!92 [sync] PR-90: backport patches to fix bug

From: @openeuler-sync-bot 
Reviewed-by: @liqingqing_1229 
Signed-off-by: @liqingqing_1229

backport-libkmod-Set-builtin-to-no-when-module-is-created-fro.patch

@@ -0,0 +1,61 @@
+From 4e391ac92d1b9a2c8c0e9d8735d2913ee86c0ad8 Mon Sep 17 00:00:00 2001
+From: Michal Suchanek <msuchanek@suse.de>
+Date: Wed, 18 Aug 2021 22:52:00 +0200
+Subject: [PATCH] libkmod: Set builtin to no when module is created from path.
+
+Conflict:NA
+Reference:https://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git/commit?id=4e391ac92d1b9a2c8c0e9d8735d2913ee86c0ad8
+
+A recent bug report showed that modinfo doesn't give the signature
+information for certain modules, and it turned out to happen only on
+the modules that are built-in on the running kernel; then modinfo
+skips the signature check, as if the target module file never exists.
+The behavior is, however, inconsistent when modinfo is performed for
+external modules (no matter which kernel version is) and the module
+file path is explicitly given by a command-line argument, which
+guarantees the presence of the module file itself.
+
+Fixes: e7e2cb61fa9f ("modinfo: Show information about built-in modules")
+Link: https://lore.kernel.org/linux-modules/CAKi4VAJVvY3=JdSZm-GD1hJqyCPYaYz-jBJ_REeY5BakVb6_ww@mail.gmail.com/
+BugLink: https://bugzilla.opensuse.org/show_bug.cgi?id=1189537
+Suggested-by: Lucas De Marchi <lucas.de.marchi@gmail.com>
+Signed-off-by: Michal Suchanek <msuchanek@suse.de>
+Reviewed-by: Petr Vorel <pvorel@suse.cz>
+---
+ libkmod/libkmod-module.c | 17 +++++++++--------
+ 1 file changed, 9 insertions(+), 8 deletions(-)
+
+diff --git a/libkmod/libkmod-module.c b/libkmod/libkmod-module.c
+index 6e0ff1a..6f7747c 100644
+--- a/libkmod/libkmod-module.c
++++ b/libkmod/libkmod-module.c
+@@ -431,17 +431,18 @@ KMOD_EXPORT int kmod_module_new_from_path(struct kmod_ctx *ctx,
+ 			return -EEXIST;
+ 		}
+ 
+-		*mod = kmod_module_ref(m);
+-		return 0;
+-	}
++		kmod_module_ref(m);
++	} else {
++		err = kmod_module_new(ctx, name, name, namelen, NULL, 0, &m);
++		if (err < 0) {
++			free(abspath);
++			return err;
++		}
+ 
+-	err = kmod_module_new(ctx, name, name, namelen, NULL, 0, &m);
+-	if (err < 0) {
+-		free(abspath);
+-		return err;
++		m->path = abspath;
+ 	}
+ 
+-	m->path = abspath;
++	m->builtin = KMOD_MODULE_BUILTIN_NO;
+ 	*mod = m;
+ 
+ 	return 0;
+-- 
+2.33.0
+

backport-libkmod-Support-SM3-hash-algorithm.patch

@@ -0,0 +1,48 @@
+From f609cb5185acb0955d66795cb297e9fe9d83405a Mon Sep 17 00:00:00 2001
+From: HuaxinLu <luhuaxin1@huawei.com>
+Date: Thu, 30 Jun 2022 14:36:05 +0800
+Subject: [PATCH] libkmod: Support SM3 hash algorithm
+
+SM3 has been supported in kernel and cryptographic libraries like openssl.
+This patch adds support for the SM3 algorithm of kmod.
+
+Signed-off-by: HuaxinLu <luhuaxin1@huawei.com>
+Signed-off-by: HuaxinLu <luhuaxin1@huawei.com>
+---
+ libkmod/libkmod-signature.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c
+index 4e8748c..4ae5af6 100644
+--- a/libkmod/libkmod-signature.c
++++ b/libkmod/libkmod-signature.c
+@@ -56,6 +56,7 @@ enum pkey_hash_algo {
+ 	PKEY_HASH_SHA384,
+ 	PKEY_HASH_SHA512,
+ 	PKEY_HASH_SHA224,
++	PKEY_HASH_SM3,
+ 	PKEY_HASH__LAST
+ };
+ 
+@@ -68,6 +69,7 @@ const char *const pkey_hash_algo[PKEY_HASH__LAST] = {
+ 	[PKEY_HASH_SHA384]	= "sha384",
+ 	[PKEY_HASH_SHA512]	= "sha512",
+ 	[PKEY_HASH_SHA224]	= "sha224",
++	[PKEY_HASH_SM3]		= "sm3",
+ };
+ 
+ enum pkey_id_type {
+@@ -161,6 +163,10 @@ static int obj_to_hash_algo(const ASN1_OBJECT *o)
+ 		return PKEY_HASH_SHA512;
+ 	case NID_sha224:
+ 		return PKEY_HASH_SHA224;
++# ifndef OPENSSL_NO_SM3
++	case NID_sm3:
++		return PKEY_HASH_SM3;
++# endif
+ 	default:
+ 		return -1;
+ 	}
+-- 
+2.33.0
+

backport-libkmod-do-not-crash-on-unknown-signature-algorithm.patch

@@ -0,0 +1,40 @@
+From d5950b0b5e66a5ec1c21b638dec3974056aaabeb Mon Sep 17 00:00:00 2001
+From: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
+Date: Sun, 25 Sep 2022 17:46:08 +0300
+Subject: libkmod: do not crash on unknown signature algorithm
+
+Conflict:NA
+Reference:https://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git/commit?id=d5950b0b5e66a5ec1c21b638dec3974056aaabeb
+
+Example kernel module:
+https://file-store.rosalinux.ru/download/7281f97e0c04c0f818ad3f936706f4a407e8dc7e
+(/lib/modules/5.15.67-generic-1rosa2021.1-x86_64/kernel/drivers/usb/host/xhci-pci.ko.zst)
+It is signed with Streebog 512.
+
+libkmod v30 crashed in libkmod-module.c:2413 in this code:
+
+n = kmod_module_info_append(list,
+	"sig_hashalgo", strlen("sig_hashalgo"),
+	sig_info.hash_algo, strlen(sig_info.hash_algo));
+
+because strlen() got null.
+---
+ libkmod/libkmod-signature.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c
+index 4ae5af6..092f396 100644
+--- a/libkmod/libkmod-signature.c
++++ b/libkmod/libkmod-signature.c
+@@ -278,6 +278,9 @@ static bool fill_pkcs7(const char *mem, off_t size,
+ 	X509_ALGOR_get0(&o, NULL, NULL, dig_alg);
+ 
+ 	sig_info->hash_algo = pkey_hash_algo[obj_to_hash_algo(o)];
++	// hash algo has not been recognized
++	if (sig_info->hash_algo == NULL)
++		goto err3;
+ 	sig_info->id_type = pkey_id_type[modsig->id_type];
+ 
+ 	pvt = malloc(sizeof(*pvt));
+-- 
+cgit 

backport-libkmod-error-out-on-unknown-hash-algorithm.patch

@@ -0,0 +1,45 @@
+From b9605c63b859adfffc0b4b9420d720aa323b90e9 Mon Sep 17 00:00:00 2001
+From: Emil Velikov <emil.velikov@collabora.com>
+Date: Mon, 6 Feb 2023 14:32:59 +0000
+Subject: [PATCH 2/9] libkmod: error out on unknown hash algorithm
+
+Currently if we see unknown algorithm, we'll do an OOB read in
+pkey_hash_algo. This can happen for example if OPENSSL_NO_SM3 is set and
+the kernel module uses a SM3 hash.
+
+Cc: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
+Cc: Lucas De Marchi <lucas.demarchi@intel.com>
+Signed-off-by: Emil Velikov <emil.velikov@collabora.com>
+Signed-off-by: Lucas De Marchi <lucas.de.marchi@gmail.com>
+Signed-off-by: Hangliang Lai <laihangliang1@huawei.com>
+---
+ libkmod/libkmod-signature.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c
+index 092f396..b749a81 100644
+--- a/libkmod/libkmod-signature.c
++++ b/libkmod/libkmod-signature.c
+@@ -219,6 +219,7 @@ static bool fill_pkcs7(const char *mem, off_t size,
+ 	unsigned char *key_id_str;
+ 	struct pkcs7_private *pvt;
+ 	const char *issuer_str;
++	int hash_algo;
+ 
+ 	size -= sig_len;
+ 	pkcs7_raw = mem + size;
+@@ -277,7 +278,10 @@ static bool fill_pkcs7(const char *mem, off_t size,
+ 
+ 	X509_ALGOR_get0(&o, NULL, NULL, dig_alg);
+ 
+-	sig_info->hash_algo = pkey_hash_algo[obj_to_hash_algo(o)];
++	hash_algo = obj_to_hash_algo(o);
++	if (hash_algo < 0)
++		goto err3;
++	sig_info->hash_algo = pkey_hash_algo[hash_algo];
+ 	// hash algo has not been recognized
+ 	if (sig_info->hash_algo == NULL)
+ 		goto err3;
+-- 
+2.30.0
+

backport-libkmod-fix-possible-out-of-bounds-memory-access.patch

@@ -0,0 +1,41 @@
+From badacf76e46b3602bc0e99ffc677ccbe53691f62 Mon Sep 17 00:00:00 2001
+From: Dmitry Antipov <dmantipov@yandex.ru>
+Date: Fri, 19 May 2023 10:46:38 +0300
+Subject: [PATCH] libkmod: fix possible out-of-bounds memory access
+
+An attempt to pass too long module name to, say, rmmod, may
+cause an out-of-bounds memory access (as repoted by UBSan):
+
+$ rmmod $(for i in $(seq 0 4200); do echo -ne x; done)
+libkmod/libkmod-module.c:1828:8: runtime error: index 4107 out of bounds for type 'char [4096]'
+
+This is because 'snprintf(path, sizeof(path), ...)' may return the
+value which exceeds 'sizeof(path)' (which happens when an output
+gets truncated). To play it safe, such a suspicious output is
+better to be rejected explicitly.
+
+Reviewed-by: Christophe Leroy <christophe.leroy@csgroup.eu>
+Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
+Link: https://lore.kernel.org/r/20230519074638.402045-1-dmantipov@yandex.ru
+---
+ libkmod/libkmod-module.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/libkmod/libkmod-module.c b/libkmod/libkmod-module.c
+index 1da64b3..7736b7e 100644
+--- a/libkmod/libkmod-module.c
++++ b/libkmod/libkmod-module.c
+@@ -1810,6 +1810,10 @@ KMOD_EXPORT int kmod_module_get_initstate(const struct kmod_module *mod)
+ 
+ 	pathlen = snprintf(path, sizeof(path),
+ 				"/sys/module/%s/initstate", mod->name);
++	if (pathlen >= (int)sizeof(path)) {
++		/* Too long path was truncated */
++		return -ENAMETOOLONG;
++	}
+ 	fd = open(path, O_RDONLY|O_CLOEXEC);
+ 	if (fd < 0) {
+ 		err = -errno;
+-- 
+2.27.0
+

backport-modprobe-fix-the-NULL-termination-of-new_argv.patch

@@ -0,0 +1,35 @@
+From 757b3599236c0fee9e2bb0770eb6b7c84a271276 Mon Sep 17 00:00:00 2001
+From: Masahiro Yamada <masahiroy@kernel.org>
+Date: Thu, 10 Feb 2022 11:14:22 +0900
+Subject: [PATCH] modprobe: fix the NULL-termination of new_argv
+
+Conflict:NA
+Reference:https://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git/commit?id=757b3599236c0fee9e2bb0770eb6b7c84a271276
+
+The number of new arguments is (i + argc - 1) as it is set to *p_argc
+one line below.
+
+The correct location of NULL termination is new_argv[i + argc - 1].
+
+Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
+Signed-off-by: Lucas De Marchi <lucas.demarchi@intel.com>
+---
+ tools/modprobe.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tools/modprobe.c b/tools/modprobe.c
+index eed951f..48b1c8c 100644
+--- a/tools/modprobe.c
++++ b/tools/modprobe.c
+@@ -744,7 +744,7 @@ static char **prepend_options_from_env(int *p_argc, char **orig_argv)
+ 	}
+ 
+ 	memcpy(new_argv + i, orig_argv + 1, sizeof(char *) * (argc - 1));
+-	new_argv[i + argc] = NULL;
++	new_argv[i + argc - 1] = NULL;
+ 	*p_argc = i + argc - 1;
+ 
+ 	return new_argv;
+-- 
+2.33.0
+

backport-shared-avoid-passing-NULL-0-array-to-bsearch.patch

@@ -0,0 +1,46 @@
+From 9c262fdb1c798fd87d91e8c669acbec4d632024b Mon Sep 17 00:00:00 2001
+From: Dmitry Antipov <dmantipov@yandex.ru>
+Date: Fri, 19 May 2023 10:41:08 +0300
+Subject: [PATCH] shared: avoid passing {NULL, 0} array to bsearch()
+
+Fix the following warning reported by UBSan (as of gcc-13.1.1):
+
+shared/hash.c:244:35: runtime error: null pointer passed as
+argument 2, which is declared to never be null
+
+Reviewed-by: Christophe Leroy <christophe.leroy@csgroup.eu>
+Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
+[ reshuffle the code to use return-early style ]
+Signed-off-by: Lucas De Marchi <lucas.de.marchi@gmail.com>
+---
+ shared/hash.c | 13 ++++++++-----
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/shared/hash.c b/shared/hash.c
+index 7fe3f80..a87bc50 100644
+--- a/shared/hash.c
++++ b/shared/hash.c
+@@ -241,12 +241,15 @@ void *hash_find(const struct hash *hash, const char *key)
+ 		.key = key,
+ 		.value = NULL
+ 	};
+-	const struct hash_entry *entry = bsearch(
+-		&se, bucket->entries, bucket->used,
+-		sizeof(struct hash_entry), hash_entry_cmp);
+-	if (entry == NULL)
++	const struct hash_entry *entry;
++
++	if (!bucket->entries)
+ 		return NULL;
+-	return (void *)entry->value;
++
++	entry = bsearch(&se, bucket->entries, bucket->used,
++			sizeof(struct hash_entry), hash_entry_cmp);
++
++	return entry ? (void *)entry->value : NULL;
+ }
+ 
+ int hash_del(struct hash *hash, const char *key)
+-- 
+2.27.0
+

kmod.spec

@@ -1,6 +1,6 @@
 Name:           kmod
 Version:        29
-Release:        4
+Release:        8
 Summary:        Kernel module management
 # GPLv2+ is used by programs, LGPLv2+ is used for libraries.
 License:        GPLv2+ and LGPLv2+
@@ -13,6 +13,13 @@ Patch1:		0001-libkmod-module-check-new_from_name-return-value-in-g.patch
 Patch2:		0002-Module-replace-the-module-with-new-module.patch
 Patch3:		0003-Module-suspend-the-module-by-rmmod-r-option.patch
 Patch4: 	0004-don-t-check-module-s-refcnt-when-rmmod-with-r.patch
+Patch5:		backport-libkmod-Support-SM3-hash-algorithm.patch
+Patch6:		backport-libkmod-do-not-crash-on-unknown-signature-algorithm.patch
+Patch7:		backport-libkmod-error-out-on-unknown-hash-algorithm.patch
+Patch8:		backport-libkmod-Set-builtin-to-no-when-module-is-created-fro.patch
+Patch9:		backport-modprobe-fix-the-NULL-termination-of-new_argv.patch
+Patch10:	backport-shared-avoid-passing-NULL-0-array-to-bsearch.patch
+Patch11:	backport-libkmod-fix-possible-out-of-bounds-memory-access.patch
 
 BuildRequires:  gcc chrpath zlib-devel xz-devel libxslt openssl-devel
 
@@ -120,6 +127,20 @@ install -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d/dist.conf
 %doc TODO NEWS README
 
 %changelog
+* Thu Jul 6 2023 shixin <shixin21@huawei.com> - 29-8
+- libkmod: fix possible out-of-bounds memory access
+  shared: avoid passing {NULL, 0} array to bsearch()
+
+* Thu Apr 20 2023 Fang Chuangchuang <fangchuangchuang@huawei.com> - 29-7
+- libkmod: Set builtin to no when module is created from path.
+  modprobe: fix the NULL-termination of new_argv
+
+* Sun Mar 26 2023 Hangliang Lai <laihangliang1@huawei.com> - 29-6
+- fix crash and OOB on unknown hash signature algorithm.
+
+* Fri Nov 18 2022 luhuaxin <luhuaxin1@huawei.com> - 29-5
+- add support for sm3 hash algorithm.
+
 * Thu Feb 24 2022 Yang Yanchao <yangyanchao6@huawei.com> - 29-4
 - add package python3-kmod.
 
@@ -167,7 +188,7 @@ install -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d/dist.conf
 - SUG:NA
 - DESC: update kmod to 27
 
-* Wed Feb 28 2020 Wang Shuo<wangshuo47@huawei.com> - 25-6
+* Wed Feb 26 2020 Wang Shuo<wangshuo47@huawei.com> - 25-6
 - Type:enhancement
 - ID:NA
 - SUG:NA