summaryrefslogtreecommitdiff
path: root/libkmod
AgeCommit message (Collapse)AuthorFilesLines
2020-12-01libkmod: kmod_log_null: qualify ctx argument as constYauheni Kaliuta1-1/+1
kmod_log_null() does not change ctx (does nothing). Fix warnings In file included from libkmod/libkmod-index.c:33: libkmod/libkmod-index.c: In function ‘index_mm_open’: libkmod/libkmod-index.c:757:6: warning: passing argument 1 of ‘kmod_log_null’ discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers] 757 | DBG(ctx, "file=%s\n", filename); Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
2020-12-01libkmod: kmod_builtin_get_modinfo: free modinfo on errorYauheni Kaliuta1-0/+1
The function allocates array but on building it if get_string() fails it returns the error leaving the array allocated. The caller does not care about it in error case either. Free it to fix memory leak. Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
2020-09-10add Zstandard compression supportTorge Matthies2-1/+145
I changed the style of the hackargs variable in autogen.sh to multiline because said line was becoming a bit long with the new --with-zstd arg added. A previous version of this patch has been running on my two Arch Linux installations (with an accompanying mkinitcpio patch) for several months over many kernel updates without any issues. Any additional testing and/or patch review would of course be appreciated. Signed-off-by: Torge Matthies <openglfreak@googlemail.com>
2020-03-23libkmod: allow modules.alias.builtin to be optionalLucas De Marchi1-3/+12
2020-03-23libkmod: fix return error when opening indexLucas De Marchi3-22/+29
When calling kmod_load_resources() we could end up getting a bogus return value -ENOMEM due to several other reasons, like the index not existing. Change index_mm_open() to propagate the failure reason so we can take actions on it or return to the caller.
2020-03-23libkmod: simplify lookup when builtin.modinfo.bin file is missingLucas De Marchi2-18/+15
When we try to lookup a module and builtin.modinfo.bin is missing, we would do the right thing because the caller was replacing the return code with 0 (and the list was not modified). Make it simpler by allowing the caller to check and differentiate the errors between module not found and index not found.
2020-03-13libkmod: ignore kcmdline option if we fail to parse modnameLucas De Marchi1-1/+2
The error message is saying we are ignoring the option on the kernel command line, so just do it.
2020-01-20libkmod: reset was_space on second passLucas De Marchi1-0/+1
The softdep config parser uses a 2-pass approach to use a single allocation for all the softdep struct. However "was_space" variable isn't reset between them. This can lead to a buffer overflow. Reported-by: Jorge Lucangeli Obes <jorgelo@google.com> Link: https://lore.kernel.org/linux-modules/CAKYuF5QhGCPCazHQjN-=kFc5kHs7Ok8WqmmGLo31CiOEN8TYdA@mail.gmail.com
2019-12-29libkmod-module: convert return value from system() to errnoTopi Miettinen1-6/+11
Don't use exit status of a command directly as errno code, callers will be confused. Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
2019-12-18modinfo: Show information about built-in modulesAlexey Gladkov2-8/+17
Signed-off-by: Alexey Gladkov <gladkov.alexey@gmail.com>
2019-12-18Lookup aliases in the modules.builtin.modinfoAlexey Gladkov4-2/+35
New modules.builtin.modinfo duplicates modules.builtin in the built-in module name search. If it exists, then we can use this file, but if not, then we need to fallback to the old file. Signed-off-by: Alexey Gladkov <gladkov.alexey@gmail.com>
2019-12-18libkmod: Add function to get list of built-in modulesAlexey Gladkov2-0/+41
Signed-off-by: Alexey Gladkov <gladkov.alexey@gmail.com>
2019-12-18libkmod: Add parser for modules.builtin.modinfoAlexey Gladkov2-0/+337
The kernel since version v5.2-rc1 exports information about built-in modules in the modules.builtin.modinfo. Information is stored in the same format as in the separate modules (null-terminated string array). The module name is a prefix for each line. $ tr '\0' '\n' < modules.builtin.modinfo ext4.softdep=pre: crc32c ext4.license=GPL ext4.description=Fourth Extended Filesystem ext4.author=Remy Card, Stephen Tweedie, Andrew Morton, Andreas Dilger, Theodore Ts'o and others ext4.alias=fs-ext4 ext4.alias=ext3 ext4.alias=fs-ext3 ext4.alias=ext2 ext4.alias=fs-ext2 md_mod.alias=block-major-9-* md_mod.alias=md md_mod.description=MD RAID framework md_mod.license=GPL md_mod.parmtype=create_on_open:bool md_mod.parmtype=start_dirty_degraded:int ... Signed-off-by: Alexey Gladkov <gladkov.alexey@gmail.com>
2019-05-28libkmod-signature: use PKCS#7 instead of CMSStefan Strogin1-18/+19
Linux uses either PKCS #7 or CMS for signing modules (see scripts/sign-file.c). CMS is not supported by LibreSSL or older OpenSSL, so PKCS #7 is used on systems with these libcrypto providers. CMS and PKCS #7 formats are very similar. CMS is newer but is as much as possible backward compatible with PKCS #7 [1]. PKCS #7 is supported in the latest OpenSSL as well as CMS. The fields used for signing kernel modules are supported both in PKCS #7 and CMS. For now modinfo uses CMS with no alternative requiring OpenSSL 1.1.0 or newer. Use PKCS #7 for parsing module signature information, so that modinfo could be used both with OpenSSL and LibreSSL. [1] https://tools.ietf.org/html/rfc5652#section-1.1 Changes v1->v2: - Don't use ifdefs for keeping redundant CMS code, just use PKCS #7 both with OpenSSL and LibreSSL. Signed-off-by: Stefan Strogin <steils@gentoo.org>
2019-02-04libkmod-signature: implement pkcs7 parsing with opensslYauheni Kaliuta3-4/+199
The patch adds data fetching from the PKCS#7 certificate using openssl library (which is used by scripts/sign-file.c in the linux kernel to sign modules). In general the certificate can contain many signatures, but since kmod (modinfo) supports only one signature at the moment, only first one is taken. With the current sign-file.c certificate doesn't contain signer key's fingerprint, so "serial number" is used for the key id. Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
2018-11-16signature: do not report wrong data for pkc#7 signatureYauheni Kaliuta2-19/+39
when PKC#7 signing method is used the old structure doesn't contain any useful data, but the data are encoded in the certificate. The info getting/showing code is not aware of that at the moment and since 0 is a valid constant, shows, for example, wrong "md4" for the hash algo. The patch splits the 2 mothods of gethering the info and reports "unknown" for the algo. Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
2018-06-18kmod: build: cure compiler warnings showing up externallyJan Engelhardt1-2/+2
When building a C source file with gcc-7 -Wshift-overflow=2, this warning springs up: libkmod.h: warning: result of "1 << 31" requires 33 bits to represent, but "int" only has 32 bits [-Wshift-overflow=] Change the two _KMOD_* identifiers to fit into 32 bits.
2018-04-05libkmod-module: check for NULL before accessing pointersLuca Bruno1-13/+10
This introduces a few missing NULL-checks in public functions, and align their docstrings with real behavior by getting rid of copy-paste mistakes. Signed-off-by: Luca Bruno <luca.bruno@coreos.com>
2017-08-04libkmod-elf: resolve CRC if module is built with MODULE_REL_CRCSYauheni Kaliuta1-1/+29
Normally exported symbol's crc is stored as absolute (SHN_ABS) value of special named symbol __crc_<symbol name>. When the kernel and modules are built with the config option CONFIG_MODULE_REL_CRCS, all the CRCs are put in a special section and the __crc_<symbol name> symbols values are offsets in the section. See patch description of the commit: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=56067812d5b0e737ac2063e94a50f76b810d6ca3 Add kmod support of this configuration. Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
2017-04-11libkmod: modinfo: implement signature outputYauheni Kaliuta3-1/+16
Signature was ignored from the modinfo. Implement its parsing from the module data and add its output to the modinfo utility. Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
2017-04-11libkmod: modinfo: implement line splitting in hex_to_strYauheni Kaliuta1-5/+15
The key output is usually short, but for signature it is more readable to output it in several lines. Implement line splitting. Set line limit hardcoded to 20 hex numbers (not characters). Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
2017-04-11libkmod: modinfo: use own function for sig_key hex outputYauheni Kaliuta1-25/+54
Refactor the code a bit to make it easier to extend for signature output. kmod_module_get_info() creats a hex string for the sig_key data inplace. Separate it into own kmod_module_hex_to_string function and handle the branch in the new kmod_module_info_append_hex, keeping the same signature as the non-hex version. Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
2017-04-11libkmod: modinfo: fix sig_id outputYauheni Kaliuta1-1/+1
For some reason the key for sig_id was set to "signature". The length was calculated against the proper string, as the result in the output it was truncated to "signat". Pass the proper key to the kmod_module_info_append() call. Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
2017-02-16libkmod-config: fix parsing quoted kernel cmdline on paramsLucas De Marchi1-0/+14
We can only accept quoted values, not module names or parameter names.
2017-02-16libkmod-config: replace 0/1 with boolLucas De Marchi1-4/+4
2017-02-16module: fix a memory leakBartosz Golaszewski1-4/+6
When a module is removed and re-inserted without unrefing, the kmod_file is unconditionally re-opened. This results in a memory and file descriptor leak. Fix it by checking if the file is already open in kmod_module_insert_module(). Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
2017-01-23libkmod: Fix handling of quotes in kernel command lineJames Minor1-0/+7
If a module parameter on the command line contains quotes, any spaces inside those quotes should be included as part of the parameter. Signed-off-by: James Minor <james.minor@ni.com>
2016-08-08libkmod: fix use of strcpyLucas De Marchi1-6/+11
We were not checking if there was sufficient space in the buffer.
2016-06-28libkmod: fix integration with gtk-docLucas De Marchi1-1/+3
It was failing to generate doc with recent version of gtk-doc [kmod]$ ./bootstrap libkmod/docs/gtk-doc.make:33: error: EXTRA_DIST must be set with '=' before using '+=' libkmod/docs/Makefile.am:29: 'libkmod/docs/gtk-doc.make' included from here autoreconf: automake failed with exit status: 1 Just add an empty EXTRA_DIST so it works.
2016-06-27libkmod-module: modinfo: print signature idLucas De Marchi1-1/+7
This way it's possible to give at least the signature type for PKCS#7.
2016-06-27libkmod-signature: handle PKCS#7Lucas De Marchi1-0/+2
2016-06-27libkmod-module: do not crash modinfo on 0 key id lenLucas De Marchi1-15/+23
2016-06-21libkmod: Handle long lines in /proc/modulesMichal Marek1-2/+10
kmod_module_new_from_loaded() calls fgets with a 4k buffer. When a module such as usbcore is used by too many modules, the rest of the line is considered a beginning of another lines and we eventually get errors like these from lsmod: libkmod: kmod_module_get_holders: could not open '/sys/module/100,/holders': No such file or directory together with bogus entries in the output. In kmod_module_get_size, the problem does not affect functionality, but the line numbers in error messages will be wrong. Signed-off-by: Michal Marek <mmarek@suse.com>
2016-05-21kmod_module_get_refcnt: fix documentationPeter Wu1-1/+1
2015-09-30libkmod: export new kmod_get_dirname() functionLucas De Marchi2-1/+14
Make sure it gets exported and add documentation.
2015-09-30modprobe: Update error message when path is missingLaura Abbott2-2/+1
Currently, modprobe fails with no output by default if the search paths it tries are missing: $ modprobe -S notakernel dm-crypt $ $ modprobe -S notakernel lkjjweiojo $ This is fairly cryptic and not at all obvious there is a problem unless the error code is checked or verbose flags are used. Update the error message to indicate a problem and print out the directory that failed.
2015-06-13libkmod-module: fix return code in error pathLucas De Marchi1-1/+1
ENOSYS is the wrong errno to return when we don't find a module in kmod_module_insert_module(). Why is it there in the first place? This goes back to kmod v1 when we couldn't load modules by names, but we should give a path instead. 708624a ("ELF: initial support for modinfo and strip of modversions and vermagic.") changed that so we do a lazy-search by the module path in this function. Later f304afe ("Change error message to reflect reality") fixed the log message but the return coded remained the same.
2015-02-28Check return of fseek while reading indexLucas De Marchi1-1/+2
2015-02-28Avoid sign-extension error on multiplicationLucas De Marchi1-1/+1
Do not promote "idx * elf->header.section.entry_size" to int. Explicitly cast the result to uint64_t so it's zero-extended.
2015-02-28Fix race while loading modulesHarish Jenny K N3-19/+57
usecase: two sd cards are being mounted in parallel at same time on dual core. example modules which are getting loaded is nls_cp437. While one module is being loaded , it starts creating sysfs files. meanwhile on other core, modprobe might return saying the module is KMOD_MODULE_BUILTIN, which might result in not mounting sd card. Experiments done to prove the issue in kmod. Added sleep in kernel module.c at the place of creation of sysfs files. Then tried `modprobe nls_cp437` from two different shells. While the first was still waiting for its completion , the second one returned saying the module is built-in. [ Lucas: The problem is that the creation of /sys/module/<name> and /sys/module/<name>/initstate are not atomic. There's a small window in which the directory exists but the initstate file was still not created. Built-in modules can be handled by searching the modules.builtin file. We actually lose some "modules" that create entries in /sys/modules (e.g. vt) and are not in modules.builtin file: only those that can be compiled as module are present in this file. We enforce mod->builtin to always be up-to-date when kmod_module_get_initstate() is called. This way if the directory exists but the initstate doesn't, we can be sure this is because the module is in the "coming" state, i.e. kernel didn't create the file yet, but since builtin modules were already handled by checking our index the only reason for that to happen is that we hit the race condition. I also added some tweaks to the patch, so we don't repeat the code for builtin lookup. ]
2015-02-18libkmod: better explain a signed module layoutLucas De Marchi1-7/+11
2015-02-18libkmod: consider empty signature key as invalidLucas De Marchi1-1/+2
A segmentation fault occurs if a module has an empty key attached to its signature. This is mostly likely due to a corrupted module. The crash happens because kmod_module_get_info() assumes that kmod_module_signature_info() returns a signature of at least 1 byte. The fix is based on a patch from Tobias Stoeckmann <tobias@stoeckmann.org>, but rather than changing kmod_module_get_info() to fix the crash, this changes kmod_module_signature_info() to consider the signature as invalid.
2015-02-18Fix out of bounds signature access with 32 bit off_tTobias Stoeckmann1-1/+1
If kmod has been configured with --disable-largefile on a 32 bit system, off_t will be 32 bit. In that case, the parsed sig_len can bypass a validation check (it's _unsigned_ 32 bit). Due to the unlikeliness of people using --disable-largefile, this is a mere validation fix. With an explicit signed 64 bit cast, there is no binary change for 99.9% of Linux systems out there. ;)
2015-02-17libkmod: properly validate file sizeTobias Stoeckmann1-5/+5
In function kmod_elf_new, the file size has to be properly validated against section offset. Currently, the file size is considered valid based on ELF header size + section header size * section count. That is not sufficient. In fact, ELF specifies a section header offset, which doesn't have to be the size of the ELF header. The supplied test cases even cover this. The correct test is: section offset + section header size * section count This patch also verifies that this value won't overflow. I don't know a way to crash a tool due to this bug, because later on the offset check would prevent out-of-bounds access. An overflow would just mean to access a wrong part in elf->memory. Yet it's a validation error. Please note: The file size does not have to be validated against the size of the ELF header again, elf_identify did this already.
2015-02-10libkmod: use helper function to check for overflowLucas De Marchi1-2/+2
2015-02-10Prevent offset + size overflow.Tobias Stoeckmann1-1/+1
it is possible to overflow uint64_t by summing variables offset and size up in elf_get_section_info. Thee values are extracted from module file and are possibly maliciously tampered with. If offset is in valid range and size very large, the result will overflow and the size check passes. Later on, this will most likely lead to a segmentation fault due to accessing uninitialized memory. Attached please find a proof of concept module, which will trigger a segmentation fault on modinfo. Tested on amd64: tobias:~$ modinfo poc.ko filename: /home/tobias/poc.ko Segmentation fault There are more errors of this type in the ELF handling code that will be fixed in other patches.
2015-01-25Fix uninitialized warningLucas De Marchi1-1/+1
Initialize variable to NULL before calling kmod_module_new_from_lookup(). libkmod/libkmod-module.c: In function 'kmod_module_new_from_lookup.part.4.constprop': libkmod/libkmod-module.c:192:8: warning: 'depmod' may be used uninitialized in this function [-Wmaybe-uninitialized] list = kmod_list_prepend(list, depmod); ^ libkmod/libkmod-module.c:173:23: note: 'depmod' was declared here struct kmod_module *depmod;
2015-01-02Fix include in python bindingsLucas De Marchi1-1/+1
Prefix the include of libkmod in python bindings.
2015-01-02libkmod-elf: Remove unused variablesLucas De Marchi1-6/+0
libkmod/libkmod-elf.c:52:34: warning: unused variable 'native_endianess' [-Wunused-const-variable] static const enum kmod_elf_class native_endianess = KMOD_ELF_LSB;
2014-12-25Remove FSF mailing addressLucas De Marchi10-20/+10
It has changed in the past, and these days, anyone can get a copy of the LGPL via the web rather than by post. Like 657a122 (Remove FSF mailing address) in libabc by Josh Tripplet, but let the FSF website in which the license can be found.