- return true;
+ switch (modsig->id_type) {
+ case PKEY_ID_PKCS7:
+ return fill_unknown(mem, size, modsig, sig_len, sig_info);
+ default:
+ return fill_default(mem, size, modsig, sig_len, sig_info);
+ }
}
--
2.20.1

View File

@ -1,58 +0,0 @@
From 06fadcc6b17c3b9a534540dd6d74b0c5fb1d948d Mon Sep 17 00:00:00 2001
From: Yauheni Kaliuta <ykaliuta@redhat.com>
Date: Thu, 2 Feb 2023 15:47:36 +0200
Subject: [PATCH] man/rmmod: explain why modprobe -r is more useful
Improve user experience by explaining the option so the user may
not search explanations in other manpages (modprobe).
Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com>
Reviewed-by: Luis Chamberlain <mcgrof@kernel.org>
Signed-off-by: Lucas De Marchi <lucas.de.marchi@gmail.com>
---
man/rmmod.xml | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/man/rmmod.xml b/man/rmmod.xml
index e7c7e5f9e7dc..67bcbedd972b 100644
--- a/man/rmmod.xml
+++ b/man/rmmod.xml
@@ -52,7 +52,8 @@
want to use
<citerefentry>
<refentrytitle>modprobe</refentrytitle><manvolnum>8</manvolnum>
- </citerefentry> with the <option>-r</option> option instead.
+ </citerefentry> with the <option>-r</option> option instead
+ since it removes unused dependent modules as well.
</para>
</refsect1>
--- a/man/rmmod.8 2020-12-28 02:58:30.085851136 +0200
+++ b/man/rmmod.8 2023-02-09 16:55:55.967128297 +0200
@@ -2,12 +2,12 @@
.\" Title: rmmod
.\" Author: Jon Masters <jcm@jonmasters.org>
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\" Date: 12/27/2020
+.\" Date: 02/09/2023
.\" Manual: rmmod
.\" Source: kmod
.\" Language: English
.\"
-.TH "RMMOD" "8" "12/27/2020" "kmod" "rmmod"
+.TH "RMMOD" "8" "02/09/2023" "kmod" "rmmod"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -39,7 +39,7 @@
\fBmodprobe\fR(8)
with the
\fB\-r\fR
-option instead\&.
+option instead since it removes unused dependent modules as well\&.
.SH "OPTIONS"
.PP
\fB\-v\fR, \fB\-\-verbose\fR
--
2.39.1

View File

@ -620,6 +620,7 @@ update_modules_for_krel() {
if ! validate_weak_links $krel && [[ -z "$force_update" ]]; then if ! validate_weak_links $krel && [[ -z "$force_update" ]]; then
global_link_state_restore $krel global_link_state_restore $krel
compatible_modules=()
fi fi
# add compatible to installed # add compatible to installed
@ -1152,7 +1153,7 @@ while :; do
shift shift
done done
if [ ! -x "$dracut" ] if [ ! -x "$dracut" ] && [ -z "$no_initramfs" ]
then then
echo "weak-modules: could not find dracut at $dracut" echo "weak-modules: could not find dracut at $dracut"
exit 1 exit 1

View File

@ -1,33 +1,30 @@
Name: kmod Name: kmod
Version: 28 Version: 25
Release: 10%{?dist} Release: 20%{?dist}
Summary: Linux kernel module management utilities Summary: Linux kernel module management utilities
Group: System Environment/Kernel
License: GPLv2+ License: GPLv2+
URL: https://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git URL: http://git.kernel.org/?p=utils/kernel/kmod/kmod.git;a=summary
Source0: https://www.kernel.org/pub/linux/utils/kernel/kmod/%{name}-%{version}.tar.xz Source0: https://www.kernel.org/pub/linux/utils/kernel/kmod/%{name}-%{version}.tar.xz
Source1: weak-modules Source1: weak-modules
Source2: depmod.conf.dist Source2: depmod.conf.dist
Exclusiveos: Linux Exclusiveos: Linux
Patch01: man-rmmod-explain-why-modprobe-r-is-more-useful.patch Patch01: kmod-signature-do-not-report-wrong-data-for-pkc-7-signatu.patch
# v29~5 "libkmod: fix an overflow with wrong modules.builtin.modinfo" Patch02: kmod-libkmod-signature-implement-pkcs7-parsing-with-opens.patch
Patch02: 0001-libkmod-fix-an-overflow-with-wrong-modules.builtin.m.patch Patch03: kmod-modprobe-ignore-builtin-module-on-recursive-removing.patch
# v31~29 "libkmod: do not crash on unknown signature algorithm" Patch04: 0001-depmod-prevent-module-dependency-files-missing-durin.patch
Patch03: 0001-libkmod-do-not-crash-on-unknown-signature-algorithm.patch Patch05: 0002-depmod-prevent-module-dependency-files-corruption-du.patch
# v31~18 "libkmod: error out on unknown hash algorithm"
Patch04: 0001-libkmod-error-out-on-unknown-hash-algorithm.patch
# v33~1 "libkmod: avoid undefined behaviour in libkmod-builtin.c:get_string"
Patch05: 0001-libkmod-avoid-undefined-behaviour-in-libkmod-builtin.patch
BuildRequires: gcc BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
BuildRequires: chrpath BuildRequires: chrpath
BuildRequires: zlib-devel BuildRequires: zlib-devel
BuildRequires: xz-devel BuildRequires: xz-devel
BuildRequires: libxslt BuildRequires: libxslt
BuildRequires: openssl-devel BuildRequires: openssl-devel
BuildRequires: make # Remove it as soon as no need for Patch02 anymore (Makefile.am updated)
BuildRequires: libzstd-devel BuildRequires: automake autoconf libtool
Provides: module-init-tools = 4.0-1 Provides: module-init-tools = 4.0-1
Obsoletes: module-init-tools < 4.0-1 Obsoletes: module-init-tools < 4.0-1
@ -42,6 +39,7 @@ examples of loaded and unloaded modules.
%package libs %package libs
Summary: Libraries to handle kernel module loading and unloading Summary: Libraries to handle kernel module loading and unloading
License: LGPLv2+ License: LGPLv2+
Group: System Environment/Libraries
%description libs %description libs
The kmod-libs package provides runtime libraries for any application that The kmod-libs package provides runtime libraries for any application that
@ -49,6 +47,7 @@ wishes to load or unload Linux kernel modules from the running system.
%package devel %package devel
Summary: Header files for kmod development Summary: Header files for kmod development
Group: Development/Libraries
Requires: %{name}-libs%{?_isa} = %{version}-%{release} Requires: %{name}-libs%{?_isa} = %{version}-%{release}
%description devel %description devel
@ -56,26 +55,30 @@ The kmod-devel package provides header files used for development of
applications that wish to load or unload Linux kernel modules. applications that wish to load or unload Linux kernel modules.
%prep %prep
%autosetup -p1 %setup -q
%patch01 -p1
%patch02 -p1
%patch03 -p1
%patch04 -p1
%patch05 -p1
%build %build
export V=1
aclocal
autoreconf --install --symlink
%configure \ %configure \
--with-openssl \
--with-zlib \ --with-zlib \
--with-xz \ --with-xz \
--with-zstd --with-openssl
make %{?_smp_mflags}
%{make_build} V=1
%install %install
%{make_install} make install DESTDIR=$RPM_BUILD_ROOT
pushd $RPM_BUILD_ROOT/%{_mandir}/man5
pushd $RPM_BUILD_ROOT%{_mandir}/man5
ln -s modprobe.d.5.gz modprobe.conf.5.gz ln -s modprobe.d.5.gz modprobe.conf.5.gz
popd popd
find %{buildroot} -type f -name "*.la" -delete rm -rf $RPM_BUILD_ROOT%{_libdir}/*.la
mkdir -p $RPM_BUILD_ROOT%{_sbindir} mkdir -p $RPM_BUILD_ROOT%{_sbindir}
ln -sf ../bin/kmod $RPM_BUILD_ROOT%{_sbindir}/modprobe ln -sf ../bin/kmod $RPM_BUILD_ROOT%{_sbindir}/modprobe
ln -sf ../bin/kmod $RPM_BUILD_ROOT%{_sbindir}/modinfo ln -sf ../bin/kmod $RPM_BUILD_ROOT%{_sbindir}/modinfo
@ -88,10 +91,16 @@ mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/modprobe.d
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d
mkdir -p $RPM_BUILD_ROOT%{_prefix}/lib/modprobe.d mkdir -p $RPM_BUILD_ROOT%{_prefix}/lib/modprobe.d
install -pm 755 %{SOURCE1} $RPM_BUILD_ROOT%{_sbindir}/weak-modules mkdir -p $RPM_BUILD_ROOT/sbin
install -m 755 %{SOURCE1} $RPM_BUILD_ROOT%{_sbindir}/weak-modules
install -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d/dist.conf install -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d/dist.conf
%post libs -p /sbin/ldconfig
%postun libs -p /sbin/ldconfig
%files %files
%defattr(-,root,root,-)
%dir %{_sysconfdir}/depmod.d %dir %{_sysconfdir}/depmod.d
%dir %{_sysconfdir}/modprobe.d %dir %{_sysconfdir}/modprobe.d
%dir %{_prefix}/lib/modprobe.d %dir %{_prefix}/lib/modprobe.d
@ -110,6 +119,7 @@ install -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d/dist.conf
%doc NEWS README TODO %doc NEWS README TODO
%files libs %files libs
%{!?_licensedir:%global license %%doc}
%license COPYING %license COPYING
%{_libdir}/libkmod.so.* %{_libdir}/libkmod.so.*
@ -119,77 +129,83 @@ install -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d/dist.conf
%{_libdir}/libkmod.so %{_libdir}/libkmod.so
%changelog %changelog
* Thu Aug 15 2024 Eugene Syromiatnikov <esyr@redhat.com> - 28-10 * Wed Oct 11 2023 Eugene Syromiatnikov <esyr@redhat.com> - 25-20
- Fix issues discovered by static analysis
- Resolves: RHEL-34073
* Thu May 11 2023 Eugene Syromiatnikov <esyr@redhat.com> - 28-9
- Add symvers.xz support to weak-modules - Add symvers.xz support to weak-modules
- Resolves: rhbz#2192895 - Resolves: RHEL-8903
* Thu Feb 9 2023 Yauheni Kaliuta <ykaliuta@redhat.com> - 28-8 * Mon Nov 29 2021 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-19
- man/rmmod: explain why modprobe -r is more useful - depmod: fix parallel execution issues
Resolves: rhbz#2164253 Resolves: rhbz#2026938
* Thu Oct 21 2021 Yauheni Kaliuta <ykaliuta@redhat.com> - 28-7 * Fri Apr 16 2021 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-18
- Add RHEL gating configuration. Related: rhbz#1985100 - weak-modules: do not require dracut wneh using --no-initramfs
Resolves: rhbz#1935416
* Tue Aug 10 2021 Yauheni Kaliuta <ykaliuta@redhat.com> - 28-6 * Fri Dec 18 2020 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-17
- add default config. - weak-modules: reset compatible_modules if configuration is not valid
Resolves: rhbz#1985100 Resolves: rhbz#1907855
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 28-5 * Mon Dec 9 2019 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-16
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags - weak-modules: update_modules_for_krel: always finish sandbox
Related: rhbz#1991688 - weak-modules: groupping: use dependencies of extra/ provider
Resolves: rhbz#1778889
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 28-4 * Mon Dec 9 2019 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-15
- Rebuilt for RHEL 9 BETA for openssl 3.0 - weak-modules: reverse checking order for add-kernel
Related: rhbz#1971065 Resolves: rhbz#1755196
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 28-3 * Mon Dec 2 2019 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-14
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 - modprobe: do not fail on built-in modules
Resolves: rhbz#1767513
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 28-2 * Tue Apr 16 2019 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild - weak-modules: handle independent modules in one run
Resolves: rhbz#1695763
* Thu Jan 07 2021 Josh Boyer <jwboyer@fedoraproject.org> - 28-1 * Tue Apr 2 2019 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-12
- New upstream v28 - weak-modules: use asterisk for kernel version in sandbox
- Enable zstd support Resolves: rhbz#1689052
- Resolves: rhbz#1913949
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 27-3 * Tue Feb 5 2019 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild - add PKCS7/openssl support.
Resolves: rhbz#1668459.
* Wed Mar 25 2020 Yauheni Kaliuta <ykaliuta@fedoraproject.org> - 27-2 * Tue Dec 11 2018 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-10
- add 0001-depmod-do-not-output-.bin-to-stdout.patch - weak-modules: group modules on add-kernel
Resolves: rhbz#1808430 - weak-modules: do not make groups if there are no extra modules
Resolves: rhbz#1649211
* Thu Feb 20 2020 Peter Robinson <pbrobinson@fedoraproject.org> - 27-1 * Tue Oct 2 2018 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-9
- New upstream v27 - Rebuild with updated flags.
Resolves: rhbz#1630574.
* Mon Jan 20 2020 Yauheni Kaliuta <ykaliuta@fedoraproject.org> - 26-5 * Tue Sep 4 2018 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-8
- weak-modules: sync with RHEL - weak-modules: fix initial state creation for dry-run
- weak-modules: check compatibility in a temporary directory
Resolves: rhbz#1622990.
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 26-4 * Tue Aug 28 2018 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild - weak-modules: use is_kernel_installed wrapper in update_modules_for_krel.
- weak-modules: more abstract symvers search implementation.
- weak-modules: use additional paths for System.map file.
Resolves: rhbz#1621306.
* Mon Feb 25 2019 Yauheni Kaliuta <yauheni.kaliuta@redhat.com> - 26-3 * Thu Aug 09 2018 Eugene Syromiatnikov <esyr@redhat.com> - 25-6
- weak-modules: sync with RHEL - weak-modules: check also for /lib/modules/$krel/symvers.gz as a possible
symvers file path.
Resolves: rhbz#1614119.
* Sun Feb 24 2019 Yauheni Kaliuta <ykaliuta@fedoraproject.org> - 26-2 * Mon Jul 30 2018 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-5
- add PKCS7/openssl support (rhbz 1320921) - weak-modules: handle versions with + and other special regex symbols
- weak-modules: fix misleading message when cannot find dracut.
Resolves: rhbz#1609372.
* Sun Feb 24 2019 Yauheni Kaliuta <ykaliuta@fedoraproject.org> - 26-1 * Fri Jul 27 2018 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-4
- Update to version 26 (rhbz 1673749) - fix dracut path, /usr/bin/dracut
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 25-5 * Wed Jul 25 2018 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild - Add depmod.d/dist.conf.
- Update weak-modules to RHEL version.
* Mon Oct 29 2018 James Antill <james.antill@redhat.com> - 25-4
- Remove ldconfig scriptlet, now done via. transfiletrigger in glibc (rhbz 1644063)
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 25-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 25-2 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 25-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild