Lucas De Marchi [Tue, 28 Jun 2016 15:14:38 +0000 (12:14 -0300)]
libkmod: fix integration with gtk-doc
It was failing to generate doc with recent version of gtk-doc
[kmod]$ ./bootstrap
libkmod/docs/gtk-doc.make:33: error: EXTRA_DIST must be set with '=' before using '+='
libkmod/docs/Makefile.am:29: 'libkmod/docs/gtk-doc.make' included from here
autoreconf: automake failed with exit status: 1
Michal Marek [Fri, 17 Jun 2016 14:04:15 +0000 (16:04 +0200)]
libkmod: Handle long lines in /proc/modules
kmod_module_new_from_loaded() calls fgets with a 4k buffer. When a
module such as usbcore is used by too many modules, the rest of the line
is considered a beginning of another lines and we eventually get errors
like these from lsmod:
libkmod: kmod_module_get_holders: could not open '/sys/module/100,/holders': No such file or directory
together with bogus entries in the output. In kmod_module_get_size, the
problem does not affect functionality, but the line numbers in error
messages will be wrong.
kmod: compiling with old sed version (!ERE support)
Makefile.am uses `sed -E', which it is found on BSD sed; however a
replacement on GNU sed would be `sed -r'. Both intend to use extended
regular expressions (ERE). However I have a system that does not support
those, in benefit for portability could you consider replacing ERE by BRE.
Lucas De Marchi [Mon, 11 Jan 2016 12:48:33 +0000 (10:48 -0200)]
travis: workaround bug in environment setup
Travis is poluting the environment, particularly PYTHON_CFLAGS which
makes the build to fail. Just unset the variable since we don't want to
override these cflags.
The -f switch is accepted by insmod, but silently ignored. This
causes the user to wonder why things don't work. As insmod is
most often used with "evil" modules, -f is almost default and
thus needs to work.
Signed-off-by: Philippe De Swert <philippe.deswert@jollamobile.com>
Laura Abbott [Mon, 28 Sep 2015 22:39:14 +0000 (15:39 -0700)]
depmod: Don't fall back to uname on bad version
Currently, if a value that doesn't match a kernel version
("%u.%u") is passed in, depmod silently falls back to
using uname. Rather than try and work around the caller passing
bad data, just exit out instead.
Laura Abbott [Mon, 28 Sep 2015 22:39:13 +0000 (15:39 -0700)]
depmod: Remove unprinted debug messages
In between the start of the program and the call to log_setup_kmod_log,
the only messages that will be printed are the ones at or above the
global default level. Debug messages in this range will never be printed
so remove them.
Laura Abbott [Mon, 28 Sep 2015 22:39:12 +0000 (15:39 -0700)]
Change default log level
The default log level is currently LOG_ERR. Tools can override this
default but there is a non-trivial amount of setup that needs to
happen before the log level can be changed. Since tools may want to
use the warn level for things such as deprecated flags, change the
default to LOG_WARNING to ensure messages get printed.
This is fairly cryptic and not at all obvious there is a problem
unless the error code is checked or verbose flags are used.
Update the error message to indicate a problem and print out the
directory that failed.
Natanael Copa [Mon, 22 Jun 2015 12:09:17 +0000 (14:09 +0200)]
build: let sed use posix ERE instead of GNU extension
Use POSIX Extended Regular Expression (ERE) instead of the GNU extension
\| in the install-exec-hook. This makes it create the symlink properly
with busybox sed built with musl libc. It will silently create a broken
symlink otherwise.
Lucas De Marchi [Sat, 13 Jun 2015 21:29:47 +0000 (18:29 -0300)]
libkmod-module: fix return code in error path
ENOSYS is the wrong errno to return when we don't find a module in
kmod_module_insert_module(). Why is it there in the first place? This
goes back to kmod v1 when we couldn't load modules by names, but we
should give a path instead.
708624a ("ELF: initial support for modinfo and strip of modversions and
vermagic.") changed that so we do a lazy-search by the module path in
this function. Later f304afe ("Change error message to reflect
reality") fixed the log message but the return coded remained the same.
Lucas De Marchi [Tue, 9 Jun 2015 05:01:11 +0000 (02:01 -0300)]
build: silence stderr on coverity rules
We try to execute git in order to get the dependencies for the coverity
rules. And it gets executed even when we are not calling that specific
rule. Later we may want to improve it, but for now let's just silence
the errors of not being a git repository when executing this on a
packaged version.
Lucas De Marchi [Sun, 7 Jun 2015 05:44:02 +0000 (02:44 -0300)]
build: add relevant features to KMOD_FEATURES in config.h
Not all the features (i.e. those available in --enable-* or --with-*)
are really relevant to the final user. Create a KMOD_FEATURES definition
in config.h containing these features.
Lucas De Marchi [Sun, 7 Jun 2015 04:15:30 +0000 (01:15 -0300)]
build: add function to build string of features
Add a CC_FEATURE_APPEND function that we can use to append the features
that are enabled/disabled. This will generate a single string in the
form "+FEATURE1 +FEATURE2 -FEATURE3".
Lucas De Marchi [Sun, 31 May 2015 18:38:47 +0000 (15:38 -0300)]
build: cache modules from playground
Now that we are able to build our own test modules, also allow to use
cached modules so a) kernel headers are not required and b) distro
maintainers are happy. It's still need a "--disable-test-modules" in
the configure since the default is enabled.
There's no license problems anymore since all modules come from our own
repository, we ship the sources and the modules can be easily rebuilt.
testsuite: remove .gitignore files when populating rootfs
Usually this file is added to keep a directory existing in the
repository but without any real content. In rootfs this can be
problematic if a directory will have all its files inspected. This
happens for kmod_module_get_holders().
Side-note: the 'test-loaded.c' is hit by this problem but doesn't
"notice" because the invalid module returned by get_holders() is not
checked. The modules in its loop are only used to get the name and
generate an output, and NULL was a valid value to generate the name.
Lucas De Marchi [Fri, 27 Feb 2015 18:39:36 +0000 (15:39 -0300)]
modprobe: stop checking initstate for builtin modules
builtin modules are handled in libkmod by looking at the modules.builtin
index. There's no need to check again for the module's initstate to
decide if it's builtin.
Lucas De Marchi [Fri, 27 Feb 2015 04:51:45 +0000 (01:51 -0300)]
testsuite: test builtin state
The second test, that creates the module by name and then retrieves the
initstate was broken before b95fa91 ('Fix race while loading modules').
We would check /sys and return either builtin (if the module has
parameters) or give an error because we don't find the module (even if
it's in the modules.builtin index)
Harish Jenny K N [Sun, 22 Feb 2015 18:41:07 +0000 (15:41 -0300)]
Fix race while loading modules
usecase: two sd cards are being mounted in parallel at same time on
dual core. example modules which are getting loaded is nls_cp437.
While one module is being loaded , it starts creating sysfs files.
meanwhile on other core, modprobe might return saying the module
is KMOD_MODULE_BUILTIN, which might result in not mounting sd card.
Experiments done to prove the issue in kmod.
Added sleep in kernel module.c at the place of creation of sysfs files.
Then tried `modprobe nls_cp437` from two different shells.
While the first was still waiting for its completion ,
the second one returned saying the module is built-in.
[ Lucas:
The problem is that the creation of /sys/module/<name> and
/sys/module/<name>/initstate are not atomic. There's a small window in
which the directory exists but the initstate file was still not
created.
Built-in modules can be handled by searching the modules.builtin file.
We actually lose some "modules" that create entries in /sys/modules
(e.g. vt) and are not in modules.builtin file: only those that can be
compiled as module are present in this file.
We enforce mod->builtin to always be up-to-date when
kmod_module_get_initstate() is called. This way if the directory
exists but the initstate doesn't, we can be sure this is because the
module is in the "coming" state, i.e. kernel didn't create the file
yet, but since builtin modules were already handled by checking our
index the only reason for that to happen is that we hit the race
condition.
I also added some tweaks to the patch, so we don't repeat the code for builtin
lookup. ]
Lucas De Marchi [Thu, 26 Feb 2015 16:02:04 +0000 (13:02 -0300)]
shared: avoid checking for __STDC_VERSION__
Since we pass -std=gnu99 to the compiler __STDC_VERSION__ is defined to
199901. Even in this case we can use _Noreturn. Delegate the testing to
the configure phase with a compile test.
In future we want to stop using AC_PROG_CC_99 and start using the new
AC_PROG_CC from autoconf 2.70, which tries to choose the most recent
standard.
Lucas De Marchi [Thu, 26 Feb 2015 05:56:04 +0000 (02:56 -0300)]
build: simplify and organize configure
- There's no need for the various AC_PROG_CC* macros
- No need for AC_C_BIGENDIAN: the only place we care about endianness,
we use __BYTE_ORDER
- Organize calls to be in similar order as systemd
- Disable --disable-largefile. We already had possible bugs in the
index implementation if this were passed. It's now fixed, but it's
never tested. Disable it.
- Bump autoconf requirement to 2.64
Lucas De Marchi [Thu, 26 Feb 2015 06:38:52 +0000 (03:38 -0300)]
depmod: fix leak in case of malloc(0)
malloc(0) can return != NULL. We need to pass the pointer to free().
This happens if index__haschildren(node) returned true, but
child_count is set to 0.
Lucas De Marchi [Wed, 25 Feb 2015 15:06:44 +0000 (12:06 -0300)]
depmod: use cleanup attribute to simplify free on exit
Reusing the root variable was a bad idea. Doing so we could call free()
on a variable that was not allocated. For example: "depmod -b / -h".
Since we would jump to cmdline_failed, root would not be duplicated.
Instead of fighting the order in the options, just used the cleanup
attribute and remove the calls to free() on "config_paths" and "root".
David Herrmann [Fri, 13 Sep 2013 10:42:12 +0000 (12:42 +0200)]
from systemd: build: check for build/link flags harder
Use AC_LINK_IFELSE instead of AC_COMPILE_IFELSE to test for flags that
might succeed during compilation but not during linking. An example is gcc
compiled with libssp support but gnu-ld without it. In this case
-fstack-protector works fine during compilation but fails during linking
as several internal helpers are missing.
Lucas De Marchi [Sat, 21 Feb 2015 17:47:16 +0000 (15:47 -0200)]
testsuite: port signature-check modules to module-playground
We use a "fake signature" to sign the modules. As far as kmod is
concerned the signature fields are informational only. It's the kernel
the responsible for checking it's valid.
So what we are doing here is: pick the signatures of the ext4-x86_64.ko
module and save as dummy.{hashalgo}. This signature is appended to the
mod-simple.ko module so the ext4-x86_64.ko module can be removed from
tree.
Lucas De Marchi [Sat, 21 Feb 2015 17:09:12 +0000 (15:09 -0200)]
testsuite: port arch-specific tests to module-playground
Rename modinfo_jonsmodules() to test_modinfo_signature(): now this test
is responsible only for the signed modules.
The other tests use specific flags to modinfo in order to print only
one field, so we can filter out those fields that are expect to change
if the module is recompiled.
Lucas De Marchi [Sat, 21 Feb 2015 17:02:55 +0000 (15:02 -0200)]
testsuite: leave arch-specific modules in tree
This is for convenience for development and testing since we don't want
to needlessly cross-compile the modules. There's a README file
explaining the building process for those who want to update them.
These files are compiled from their respective .c and thus have LPGL
license.
Lucas De Marchi [Sat, 21 Feb 2015 15:07:42 +0000 (13:07 -0200)]
testsuite: fix exiting with success on no output activity
If we were expecting output on stdout or stderr but the test didn't
produce any, we were incorrectly assuming the test was successful.
Now test on exit if there was activity on the monitored fd. If there
was, check also if the file size to check for output is > 0 for the
cases in which we want to assert there was no activity on certain fd.
Lucas De Marchi [Sat, 21 Feb 2015 05:22:54 +0000 (03:22 -0200)]
module-playground: allow to cross-compile modules
This adds the needed infra to cross-compile modules so we can test them
in our testsuite. Right now we are only compiling mod-simple.ko for x86,
x86_64 and sparc64.
The makefiles are organized in a way it's easy to force a rebuild of a
module by calling the Makefile.arch directly and that allows the rule in
Makefile to not trigger in case we want to ship the modules
pre-compiled.
Lucas De Marchi [Wed, 18 Feb 2015 18:15:45 +0000 (16:15 -0200)]
libkmod: consider empty signature key as invalid
A segmentation fault occurs if a module has an empty key attached to
its signature. This is mostly likely due to a corrupted module.
The crash happens because kmod_module_get_info() assumes that
kmod_module_signature_info() returns a signature of at least 1 byte.
The fix is based on a patch from Tobias Stoeckmann
<tobias@stoeckmann.org>, but rather than changing kmod_module_get_info()
to fix the crash, this changes kmod_module_signature_info() to
consider the signature as invalid.
Fix out of bounds signature access with 32 bit off_t
If kmod has been configured with --disable-largefile on a 32 bit
system, off_t will be 32 bit. In that case, the parsed sig_len can
bypass a validation check (it's _unsigned_ 32 bit).
Due to the unlikeliness of people using --disable-largefile, this is
a mere validation fix. With an explicit signed 64 bit cast, there is
no binary change for 99.9% of Linux systems out there. ;)
In function kmod_elf_new, the file size has to be properly validated against
section offset. Currently, the file size is considered valid based on
ELF header size + section header size * section count. That is not sufficient.
In fact, ELF specifies a section header offset, which doesn't have to be the
size of the ELF header. The supplied test cases even cover this.
The correct test is: section offset + section header size * section count
This patch also verifies that this value won't overflow. I don't know a way
to crash a tool due to this bug, because later on the offset check would
prevent out-of-bounds access. An overflow would just mean to access a wrong
part in elf->memory. Yet it's a validation error.
Please note: The file size does not have to be validated against the size
of the ELF header again, elf_identify did this already.
Lucas De Marchi [Tue, 10 Feb 2015 12:32:10 +0000 (10:32 -0200)]
build: define to 0 if builtin is not available
In order to let us use "#if HAVE__BUILTIN_*" without checking if it's
actually define, make sure we define it to 0 in config.h when the
function is not available.
it is possible to overflow uint64_t by summing variables offset and
size up in elf_get_section_info. Thee values are extracted from module
file and are possibly maliciously tampered with.
If offset is in valid range and size very large, the result will
overflow and the size check passes. Later on, this will most likely
lead to a segmentation fault due to accessing uninitialized memory.
Attached please find a proof of concept module, which will trigger
a segmentation fault on modinfo. Tested on amd64:
Lucas De Marchi [Tue, 3 Feb 2015 07:17:49 +0000 (05:17 -0200)]
build: let touch on directory as last step
We need to let these instructions in kmod to be the last executed ones.
Otherwise the subdirectory containing the modules could propagate up the
time access.