From 895c930b1418798509a1f19706b6a1be188ad303 Mon Sep 17 00:00:00 2001 From: Liu Yuntao Date: Sat, 2 Jul 2022 13:59:25 +0800 Subject: [PATCH] Give a warning when using kabi outside our stablelists. Add a script that will find requirements for your package. It can make an additional kabi whitelist check for you, compared with rpmbuild's builtin requirement scanner. You may add "%define _use_internal_dependency_generator 0" in your .spec file to enable this feature. synced from CentOS's implementation. --- find-requires | 38 +++++++++++ find-requires.ksyms | 155 ++++++++++++++++++++++++++++++++++++++++++++ macros.kmp | 3 +- 3 files changed, 195 insertions(+), 1 deletion(-) create mode 100644 find-requires create mode 100644 find-requires.ksyms diff --git a/find-requires b/find-requires new file mode 100644 index 0000000..b7cd825 --- /dev/null +++ b/find-requires @@ -0,0 +1,38 @@ +#!/bin/bash + +# +# Auto-generate requirements for executables (both ELF and a.out) and library +# sonames, script interpreters, and perl modules. +# + +ulimit -c 0 + +filelist=`sed "s/[]['\"*?{}]/\\\\\&/g"` + +[ -x /usr/lib/rpm/rpmdeps -a -n "$filelist" ] && \ + echo $filelist | tr '[:blank:]' \\n | /usr/lib/rpm/rpmdeps --requires + +# +# --- Kernel module imported symbols +# +# Since we don't (yet) get passed the name of the package being built, we +# cheat a little here by looking first for a kernel, then for a kmod. +# + +unset is_kmod + +for f in $filelist; do + if [ $(echo "$f" | sed -r -ne 's:^.*/lib/modules/(.*)/(.*)\.ko(\.gz|\.bz2|\.xz)?$:\2:p') ] + then + is_kmod=1; + elif [ $(echo "$f" | sed -r -ne 's:^.*/boot/(.*):\1:p') ] + then + unset is_kmod; + break; + fi +done + +[ -x /usr/lib/rpm/__vendor/find-requires.ksyms ] && [ "$is_kmod" ] && + printf "%s\n" "${filelist[@]}" | /usr/lib/rpm/__vendor/find-requires.ksyms + +exit 0 diff --git a/find-requires.ksyms b/find-requires.ksyms new file mode 100644 index 0000000..15cc729 --- /dev/null +++ b/find-requires.ksyms @@ -0,0 +1,155 @@ +#! /bin/bash +# +# This script is called during external module building to create dependencies +# both upon the linux kernel, and on additional external modules. Symbols that +# cannot be reconciled against those provided by the kernel are assumed to be +# provided by an external module and "ksym" replaces th regular "kernel" dep. + +IFS=$'\n' + +# Extract all of the symbols provided by this module. +all_provides() { + for module in "$@"; do + tmpfile="" + if [ "x${module%.ko}" = "x${module}" ]; then + tmpfile=$(mktemp -t ${0##*/}.XXXXXX.ko) + proc_bin= + case "${module##*.}" in + xz) + proc_bin=xz + ;; + bz2) + proc_bin=bzip2 + ;; + gz) + proc_bin=gzip + ;; + esac + + [ -n "$proc_bin" ] || continue + + "$proc_bin" -d -c - < "$module" > "$tmpfile" || continue + module="$tmpfile" + fi + + if [[ -n $(nm "$module" | sed -r -ne 's:^0*([0-9a-f]+) A __crc_(.+):0x\1 \2:p') ]]; then + nm "$module" \ + | sed -r -ne 's:^0*([0-9a-f]+) A __crc_(.+):0x\1 \2:p' \ + | awk --non-decimal-data '{printf("%s:0x%08x\n", $2, $1)}' + else + ELFRODATA=$(readelf -R .rodata "$module" | awk '/0x/{printf $2$3$4$5}') + if [[ -n $(readelf -h "$module" | grep "little endian") ]]; then + RODATA=$(echo $ELFRODATA | sed 's/\(..\)\(..\)\(..\)\(..\)/\4\3\2\1/g') + else + RODATA=$ELFRODATA + fi + for sym in $(nm "$module" | sed -r -ne 's:^0*([0-9a-f]+) R __crc_(.+):0x\1 \2:p'); do + echo $sym $RODATA + done \ + | awk --non-decimal-data '{printf("%s:0x%08s\n", $2, substr($3,($1*2)+1,8))}' + fi + + [ -z "$tmpfile" ] || rm -f -- "$tmpfile" + done \ + | LC_ALL=C sort -k1,1 -u +} + +# Extract all of the requirements of this module. +all_requires() { + for module in "$@"; do + set -- $(/sbin/modinfo -F vermagic "$module" | sed -e 's: .*::' -e q) + /sbin/modprobe --dump-modversions "$module" \ + | awk --non-decimal-data ' + BEGIN { FS = "\t" ; OFS = "\t" } + {printf("%s:0x%08x\n", $2, $1)}' \ + | sed -r -e 's:$:\t'"$1"':' + done \ + | LC_ALL=C sort -k1,1 -u +} + +# Filter out requirements fulfilled by the module itself. +mod_requires() { + LC_ALL=C join -t $'\t' -j 1 -v 1 \ + <(all_requires "$@") \ + <(all_provides "$@") \ + | LC_ALL=C sort -k1,1 -u +} + +if ! [ -e /sbin/modinfo -a -e /sbin/modprobe ]; then + cat > /dev/null + exit 0 +fi + +check_kabi() { + arch=$(uname -m) + kabi_file="/lib/modules/kabi-current/kabi_stablelist_$arch" + + # If not installed, output a warning and return (continue) + if [ ! -f "$kabi_file" ]; then + echo "" >&2 + echo "********************************************************************************" >&2 + echo "*********************** KERNEL ABI COMPATIBILITY WARNING ***********************" >&2 + echo "********************************************************************************" >&2 + echo "The kernel ABI reference files (provided by "kernel-abi-stablelists") were not found." >&2 + echo "No compatibility check was performed. Please install the kABI reference files" >&2 + echo "and rebuild if you would like to verify compatibility with kernel ABI." >&2 + echo "" >&2 + return + fi + + unset non_kabi + for symbol in "$@"; do + if ! egrep "^$symbol\$" $kabi_file >/dev/null; then + non_kabi=("${non_kabi[@]}" "$symbol") + fi + done + + if [ ${#non_kabi[@]} -gt 0 ]; then + echo "" >&2 + echo "********************************************************************************" >&2 + echo "*********************** KERNEL ABI COMPATIBILITY WARNING ***********************" >&2 + echo "********************************************************************************" >&2 + echo "The following kernel symbols are not guaranteed to remain compatible with" >&2 + echo "future kernel updates to this RHEL release:" >&2 + echo "" >&2 + for symbol in "${non_kabi[@]}"; do + printf "\t$symbol\n" >&2 + done + echo "" >&2 + echo "__vendor recommends that you consider using only official kernel ABI symbols" >&2 + echo "where possible. Requests for additions to the kernel ABI can be filed with" >&2 + echo "your partner or customer representative (component: driver-update-program)." >&2 + echo "" >&2 + fi +} + +modules=($(grep -E '/lib/modules/.+\.ko(\.gz|\.bz2|\.xz)?$')) +if [ ${#modules[@]} -gt 0 ]; then + kernel=$(/sbin/modinfo -F vermagic "${modules[0]}" | sed -e 's: .*::' -e q) + + # get all that kernel provides + symvers=$(mktemp -t ${0##*/}.XXXXX) + + cat /usr/src/kernels/$kernel/Module.symvers | awk ' + BEGIN { FS = "\t" ; OFS = "\t" } + { print $2 ":" $1 } + ' \ + | sed -r -e 's:$:\t'"$kernel"':' \ + | LC_ALL=C sort -k1,1 -u > $symvers + + # Symbols matching with the kernel get a "kernel" dependency + mod_req=$(mktemp -t mod_req.XXXXX) + mod_requires "${modules[@]}" > "$mod_req" + LC_ALL=C join -t $'\t' -j 1 $symvers "$mod_req" | LC_ALL=C sort -u \ + | awk 'BEGIN { FS = "[\t:]" ; OFS = "\t" } { print "kernel(" $1 ") = " $2 }' + + # Symbols from elsewhere get a "ksym" dependency + LC_ALL=C join -t $'\t' -j 1 -v 2 $symvers "$mod_req" | LC_ALL=C sort -u \ + | awk 'BEGIN { FS = "[\t:]" ; OFS = "\t" } { print "ksym(" $1 ") = " $2 }' + + # Check kABI if the kernel-abi-stablelists package is installed + # Do this last so we can try to output this error at the end + kabi_check_symbols=($(LC_ALL=C join -t $'\t' -j 1 $symvers "$mod_req" | LC_ALL=C sort -u \ + | awk 'BEGIN { FS = "[\t:]" ; OFS = "\t" } { print $1 }')) + check_kabi "${kabi_check_symbols[@]}" +fi diff --git a/macros.kmp b/macros.kmp index 5207045..df7e41e 100644 --- a/macros.kmp +++ b/macros.kmp @@ -1,7 +1,8 @@ -# Use these macros to differentiate between RH and other KMP implementation(s). +# Use these macros to differentiate between __vendor and other KMP implementation(s). kernel_module_package_release 1 +__find_requires /usr/lib/rpm/__vendor/find-requires #kernel_module_package [ -n name ] [ -v version ] [ -r release ] -- 2.27.0