diff --git a/depmod-Prevent-module-dependency-files-corruption.patch b/depmod-Prevent-module-dependency-files-corruption-du.patch similarity index 62% rename from depmod-Prevent-module-dependency-files-corruption.patch rename to depmod-Prevent-module-dependency-files-corruption-du.patch index 33484dd..9cc4607 100644 --- a/depmod-Prevent-module-dependency-files-corruption.patch +++ b/depmod-Prevent-module-dependency-files-corruption-du.patch @@ -1,4 +1,4 @@ -From c1858f5d0a88a39f37a9b3efdd83245740fcb87d Mon Sep 17 00:00:00 2001 +From ff3140310a52ba86af67b3676f542e11e1451bdc Mon Sep 17 00:00:00 2001 From: Michal Suchanek Date: Fri, 7 Dec 2018 15:45:41 +0100 Subject: [PATCH] depmod: Prevent module dependency files corruption due to @@ -11,20 +11,17 @@ depmod(1st), truncated by depmod(2nd), and renamed to final name by depmod(1st) resulting in corrupted file seen by user. Due to missing mkstempat() this is more complex than it should be. -Adding PID and random number to the filename should be reasonably -reliable. Adding O_EXCL as mkstemp does fails creating the file rather -than corrupting existing file. - -Also prevent dependency files missing. This happens because target files -are removed before renaming the temporary file. +Adding PID and timestamp to the filename should be reasonably reliable. +Adding O_EXCL as mkstemp does fails creating the file rather than +corrupting existing file. Signed-off-by: Michal Suchanek --- - tools/depmod.c | 14 ++++++++++---- - 1 file changed, 10 insertions(+), 4 deletions(-) + tools/depmod.c | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/tools/depmod.c b/tools/depmod.c -index 989d9077926c..5526ac892cf8 100644 +index 18c0d61b2db3..3b6d16e76160 100644 --- a/tools/depmod.c +++ b/tools/depmod.c @@ -29,6 +29,7 @@ @@ -35,18 +32,17 @@ index 989d9077926c..5526ac892cf8 100644 #include #include -@@ -2398,6 +2399,10 @@ static int depmod_output(struct depmod *depmod, FILE *out) +@@ -2398,6 +2399,9 @@ static int depmod_output(struct depmod *depmod, FILE *out) }; const char *dname = depmod->cfg->dirname; int dfd, err = 0; + struct timeval tv; + + gettimeofday(&tv, NULL); -+ srand(tv.tv_sec); if (out != NULL) dfd = -1; -@@ -2412,15 +2417,17 @@ static int depmod_output(struct depmod *depmod, FILE *out) +@@ -2412,15 +2416,17 @@ static int depmod_output(struct depmod *depmod, FILE *out) for (itr = depfiles; itr->name != NULL; itr++) { FILE *fp = out; @@ -61,20 +57,12 @@ index 989d9077926c..5526ac892cf8 100644 int fd; - snprintf(tmp, sizeof(tmp), "%s.tmp", itr->name); -+ snprintf(tmp, sizeof(tmp), "%s.%i.%i", itr->name, getpid(), -+ rand()); ++ snprintf(tmp, sizeof(tmp), "%s.%i.%li.%li", itr->name, getpid(), ++ tv.tv_usec, tv.tv_sec); + tmp[NAME_MAX] = 0; fd = openat(dfd, tmp, flags, mode); if (fd < 0) { ERR("openat(%s, %s, %o, %o): %m\n", -@@ -2451,7 +2458,6 @@ static int depmod_output(struct depmod *depmod, FILE *out) - break; - } - -- unlinkat(dfd, itr->name, 0); - if (renameat(dfd, tmp, dfd, itr->name) != 0) { - err = -errno; - CRIT("renameat(%s, %s, %s, %s): %m\n", -- 2.19.2 diff --git a/depmod-Prevent-module-dependency-files-missing-durin.patch b/depmod-Prevent-module-dependency-files-missing-durin.patch new file mode 100644 index 0000000..4216594 --- /dev/null +++ b/depmod-Prevent-module-dependency-files-missing-durin.patch @@ -0,0 +1,33 @@ +From 3a48513ff3b5ab0b19696bc4c0fabb351bd62afb Mon Sep 17 00:00:00 2001 +From: Michal Suchanek +Date: Mon, 10 Dec 2018 15:30:07 +0100 +Subject: [PATCH] depmod: Prevent module dependency files missing during depmod + invocation. + +Depmod deletes the module dependency files before moving the temporary +files in their place. This results in user seeing no dependency files +while they are updated. Remove the unlink call. The rename call should +suffice to move the newa file in place and remove unlink the old one. It +should also do both atomically so there is no window whn no dependency +file exists. + +Signed-off-by: Michal Suchanek +--- + tools/depmod.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/tools/depmod.c b/tools/depmod.c +index 989d9077926c..18c0d61b2db3 100644 +--- a/tools/depmod.c ++++ b/tools/depmod.c +@@ -2451,7 +2451,6 @@ static int depmod_output(struct depmod *depmod, FILE *out) + break; + } + +- unlinkat(dfd, itr->name, 0); + if (renameat(dfd, tmp, dfd, itr->name) != 0) { + err = -errno; + CRIT("renameat(%s, %s, %s, %s): %m\n", +-- +2.19.2 + diff --git a/depmod-shut-up-gcc-insufficinet-buffer-warning.patch b/depmod-shut-up-gcc-insufficinet-buffer-warning.patch new file mode 100644 index 0000000..0ec2544 --- /dev/null +++ b/depmod-shut-up-gcc-insufficinet-buffer-warning.patch @@ -0,0 +1,107 @@ +From af9a6e3754b6fa4e5cefb70aa6621b2f52ca94f1 Mon Sep 17 00:00:00 2001 +From: Michal Suchanek +Date: Mon, 10 Dec 2018 16:36:03 +0100 +Subject: [PATCH] depmod: shut up gcc insufficinet buffer warning. + +In a couple of places depmod concatenates the module directory and filename +with snprintf. This can technically overflow creating an unterminated string if +module directory name is long. Use openat instead as is done elsewhere in +depmod. This avoids the snprintf, the extra buffer on stack, and the gcc +warning. It may even fix a corner case when the module direcotry name is just +under PATH_MAX. + +Signed-off-by: Michal Suchanek +--- + tools/depmod.c | 51 ++++++++++++++++++++++++++++++++++---------------- + 1 file changed, 35 insertions(+), 16 deletions(-) + +diff --git a/tools/depmod.c b/tools/depmod.c +index 3b6d16e76160..6fca30a2f3e2 100644 +--- a/tools/depmod.c ++++ b/tools/depmod.c +@@ -1389,19 +1389,42 @@ static int depmod_modules_build_array(struct depmod *depmod) + return 0; + } + ++static FILE * dfdopen(const char * dname, const char * filename, int flags, const char * mode) ++ { ++ int fd, dfd; ++ FILE * ret; ++ ++ dfd = open(dname, flags); ++ if (dfd < 0) { ++ WRN("could not open directory %s: %m\n", dname); ++ return NULL; ++ } ++ ++ fd = openat(dfd, filename, flags); ++ if (fd < 0) { ++ WRN("could not open %s at %s: %m\n", filename, dname); ++ ret = NULL; ++ } else { ++ ret = fdopen(fd, mode); ++ if (!ret) ++ WRN("could not associate stream with %s: %m\n", filename); ++ } ++ close(dfd); ++ return ret; ++} ++ ++ ++ + static void depmod_modules_sort(struct depmod *depmod) + { +- char order_file[PATH_MAX], line[PATH_MAX]; ++ char line[PATH_MAX]; ++ const char * order_file = "modules.order"; + FILE *fp; + unsigned idx = 0, total = 0; + +- snprintf(order_file, sizeof(order_file), "%s/modules.order", +- depmod->cfg->dirname); +- fp = fopen(order_file, "r"); +- if (fp == NULL) { +- WRN("could not open %s: %m\n", order_file); ++ fp = dfdopen(depmod->cfg->dirname, order_file, O_RDONLY, "r"); ++ if (fp == NULL) + return; +- } + + while (fgets(line, sizeof(line), fp) != NULL) { + size_t len = strlen(line); +@@ -1409,8 +1432,8 @@ static void depmod_modules_sort(struct depmod *depmod) + if (len == 0) + continue; + if (line[len - 1] != '\n') { +- ERR("%s:%u corrupted line misses '\\n'\n", +- order_file, idx); ++ ERR("%s/%s:%u corrupted line misses '\\n'\n", ++ depmod->cfg->dirname, order_file, idx); + goto corrupted; + } + } +@@ -2287,18 +2310,14 @@ static int output_builtin_bin(struct depmod *depmod, FILE *out) + { + FILE *in; + struct index_node *idx; +- char infile[PATH_MAX], line[PATH_MAX], modname[PATH_MAX]; ++ char line[PATH_MAX], modname[PATH_MAX]; + + if (out == stdout) + return 0; + +- snprintf(infile, sizeof(infile), "%s/modules.builtin", +- depmod->cfg->dirname); +- in = fopen(infile, "r"); +- if (in == NULL) { +- WRN("could not open %s: %m\n", infile); ++ in = dfdopen(depmod->cfg->dirname, "modules.builtin", O_RDONLY, "r"); ++ if (in == NULL) + return 0; +- } + + idx = index_create(); + if (idx == NULL) { +-- +2.19.2 + diff --git a/kmod-testsuite.changes b/kmod-testsuite.changes index 29a64a9..5dc13de 100644 --- a/kmod-testsuite.changes +++ b/kmod-testsuite.changes @@ -3,6 +3,10 @@ Fri Dec 7 14:55:21 UTC 2018 - Michal Suchanek - Fix module dependency file corruption on parallel invocation (bsc#1118629). Add depmod-Prevent-module-dependency-files-corruption-due-to-pa.patch + +------------------------------------------------------------------- +Wed Jul 18 08:51:06 UTC 2018 - jengelh@inai.de + - Remove enum padding constants, add enum.patch. ------------------------------------------------------------------- diff --git a/kmod-testsuite.spec b/kmod-testsuite.spec index 711bd84..746db1e 100644 --- a/kmod-testsuite.spec +++ b/kmod-testsuite.spec @@ -40,7 +40,9 @@ Patch6: libkmod-signature-Fix-crash-when-module-signature-is.patch Patch7: libkmod-signature-pkcs-7-fix-crash-when-signer-info-.patch Patch8: 0012-modprobe-print-unsupported-status.patch Patch9: enum.patch -Patch10: depmod-Prevent-module-dependency-files-corruption.patch +Patch10: depmod-Prevent-module-dependency-files-missing-durin.patch +Patch11: depmod-shut-up-gcc-insufficinet-buffer-warning.patch +Patch12: depmod-Prevent-module-dependency-files-corruption-du.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: asn1c BuildRequires: autoconf @@ -65,7 +67,7 @@ buildloop with the kernel. %prep %setup -q -n kmod-%version -%patch -P 0 -P 1 -P 2 -P 3 -P 4 -P 5 -P 6 -P 7 -P 8 -P 9 -P 10 -p1 +%autopatch -p1 %build autoreconf -fi diff --git a/kmod.changes b/kmod.changes index ad8d42e..75de06f 100644 --- a/kmod.changes +++ b/kmod.changes @@ -3,6 +3,10 @@ Fri Dec 7 14:55:21 UTC 2018 - Michal Suchanek - Fix module dependency file corruption on parallel invocation (bsc#1118629). Add depmod-Prevent-module-dependency-files-corruption-due-to-pa.patch + +------------------------------------------------------------------- +Wed Jul 18 08:51:06 UTC 2018 - jengelh@inai.de + - Remove enum padding constants, add enum.patch. ------------------------------------------------------------------- diff --git a/kmod.spec b/kmod.spec index b25ca4c..0448998 100644 --- a/kmod.spec +++ b/kmod.spec @@ -39,7 +39,9 @@ Patch6: libkmod-signature-Fix-crash-when-module-signature-is.patch Patch7: libkmod-signature-pkcs-7-fix-crash-when-signer-info-.patch Patch8: 0012-modprobe-print-unsupported-status.patch Patch9: enum.patch -Patch10: depmod-Prevent-module-dependency-files-corruption.patch +Patch10: depmod-Prevent-module-dependency-files-missing-durin.patch +Patch11: depmod-shut-up-gcc-insufficinet-buffer-warning.patch +Patch12: depmod-Prevent-module-dependency-files-corruption-du.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: asn1c BuildRequires: autoconf