diff options
author | PÁLI Gábor János <pali.gabor@gmail.com> | 2022-04-10 18:17:21 +0200 |
---|---|---|
committer | PÁLI Gábor János <pali.gabor@gmail.com> | 2022-04-10 23:09:31 +0200 |
commit | bcbf7c6c9fc7d8a96b1d5c4cc9247b85fe3da2ad (patch) | |
tree | 46d796182b2249408b0597485462ef1698dc4c13 /aports/busybox/0001-modutils-check-ELF-header-before-calling-finit_module.patch | |
parent | 40d2daea11738408b7bf7b60f14a558ff8c47fb0 (diff) | |
download | freebsd-wifibox-alpine-bcbf7c6c9fc7d8a96b1d5c4cc9247b85fe3da2ad.zip |
Move towards custom packages.
Change the build image process in a way that custom-built packages
can be utilized. This means a simpler `Makefile` since every
modification is implemented on the level of packages. Include the
sources for every customized package.
Diffstat (limited to 'aports/busybox/0001-modutils-check-ELF-header-before-calling-finit_module.patch')
-rw-r--r-- | aports/busybox/0001-modutils-check-ELF-header-before-calling-finit_module.patch | 152 |
1 files changed, 152 insertions, 0 deletions
diff --git a/aports/busybox/0001-modutils-check-ELF-header-before-calling-finit_module.patch b/aports/busybox/0001-modutils-check-ELF-header-before-calling-finit_module.patch new file mode 100644 index 0000000..813010e --- /dev/null +++ b/aports/busybox/0001-modutils-check-ELF-header-before-calling-finit_module.patch @@ -0,0 +1,152 @@ +Patch-Source: http://lists.busybox.net/pipermail/busybox/2021-January/088398.html +Patch-Source: http://lists.busybox.net/pipermail/busybox/2021-January/088399.html +See-Also: https://gitlab.alpinelinux.org/alpine/aports/-/issues/13427 + +The purpose of this patch is to remove confusing error messages +"Module has invalid ELF structures" produced by kernel when loading gzip +compressed kernel modules using busybox modprobe. +-- +From: Qu Wenruo <wqu@suse.com> +Date: Sun, 03 Jan 2021 04:10:52 +0000 +Subject: [PATCH v2] modutils: check ELF header before calling finit_module() + +finit_module() and init_module() system calls have clear specification +to only accept valid ELF image. + +Although we try finit_module() on compressed modules to let the kernel +determine if it's an ELF image, but it's not ideal, especially when +newer kernel will complain when some invalid files/memory is passed in. + +Treat the kernel better by just doing a very basic ELF header check +before calling finit_module(). + +Signed-off-by: Qu Wenruo <wqu at suse.com> + +diff --git a/modutils/modutils.c b/modutils/modutils.c +index f7ad5e8058fe..037d609e42df 100644 +--- a/modutils/modutils.c ++++ b/modutils/modutils.c +@@ -7,6 +7,7 @@ + */ + #include "modutils.h" + ++#include <elf.h> + #include <sys/syscall.h> + + #define init_module(mod, len, opts) syscall(__NR_init_module, mod, len, opts) +@@ -186,6 +187,33 @@ void* FAST_FUNC try_to_mmap_module(const char *filename, size_t *image_size_p) + } + #endif + ++#ifdef __NR_finit_module ++/* ++ * Return: ++ * 0 on success, ++ * <0 for error. ++ * ++ * finit_module()/init_module() only accepts ELF format. ++ * Do basic ELF check to avoid calling finit_module() with compressed module. ++ */ ++static int check_elf_header(int fd) ++{ ++ unsigned char buf[EI_NIDENT]; ++ int ret; ++ ++ ret = pread(fd, buf, sizeof(buf), 0); ++ if (ret < sizeof(buf)) ++ return -EIO; ++ if (buf[EI_MAG0] != ELFMAG0 || ++ buf[EI_MAG1] != ELFMAG1 || ++ buf[EI_MAG2] != ELFMAG2 || ++ buf[EI_MAG3] != ELFMAG3) ++ return -EINVAL; ++ /* Other more comprehensive check will be done inside kernel */ ++ return 0; ++} ++#endif ++ + /* Return: + * 0 on success, + * -errno on open/read error, +@@ -212,12 +240,19 @@ int FAST_FUNC bb_init_module(const char *filename, const char *options) + * to only allow loading of modules off of secure storage (like a read- + * only rootfs) which needs the finit_module call. If it fails, we fall + * back to normal module loading to support compressed modules. ++ * ++ * Note that finit_module()/init_module() only accept ELF image, do ++ * basic check before calling finit_module() to avoid kernel ++ * complaining. + */ + # ifdef __NR_finit_module + { + int fd = open(filename, O_RDONLY | O_CLOEXEC); + if (fd >= 0) { +- rc = finit_module(fd, options, 0) != 0; ++ if (!check_elf_header(fd)) ++ rc = finit_module(fd, options, 0) != 0; ++ else ++ rc = 1; + close(fd); + if (rc == 0) + return rc; + +diff --git a/modutils/modprobe-small.c b/modutils/modprobe-small.c +index db44a2ed0ab5..d2cd6a64c1d0 100644 +--- a/modutils/modprobe-small.c ++++ b/modutils/modprobe-small.c +@@ -24,6 +24,7 @@ + //kbuild:lib-$(CONFIG_MODPROBE_SMALL) += modprobe-small.o + + #include "libbb.h" ++#include <elf.h> /* for ELF header magic */ + /* After libbb.h, since it needs sys/types.h on some systems */ + #include <sys/utsname.h> /* uname() */ + #include <fnmatch.h> +@@ -249,6 +250,33 @@ static const char *moderror(int err) + } + } + ++#ifdef __NR_finit_module ++/* ++ * Return: ++ * 0 on success, ++ * <0 for error. ++ * ++ * finit_module()/init_module() only accepts ELF format. ++ * Do basic ELF check to avoid calling finit_module() with compressed module. ++ */ ++static int check_elf_header(int fd) ++{ ++ unsigned char buf[EI_NIDENT]; ++ int ret; ++ ++ ret = pread(fd, buf, sizeof(buf), 0); ++ if (ret < sizeof(buf)) ++ return -EIO; ++ if (buf[EI_MAG0] != ELFMAG0 || ++ buf[EI_MAG1] != ELFMAG1 || ++ buf[EI_MAG2] != ELFMAG2 || ++ buf[EI_MAG3] != ELFMAG3) ++ return -EINVAL; ++ /* Other more comprehensive check will be done inside kernel */ ++ return 0; ++} ++#endif ++ + static int load_module(const char *fname, const char *options) + { + #if 1 +@@ -272,7 +300,10 @@ static int load_module(const char *fname, const char *options) + { + int fd = open(fname, O_RDONLY | O_CLOEXEC); + if (fd >= 0) { +- r = finit_module(fd, options, 0) != 0; ++ if (!check_elf_header(fd)) ++ r = finit_module(fd, options, 0) != 0; ++ else ++ r = 1; + close(fd); + } + } +-- +2.29.2 |