David Herrmann [Fri, 13 Sep 2013 10:42:12 +0000 (12:42 +0200)]
from systemd: build: check for build/link flags harder
Use AC_LINK_IFELSE instead of AC_COMPILE_IFELSE to test for flags that
might succeed during compilation but not during linking. An example is gcc
compiled with libssp support but gnu-ld without it. In this case
-fstack-protector works fine during compilation but fails during linking
as several internal helpers are missing.
Lucas De Marchi [Sat, 21 Feb 2015 17:47:16 +0000 (15:47 -0200)]
testsuite: port signature-check modules to module-playground
We use a "fake signature" to sign the modules. As far as kmod is
concerned the signature fields are informational only. It's the kernel
the responsible for checking it's valid.
So what we are doing here is: pick the signatures of the ext4-x86_64.ko
module and save as dummy.{hashalgo}. This signature is appended to the
mod-simple.ko module so the ext4-x86_64.ko module can be removed from
tree.
Lucas De Marchi [Sat, 21 Feb 2015 17:09:12 +0000 (15:09 -0200)]
testsuite: port arch-specific tests to module-playground
Rename modinfo_jonsmodules() to test_modinfo_signature(): now this test
is responsible only for the signed modules.
The other tests use specific flags to modinfo in order to print only
one field, so we can filter out those fields that are expect to change
if the module is recompiled.
Lucas De Marchi [Sat, 21 Feb 2015 17:02:55 +0000 (15:02 -0200)]
testsuite: leave arch-specific modules in tree
This is for convenience for development and testing since we don't want
to needlessly cross-compile the modules. There's a README file
explaining the building process for those who want to update them.
These files are compiled from their respective .c and thus have LPGL
license.
Lucas De Marchi [Sat, 21 Feb 2015 15:07:42 +0000 (13:07 -0200)]
testsuite: fix exiting with success on no output activity
If we were expecting output on stdout or stderr but the test didn't
produce any, we were incorrectly assuming the test was successful.
Now test on exit if there was activity on the monitored fd. If there
was, check also if the file size to check for output is > 0 for the
cases in which we want to assert there was no activity on certain fd.
Lucas De Marchi [Sat, 21 Feb 2015 05:22:54 +0000 (03:22 -0200)]
module-playground: allow to cross-compile modules
This adds the needed infra to cross-compile modules so we can test them
in our testsuite. Right now we are only compiling mod-simple.ko for x86,
x86_64 and sparc64.
The makefiles are organized in a way it's easy to force a rebuild of a
module by calling the Makefile.arch directly and that allows the rule in
Makefile to not trigger in case we want to ship the modules
pre-compiled.
Lucas De Marchi [Wed, 18 Feb 2015 18:15:45 +0000 (16:15 -0200)]
libkmod: consider empty signature key as invalid
A segmentation fault occurs if a module has an empty key attached to
its signature. This is mostly likely due to a corrupted module.
The crash happens because kmod_module_get_info() assumes that
kmod_module_signature_info() returns a signature of at least 1 byte.
The fix is based on a patch from Tobias Stoeckmann
<tobias@stoeckmann.org>, but rather than changing kmod_module_get_info()
to fix the crash, this changes kmod_module_signature_info() to
consider the signature as invalid.
Fix out of bounds signature access with 32 bit off_t
If kmod has been configured with --disable-largefile on a 32 bit
system, off_t will be 32 bit. In that case, the parsed sig_len can
bypass a validation check (it's _unsigned_ 32 bit).
Due to the unlikeliness of people using --disable-largefile, this is
a mere validation fix. With an explicit signed 64 bit cast, there is
no binary change for 99.9% of Linux systems out there. ;)
In function kmod_elf_new, the file size has to be properly validated against
section offset. Currently, the file size is considered valid based on
ELF header size + section header size * section count. That is not sufficient.
In fact, ELF specifies a section header offset, which doesn't have to be the
size of the ELF header. The supplied test cases even cover this.
The correct test is: section offset + section header size * section count
This patch also verifies that this value won't overflow. I don't know a way
to crash a tool due to this bug, because later on the offset check would
prevent out-of-bounds access. An overflow would just mean to access a wrong
part in elf->memory. Yet it's a validation error.
Please note: The file size does not have to be validated against the size
of the ELF header again, elf_identify did this already.
Lucas De Marchi [Tue, 10 Feb 2015 12:32:10 +0000 (10:32 -0200)]
build: define to 0 if builtin is not available
In order to let us use "#if HAVE__BUILTIN_*" without checking if it's
actually define, make sure we define it to 0 in config.h when the
function is not available.
it is possible to overflow uint64_t by summing variables offset and
size up in elf_get_section_info. Thee values are extracted from module
file and are possibly maliciously tampered with.
If offset is in valid range and size very large, the result will
overflow and the size check passes. Later on, this will most likely
lead to a segmentation fault due to accessing uninitialized memory.
Attached please find a proof of concept module, which will trigger
a segmentation fault on modinfo. Tested on amd64:
Lucas De Marchi [Tue, 3 Feb 2015 07:17:49 +0000 (05:17 -0200)]
build: let touch on directory as last step
We need to let these instructions in kmod to be the last executed ones.
Otherwise the subdirectory containing the modules could propagate up the
time access.
Lucas De Marchi [Tue, 3 Feb 2015 00:26:06 +0000 (22:26 -0200)]
testsuite: beef up module-playground in the build system
Instead of shipping pre-compiled module, this prepares the build system
to be able to compile the necessary modules from module-playground. This
preparations starts by replacing md5.ko with our own dummy
mod-simple.ko, built from source. It works by copying the modules to
their final location while preparing the rootfs.
Some tests cover internal API that wasn't used
elsewhere. The choice here was to test and keep the
list implementation complete instead of removing it.
Lucas De Marchi [Mon, 26 Jan 2015 01:54:05 +0000 (23:54 -0200)]
Fix uninitialized warning
Initialize variable to NULL before calling kmod_module_new_from_lookup().
libkmod/libkmod-module.c: In function 'kmod_module_new_from_lookup.part.4.constprop':
libkmod/libkmod-module.c:192:8: warning: 'depmod' may be used uninitialized in this function [-Wmaybe-uninitialized]
list = kmod_list_prepend(list, depmod);
^
libkmod/libkmod-module.c:173:23: note: 'depmod' was declared here
struct kmod_module *depmod;
Lucas De Marchi [Wed, 14 Jan 2015 16:05:24 +0000 (14:05 -0200)]
testsuite: fix retcodes parsing
It was not saving _modules in modules and thus all check were falling in
the fallback "consider a success if module is not in the list". Also the
name check wasn't right: replace with streq().
The parsing could be better implemented, but this is left for later.
Lucas De Marchi [Wed, 7 Jan 2015 21:14:20 +0000 (19:14 -0200)]
testsuite: do not overrid paths inside build
If we are accessing a file inside the build directory we should really
not trap the path. Right now this isn't important because we never do
such accesses. However it will be needed when gcov is integrated because
it dumps files to the same place where the binaries are located.
Lucas De Marchi [Fri, 2 Jan 2015 14:38:27 +0000 (12:38 -0200)]
Fix includes after change to build-sys
Make the includes be libkmod/libkmod.h for code outside of library. This
fixes the broken build after 1315123 ('build-sys: Don't add libkmod
subdirectory to include path').
Mike Auty [Fri, 5 Dec 2014 00:49:13 +0000 (00:49 +0000)]
build: Do not force diagnostics-color flag
The -fdiagnostics-color flag is only available on GCC >= 4.9, for
older versions this could raise an error in certain circumstances
(such as when using ccache). Instead, since -fdiagnostic-color=auto
by default in gcc-4.9, simply set the required environment variable
to the default one if it's undefined.
Based mostly on the systemd commit f44541bc by Michal Schmidt.
Tom Gundersen [Mon, 27 Oct 2014 16:55:03 +0000 (17:55 +0100)]
static-nodes: indicate that creation of static nodes should only happen at boot
udev will only manage static nodes that exist at the time udev is started, so
creating static nodes later on will likely not behave as expected. In
particular, recreating the static nodes at run-time will reset any permissions
udev may have applied to the nodes at boot.
See <https://bugzilla.redhat.com/show_bug.cgi?id=1147248> and the discussion
following <http://permalink.gmane.org/gmane.comp.sysutils.systemd.devel/23795>.
Lucas De Marchi [Fri, 17 Oct 2014 00:02:13 +0000 (21:02 -0300)]
strbuf: reduce default buffer size
Using 2048 as buffer sizer for strbuf is a bit exaggerated. strbuf is
used much more when we are not using mmapped indexes, but it's used for
mmapped when for example searching for an alias. A quick and dirty hack
to output the size of our strbufs is to print buf->used inside
strbuf_str(). Doing this and creating some statistics with:
while read xxx alias xxx; do
tools/modprobe -R "$alias" > /dev/null;
done < /lib/modules/$(uname -r)/modules.alias 2>&1 | \
Rscript -e 'summary (as.numeric (readLines ("stdin")))'
Min. 1st Qu. Median Mean 3rd Qu. Max. NA's
1.00 29.00 31.00 31.55 38.00 92.00 26
So, reduce the step to 128, which is still greater than the maximum in
these cases. In the worst case this can only create a few calls to
realloc(), while keeping the memory footprint low for the common cases.
Lucas De Marchi [Thu, 9 Oct 2014 17:14:58 +0000 (14:14 -0300)]
testsuite: use a section to put tests in instead of array
Intead of having to declare an array of tests, tweak the definition of
DEFINE_TEST and TESTSUITE_MAIN so they know the tests are put in a
particular section of the ELF file.
This avoids the mistake of adding a test and forgetting to add it to the
array. Now once a test is defined, it's ready to run, so one less step
to define new tests.
The removal of the arrays is left for another patch so not to clutter
the diff on this one.
It doesn't really matter in the end result since the compiler won't
generate any code for it. But let's keep it clean. It wasn't needed
until now, so probably it won't be anymore.
Lucas De Marchi [Thu, 9 Oct 2014 13:59:08 +0000 (10:59 -0300)]
Log error on failed underscores(), moving it to shared/
Move underscores() to shared/. It's the same as alias_normalize(), but
it rather operates in place, with the same string being passed.
The difference now that it's in shared/ is that it's a non-logging
function.
This makes us a little bit more verbose: we don't accept partially
correct module and aliases names in kcmdline and in configuration files.
We log an error instead.