Jan Engelhardt
81cdb97d27
- Enable PKCS#7 signature parsing again - requires openssl - Fix testsuite build - requires kernel-default-devel - Rediff the SUSE patches and rename starting with 0001. - Update to new upstream release 26 * depmod now handles parallel invocations better by protecting the temporary files being used. * modprobe has a new --show-exports option. Under the hood, this reads the .symtab and .strtab sections rather than __versions so it shows useful data even if kernel is configured without modversions (CONFIG_MODVERSIONS). * modinfo supports PKCS#7 parsing by using openssl. - Replaced the asn1c-based parser by an openssl-based PKCS parser. - Remove libkmod-signature-Fix-crash-when-module-signature-is.patch, libkmod-signature-pkcs-7-fix-crash-when-signer-info-.patch, libkmod-signature-implement-pkcs7-parsing-with-asn1c.patch (not accepted upstream) - Remove enum.patch, depmod-Prevent-module-dependency-files-corruption-du.patch, depmod-Prevent-module-dependency-files-missing-durin.patch, depmod-shut-up-gcc-insufficinet-buffer-warning.patch (accepted upstream) - Enable PKCS#7 signature parsing again - requires openssl - Rediff the SUSE patches and rename starting with 0001. OBS-URL: https://build.opensuse.org/request/show/674337 OBS-URL: https://build.opensuse.org/package/show/Base:System/kmod?expand=0&rev=158
109 lines
3.3 KiB
Diff
109 lines
3.3 KiB
Diff
From 4a36f4a8b16c7fd345f6aec973d926d4e429328a Mon Sep 17 00:00:00 2001
|
|
From: Michal Marek <mmarek@suse.cz>
|
|
Date: Wed, 5 Mar 2014 14:40:14 +0100
|
|
Subject: [PATCH 3/6] libkmod: Implement filtering of unsupported modules (off
|
|
by default)
|
|
|
|
References: fate#316971
|
|
Patch-mainline: never
|
|
---
|
|
libkmod/libkmod-config.c | 12 ++++++++++--
|
|
libkmod/libkmod-internal.h | 1 +
|
|
libkmod/libkmod-module.c | 31 +++++++++++++++++++++++++++++++
|
|
3 files changed, 42 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/libkmod/libkmod-config.c b/libkmod/libkmod-config.c
|
|
index 1b24536..07d6a9e 100644
|
|
--- a/libkmod/libkmod-config.c
|
|
+++ b/libkmod/libkmod-config.c
|
|
@@ -651,8 +651,16 @@ static int kmod_config_parse(struct kmod_config *config, int fd,
|
|
ERR(ctx, "%s: command %s is deprecated and not parsed anymore\n",
|
|
filename, cmd);
|
|
} else if (streq(cmd, "allow_unsupported_modules")) {
|
|
- /* dummy option for now */
|
|
- ;
|
|
+ char *param = strtok_r(NULL, "\t ", &saveptr);
|
|
+
|
|
+ if (param == NULL)
|
|
+ goto syntax_error;
|
|
+ if (streq(param, "yes") || streq(param, "1"))
|
|
+ config->block_unsupported = 0;
|
|
+ else if (streq(param, "no") || streq(param, "0"))
|
|
+ config->block_unsupported = 1;
|
|
+ else
|
|
+ goto syntax_error;
|
|
} else {
|
|
syntax_error:
|
|
ERR(ctx, "%s line %u: ignoring bad line starting with '%s'\n",
|
|
diff --git a/libkmod/libkmod-internal.h b/libkmod/libkmod-internal.h
|
|
index a65ddd1..2ad74c7 100644
|
|
--- a/libkmod/libkmod-internal.h
|
|
+++ b/libkmod/libkmod-internal.h
|
|
@@ -119,6 +119,7 @@ struct kmod_config {
|
|
struct kmod_list *softdeps;
|
|
|
|
struct kmod_list *paths;
|
|
+ int block_unsupported;
|
|
};
|
|
|
|
int kmod_config_new(struct kmod_ctx *ctx, struct kmod_config **config, const char * const *config_paths) __attribute__((nonnull(1, 2,3)));
|
|
diff --git a/libkmod/libkmod-module.c b/libkmod/libkmod-module.c
|
|
index bffe715..9a3a35a 100644
|
|
--- a/libkmod/libkmod-module.c
|
|
+++ b/libkmod/libkmod-module.c
|
|
@@ -798,6 +798,24 @@ KMOD_EXPORT int kmod_module_remove_module(struct kmod_module *mod,
|
|
|
|
extern long init_module(const void *mem, unsigned long len, const char *args);
|
|
|
|
+static int check_module_supported(struct kmod_module *mod)
|
|
+{
|
|
+ char **strings;
|
|
+ int i, count;
|
|
+ struct kmod_elf *elf;
|
|
+
|
|
+ elf = kmod_file_get_elf(mod->file);
|
|
+ count = kmod_elf_get_strings(elf, ".modinfo", &strings);
|
|
+ if (count < 0)
|
|
+ return count;
|
|
+ for (i = 0; i < count; i++)
|
|
+ if (streq(strings[i], "supported=yes") ||
|
|
+ streq(strings[i], "supported=external")) {
|
|
+ return 1;
|
|
+ }
|
|
+ return 0;
|
|
+}
|
|
+
|
|
/**
|
|
* kmod_module_insert_module:
|
|
* @mod: kmod module
|
|
@@ -823,6 +841,7 @@ KMOD_EXPORT int kmod_module_insert_module(struct kmod_module *mod,
|
|
struct kmod_elf *elf;
|
|
const char *path;
|
|
const char *args = options ? options : "";
|
|
+ const struct kmod_config *config = kmod_get_config(mod->ctx);
|
|
|
|
if (mod == NULL)
|
|
return -ENOENT;
|
|
@@ -841,6 +860,18 @@ KMOD_EXPORT int kmod_module_insert_module(struct kmod_module *mod,
|
|
}
|
|
}
|
|
|
|
+ if (config->block_unsupported) {
|
|
+ err = check_module_supported(mod);
|
|
+ if (err < 0)
|
|
+ return err;
|
|
+ else if (err == 0) {
|
|
+ ERR(mod->ctx, "module '%s' is unsupported\n", mod->name);
|
|
+ ERR(mod->ctx, "Use --allow-unsupported or set allow_unsupported_modules 1 in\n");
|
|
+ ERR(mod->ctx, "/etc/modprobe.d/10-unsupported-modules.conf\n");
|
|
+ return -EPERM;
|
|
+ }
|
|
+ }
|
|
+
|
|
if (kmod_file_get_direct(mod->file)) {
|
|
unsigned int kernel_flags = 0;
|
|
|
|
--
|
|
2.20.1
|
|
|