From 212df9371cdd342b60ddc788533abdcdee5726f8 Mon Sep 17 00:00:00 2001
From: Jing Zhang <renyu.zj@linux.alibaba.com>
Date: Mon, 26 Dec 2022 13:54:42 +0800
Subject: [PATCH] repair read of uninitialized memory and fix crash bugs etc.

Signed-off-by: Jing Zhang <renyu.zj@linux.alibaba.com>
---
 ...-repair-read-of-uninitialized-memory.patch | 31 +++++++++
 ...building-running-tests-from-a-subdir.patch | 30 +++++++++
 ...erride-of-stat-on-32-bit-architectur.patch | 66 +++++++++++++++++++
 ...crash-on-unknown-signature-algorithm.patch | 38 +++++++++++
 kmod.spec                                     | 13 +++-
 5 files changed, 176 insertions(+), 2 deletions(-)
 create mode 100644 0001-testsuite-repair-read-of-uninitialized-memory.patch
 create mode 100644 0002-build-enable-building-running-tests-from-a-subdir.patch
 create mode 100644 0003-testsuite-fix-override-of-stat-on-32-bit-architectur.patch
 create mode 100644 0004-libkmod-do-not-crash-on-unknown-signature-algorithm.patch

diff --git a/0001-testsuite-repair-read-of-uninitialized-memory.patch b/0001-testsuite-repair-read-of-uninitialized-memory.patch
new file mode 100644
index 0000000..11a1fcb
--- /dev/null
+++ b/0001-testsuite-repair-read-of-uninitialized-memory.patch
@@ -0,0 +1,31 @@
+From 16c086f48c2270ad6412ad7226df53079f825270 Mon Sep 17 00:00:00 2001
+From: Jan Engelhardt <jengelh@inai.de>
+Date: Thu, 30 Jun 2022 18:47:25 +0200
+Subject: [PATCH 1/6] testsuite: repair read of uninitialized memory
+
+Function ``test_backoff_time`` does not initialize ``delta``, and
+``get_backoff_delta_msec`` then performs a read from uninitialized
+memory with the ``!*delta`` expression.
+
+Signed-off-by: Jan Engelhardt <jengelh@inai.de>
+Signed-off-by: Lucas De Marchi <lucas.de.marchi@gmail.com>
+---
+ testsuite/test-util.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/testsuite/test-util.c b/testsuite/test-util.c
+index fb8c9ef..5766584 100644
+--- a/testsuite/test-util.c
++++ b/testsuite/test-util.c
+@@ -231,7 +231,7 @@ DEFINE_TEST(test_addu64_overflow,
+ 
+ static int test_backoff_time(const struct test *t)
+ {
+-	unsigned long long delta;
++	unsigned long long delta = 0;
+ 
+ 	/* Check exponential increments */
+ 	get_backoff_delta_msec(now_msec(), now_msec() + 10, &delta);
+-- 
+2.27.0
+
diff --git a/0002-build-enable-building-running-tests-from-a-subdir.patch b/0002-build-enable-building-running-tests-from-a-subdir.patch
new file mode 100644
index 0000000..80f2654
--- /dev/null
+++ b/0002-build-enable-building-running-tests-from-a-subdir.patch
@@ -0,0 +1,30 @@
+From 09ad8605520c87e799cb89e2bcdf2f36e21f77ba Mon Sep 17 00:00:00 2001
+From: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
+Date: Thu, 24 Jun 2021 14:53:56 +0100
+Subject: [PATCH 2/6] build: enable building & running tests from a subdir
+
+During dpkg build, in a subdir, it is currently not possible to run
+tests. Building testsuite/modules due to non-existance of the
+testsuite directory under the build dir. Thus create it, when it is
+not there.
+
+Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
+---
+ Makefile.am | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/Makefile.am b/Makefile.am
+index 0e48770..b0a654c 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -255,6 +255,7 @@ CREATE_ROOTFS = $(AM_V_GEN) ( $(RM) -rf $(ROOTFS) && mkdir -p $(dir $(ROOTFS)) &
+ build-module-playground:
+ 	$(AM_V_GEN)if test "$(top_srcdir)" != "$(top_builddir)"; then \
+ 		$(RM) -rf testsuite/module-playground && \
++		mkdir -p testsuite/ && \
+ 		cp -r $(top_srcdir)/$(MODULE_PLAYGROUND) $(top_builddir)/$(MODULE_PLAYGROUND) && \
+ 		find $(top_builddir)/$(MODULE_PLAYGROUND) -type d -exec chmod +w {} \; ; \
+ 		fi
+-- 
+2.27.0
+
diff --git a/0003-testsuite-fix-override-of-stat-on-32-bit-architectur.patch b/0003-testsuite-fix-override-of-stat-on-32-bit-architectur.patch
new file mode 100644
index 0000000..982377f
--- /dev/null
+++ b/0003-testsuite-fix-override-of-stat-on-32-bit-architectur.patch
@@ -0,0 +1,66 @@
+From b4d281f962be74adfbae9d7bead6a7352033342c Mon Sep 17 00:00:00 2001
+From: Julien Cristau <jcristau@debian.org>
+Date: Mon, 5 Sep 2022 10:32:12 +0200
+Subject: [PATCH 4/6] testsuite: fix override of `stat` on 32-bit architectures
+
+When _FILE_OFFSET_BITS is 64, glibc headers turn `stat` calls into
+`stat64`, and our `stat` override into a `stat64` function.  However,
+because we use dlsym to get the address of libc's `stat`, we end up
+calling into the "real" `stat` function, which deals with 32-bit off_t,
+and we treat its result as if it were returned from stat64.  On most
+architectures this seems to have been harmless, but on 32-bit mips,
+st_mode's offset in struct stat and struct stat64 are different, so we
+read garbage.
+
+To fix this, explicitly unset _FILE_OFFSET_BITS in path.c, to turn off
+the redirect magic in glibc headers, and override both the 32-bit and
+64-bit functions so each call ends up wrapping the right libc function.
+
+Fixes #16 (https://github.com/kmod-project/kmod/issues/16)
+---
+ testsuite/path.c | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/testsuite/path.c b/testsuite/path.c
+index fa5fceb..964d33e 100644
+--- a/testsuite/path.c
++++ b/testsuite/path.c
+@@ -15,6 +15,10 @@
+  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+  */
+ 
++/* We unset _FILE_OFFSET_BITS here so we can override both stat and stat64 on
++ * 32-bit architectures and forward each to the right libc function */
++#undef _FILE_OFFSET_BITS
++
+ #include <assert.h>
+ #include <dirent.h>
+ #include <dlfcn.h>
+@@ -183,23 +187,20 @@ TS_EXPORT int prefix ## stat ## suffix (int ver,	    \
+ WRAP_1ARG(DIR*, NULL, opendir);
+ 
+ WRAP_2ARGS(FILE*, NULL, fopen, const char*);
++WRAP_2ARGS(FILE*, NULL, fopen64, const char*);
+ WRAP_2ARGS(int, -1, mkdir, mode_t);
+ WRAP_2ARGS(int, -1, access, int);
+ WRAP_2ARGS(int, -1, stat, struct stat*);
+ WRAP_2ARGS(int, -1, lstat, struct stat*);
+-#ifndef _FILE_OFFSET_BITS
+ WRAP_2ARGS(int, -1, stat64, struct stat64*);
+ WRAP_2ARGS(int, -1, lstat64, struct stat64*);
+ WRAP_OPEN(64);
+-#endif
+ 
+ WRAP_OPEN();
+ 
+ #ifdef HAVE___XSTAT
+ WRAP_VERSTAT(__x,);
+ WRAP_VERSTAT(__lx,);
+-#ifndef _FILE_OFFSET_BITS
+ WRAP_VERSTAT(__x,64);
+ WRAP_VERSTAT(__lx,64);
+ #endif
+-#endif
+-- 
+2.27.0
+
diff --git a/0004-libkmod-do-not-crash-on-unknown-signature-algorithm.patch b/0004-libkmod-do-not-crash-on-unknown-signature-algorithm.patch
new file mode 100644
index 0000000..1b539ef
--- /dev/null
+++ b/0004-libkmod-do-not-crash-on-unknown-signature-algorithm.patch
@@ -0,0 +1,38 @@
+From d5950b0b5e66a5ec1c21b638dec3974056aaabeb Mon Sep 17 00:00:00 2001
+From: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
+Date: Sun, 25 Sep 2022 17:46:08 +0300
+Subject: [PATCH 5/6] libkmod: do not crash on unknown signature algorithm
+
+Example kernel module:
+https://file-store.rosalinux.ru/download/7281f97e0c04c0f818ad3f936706f4a407e8dc7e
+(/lib/modules/5.15.67-generic-1rosa2021.1-x86_64/kernel/drivers/usb/host/xhci-pci.ko.zst)
+It is signed with Streebog 512.
+
+libkmod v30 crashed in libkmod-module.c:2413 in this code:
+
+n = kmod_module_info_append(list,
+	"sig_hashalgo", strlen("sig_hashalgo"),
+	sig_info.hash_algo, strlen(sig_info.hash_algo));
+
+because strlen() got null.
+---
+ libkmod/libkmod-signature.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c
+index 4ae5af6..092f396 100644
+--- a/libkmod/libkmod-signature.c
++++ b/libkmod/libkmod-signature.c
+@@ -278,6 +278,9 @@ static bool fill_pkcs7(const char *mem, off_t size,
+ 	X509_ALGOR_get0(&o, NULL, NULL, dig_alg);
+ 
+ 	sig_info->hash_algo = pkey_hash_algo[obj_to_hash_algo(o)];
++	// hash algo has not been recognized
++	if (sig_info->hash_algo == NULL)
++		goto err3;
+ 	sig_info->id_type = pkey_id_type[modsig->id_type];
+ 
+ 	pvt = malloc(sizeof(*pvt));
+-- 
+2.27.0
+
diff --git a/kmod.spec b/kmod.spec
index b32fd68..c8bd5a4 100644
--- a/kmod.spec
+++ b/kmod.spec
@@ -1,4 +1,4 @@
-%define anolis_release 2
+%define anolis_release 3
 %bcond_with weak_modules
 %bcond_with dist_conf
 
@@ -14,6 +14,12 @@ Source1:	weak-modules
 Source2:	depmod.conf.dist
 Exclusiveos:	Linux
 
+# Upstream patches
+Patch1: 0001-testsuite-repair-read-of-uninitialized-memory.patch
+Patch2: 0002-build-enable-building-running-tests-from-a-subdir.patch
+Patch3: 0003-testsuite-fix-override-of-stat-on-32-bit-architectur.patch
+Patch4: 0004-libkmod-do-not-crash-on-unknown-signature-algorithm.patch
+
 BuildRequires:  gcc
 BuildRequires:	chrpath
 BuildRequires:	zlib-devel
@@ -60,7 +66,7 @@ The kmod-devel package provides header files used for development of
 applications that wish to load or unload Linux kernel modules.
 
 %prep
-%autosetup -p1
+%autosetup -n %{name}-%{version} -p1
 
 %build
 
@@ -142,6 +148,9 @@ install -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d/dist.conf
 %{_libdir}/libkmod.so
 
 %changelog
+* Mon Dec 26 2022 Jing Zhang <renyu.zj@linux.alibaba.com> - 30-3
+- repair read of uninitialized memory and fix crash bugs etc.
+
 * Tue Oct 25 2022 mgb01105731 <mgb01105731@alibaba-inc.com> - 30-2
 - optimise spec file
 
-- 
Gitee