| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Fix double free for *modinfo with non '\0' terminated wrong
modules.builtin.modinfo, which is because EOF is minus value.
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
[sw0312.kim: cherry-pick mainline commit 675410c3b3b1]
Change-Id: I9899505ff12d1444013b92007bb0474115047104
|
|
Fix a possbile overflow with exact PATH_MAX length modname
in wrong modules.builtin.modinfo.
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
[sw0312.kim: cherry-pick mainline commit 1cab02ecf6ee]
Change-Id: I609585cc97d8abb30541b37d3dee0eda66029162
|
|
From kmod_config_new(), when kmod_list_append() fails,
fix not list-appended kmod_config_path leak.
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
[sw0312.kim: cherry-pick mainline commit 39dd17162374]
Change-Id: Ic1d1e77ecc9b81fdd4f0eb771cce1d7b42d0024e
|
|
kmod_log_null() does not change ctx (does nothing).
Fix warnings
In file included from libkmod/libkmod-index.c:33:
libkmod/libkmod-index.c: In function ‘index_mm_open’:
libkmod/libkmod-index.c:757:6: warning: passing argument 1 of ‘kmod_log_null’ discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers]
757 | DBG(ctx, "file=%s\n", filename);
Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
|
|
The function allocates array but on building it if get_string()
fails it returns the error leaving the array allocated. The caller
does not care about it in error case either.
Free it to fix memory leak.
Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
|
|
I changed the style of the hackargs variable in autogen.sh to multiline
because said line was becoming a bit long with the new --with-zstd arg
added.
A previous version of this patch has been running on my two Arch Linux
installations (with an accompanying mkinitcpio patch) for several months
over many kernel updates without any issues.
Any additional testing and/or patch review would of course be appreciated.
Signed-off-by: Torge Matthies <openglfreak@googlemail.com>
|
|
|
|
When calling kmod_load_resources() we could end up getting a bogus
return value -ENOMEM due to several other reasons, like the index not
existing. Change index_mm_open() to propagate the failure reason so we
can take actions on it or return to the caller.
|
|
When we try to lookup a module and builtin.modinfo.bin is missing, we
would do the right thing because the caller was replacing the return
code with 0 (and the list was not modified).
Make it simpler by allowing the caller to check and differentiate the
errors between module not found and index not found.
|
|
The error message is saying we are ignoring the option on the kernel
command line, so just do it.
|
|
The softdep config parser uses a 2-pass approach to use a single
allocation for all the softdep struct. However "was_space" variable
isn't reset between them. This can lead to a buffer overflow.
Reported-by: Jorge Lucangeli Obes <jorgelo@google.com>
Link: https://lore.kernel.org/linux-modules/CAKYuF5QhGCPCazHQjN-=kFc5kHs7Ok8WqmmGLo31CiOEN8TYdA@mail.gmail.com
|
|
Don't use exit status of a command directly as errno code, callers
will be confused.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
|
|
Signed-off-by: Alexey Gladkov <gladkov.alexey@gmail.com>
|
|
New modules.builtin.modinfo duplicates modules.builtin in the built-in
module name search. If it exists, then we can use this file, but if not,
then we need to fallback to the old file.
Signed-off-by: Alexey Gladkov <gladkov.alexey@gmail.com>
|
|
Signed-off-by: Alexey Gladkov <gladkov.alexey@gmail.com>
|
|
The kernel since version v5.2-rc1 exports information about built-in
modules in the modules.builtin.modinfo. Information is stored in
the same format as in the separate modules (null-terminated string
array). The module name is a prefix for each line.
$ tr '\0' '\n' < modules.builtin.modinfo
ext4.softdep=pre: crc32c
ext4.license=GPL
ext4.description=Fourth Extended Filesystem
ext4.author=Remy Card, Stephen Tweedie, Andrew Morton, Andreas Dilger, Theodore Ts'o and others
ext4.alias=fs-ext4
ext4.alias=ext3
ext4.alias=fs-ext3
ext4.alias=ext2
ext4.alias=fs-ext2
md_mod.alias=block-major-9-*
md_mod.alias=md
md_mod.description=MD RAID framework
md_mod.license=GPL
md_mod.parmtype=create_on_open:bool
md_mod.parmtype=start_dirty_degraded:int
...
Signed-off-by: Alexey Gladkov <gladkov.alexey@gmail.com>
|
|
Linux uses either PKCS #7 or CMS for signing modules (see
scripts/sign-file.c). CMS is not supported by LibreSSL or older OpenSSL,
so PKCS #7 is used on systems with these libcrypto providers.
CMS and PKCS #7 formats are very similar. CMS is newer but is as much as
possible backward compatible with PKCS #7 [1]. PKCS #7 is supported in
the latest OpenSSL as well as CMS. The fields used for signing kernel
modules are supported both in PKCS #7 and CMS.
For now modinfo uses CMS with no alternative requiring OpenSSL 1.1.0 or
newer.
Use PKCS #7 for parsing module signature information, so that modinfo
could be used both with OpenSSL and LibreSSL.
[1] https://tools.ietf.org/html/rfc5652#section-1.1
Changes v1->v2:
- Don't use ifdefs for keeping redundant CMS code, just use PKCS #7 both
with OpenSSL and LibreSSL.
Signed-off-by: Stefan Strogin <steils@gentoo.org>
|
|
The patch adds data fetching from the PKCS#7 certificate using
openssl library (which is used by scripts/sign-file.c in the linux
kernel to sign modules).
In general the certificate can contain many signatures, but since
kmod (modinfo) supports only one signature at the moment, only first
one is taken.
With the current sign-file.c certificate doesn't contain signer
key's fingerprint, so "serial number" is used for the key id.
Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
|
|
when PKC#7 signing method is used the old structure doesn't contain
any useful data, but the data are encoded in the certificate.
The info getting/showing code is not aware of that at the moment and
since 0 is a valid constant, shows, for example, wrong "md4" for the
hash algo.
The patch splits the 2 mothods of gethering the info and reports
"unknown" for the algo.
Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
|
|
When building a C source file with gcc-7 -Wshift-overflow=2, this warning
springs up:
libkmod.h: warning: result of "1 << 31" requires 33 bits to
represent, but "int" only has 32 bits [-Wshift-overflow=]
Change the two _KMOD_* identifiers to fit into 32 bits.
|
|
This introduces a few missing NULL-checks in public functions, and
align their docstrings with real behavior by getting rid of copy-paste
mistakes.
Signed-off-by: Luca Bruno <luca.bruno@coreos.com>
|
|
Normally exported symbol's crc is stored as absolute (SHN_ABS)
value of special named symbol __crc_<symbol name>.
When the kernel and modules are built with the config option
CONFIG_MODULE_REL_CRCS, all the CRCs are put in a special section
and the __crc_<symbol name> symbols values are offsets in the
section. See patch description of the commit:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=56067812d5b0e737ac2063e94a50f76b810d6ca3
Add kmod support of this configuration.
Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
|
|
Signature was ignored from the modinfo. Implement its parsing
from the module data and add its output to the modinfo utility.
Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
|
|
The key output is usually short, but for signature it is more
readable to output it in several lines.
Implement line splitting. Set line limit hardcoded to 20 hex
numbers (not characters).
Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
|
|
Refactor the code a bit to make it easier to extend for signature
output.
kmod_module_get_info() creats a hex string for the sig_key data
inplace. Separate it into own kmod_module_hex_to_string function
and handle the branch in the new kmod_module_info_append_hex,
keeping the same signature as the non-hex version.
Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
|
|
For some reason the key for sig_id was set to "signature". The
length was calculated against the proper string, as the result in
the output it was truncated to "signat".
Pass the proper key to the kmod_module_info_append() call.
Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
|
|
We can only accept quoted values, not module names or parameter names.
|
|
|
|
When a module is removed and re-inserted without unrefing, the
kmod_file is unconditionally re-opened. This results in a memory
and file descriptor leak.
Fix it by checking if the file is already open in
kmod_module_insert_module().
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
|
|
If a module parameter on the command line contains quotes, any
spaces inside those quotes should be included as part of the
parameter.
Signed-off-by: James Minor <james.minor@ni.com>
|
|
We were not checking if there was sufficient space in the buffer.
|
|
It was failing to generate doc with recent version of gtk-doc
[kmod]$ ./bootstrap
libkmod/docs/gtk-doc.make:33: error: EXTRA_DIST must be set with '=' before using '+='
libkmod/docs/Makefile.am:29: 'libkmod/docs/gtk-doc.make' included from here
autoreconf: automake failed with exit status: 1
Just add an empty EXTRA_DIST so it works.
|
|
This way it's possible to give at least the signature type for PKCS#7.
|
|
|
|
|
|
kmod_module_new_from_loaded() calls fgets with a 4k buffer. When a
module such as usbcore is used by too many modules, the rest of the line
is considered a beginning of another lines and we eventually get errors
like these from lsmod:
libkmod: kmod_module_get_holders: could not open '/sys/module/100,/holders': No such file or directory
together with bogus entries in the output. In kmod_module_get_size, the
problem does not affect functionality, but the line numbers in error
messages will be wrong.
Signed-off-by: Michal Marek <mmarek@suse.com>
|
|
|
|
Make sure it gets exported and add documentation.
|
|
Currently, modprobe fails with no output by default if the
search paths it tries are missing:
$ modprobe -S notakernel dm-crypt
$
$ modprobe -S notakernel lkjjweiojo
$
This is fairly cryptic and not at all obvious there is a problem
unless the error code is checked or verbose flags are used.
Update the error message to indicate a problem and print out the
directory that failed.
|
|
ENOSYS is the wrong errno to return when we don't find a module in
kmod_module_insert_module(). Why is it there in the first place? This
goes back to kmod v1 when we couldn't load modules by names, but we
should give a path instead.
708624a ("ELF: initial support for modinfo and strip of modversions and
vermagic.") changed that so we do a lazy-search by the module path in
this function. Later f304afe ("Change error message to reflect
reality") fixed the log message but the return coded remained the same.
|
|
|
|
Do not promote "idx * elf->header.section.entry_size" to int. Explicitly
cast the result to uint64_t so it's zero-extended.
|
|
usecase: two sd cards are being mounted in parallel at same time on
dual core. example modules which are getting loaded is nls_cp437.
While one module is being loaded , it starts creating sysfs files.
meanwhile on other core, modprobe might return saying the module
is KMOD_MODULE_BUILTIN, which might result in not mounting sd card.
Experiments done to prove the issue in kmod.
Added sleep in kernel module.c at the place of creation of sysfs files.
Then tried `modprobe nls_cp437` from two different shells.
While the first was still waiting for its completion ,
the second one returned saying the module is built-in.
[ Lucas:
The problem is that the creation of /sys/module/<name> and
/sys/module/<name>/initstate are not atomic. There's a small window in
which the directory exists but the initstate file was still not
created.
Built-in modules can be handled by searching the modules.builtin file.
We actually lose some "modules" that create entries in /sys/modules
(e.g. vt) and are not in modules.builtin file: only those that can be
compiled as module are present in this file.
We enforce mod->builtin to always be up-to-date when
kmod_module_get_initstate() is called. This way if the directory
exists but the initstate doesn't, we can be sure this is because the
module is in the "coming" state, i.e. kernel didn't create the file
yet, but since builtin modules were already handled by checking our
index the only reason for that to happen is that we hit the race
condition.
I also added some tweaks to the patch, so we don't repeat the code for builtin
lookup. ]
|
|
|
|
A segmentation fault occurs if a module has an empty key attached to
its signature. This is mostly likely due to a corrupted module.
The crash happens because kmod_module_get_info() assumes that
kmod_module_signature_info() returns a signature of at least 1 byte.
The fix is based on a patch from Tobias Stoeckmann
<tobias@stoeckmann.org>, but rather than changing kmod_module_get_info()
to fix the crash, this changes kmod_module_signature_info() to
consider the signature as invalid.
|
|
If kmod has been configured with --disable-largefile on a 32 bit
system, off_t will be 32 bit. In that case, the parsed sig_len can
bypass a validation check (it's _unsigned_ 32 bit).
Due to the unlikeliness of people using --disable-largefile, this is
a mere validation fix. With an explicit signed 64 bit cast, there is
no binary change for 99.9% of Linux systems out there. ;)
|
|
In function kmod_elf_new, the file size has to be properly validated against
section offset. Currently, the file size is considered valid based on
ELF header size + section header size * section count. That is not sufficient.
In fact, ELF specifies a section header offset, which doesn't have to be the
size of the ELF header. The supplied test cases even cover this.
The correct test is: section offset + section header size * section count
This patch also verifies that this value won't overflow. I don't know a way
to crash a tool due to this bug, because later on the offset check would
prevent out-of-bounds access. An overflow would just mean to access a wrong
part in elf->memory. Yet it's a validation error.
Please note: The file size does not have to be validated against the size
of the ELF header again, elf_identify did this already.
|
|
|
|
it is possible to overflow uint64_t by summing variables offset and
size up in elf_get_section_info. Thee values are extracted from module
file and are possibly maliciously tampered with.
If offset is in valid range and size very large, the result will
overflow and the size check passes. Later on, this will most likely
lead to a segmentation fault due to accessing uninitialized memory.
Attached please find a proof of concept module, which will trigger
a segmentation fault on modinfo. Tested on amd64:
tobias:~$ modinfo poc.ko
filename: /home/tobias/poc.ko
Segmentation fault
There are more errors of this type in the ELF handling code that will be
fixed in other patches.
|
|
Initialize variable to NULL before calling kmod_module_new_from_lookup().
libkmod/libkmod-module.c: In function 'kmod_module_new_from_lookup.part.4.constprop':
libkmod/libkmod-module.c:192:8: warning: 'depmod' may be used uninitialized in this function [-Wmaybe-uninitialized]
list = kmod_list_prepend(list, depmod);
^
libkmod/libkmod-module.c:173:23: note: 'depmod' was declared here
struct kmod_module *depmod;
|
