Commit Graph

1271 Commits

Author SHA1 Message Date
Lucas De Marchi
0262531556 libkmod: ignore kcmdline option if we fail to parse modname
The error message is saying we are ignoring the option on the kernel
command line, so just do it.
2020-03-13 09:23:58 -07:00
Lucas De Marchi
8ea4f7c554 gitignore: ignore .cache.mk when building modules 2020-03-09 21:47:37 -07:00
Lucas De Marchi
9b003b6893 gitignore: ignore release files 2020-02-28 12:54:54 -08:00
Lucas De Marchi
819a125ca7 kmod 27 2020-02-18 15:54:07 -08:00
Lucas De Marchi
f975f6bfcc libkmod: reset was_space on second pass
The softdep config parser uses a 2-pass approach to use a single
allocation for all the softdep struct. However "was_space" variable
isn't reset between them. This can lead to a buffer overflow.

Reported-by: Jorge Lucangeli Obes <jorgelo@google.com>
Link: https://lore.kernel.org/linux-modules/CAKYuF5QhGCPCazHQjN-=kFc5kHs7Ok8WqmmGLo31CiOEN8TYdA@mail.gmail.com
2020-01-20 16:15:38 -03:00
Topi Miettinen
81dbf2bee6 libkmod-module: convert return value from system() to errno
Don't use exit status of a command directly as errno code, callers
will be confused.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
2019-12-29 16:13:35 -08:00
Alexey Gladkov
e7e2cb61fa modinfo: Show information about built-in modules
Signed-off-by: Alexey Gladkov <gladkov.alexey@gmail.com>
2019-12-18 16:57:14 -08:00
Alexey Gladkov
b866b2165a Lookup aliases in the modules.builtin.modinfo
New modules.builtin.modinfo duplicates modules.builtin in the built-in
module name search. If it exists, then we can use this file, but if not,
then we need to fallback to the old file.

Signed-off-by: Alexey Gladkov <gladkov.alexey@gmail.com>
2019-12-18 16:56:58 -08:00
Alexey Gladkov
73eed2aba3 libkmod: Add function to get list of built-in modules
Signed-off-by: Alexey Gladkov <gladkov.alexey@gmail.com>
2019-12-18 16:56:36 -08:00
Alexey Gladkov
60084cf1cb libkmod: Add parser for modules.builtin.modinfo
The kernel since version v5.2-rc1 exports information about built-in
modules in the modules.builtin.modinfo. Information is stored in
the same format as in the separate modules (null-terminated string
array). The module name is a prefix for each line.

$ tr '\0' '\n' < modules.builtin.modinfo
ext4.softdep=pre: crc32c
ext4.license=GPL
ext4.description=Fourth Extended Filesystem
ext4.author=Remy Card, Stephen Tweedie, Andrew Morton, Andreas Dilger, Theodore Ts'o and others
ext4.alias=fs-ext4
ext4.alias=ext3
ext4.alias=fs-ext3
ext4.alias=ext2
ext4.alias=fs-ext2
md_mod.alias=block-major-9-*
md_mod.alias=md
md_mod.description=MD RAID framework
md_mod.license=GPL
md_mod.parmtype=create_on_open:bool
md_mod.parmtype=start_dirty_degraded:int
...

Signed-off-by: Alexey Gladkov <gladkov.alexey@gmail.com>
2019-12-18 16:56:10 -08:00
Fabrice Fontaine
8aa52bf238 Makefile.am: filter -Wl,--no-undefined
Commit 1d14ef82f4 does not completely fix
the build with python 3.8 as we still get link failure due to
'-z undefs' being ignored by some versions of ld.

Indeed, -z undefs was added by commit
97a232d7335f3bd0231fd9cd39455bde1d563922 in upstream binutils, and this
commit was first present in binutils 2.30.
So any toolchain using binutils version older than that won't have
-z undefs and will build fail on:

/home/buildroot/autobuild/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/mips-linux-gnu/5.3.0/../../../../mips-linux-gnu/bin/ld: warning: -z undefs ignored.

/home/naourr/work/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/aarch64_be-linux-gnu/7.3.1/../../../../aarch64_be-linux-gnu/bin/ld: warning: -z undefs ignored.

So filter -Wl,--no-undefined to fix the issue

Fixes:
 - http://autobuild.buildroot.org/results/e9645d9969481b09f507f6e0d0b35faaa283eb60
 - http://autobuild.buildroot.org/results/06a6d865b6b7d8ebd793bde214f4a4c40e0962e1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
2019-11-18 15:30:26 -08:00
Lucas De Marchi
a6b540deaa modprobe: use flags rather than bool args
It's easier to know what the caller is doing when we pass a named
flag rather than a list of bools.
2019-11-07 09:46:51 -08:00
Lucas De Marchi
688168c63f travis: remove old compiler failing to build kernel module
This is when building the kernel modules for testsuite:

	Makefile:718: Cannot use CONFIG_CC_STACKPROTECTOR_STRONG: -fstack-protector-strong not supported by compiler
	gcc: error: unrecognized command line option ‘-fstack-protector-strong’

Just drop gcc 4.8 from running tests. Failure not really related to kmod.
2019-11-07 09:46:51 -08:00
Lucas De Marchi
6436260f73 testsuite: update gitignore 2019-11-06 23:37:34 -08:00
Yauheni Kaliuta
52a0ba82e1 modprobe: ignore builtin module on recursive removing
If there are built-in dependencies and any of them is built-in in
the kernel, modprobe -r fails with

modprobe: FATAL: Module module_name is builtin.

It makes sense to ignore such dependencies for the case when
removing is called for non-top level module.

Example: cifs module, it declares bunch of softdeps and the first
one fails on some kernel configs:

modprobe: FATAL: Module gcm is builtin.

Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
2019-11-06 23:17:06 -08:00
Thomas Petazzoni
1d14ef82f4 Do not check for undefined symbols when building the Python modules
kmod's configure.ac uses the -Wl,--no-undefined linker flag to verify
at link time that all symbols of shared libraries are available, and
that there are no undefined symbols.

This make perfect sense for regular shared libraries. However, for
Python extensions, which will be dlopen()ed inside the Python
interpreter, it makes less sense.

Since Python 3.8, there is a change in python-config script and
Python's pkg-config file: it no longer links Python extensions with
the libpython library. See
https://docs.python.org/dev/whatsnew/3.8.html#debug-build-uses-the-same-abi-as-release-build
which states:

  On the other hand, pkg-config python3.8 --libs no longer contains
  -lpython3.8. C extensions must not be linked to libpython (except on
  Android and Cygwin, whose cases are handled by the script); this
  change is backward incompatible on purpose. (Contributed by Victor
  Stinner in bpo-36721.)

So, when linking the kmod Python extensions, it currently fails with
numerous unresolved symbols, that were previously provided by
libpython:

/home/test/autobuild/run/instance-3/output-1/host/opt/ext-toolchain/bin/../lib/gcc/powerpc64-buildroot-linux-gnu/7.4.0/../../../../powerpc64-buildroot-linux-gnu/bin/ld: libkmod/python/kmod/.libs/list_la-list.o: in function `__Pyx_PyObject_GetAttrStr':
list.c:(.text.__Pyx_PyObject_GetAttrStr+0x48): undefined reference to `PyObject_GetAttr'
/home/test/autobuild/run/instance-3/output-1/host/opt/ext-toolchain/bin/../lib/gcc/powerpc64-buildroot-linux-gnu/7.4.0/../../../../powerpc64-buildroot-linux-gnu/bin/ld: libkmod/python/kmod/.libs/list_la-list.o: in function `__pyx_tp_dealloc_4kmod_4list_ModListItem':
list.c:(.text.__pyx_tp_dealloc_4kmod_4list_ModListItem+0x78): undefined reference to `PyObject_CallFinalizerFromDealloc'
/home/test/autobuild/run/instance-3/output-1/host/opt/ext-toolchain/bin/../lib/gcc/powerpc64-buildroot-linux-gnu/7.4.0/../../../../powerpc64-buildroot-linux-gnu/bin/ld: libkmod/python/kmod/.libs/list_la-list.o: in function `__pyx_tp_dealloc_4kmod_4list_ModList':
list.c:(.text.__pyx_tp_dealloc_4kmod_4list_ModList+0x30): undefined reference to `PyErr_Fetch'

[Complete log at http://autobuild.buildroot.net/results/79a/79a5a0398723e8cfea0d0aa3dec5f7649aee4c63/build-end.log]

Linking with libpython is no longer recommended: those symbols should
remain unresolved in the Python extensions, as they wil be properly
resolved when the Python extension gets loaded into the Python
interpreter.

Since we want to keep -Wl,--no-undefined globally in kmod, we leave
the configure.ac file unchanged, and instead, specifically in the
LDFLAGS used to build the Python extensions, we override
-Wl,--no-undefined with -Wl,-z,undefs. Ideally, -Wl,--no-undefined is
the same as -Wl,-z,defs, and the effect of these options can be
canceled on the linker command line by a following -Wl,-z,undefs (see
the ld man page for details).

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Victor Stinner <victor.stinner@gmail.com>
2019-10-25 15:02:25 -07:00
Stefan Strogin
628677e066 libkmod-signature: use PKCS#7 instead of CMS
Linux uses either PKCS #7 or CMS for signing modules (see
scripts/sign-file.c). CMS is not supported by LibreSSL or older OpenSSL,
so PKCS #7 is used on systems with these libcrypto providers.

CMS and PKCS #7 formats are very similar. CMS is newer but is as much as
possible backward compatible with PKCS #7 [1]. PKCS #7 is supported in
the latest OpenSSL as well as CMS. The fields used for signing kernel
modules are supported both in PKCS #7 and CMS.

For now modinfo uses CMS with no alternative requiring OpenSSL 1.1.0 or
newer.

Use PKCS #7 for parsing module signature information, so that modinfo
could be used both with OpenSSL and LibreSSL.

[1] https://tools.ietf.org/html/rfc5652#section-1.1

Changes v1->v2:
- Don't use ifdefs for keeping redundant CMS code, just use PKCS #7 both
with OpenSSL and LibreSSL.

Signed-off-by: Stefan Strogin <steils@gentoo.org>
2019-05-28 15:22:18 -07:00
Ezequiel Garcia
ea3e508f61 tools: Print a message if refcnt attribute is missing
Currently, check_module_inuse returns a wrong user message
if the kernel is built without module unloading support.

Fix it by returning a more specific error, in case 'refcnt'
attribute is missing.
2019-03-08 13:06:52 -08:00
Adrian Bunk
f8b8d7b330 build: Stop using dolt
This does regress "make -12" from 0.7s to 0.9s on my
Coffee Lake machine, but even on slower hardware this
will not amount to a noticable slowdown.

On the other hand using dolt can create problems for
people doing cross-compilation, e.g. Yocto has two
hacks just for dolt in kmod:
https://git.yoctoproject.org/cgit/cgit.cgi/poky/tree/meta/recipes-kernel/kmod/kmod.inc?id=a17abae00785c76cfffe5381a22fb2c86b982e82

(Lucas: remove leftover entry in Makefile and reformat commit message)
2019-02-20 10:38:56 -08:00
Dave Reisner
8e266b9eef Link against libcrypto, not all of openssl
In the previous build setup, libkmod.so would link to not just
libcrypto.so, but also libssl.so:

$ readelf -d /lib/libkmod.so | grep NEEDED
 0x0000000000000001 (NEEDED)             Shared library: [liblzma.so.5]
 0x0000000000000001 (NEEDED)             Shared library: [libz.so.1]
 0x0000000000000001 (NEEDED)             Shared library: [libssl.so.1.1]
 0x0000000000000001 (NEEDED)             Shared library: [libcrypto.so.1.1]
 0x0000000000000001 (NEEDED)             Shared library: [libc.so.6]

We don't need any symbols from libssl, though. This patch ensures that
we pass 'libcrypto' to pkgconfig rather than 'openssl', getting only the
library that we need:

$ readelf -d  ./libkmod/.libs/libkmod.so.2.3.4 | grep NEEDED
 0x0000000000000001 (NEEDED)             Shared library: [liblzma.so.5]
 0x0000000000000001 (NEEDED)             Shared library: [libz.so.1]
 0x0000000000000001 (NEEDED)             Shared library: [libcrypto.so.1.1]
 0x0000000000000001 (NEEDED)             Shared library: [libc.so.6]
2019-02-13 09:36:57 -08:00
Lucas De Marchi
58133a96c8 kmod 26 2019-02-07 13:46:40 -08:00
Lucas De Marchi
9a015bcdde build: fix make distcheck
Make sure to add the dummy.pkcs7 file to the dist files.

While at it, also change the distcheck flags to include --with-openssl.
2019-02-07 13:44:39 -08:00
Lucas De Marchi
ada929e0c5 testsuite: mkosi: update files
- Add openssl
  - Disable python (quick hack to avoid more dependencies)
  - Update Fedora to 29
2019-02-04 16:09:38 -08:00
Lucas De Marchi
a3b5428cd8 build: check openssl version 2019-02-04 16:09:38 -08:00
Lucas De Marchi
9b3fa3fcab build: add openssl to CI deps
Travis-ci is at most on Ubuntu 16.04, that doesn't have openssl >= 1.1,
so disable openssl there.

Semaphore 2.0 was also missing a call to update the package database.
2019-02-04 16:09:38 -08:00
Lucas De Marchi
bcab5cd1be build: enable openssl by default
Like with other features, let's enable it for developers.
2019-02-04 14:27:46 -08:00
Lucas De Marchi
0f37cf1c18 testsuite: fix modinfo test without openssl 2019-02-04 14:25:03 -08:00
Yauheni Kaliuta
391b4714b4 libkmod-signature: implement pkcs7 parsing with openssl
The patch adds data fetching from the PKCS#7 certificate using
openssl library (which is used by scripts/sign-file.c in the linux
kernel to sign modules).

In general the certificate can contain many signatures, but since
kmod (modinfo) supports only one signature at the moment, only first
one is taken.

With the current sign-file.c certificate doesn't contain signer
key's fingerprint, so "serial number" is used for the key id.

Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
2019-02-04 13:51:27 -08:00
Yauheni Kaliuta
dec990483b testsuite: add modinfo pkcs7 signature test
Use the same approach to generate the signed module, like in the
old signature test: just append the pregenerated binary signature
to the module (the signature check will fail).

In case of need of generating correct signature, from the linux
kernel makefiles (certs/Makefile) it could be like:

$ openssl req -new -nodes -utf8  -sha256 -days 36500 -batch -x509
-config  ./x509.genkey -outform PEM -out signing_key.pem -keyout signing_key.pem
$ /lib/modules/$(uname -r)/build/scripts/extract-cert signing_key.pem signing_key.x509
$ /lib/modules/$(uname -r)/build/scripts/sign-file sha256 signing_key.pem signing_key.x509 module.ko

where x509.genkey is:

```
[ req ]
default_bits = 4096
distinguished_name = req_distinguished_name
prompt = no
string_mask = utf8only
x509_extensions = myexts

[ req_distinguished_name ]
CN = Build time autogenerated kernel key

[ myexts ]
basicConstraints=critical,CA:FALSE
keyUsage=digitalSignature
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid
```

Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
2019-02-04 13:49:13 -08:00
Daniel Kahn Gillmor
aca61d3721 man: Fix typo 2019-01-14 14:24:10 -08:00
Yauheni Kaliuta
ea37a74246 testsuite: factor out fd related parameters to a structure
This is a more abstract implementation of "file descriptor
comparation". With the current implementation the code is full of
conditions based on the descriptor type. It makes sense to
initialize the parameters once based on the descriptor type.

stdout and stderr are handled in almost the same way, but for
monitor descriptor branch, based on the type check is necessary in
some cases.

Since epoll's context now contains pointers to the structures, so no
direct manipulations there.

Most of the patch is just replacing direct buffer manipulations with
the structures' ones.

Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
2019-01-04 14:39:39 -08:00
Yauheni Kaliuta
b7cd0fdab0 testsuite: track number of descriptors instead of their state
use the number of tracked descriptors to determine the end of the
loop.

This is a preparation for more abstract descriptor comparation
implementation where checking of the descriptor state may be more
expensive than just checking of the local variables.

Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
2019-01-04 14:39:39 -08:00
Lucas De Marchi
ad411f7684 Add semaphoreci 2.0 configuration
Add another CI as alternative to travis-ci. Test on gcc 6, 7 and 8 on
Ubuntu 18.04. Not sure if this is the best way to define the yml file,
but it works.

The old badge doesn't work. It will be added back later.
2019-01-04 10:04:40 -08:00
Lucas De Marchi
eb862179c0 testsuite: move --show-exports test to use regex
This allows it to pass if the kernel is configured with
CONFIG_MODVERSIONS.
2019-01-03 12:43:18 -08:00
Lucas De Marchi
c0937526b2 testsuite: add support for testing output against regex
Allow to test outputs when they don't match exactly, but should follow
some regex patterns. This can be used when the info we are printing is
randomized or depends on kernel configuration.
2019-01-03 12:43:18 -08:00
Lucas De Marchi
a5cc3521d8 testsuite: split out function to compare outputs exactly
Move functionality to compare the exact output to a separate function
and allocate one buffer per output/match pair. This will allow us to
extend this to allow other types of comparisons. Since now we are using
heap-allocated buffer, keep the buffer allocation to the caller, so we
don't have to allocate and free it on every invocation. It also avoids
the different comparison functions to have to deal with it.
2019-01-03 12:03:27 -08:00
Michal Suchanek
4a894aeaeb depmod: shut up gcc insufficinet buffer warning
In a couple of places depmod concatenates the module directory and filename
with snprintf. This can technically overflow creating an unterminated string if
module directory name is long. Use openat instead as is done elsewhere in
depmod. This avoids the snprintf, the extra buffer on stack, and the gcc
warning. It may even fix a corner case when the module direcotry name is just
under PATH_MAX.

[ Lucas: fix up coding style and closing fd on error path ]

Signed-off-by: Michal Suchanek <msuchanek@suse.de>
2018-12-17 15:31:55 -08:00
Michal Suchanek
a06bacf500 depmod: prevent module dependency files corruption due to parallel invocation.
Depmod does not use unique filename for temporary files. There is no
guarantee the user does not attempt to run mutiple depmod processes in
parallel. If that happens a temporary file might be created by
depmod(1st), truncated by depmod(2nd), and renamed to final name by
depmod(1st) resulting in corrupted file seen by user.

Due to missing mkstempat() this is more complex than it should be.
Adding PID and timestamp to the filename should be reasonably reliable.
Adding O_EXCL as mkstemp does fails creating the file rather than
corrupting existing file.

Signed-off-by: Michal Suchanek <msuchanek@suse.de>
2018-12-17 15:10:05 -08:00
Michal Suchanek
c2996b5fa8 depmod: prevent module dependency files missing during depmod invocation
depmod deletes the module dependency files before moving the temporary
files in their place. This results in user seeing no dependency files
while they are updated. Remove the unlink call. The rename call should
suffice to move the new file in place and unlink the old one. It should
also do both atomically so there is no window when no dependency file
exists.

Signed-off-by: Michal Suchanek <msuchanek@suse.de>
2018-12-17 10:19:50 -08:00
Lucas De Marchi
028d4df365 Remove bootstrap* scripts
Let's just use autogen.sh, no need for wrapper scripts. Now
`autogen.sh c` uses the same recommended options for developing kmod and
also accepts extra arguments.
2018-12-17 09:52:05 -08:00
Lucas De Marchi
edc9d81754 README: Add link to mailing list archive
We now have a proper archive for the mailing list.
2018-11-30 12:37:43 -08:00
Yauheni Kaliuta
a11057201e signature: do not report wrong data for pkc#7 signature
when PKC#7 signing method is used the old structure doesn't contain
any useful data, but the data are encoded in the certificate.

The info getting/showing code is not aware of that at the moment and
since 0 is a valid constant, shows, for example, wrong "md4" for the
hash algo.

The patch splits the 2 mothods of gethering the info and reports
"unknown" for the algo.

Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
2018-11-16 00:59:44 -08:00
Lucas De Marchi
068729e368 testsuite: add simple test for --show-exports 2018-11-13 10:45:00 -08:00
Yauheni Kaliuta
3ada8df85c modprobe: add --show-exports
modprobe has --show-modversions switch, which dumps symbols with
their modversion crcs from the __versions sections.

At the moment the section contains information for the dependency
symbols only, while exported symbols add to symtab entries with
__crc_ prefix (the format may differ, see 1e48901166 libkmod-elf:
resolve CRC if module is built with MODULE_REL_CRCS).

The patch makes it to show exported symbols as well.

The function is basically cut'n'paste of show_modversions(),
but 'version' family replaced with 'symbol' one.

Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
2018-11-13 09:50:49 -08:00
Lucas De Marchi
8353284d83 mkosi: allow Clear to use test modules
Now Clear has a bundle for the kernel headers, let's use it.
2018-10-10 13:47:50 -07:00
Lucas De Marchi
94aad8787f man: depmod: remove deprecated -m option
Thanks to Howard Johnson <hwj@bridgeportcontractor.com> for noticing.
2018-07-20 13:23:57 -07:00
Jan Engelhardt
867da6fcfb kmod: build: cure compiler warnings showing up externally
When building a C source file with gcc-7 -Wshift-overflow=2, this warning
springs up:

libkmod.h: warning: result of "1 << 31" requires 33 bits to
represent, but "int" only has 32 bits [-Wshift-overflow=]

Change the two _KMOD_* identifiers to fit into 32 bits.
2018-06-18 09:46:56 -07:00
Jakov Simunic
499778492a build: fix wrong quotes on bootstrap 2018-05-16 10:24:37 -07:00
Chris Stackpole
8c50dc4e3a Phrasing correction in modprobe man page 2018-05-14 15:04:55 -07:00
Luca Bruno
c8f0623ad1 libkmod-module: check for NULL before accessing pointers
This introduces a few missing NULL-checks in public functions, and
align their docstrings with real behavior by getting rid of copy-paste
mistakes.

Signed-off-by: Luca Bruno <luca.bruno@coreos.com>
2018-04-05 14:54:43 -07:00