Compare commits

...

No commits in common. 'c8-beta' and 'c9' have entirely different histories.
c8-beta ... c9

2
.gitignore vendored

@ -1 +1 @@
SOURCES/kmod-25.tar.xz
SOURCES/kmod-28.tar.xz

@ -1 +1 @@
761ee76bc31f5db10d470dad607a5f9d68acef68 SOURCES/kmod-25.tar.xz
0acec2b6aea3e6eb71f0b549b0ff0abcac5da004 SOURCES/kmod-28.tar.xz

@ -1,33 +0,0 @@
From c2996b5fa880e81f63c25e80a4157b2239e32c5d Mon Sep 17 00:00:00 2001
From: Michal Suchanek <msuchanek@suse.de>
Date: Mon, 10 Dec 2018 22:29:32 +0100
Subject: [PATCH 1/2] depmod: prevent module dependency files missing during
depmod invocation
depmod deletes the module dependency files before moving the temporary
files in their place. This results in user seeing no dependency files
while they are updated. Remove the unlink call. The rename call should
suffice to move the new file in place and unlink the old one. It should
also do both atomically so there is no window when no dependency file
exists.
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
---
tools/depmod.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/tools/depmod.c b/tools/depmod.c
index 989d9077926c..18c0d61b2db3 100644
--- a/tools/depmod.c
+++ b/tools/depmod.c
@@ -2451,7 +2451,6 @@ static int depmod_output(struct depmod *depmod, FILE *out)
break;
}
- unlinkat(dfd, itr->name, 0);
if (renameat(dfd, tmp, dfd, itr->name) != 0) {
err = -errno;
CRIT("renameat(%s, %s, %s, %s): %m\n",
--
2.33.0

@ -0,0 +1,44 @@
From 5c22362b6b97af9c6b7587f0c3450001e9893115 Mon Sep 17 00:00:00 2001
From: Eugene Syromiatnikov <esyr@redhat.com>
Date: Tue, 13 Aug 2024 16:17:27 +0200
Subject: [PATCH] libkmod: avoid undefined behaviour in
libkmod-builtin.c:get_string
Static analysis has reported a potential UB:
kmod-31/libkmod/libkmod-builtin.c:125: use_invalid: Using "nullp", which points to an out-of-scope variable "buf".
# 123| size_t linesz = 0;
# 124|
# 125|-> while (!nullp) {
# 126| char buf[BUFSIZ];
# 127| ssize_t sz;
It seems to be indeed an UB, as nullp is getting assined an address
inside object buf, which has a lifetime of the while loop body,
and is not available outside of it (specifically, in the while
condition, where nullp is checked for NULL). Fix it by putting
buf definition in the outer block.
---
libkmod/libkmod-builtin.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libkmod/libkmod-builtin.c b/libkmod/libkmod-builtin.c
index fd0f549..40a7d61 100644
--- a/libkmod/libkmod-builtin.c
+++ b/libkmod/libkmod-builtin.c
@@ -105,11 +105,11 @@ static off_t get_string(struct kmod_builtin_iter *iter, off_t offset,
char **line, size_t *size)
{
int sv_errno;
+ char buf[BUFSIZ];
char *nullp = NULL;
size_t linesz = 0;
while (!nullp) {
- char buf[BUFSIZ];
ssize_t sz;
size_t partsz;
--
2.13.6

@ -0,0 +1,38 @@
From d5950b0b5e66a5ec1c21b638dec3974056aaabeb Mon Sep 17 00:00:00 2001
From: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
Date: Sun, 25 Sep 2022 17:46:08 +0300
Subject: [PATCH] libkmod: do not crash on unknown signature algorithm
Example kernel module:
https://file-store.rosalinux.ru/download/7281f97e0c04c0f818ad3f936706f4a407e8dc7e
(/lib/modules/5.15.67-generic-1rosa2021.1-x86_64/kernel/drivers/usb/host/xhci-pci.ko.zst)
It is signed with Streebog 512.
libkmod v30 crashed in libkmod-module.c:2413 in this code:
n = kmod_module_info_append(list,
"sig_hashalgo", strlen("sig_hashalgo"),
sig_info.hash_algo, strlen(sig_info.hash_algo));
because strlen() got null.
---
libkmod/libkmod-signature.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c
index 4ae5af6..092f396 100644
--- a/libkmod/libkmod-signature.c
+++ b/libkmod/libkmod-signature.c
@@ -278,6 +278,9 @@ static bool fill_pkcs7(const char *mem, off_t size,
X509_ALGOR_get0(&o, NULL, NULL, dig_alg);
sig_info->hash_algo = pkey_hash_algo[obj_to_hash_algo(o)];
+ // hash algo has not been recognized
+ if (sig_info->hash_algo == NULL)
+ goto err3;
sig_info->id_type = pkey_id_type[modsig->id_type];
pvt = malloc(sizeof(*pvt));
--
2.13.6

@ -0,0 +1,44 @@
From b9605c63b859adfffc0b4b9420d720aa323b90e9 Mon Sep 17 00:00:00 2001
From: Emil Velikov <emil.velikov@collabora.com>
Date: Mon, 6 Feb 2023 14:32:59 +0000
Subject: [PATCH] libkmod: error out on unknown hash algorithm
Currently if we see unknown algorithm, we'll do an OOB read in
pkey_hash_algo. This can happen for example if OPENSSL_NO_SM3 is set and
the kernel module uses a SM3 hash.
Cc: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
Cc: Lucas De Marchi <lucas.demarchi@intel.com>
Signed-off-by: Emil Velikov <emil.velikov@collabora.com>
Signed-off-by: Lucas De Marchi <lucas.de.marchi@gmail.com>
---
libkmod/libkmod-signature.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c
index 092f396..b749a81 100644
--- a/libkmod/libkmod-signature.c
+++ b/libkmod/libkmod-signature.c
@@ -219,6 +219,7 @@ static bool fill_pkcs7(const char *mem, off_t size,
unsigned char *key_id_str;
struct pkcs7_private *pvt;
const char *issuer_str;
+ int hash_algo;
size -= sig_len;
pkcs7_raw = mem + size;
@@ -277,7 +278,10 @@ static bool fill_pkcs7(const char *mem, off_t size,
X509_ALGOR_get0(&o, NULL, NULL, dig_alg);
- sig_info->hash_algo = pkey_hash_algo[obj_to_hash_algo(o)];
+ hash_algo = obj_to_hash_algo(o);
+ if (hash_algo < 0)
+ goto err3;
+ sig_info->hash_algo = pkey_hash_algo[hash_algo];
// hash algo has not been recognized
if (sig_info->hash_algo == NULL)
goto err3;
--
2.13.6

@ -0,0 +1,29 @@
From 1cab02ecf6ee2a0aa34f3615dfd99c59f7e04e90 Mon Sep 17 00:00:00 2001
From: Seung-Woo Kim <sw0312.kim@samsung.com>
Date: Tue, 13 Apr 2021 20:23:14 +0900
Subject: [PATCH] libkmod: fix an overflow with wrong modules.builtin.modinfo
Fix a possbile overflow with exact PATH_MAX length modname
in wrong modules.builtin.modinfo.
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
---
libkmod/libkmod-builtin.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libkmod/libkmod-builtin.c b/libkmod/libkmod-builtin.c
index fc9a376..a75a542 100644
--- a/libkmod/libkmod-builtin.c
+++ b/libkmod/libkmod-builtin.c
@@ -246,7 +246,7 @@ bool kmod_builtin_iter_get_modname(struct kmod_builtin_iter *iter,
len = dot - line;
- if (len > PATH_MAX) {
+ if (len >= PATH_MAX) {
sv_errno = ENAMETOOLONG;
goto fail;
}
--
2.13.6

@ -1,62 +0,0 @@
From a06bacf500d56b72b5f9b121ebf7f6af9e3df185 Mon Sep 17 00:00:00 2001
From: Michal Suchanek <msuchanek@suse.de>
Date: Mon, 17 Dec 2018 23:46:28 +0100
Subject: [PATCH 2/2] depmod: prevent module dependency files corruption due to
parallel invocation.
Depmod does not use unique filename for temporary files. There is no
guarantee the user does not attempt to run mutiple depmod processes in
parallel. If that happens a temporary file might be created by
depmod(1st), truncated by depmod(2nd), and renamed to final name by
depmod(1st) resulting in corrupted file seen by user.
Due to missing mkstempat() this is more complex than it should be.
Adding PID and timestamp to the filename should be reasonably reliable.
Adding O_EXCL as mkstemp does fails creating the file rather than
corrupting existing file.
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
---
tools/depmod.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/tools/depmod.c b/tools/depmod.c
index 18c0d61b2db3..0f7e33ccfd59 100644
--- a/tools/depmod.c
+++ b/tools/depmod.c
@@ -29,6 +29,7 @@
#include <string.h>
#include <unistd.h>
#include <sys/stat.h>
+#include <sys/time.h>
#include <sys/utsname.h>
#include <shared/array.h>
@@ -2398,6 +2399,9 @@ static int depmod_output(struct depmod *depmod, FILE *out)
};
const char *dname = depmod->cfg->dirname;
int dfd, err = 0;
+ struct timeval tv;
+
+ gettimeofday(&tv, NULL);
if (out != NULL)
dfd = -1;
@@ -2416,11 +2420,12 @@ static int depmod_output(struct depmod *depmod, FILE *out)
int r, ferr;
if (fp == NULL) {
- int flags = O_CREAT | O_TRUNC | O_WRONLY;
+ int flags = O_CREAT | O_EXCL | O_WRONLY;
int mode = 0644;
int fd;
- snprintf(tmp, sizeof(tmp), "%s.tmp", itr->name);
+ snprintf(tmp, sizeof(tmp), "%s.%i.%li.%li", itr->name, getpid(),
+ tv.tv_usec, tv.tv_sec);
fd = openat(dfd, tmp, flags, mode);
if (fd < 0) {
ERR("openat(%s, %s, %o, %o): %m\n",
--
2.33.0

@ -1,328 +0,0 @@
From 391b4714b495183baefa9cb10ac8e1600c166a59 Mon Sep 17 00:00:00 2001
From: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
Date: Fri, 1 Feb 2019 22:20:02 +0200
Subject: [PATCH] libkmod-signature: implement pkcs7 parsing with openssl
The patch adds data fetching from the PKCS#7 certificate using
openssl library (which is used by scripts/sign-file.c in the linux
kernel to sign modules).
In general the certificate can contain many signatures, but since
kmod (modinfo) supports only one signature at the moment, only first
one is taken.
With the current sign-file.c certificate doesn't contain signer
key's fingerprint, so "serial number" is used for the key id.
Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
---
Makefile.am | 4 +-
configure.ac | 11 ++
libkmod/libkmod-internal.h | 3 +
libkmod/libkmod-module.c | 3 +
libkmod/libkmod-signature.c | 197 +++++++++++++++++++++++++++++++++++-
5 files changed, 213 insertions(+), 5 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index 1ab1db585316..de1026f8bd46 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -35,6 +35,8 @@ SED_PROCESS = \
-e 's,@liblzma_LIBS\@,${liblzma_LIBS},g' \
-e 's,@zlib_CFLAGS\@,${zlib_CFLAGS},g' \
-e 's,@zlib_LIBS\@,${zlib_LIBS},g' \
+ -e 's,@openssl_CFLAGS\@,${openssl_CFLAGS},g' \
+ -e 's,@openssl_LIBS\@,${openssl_LIBS},g' \
< $< > $@ || rm $@
%.pc: %.pc.in Makefile
@@ -87,7 +89,7 @@ libkmod_libkmod_la_DEPENDENCIES = \
${top_srcdir}/libkmod/libkmod.sym
libkmod_libkmod_la_LIBADD = \
shared/libshared.la \
- ${liblzma_LIBS} ${zlib_LIBS}
+ ${liblzma_LIBS} ${zlib_LIBS} ${openssl_LIBS}
noinst_LTLIBRARIES += libkmod/libkmod-internal.la
libkmod_libkmod_internal_la_SOURCES = $(libkmod_libkmod_la_SOURCES)
diff --git a/configure.ac b/configure.ac
index fbc7391b2d1b..2e33380a0cc2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -106,6 +106,17 @@ AS_IF([test "x$with_zlib" != "xno"], [
])
CC_FEATURE_APPEND([with_features], [with_zlib], [ZLIB])
+AC_ARG_WITH([openssl],
+ AS_HELP_STRING([--with-openssl], [handle PKCS7 signatures @<:@default=disabled@:>@]),
+ [], [with_openssl=no])
+AS_IF([test "x$with_openssl" != "xno"], [
+ PKG_CHECK_MODULES([openssl], [openssl])
+ AC_DEFINE([ENABLE_OPENSSL], [1], [Enable openssl for modinfo.])
+], [
+ AC_MSG_NOTICE([openssl support not requested])
+])
+CC_FEATURE_APPEND([with_features], [with_openssl], [OPENSSL])
+
AC_ARG_WITH([bashcompletiondir],
AS_HELP_STRING([--with-bashcompletiondir=DIR], [Bash completions directory]),
[],
diff --git a/libkmod/libkmod-internal.h b/libkmod/libkmod-internal.h
index 346579c71aab..a65ddd156f18 100644
--- a/libkmod/libkmod-internal.h
+++ b/libkmod/libkmod-internal.h
@@ -188,5 +188,8 @@ struct kmod_signature_info {
const char *algo, *hash_algo, *id_type;
const char *sig;
size_t sig_len;
+ void (*free)(void *);
+ void *private;
};
bool kmod_module_signature_info(const struct kmod_file *file, struct kmod_signature_info *sig_info) _must_check_ __attribute__((nonnull(1, 2)));
+void kmod_module_signature_info_free(struct kmod_signature_info *sig_info) __attribute__((nonnull));
diff --git a/libkmod/libkmod-module.c b/libkmod/libkmod-module.c
index 889f26479a98..bffe715cdef4 100644
--- a/libkmod/libkmod-module.c
+++ b/libkmod/libkmod-module.c
@@ -2357,6 +2357,9 @@ KMOD_EXPORT int kmod_module_get_info(const struct kmod_module *mod, struct kmod_
ret = count;
list_error:
+ /* aux structures freed in normal case also */
+ kmod_module_signature_info_free(&sig_info);
+
if (ret < 0) {
kmod_module_info_free_list(*list);
*list = NULL;
diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c
index 429ffbd8a957..48d0145a7552 100644
--- a/libkmod/libkmod-signature.c
+++ b/libkmod/libkmod-signature.c
@@ -19,6 +19,10 @@
#include <endian.h>
#include <inttypes.h>
+#ifdef ENABLE_OPENSSL
+#include <openssl/cms.h>
+#include <openssl/ssl.h>
+#endif
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -115,15 +119,194 @@ static bool fill_default(const char *mem, off_t size,
return true;
}
-static bool fill_unknown(const char *mem, off_t size,
- const struct module_signature *modsig, size_t sig_len,
- struct kmod_signature_info *sig_info)
+#ifdef ENABLE_OPENSSL
+
+struct pkcs7_private {
+ CMS_ContentInfo *cms;
+ unsigned char *key_id;
+ BIGNUM *sno;
+};
+
+static void pkcs7_free(void *s)
+{
+ struct kmod_signature_info *si = s;
+ struct pkcs7_private *pvt = si->private;
+
+ CMS_ContentInfo_free(pvt->cms);
+ BN_free(pvt->sno);
+ free(pvt->key_id);
+ free(pvt);
+ si->private = NULL;
+}
+
+static int obj_to_hash_algo(const ASN1_OBJECT *o)
+{
+ int nid;
+
+ nid = OBJ_obj2nid(o);
+ switch (nid) {
+ case NID_md4:
+ return PKEY_HASH_MD4;
+ case NID_md5:
+ return PKEY_HASH_MD5;
+ case NID_sha1:
+ return PKEY_HASH_SHA1;
+ case NID_ripemd160:
+ return PKEY_HASH_RIPE_MD_160;
+ case NID_sha256:
+ return PKEY_HASH_SHA256;
+ case NID_sha384:
+ return PKEY_HASH_SHA384;
+ case NID_sha512:
+ return PKEY_HASH_SHA512;
+ case NID_sha224:
+ return PKEY_HASH_SHA224;
+ default:
+ return -1;
+ }
+ return -1;
+}
+
+static const char *x509_name_to_str(X509_NAME *name)
+{
+ int i;
+ X509_NAME_ENTRY *e;
+ ASN1_STRING *d;
+ ASN1_OBJECT *o;
+ int nid = -1;
+ const char *str;
+
+ for (i = 0; i < X509_NAME_entry_count(name); i++) {
+ e = X509_NAME_get_entry(name, i);
+ o = X509_NAME_ENTRY_get_object(e);
+ nid = OBJ_obj2nid(o);
+ if (nid == NID_commonName)
+ break;
+ }
+ if (nid == -1)
+ return NULL;
+
+ d = X509_NAME_ENTRY_get_data(e);
+ str = (const char *)ASN1_STRING_get0_data(d);
+
+ return str;
+}
+
+static bool fill_pkcs7(const char *mem, off_t size,
+ const struct module_signature *modsig, size_t sig_len,
+ struct kmod_signature_info *sig_info)
+{
+ const char *pkcs7_raw;
+ CMS_ContentInfo *cms;
+ STACK_OF(CMS_SignerInfo) *sis;
+ CMS_SignerInfo *si;
+ int rc;
+ ASN1_OCTET_STRING *key_id;
+ X509_NAME *issuer;
+ ASN1_INTEGER *sno;
+ ASN1_OCTET_STRING *sig;
+ BIGNUM *sno_bn;
+ X509_ALGOR *dig_alg;
+ X509_ALGOR *sig_alg;
+ const ASN1_OBJECT *o;
+ BIO *in;
+ int len;
+ unsigned char *key_id_str;
+ struct pkcs7_private *pvt;
+ const char *issuer_str;
+
+ size -= sig_len;
+ pkcs7_raw = mem + size;
+
+ in = BIO_new_mem_buf(pkcs7_raw, sig_len);
+
+ cms = d2i_CMS_bio(in, NULL);
+ if (cms == NULL) {
+ BIO_free(in);
+ return false;
+ }
+
+ BIO_free(in);
+
+ sis = CMS_get0_SignerInfos(cms);
+ if (sis == NULL)
+ goto err;
+
+ si = sk_CMS_SignerInfo_value(sis, 0);
+ if (si == NULL)
+ goto err;
+
+ rc = CMS_SignerInfo_get0_signer_id(si, &key_id, &issuer, &sno);
+ if (rc == 0)
+ goto err;
+
+ sig = CMS_SignerInfo_get0_signature(si);
+ if (sig == NULL)
+ goto err;
+
+ CMS_SignerInfo_get0_algs(si, NULL, NULL, &dig_alg, &sig_alg);
+
+ sig_info->sig = (const char *)ASN1_STRING_get0_data(sig);
+ sig_info->sig_len = ASN1_STRING_length(sig);
+
+ sno_bn = ASN1_INTEGER_to_BN(sno, NULL);
+ if (sno_bn == NULL)
+ goto err;
+
+ len = BN_num_bytes(sno_bn);
+ key_id_str = malloc(len);
+ if (key_id_str == NULL)
+ goto err2;
+ BN_bn2bin(sno_bn, key_id_str);
+
+ sig_info->key_id = (const char *)key_id_str;
+ sig_info->key_id_len = len;
+
+ issuer_str = x509_name_to_str(issuer);
+ if (issuer_str != NULL) {
+ sig_info->signer = issuer_str;
+ sig_info->signer_len = strlen(issuer_str);
+ }
+
+ X509_ALGOR_get0(&o, NULL, NULL, dig_alg);
+
+ sig_info->hash_algo = pkey_hash_algo[obj_to_hash_algo(o)];
+ sig_info->id_type = pkey_id_type[modsig->id_type];
+
+ pvt = malloc(sizeof(*pvt));
+ if (pvt == NULL)
+ goto err3;
+
+ pvt->cms = cms;
+ pvt->key_id = key_id_str;
+ pvt->sno = sno_bn;
+ sig_info->private = pvt;
+
+ sig_info->free = pkcs7_free;
+
+ return true;
+err3:
+ free(key_id_str);
+err2:
+ BN_free(sno_bn);
+err:
+ CMS_ContentInfo_free(cms);
+ return false;
+}
+
+#else /* ENABLE OPENSSL */
+
+static bool fill_pkcs7(const char *mem, off_t size,
+ const struct module_signature *modsig, size_t sig_len,
+ struct kmod_signature_info *sig_info)
{
sig_info->hash_algo = "unknown";
sig_info->id_type = pkey_id_type[modsig->id_type];
return true;
}
+#endif /* ENABLE OPENSSL */
+
#define SIG_MAGIC "~Module signature appended~\n"
/*
@@ -167,8 +350,14 @@ bool kmod_module_signature_info(const struct kmod_file *file, struct kmod_signat
switch (modsig->id_type) {
case PKEY_ID_PKCS7:
- return fill_unknown(mem, size, modsig, sig_len, sig_info);
+ return fill_pkcs7(mem, size, modsig, sig_len, sig_info);
default:
return fill_default(mem, size, modsig, sig_len, sig_info);
}
}
+
+void kmod_module_signature_info_free(struct kmod_signature_info *sig_info)
+{
+ if (sig_info->free)
+ sig_info->free(sig_info);
+}
--
2.20.1

@ -1,83 +0,0 @@
From 52a0ba82e1ad180f9f91920db70a758fac49466a Mon Sep 17 00:00:00 2001
From: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
Date: Thu, 31 Oct 2019 20:12:53 +0200
Subject: [PATCH] modprobe: ignore builtin module on recursive removing
If there are built-in dependencies and any of them is built-in in
the kernel, modprobe -r fails with
modprobe: FATAL: Module module_name is builtin.
It makes sense to ignore such dependencies for the case when
removing is called for non-top level module.
Example: cifs module, it declares bunch of softdeps and the first
one fails on some kernel configs:
modprobe: FATAL: Module gcm is builtin.
Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
---
tools/modprobe.c | 18 ++++++++++++------
1 file changed, 12 insertions(+), 6 deletions(-)
diff --git a/tools/modprobe.c b/tools/modprobe.c
index a9e2331567af..44cd15c2bf57 100644
--- a/tools/modprobe.c
+++ b/tools/modprobe.c
@@ -353,7 +353,8 @@ static int rmmod_do_remove_module(struct kmod_module *mod)
return err;
}
-static int rmmod_do_module(struct kmod_module *mod, bool do_dependencies);
+static int rmmod_do_module(struct kmod_module *mod, bool do_dependencies,
+ bool ignore_builtin);
static int rmmod_do_deps_list(struct kmod_list *list, bool stop_on_errors)
{
@@ -361,7 +362,7 @@ static int rmmod_do_deps_list(struct kmod_list *list, bool stop_on_errors)
kmod_list_foreach_reverse(l, list) {
struct kmod_module *m = kmod_module_get_module(l);
- int r = rmmod_do_module(m, false);
+ int r = rmmod_do_module(m, false, true);
kmod_module_unref(m);
if (r < 0 && stop_on_errors)
@@ -371,7 +372,8 @@ static int rmmod_do_deps_list(struct kmod_list *list, bool stop_on_errors)
return 0;
}
-static int rmmod_do_module(struct kmod_module *mod, bool do_dependencies)
+static int rmmod_do_module(struct kmod_module *mod, bool do_dependencies,
+ bool ignore_builtin)
{
const char *modname = kmod_module_get_name(mod);
struct kmod_list *pre = NULL, *post = NULL;
@@ -401,8 +403,12 @@ static int rmmod_do_module(struct kmod_module *mod, bool do_dependencies)
}
goto error;
} else if (state == KMOD_MODULE_BUILTIN) {
- LOG("Module %s is builtin.\n", modname);
- err = -ENOENT;
+ if (ignore_builtin) {
+ err = 0;
+ } else {
+ LOG("Module %s is builtin.\n", modname);
+ err = -ENOENT;
+ }
goto error;
}
}
@@ -462,7 +468,7 @@ static int rmmod(struct kmod_ctx *ctx, const char *alias)
kmod_list_foreach(l, list) {
struct kmod_module *mod = kmod_module_get_module(l);
- err = rmmod_do_module(mod, true);
+ err = rmmod_do_module(mod, true, false);
kmod_module_unref(mod);
if (err < 0)
break;
--
2.24.0

@ -1,116 +0,0 @@
From a11057201ed326a9e65e757202da960735e45799 Mon Sep 17 00:00:00 2001
From: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
Date: Fri, 16 Nov 2018 10:56:34 +0200
Subject: [PATCH] signature: do not report wrong data for pkc#7 signature
when PKC#7 signing method is used the old structure doesn't contain
any useful data, but the data are encoded in the certificate.
The info getting/showing code is not aware of that at the moment and
since 0 is a valid constant, shows, for example, wrong "md4" for the
hash algo.
The patch splits the 2 mothods of gethering the info and reports
"unknown" for the algo.
Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
---
libkmod/libkmod-module.c | 2 +-
libkmod/libkmod-signature.c | 56 +++++++++++++++++++++++++------------
2 files changed, 39 insertions(+), 19 deletions(-)
diff --git a/libkmod/libkmod-module.c b/libkmod/libkmod-module.c
index ee420f4ec2bf..889f26479a98 100644
--- a/libkmod/libkmod-module.c
+++ b/libkmod/libkmod-module.c
@@ -2273,7 +2273,7 @@ KMOD_EXPORT int kmod_module_get_info(const struct kmod_module *mod, struct kmod_
struct kmod_elf *elf;
char **strings;
int i, count, ret = -ENOMEM;
- struct kmod_signature_info sig_info;
+ struct kmod_signature_info sig_info = {};
if (mod == NULL || list == NULL)
return -ENOENT;
diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c
index 1f3e26dea203..429ffbd8a957 100644
--- a/libkmod/libkmod-signature.c
+++ b/libkmod/libkmod-signature.c
@@ -92,6 +92,38 @@ struct module_signature {
uint32_t sig_len; /* Length of signature data (big endian) */
};
+static bool fill_default(const char *mem, off_t size,
+ const struct module_signature *modsig, size_t sig_len,
+ struct kmod_signature_info *sig_info)
+{
+ size -= sig_len;
+ sig_info->sig = mem + size;
+ sig_info->sig_len = sig_len;
+
+ size -= modsig->key_id_len;
+ sig_info->key_id = mem + size;
+ sig_info->key_id_len = modsig->key_id_len;
+
+ size -= modsig->signer_len;
+ sig_info->signer = mem + size;
+ sig_info->signer_len = modsig->signer_len;
+
+ sig_info->algo = pkey_algo[modsig->algo];
+ sig_info->hash_algo = pkey_hash_algo[modsig->hash];
+ sig_info->id_type = pkey_id_type[modsig->id_type];
+
+ return true;
+}
+
+static bool fill_unknown(const char *mem, off_t size,
+ const struct module_signature *modsig, size_t sig_len,
+ struct kmod_signature_info *sig_info)
+{
+ sig_info->hash_algo = "unknown";
+ sig_info->id_type = pkey_id_type[modsig->id_type];
+ return true;
+}
+
#define SIG_MAGIC "~Module signature appended~\n"
/*
@@ -112,7 +144,6 @@ bool kmod_module_signature_info(const struct kmod_file *file, struct kmod_signat
const struct module_signature *modsig;
size_t sig_len;
-
size = kmod_file_get_size(file);
mem = kmod_file_get_contents(file);
if (size < (off_t)strlen(SIG_MAGIC))
@@ -134,21 +165,10 @@ bool kmod_module_signature_info(const struct kmod_file *file, struct kmod_signat
size < (int64_t)(modsig->signer_len + modsig->key_id_len + sig_len))
return false;
- size -= sig_len;
- sig_info->sig = mem + size;
- sig_info->sig_len = sig_len;
-
- size -= modsig->key_id_len;
- sig_info->key_id = mem + size;
- sig_info->key_id_len = modsig->key_id_len;
-
- size -= modsig->signer_len;
- sig_info->signer = mem + size;
- sig_info->signer_len = modsig->signer_len;
-
- sig_info->algo = pkey_algo[modsig->algo];
- sig_info->hash_algo = pkey_hash_algo[modsig->hash];
- sig_info->id_type = pkey_id_type[modsig->id_type];
-
- return true;
+ switch (modsig->id_type) {
+ case PKEY_ID_PKCS7:
+ return fill_unknown(mem, size, modsig, sig_len, sig_info);
+ default:
+ return fill_default(mem, size, modsig, sig_len, sig_info);
+ }
}
--
2.20.1

@ -0,0 +1,58 @@
From 06fadcc6b17c3b9a534540dd6d74b0c5fb1d948d Mon Sep 17 00:00:00 2001
From: Yauheni Kaliuta <ykaliuta@redhat.com>
Date: Thu, 2 Feb 2023 15:47:36 +0200
Subject: [PATCH] man/rmmod: explain why modprobe -r is more useful
Improve user experience by explaining the option so the user may
not search explanations in other manpages (modprobe).
Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com>
Reviewed-by: Luis Chamberlain <mcgrof@kernel.org>
Signed-off-by: Lucas De Marchi <lucas.de.marchi@gmail.com>
---
man/rmmod.xml | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/man/rmmod.xml b/man/rmmod.xml
index e7c7e5f9e7dc..67bcbedd972b 100644
--- a/man/rmmod.xml
+++ b/man/rmmod.xml
@@ -52,7 +52,8 @@
want to use
<citerefentry>
<refentrytitle>modprobe</refentrytitle><manvolnum>8</manvolnum>
- </citerefentry> with the <option>-r</option> option instead.
+ </citerefentry> with the <option>-r</option> option instead
+ since it removes unused dependent modules as well.
</para>
</refsect1>
--- a/man/rmmod.8 2020-12-28 02:58:30.085851136 +0200
+++ b/man/rmmod.8 2023-02-09 16:55:55.967128297 +0200
@@ -2,12 +2,12 @@
.\" Title: rmmod
.\" Author: Jon Masters <jcm@jonmasters.org>
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\" Date: 12/27/2020
+.\" Date: 02/09/2023
.\" Manual: rmmod
.\" Source: kmod
.\" Language: English
.\"
-.TH "RMMOD" "8" "12/27/2020" "kmod" "rmmod"
+.TH "RMMOD" "8" "02/09/2023" "kmod" "rmmod"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -39,7 +39,7 @@
\fBmodprobe\fR(8)
with the
\fB\-r\fR
-option instead\&.
+option instead since it removes unused dependent modules as well\&.
.SH "OPTIONS"
.PP
\fB\-v\fR, \fB\-\-verbose\fR
--
2.39.1

@ -620,7 +620,6 @@ update_modules_for_krel() {
if ! validate_weak_links $krel && [[ -z "$force_update" ]]; then
global_link_state_restore $krel
compatible_modules=()
fi
# add compatible to installed
@ -1153,7 +1152,7 @@ while :; do
shift
done
if [ ! -x "$dracut" ] && [ -z "$no_initramfs" ]
if [ ! -x "$dracut" ]
then
echo "weak-modules: could not find dracut at $dracut"
exit 1

@ -1,30 +1,33 @@
Name: kmod
Version: 25
Release: 20%{?dist}
Version: 28
Release: 10%{?dist}
Summary: Linux kernel module management utilities
Group: System Environment/Kernel
License: GPLv2+
URL: http://git.kernel.org/?p=utils/kernel/kmod/kmod.git;a=summary
URL: https://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git
Source0: https://www.kernel.org/pub/linux/utils/kernel/kmod/%{name}-%{version}.tar.xz
Source1: weak-modules
Source2: depmod.conf.dist
Exclusiveos: Linux
Patch01: kmod-signature-do-not-report-wrong-data-for-pkc-7-signatu.patch
Patch02: kmod-libkmod-signature-implement-pkcs7-parsing-with-opens.patch
Patch03: kmod-modprobe-ignore-builtin-module-on-recursive-removing.patch
Patch04: 0001-depmod-prevent-module-dependency-files-missing-durin.patch
Patch05: 0002-depmod-prevent-module-dependency-files-corruption-du.patch
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
Patch01: man-rmmod-explain-why-modprobe-r-is-more-useful.patch
# v29~5 "libkmod: fix an overflow with wrong modules.builtin.modinfo"
Patch02: 0001-libkmod-fix-an-overflow-with-wrong-modules.builtin.m.patch
# v31~29 "libkmod: do not crash on unknown signature algorithm"
Patch03: 0001-libkmod-do-not-crash-on-unknown-signature-algorithm.patch
# v31~18 "libkmod: error out on unknown hash algorithm"
Patch04: 0001-libkmod-error-out-on-unknown-hash-algorithm.patch
# v33~1 "libkmod: avoid undefined behaviour in libkmod-builtin.c:get_string"
Patch05: 0001-libkmod-avoid-undefined-behaviour-in-libkmod-builtin.patch
BuildRequires: gcc
BuildRequires: chrpath
BuildRequires: zlib-devel
BuildRequires: xz-devel
BuildRequires: libxslt
BuildRequires: openssl-devel
# Remove it as soon as no need for Patch02 anymore (Makefile.am updated)
BuildRequires: automake autoconf libtool
BuildRequires: make
BuildRequires: libzstd-devel
Provides: module-init-tools = 4.0-1
Obsoletes: module-init-tools < 4.0-1
@ -39,7 +42,6 @@ examples of loaded and unloaded modules.
%package libs
Summary: Libraries to handle kernel module loading and unloading
License: LGPLv2+
Group: System Environment/Libraries
%description libs
The kmod-libs package provides runtime libraries for any application that
@ -47,7 +49,6 @@ wishes to load or unload Linux kernel modules from the running system.
%package devel
Summary: Header files for kmod development
Group: Development/Libraries
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
%description devel
@ -55,30 +56,26 @@ The kmod-devel package provides header files used for development of
applications that wish to load or unload Linux kernel modules.
%prep
%setup -q
%patch01 -p1
%patch02 -p1
%patch03 -p1
%patch04 -p1
%patch05 -p1
%autosetup -p1
%build
export V=1
aclocal
autoreconf --install --symlink
%configure \
--with-openssl \
--with-zlib \
--with-xz \
--with-openssl
make %{?_smp_mflags}
--with-xz \
--with-zstd
%{make_build} V=1
%install
make install DESTDIR=$RPM_BUILD_ROOT
pushd $RPM_BUILD_ROOT/%{_mandir}/man5
%{make_install}
pushd $RPM_BUILD_ROOT%{_mandir}/man5
ln -s modprobe.d.5.gz modprobe.conf.5.gz
popd
rm -rf $RPM_BUILD_ROOT%{_libdir}/*.la
find %{buildroot} -type f -name "*.la" -delete
mkdir -p $RPM_BUILD_ROOT%{_sbindir}
ln -sf ../bin/kmod $RPM_BUILD_ROOT%{_sbindir}/modprobe
ln -sf ../bin/kmod $RPM_BUILD_ROOT%{_sbindir}/modinfo
@ -91,16 +88,10 @@ mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/modprobe.d
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d
mkdir -p $RPM_BUILD_ROOT%{_prefix}/lib/modprobe.d
mkdir -p $RPM_BUILD_ROOT/sbin
install -m 755 %{SOURCE1} $RPM_BUILD_ROOT%{_sbindir}/weak-modules
install -pm 755 %{SOURCE1} $RPM_BUILD_ROOT%{_sbindir}/weak-modules
install -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d/dist.conf
%post libs -p /sbin/ldconfig
%postun libs -p /sbin/ldconfig
%files
%defattr(-,root,root,-)
%dir %{_sysconfdir}/depmod.d
%dir %{_sysconfdir}/modprobe.d
%dir %{_prefix}/lib/modprobe.d
@ -119,7 +110,6 @@ install -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d/dist.conf
%doc NEWS README TODO
%files libs
%{!?_licensedir:%global license %%doc}
%license COPYING
%{_libdir}/libkmod.so.*
@ -129,83 +119,77 @@ install -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d/dist.conf
%{_libdir}/libkmod.so
%changelog
* Wed Oct 11 2023 Eugene Syromiatnikov <esyr@redhat.com> - 25-20
* Thu Aug 15 2024 Eugene Syromiatnikov <esyr@redhat.com> - 28-10
- Fix issues discovered by static analysis
- Resolves: RHEL-34073
* Thu May 11 2023 Eugene Syromiatnikov <esyr@redhat.com> - 28-9
- Add symvers.xz support to weak-modules
- Resolves: RHEL-8903
* Mon Nov 29 2021 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-19
- depmod: fix parallel execution issues
Resolves: rhbz#2026938
* Fri Apr 16 2021 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-18
- weak-modules: do not require dracut wneh using --no-initramfs
Resolves: rhbz#1935416
* Fri Dec 18 2020 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-17
- weak-modules: reset compatible_modules if configuration is not valid
Resolves: rhbz#1907855
* Mon Dec 9 2019 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-16
- weak-modules: update_modules_for_krel: always finish sandbox
- weak-modules: groupping: use dependencies of extra/ provider
Resolves: rhbz#1778889
* Mon Dec 9 2019 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-15
- weak-modules: reverse checking order for add-kernel
Resolves: rhbz#1755196
* Mon Dec 2 2019 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-14
- modprobe: do not fail on built-in modules
Resolves: rhbz#1767513
* Tue Apr 16 2019 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-13
- weak-modules: handle independent modules in one run
Resolves: rhbz#1695763
* Tue Apr 2 2019 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-12
- weak-modules: use asterisk for kernel version in sandbox
Resolves: rhbz#1689052
* Tue Feb 5 2019 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-11
- add PKCS7/openssl support.
Resolves: rhbz#1668459.
* Tue Dec 11 2018 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-10
- weak-modules: group modules on add-kernel
- weak-modules: do not make groups if there are no extra modules
Resolves: rhbz#1649211
* Tue Oct 2 2018 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-9
- Rebuild with updated flags.
Resolves: rhbz#1630574.
* Tue Sep 4 2018 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-8
- weak-modules: fix initial state creation for dry-run
- weak-modules: check compatibility in a temporary directory
Resolves: rhbz#1622990.
* Tue Aug 28 2018 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-7
- weak-modules: use is_kernel_installed wrapper in update_modules_for_krel.
- weak-modules: more abstract symvers search implementation.
- weak-modules: use additional paths for System.map file.
Resolves: rhbz#1621306.
* Thu Aug 09 2018 Eugene Syromiatnikov <esyr@redhat.com> - 25-6
- weak-modules: check also for /lib/modules/$krel/symvers.gz as a possible
symvers file path.
Resolves: rhbz#1614119.
* Mon Jul 30 2018 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-5
- weak-modules: handle versions with + and other special regex symbols
- weak-modules: fix misleading message when cannot find dracut.
Resolves: rhbz#1609372.
* Fri Jul 27 2018 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-4
- fix dracut path, /usr/bin/dracut
* Wed Jul 25 2018 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-3
- Add depmod.d/dist.conf.
- Update weak-modules to RHEL version.
- Resolves: rhbz#2192895
* Thu Feb 9 2023 Yauheni Kaliuta <ykaliuta@redhat.com> - 28-8
- man/rmmod: explain why modprobe -r is more useful
Resolves: rhbz#2164253
* Thu Oct 21 2021 Yauheni Kaliuta <ykaliuta@redhat.com> - 28-7
- Add RHEL gating configuration. Related: rhbz#1985100
* Tue Aug 10 2021 Yauheni Kaliuta <ykaliuta@redhat.com> - 28-6
- add default config.
Resolves: rhbz#1985100
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 28-5
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 28-4
- Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 28-3
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 28-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Thu Jan 07 2021 Josh Boyer <jwboyer@fedoraproject.org> - 28-1
- New upstream v28
- Enable zstd support
- Resolves: rhbz#1913949
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 27-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Mar 25 2020 Yauheni Kaliuta <ykaliuta@fedoraproject.org> - 27-2
- add 0001-depmod-do-not-output-.bin-to-stdout.patch
Resolves: rhbz#1808430
* Thu Feb 20 2020 Peter Robinson <pbrobinson@fedoraproject.org> - 27-1
- New upstream v27
* Mon Jan 20 2020 Yauheni Kaliuta <ykaliuta@fedoraproject.org> - 26-5
- weak-modules: sync with RHEL
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 26-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Mon Feb 25 2019 Yauheni Kaliuta <yauheni.kaliuta@redhat.com> - 26-3
- weak-modules: sync with RHEL
* Sun Feb 24 2019 Yauheni Kaliuta <ykaliuta@fedoraproject.org> - 26-2
- add PKCS7/openssl support (rhbz 1320921)
* Sun Feb 24 2019 Yauheni Kaliuta <ykaliuta@fedoraproject.org> - 26-1
- Update to version 26 (rhbz 1673749)
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 25-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Oct 29 2018 James Antill <james.antill@redhat.com> - 25-4
- Remove ldconfig scriptlet, now done via. transfiletrigger in glibc (rhbz 1644063)
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 25-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 25-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
@ -296,7 +280,7 @@ install -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d/dist.conf
- Update to version 13
* Wed Mar 20 2013 Weiping Pan <wpan@redhat.com> - 12-3
- Pull in weak-modules for kABI from Jon Masters <jcm@redhat.com>
- Pull in weak-modules for kABI from Jon Masters <jcm@redhat.com>
* Mon Mar 18 2013 Josh Boyer <jwboyer@redhat.com>
- Add patch to make rmmod understand built-in modules (rhbz 922187)

Loading…
Cancel
Save