From 04b386c1c1da39e45822282c939e83cfb3b3cd28 Mon Sep 17 00:00:00 2001 From: Yang Yanchao Date: Thu, 24 Feb 2022 15:53:12 +0800 Subject: [PATCH 1/5] add package python3-kmod. sync the PR:https://gitee.com/src-openeuler/kmod/pulls/22/files Signed-off-by: Yang Yanchao (cherry picked from commit bcb7b0817275f09b1dd7c509e4fdd74fe8214558) --- kmod.spec | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/kmod.spec b/kmod.spec index 1dc3f80..a9a545c 100644 --- a/kmod.spec +++ b/kmod.spec @@ -1,6 +1,6 @@ Name: kmod Version: 29 -Release: 3 +Release: 4 Summary: Kernel module management # GPLv2+ is used by programs, LGPLv2+ is used for libraries. License: GPLv2+ and LGPLv2+ @@ -39,6 +39,15 @@ Requires: %{name} = %{version}-%{release} %{name}-libs The kmod-devel package provides header files used for loading or unloading kernel modules. +%package -n python3-kmod +Summary: Python3 bindings for kmod/libkmod. +BuildRequires: python3 python3-devel python3-Cython kmod-devel kmod-libs +Requires: python3 + +%description -n python3-kmod +python3-kmod is a Python3 wrapper module for libkmod, exposing common +module operations: listing installed modules, modprobe, and rmmod. + %package help Summary: Documents and man pages for the kmod Requires: man info @@ -51,11 +60,12 @@ developers to understand the kmod. %autosetup -n %{name}-%{version} -p1 %build -%configure --with-openssl --with-zlib --with-xz +%configure --with-openssl --with-zlib --with-xz --enable-python %make_build %install %make_install +rm -f %{buildroot}%{python3_sitearch}/kmod/*.la pushd $RPM_BUILD_ROOT/%{_mandir}/man5 ln -s modprobe.d.5.gz modprobe.conf.5.gz popd @@ -100,6 +110,9 @@ install -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d/dist.conf %{_libdir}/pkgconfig/libkmod.pc %{_libdir}/libkmod.so +%files -n python3-kmod +%{python3_sitearch}/kmod/ + %files help %attr(0644,root,root) %{_mandir}/man5/*.5* %attr(0644,root,root) %{_mandir}/man8/*.8* @@ -107,6 +120,9 @@ install -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d/dist.conf %doc TODO NEWS README %changelog +* Thu Feb 24 2022 Yang Yanchao - 29-4 +- add package python3-kmod. + * Fri Jan 7 2022 zhouwenpei - 29-3 - kmod-devel: add requires on kmod-libs -- Gitee From ad918f809fc13a60fea088d9b46dc0748159684d Mon Sep 17 00:00:00 2001 From: loong-C Date: Mon, 13 Jun 2022 09:15:51 +0000 Subject: [PATCH 2/5] =?UTF-8?q?fix=20bogus=20date=20in=20%changelog=20![?= =?UTF-8?q?=E8=BE=93=E5=85=A5=E5=9B=BE=E7=89=87=E8=AF=B4=E6=98=8E](https:/?= =?UTF-8?q?/images.gitee.com/uploads/images/2022/0613/171506=5F3da7f437=5F?= =?UTF-8?q?9884780.png=20"=E5=B1=8F=E5=B9=95=E6=88=AA=E5=9B=BE.png")?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- kmod.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kmod.spec b/kmod.spec index a9a545c..91c5838 100644 --- a/kmod.spec +++ b/kmod.spec @@ -167,7 +167,7 @@ install -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d/dist.conf - SUG:NA - DESC: update kmod to 27 -* Wed Feb 28 2020 Wang Shuo - 25-6 +* Wed Feb 26 2020 Wang Shuo - 25-6 - Type:enhancement - ID:NA - SUG:NA -- Gitee From b03fcdda4cc352f448ed7fc0eec0daf8a98962d5 Mon Sep 17 00:00:00 2001 From: Lai Hangliang Date: Fri, 23 Dec 2022 17:24:29 +0800 Subject: [PATCH 3/5] libkmod: do not crash on unknown signature algorithm commit: d5950b0b5e66a5ec1c21b638dec3974056aaabeb category: bugfix bugzilla:https://gitee.com/src-openeuler/kmod/issues CVE: NA Reference: https://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git/commit?id=d5950b0b5e66a5ec1c21b638dec3974056aaabeb -------------------------------- libkmod: do not crash on unknown signature algorithm Example kernel module: https://file-store.rosalinux.ru/download/7281f97e0c04c0f818ad3f936706f4a407e8dc7e (/lib/modules/5.15.67-generic-1rosa2021.1-x86_64/kernel/drivers/usb/host/xhci-pci.ko.zst) It is signed with Streebog 512. libkmod v30 crashed in libkmod-module.c:2413 in this code: n = kmod_module_info_append(list, "sig_hashalgo", strlen("sig_hashalgo"), sig_info.hash_algo, strlen(sig_info.hash_algo)); because strlen() got null. --- ...crash-on-unknown-signature-algorithm.patch | 40 +++++++++++++++++++ kmod.spec | 7 +++- 2 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 backport-libkmod-do-not-crash-on-unknown-signature-algorithm.patch diff --git a/backport-libkmod-do-not-crash-on-unknown-signature-algorithm.patch b/backport-libkmod-do-not-crash-on-unknown-signature-algorithm.patch new file mode 100644 index 0000000..78cc8a9 --- /dev/null +++ b/backport-libkmod-do-not-crash-on-unknown-signature-algorithm.patch @@ -0,0 +1,40 @@ +From d5950b0b5e66a5ec1c21b638dec3974056aaabeb Mon Sep 17 00:00:00 2001 +From: Mikhail Novosyolov +Date: Sun, 25 Sep 2022 17:46:08 +0300 +Subject: libkmod: do not crash on unknown signature algorithm + +Conflict:NA +Reference:https://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git/commit?id=d5950b0b5e66a5ec1c21b638dec3974056aaabeb + +Example kernel module: +https://file-store.rosalinux.ru/download/7281f97e0c04c0f818ad3f936706f4a407e8dc7e +(/lib/modules/5.15.67-generic-1rosa2021.1-x86_64/kernel/drivers/usb/host/xhci-pci.ko.zst) +It is signed with Streebog 512. + +libkmod v30 crashed in libkmod-module.c:2413 in this code: + +n = kmod_module_info_append(list, + "sig_hashalgo", strlen("sig_hashalgo"), + sig_info.hash_algo, strlen(sig_info.hash_algo)); + +because strlen() got null. +--- + libkmod/libkmod-signature.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c +index 4ae5af6..092f396 100644 +--- a/libkmod/libkmod-signature.c ++++ b/libkmod/libkmod-signature.c +@@ -278,6 +278,9 @@ static bool fill_pkcs7(const char *mem, off_t size, + X509_ALGOR_get0(&o, NULL, NULL, dig_alg); + + sig_info->hash_algo = pkey_hash_algo[obj_to_hash_algo(o)]; ++ // hash algo has not been recognized ++ if (sig_info->hash_algo == NULL) ++ goto err3; + sig_info->id_type = pkey_id_type[modsig->id_type]; + + pvt = malloc(sizeof(*pvt)); +-- +cgit diff --git a/kmod.spec b/kmod.spec index 91c5838..8c37d94 100644 --- a/kmod.spec +++ b/kmod.spec @@ -1,6 +1,6 @@ Name: kmod Version: 29 -Release: 4 +Release: 5 Summary: Kernel module management # GPLv2+ is used by programs, LGPLv2+ is used for libraries. License: GPLv2+ and LGPLv2+ @@ -14,6 +14,8 @@ Patch2: 0002-Module-replace-the-module-with-new-module.patch Patch3: 0003-Module-suspend-the-module-by-rmmod-r-option.patch Patch4: 0004-don-t-check-module-s-refcnt-when-rmmod-with-r.patch +Patch6000: backport-libkmod-do-not-crash-on-unknown-signature-algorithm.patch + BuildRequires: gcc chrpath zlib-devel xz-devel libxslt openssl-devel Provides: module-init-tools = 4.0-1 @@ -120,6 +122,9 @@ install -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d/dist.conf %doc TODO NEWS README %changelog +* Fri Dec 23 2022 Lai Hangliang - 29-5 +- libkmod: do not crash on unknown signature algorithm + * Thu Feb 24 2022 Yang Yanchao - 29-4 - add package python3-kmod. -- Gitee From c0ea9243a258dbf7eef4a8cd3554b1e295d15608 Mon Sep 17 00:00:00 2001 From: Lai Hangliang Date: Sun, 26 Mar 2023 16:21:58 +0800 Subject: [PATCH 4/5] libkmod: fix error out on unknown hash algorithm --- ...-error-out-on-unknown-hash-algorithm.patch | 45 +++++++++++++++++++ kmod.spec | 6 ++- 2 files changed, 50 insertions(+), 1 deletion(-) create mode 100644 backport-libkmod-error-out-on-unknown-hash-algorithm.patch diff --git a/backport-libkmod-error-out-on-unknown-hash-algorithm.patch b/backport-libkmod-error-out-on-unknown-hash-algorithm.patch new file mode 100644 index 0000000..a9903b2 --- /dev/null +++ b/backport-libkmod-error-out-on-unknown-hash-algorithm.patch @@ -0,0 +1,45 @@ +From b9605c63b859adfffc0b4b9420d720aa323b90e9 Mon Sep 17 00:00:00 2001 +From: Emil Velikov +Date: Mon, 6 Feb 2023 14:32:59 +0000 +Subject: [PATCH 2/9] libkmod: error out on unknown hash algorithm + +Currently if we see unknown algorithm, we'll do an OOB read in +pkey_hash_algo. This can happen for example if OPENSSL_NO_SM3 is set and +the kernel module uses a SM3 hash. + +Cc: Mikhail Novosyolov +Cc: Lucas De Marchi +Signed-off-by: Emil Velikov +Signed-off-by: Lucas De Marchi +Signed-off-by: Hangliang Lai +--- + libkmod/libkmod-signature.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c +index 092f396..b749a81 100644 +--- a/libkmod/libkmod-signature.c ++++ b/libkmod/libkmod-signature.c +@@ -219,6 +219,7 @@ static bool fill_pkcs7(const char *mem, off_t size, + unsigned char *key_id_str; + struct pkcs7_private *pvt; + const char *issuer_str; ++ int hash_algo; + + size -= sig_len; + pkcs7_raw = mem + size; +@@ -277,7 +278,10 @@ static bool fill_pkcs7(const char *mem, off_t size, + + X509_ALGOR_get0(&o, NULL, NULL, dig_alg); + +- sig_info->hash_algo = pkey_hash_algo[obj_to_hash_algo(o)]; ++ hash_algo = obj_to_hash_algo(o); ++ if (hash_algo < 0) ++ goto err3; ++ sig_info->hash_algo = pkey_hash_algo[hash_algo]; + // hash algo has not been recognized + if (sig_info->hash_algo == NULL) + goto err3; +-- +2.30.0 + diff --git a/kmod.spec b/kmod.spec index 8c37d94..be4c2c7 100644 --- a/kmod.spec +++ b/kmod.spec @@ -1,6 +1,6 @@ Name: kmod Version: 29 -Release: 5 +Release: 6 Summary: Kernel module management # GPLv2+ is used by programs, LGPLv2+ is used for libraries. License: GPLv2+ and LGPLv2+ @@ -15,6 +15,7 @@ Patch3: 0003-Module-suspend-the-module-by-rmmod-r-option.patch Patch4: 0004-don-t-check-module-s-refcnt-when-rmmod-with-r.patch Patch6000: backport-libkmod-do-not-crash-on-unknown-signature-algorithm.patch +Patch6001: backport-libkmod-error-out-on-unknown-hash-algorithm.patch BuildRequires: gcc chrpath zlib-devel xz-devel libxslt openssl-devel @@ -122,6 +123,9 @@ install -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d/dist.conf %doc TODO NEWS README %changelog +* Sun Mar 26 2023 Lai Hangliang - 29-6 +- libkmod: fix error out on unknown hash algorithm + * Fri Dec 23 2022 Lai Hangliang - 29-5 - libkmod: do not crash on unknown signature algorithm -- Gitee From 7c8ec5db01906541184303246849adc2ee7f9dc6 Mon Sep 17 00:00:00 2001 From: fangchuang Date: Mon, 17 Apr 2023 22:34:25 +0800 Subject: [PATCH 5/5] backport patches to fix NULL-termination of new_argv and set builtin to no --- ...tin-to-no-when-module-is-created-fro.patch | 61 +++++++++++++++++++ ...fix-the-NULL-termination-of-new_argv.patch | 35 +++++++++++ kmod.spec | 8 ++- 3 files changed, 103 insertions(+), 1 deletion(-) create mode 100644 backport-libkmod-Set-builtin-to-no-when-module-is-created-fro.patch create mode 100644 backport-modprobe-fix-the-NULL-termination-of-new_argv.patch diff --git a/backport-libkmod-Set-builtin-to-no-when-module-is-created-fro.patch b/backport-libkmod-Set-builtin-to-no-when-module-is-created-fro.patch new file mode 100644 index 0000000..e6a6779 --- /dev/null +++ b/backport-libkmod-Set-builtin-to-no-when-module-is-created-fro.patch @@ -0,0 +1,61 @@ +From 4e391ac92d1b9a2c8c0e9d8735d2913ee86c0ad8 Mon Sep 17 00:00:00 2001 +From: Michal Suchanek +Date: Wed, 18 Aug 2021 22:52:00 +0200 +Subject: [PATCH] libkmod: Set builtin to no when module is created from path. + +Conflict:NA +Reference:https://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git/commit?id=4e391ac92d1b9a2c8c0e9d8735d2913ee86c0ad8 + +A recent bug report showed that modinfo doesn't give the signature +information for certain modules, and it turned out to happen only on +the modules that are built-in on the running kernel; then modinfo +skips the signature check, as if the target module file never exists. +The behavior is, however, inconsistent when modinfo is performed for +external modules (no matter which kernel version is) and the module +file path is explicitly given by a command-line argument, which +guarantees the presence of the module file itself. + +Fixes: e7e2cb61fa9f ("modinfo: Show information about built-in modules") +Link: https://lore.kernel.org/linux-modules/CAKi4VAJVvY3=JdSZm-GD1hJqyCPYaYz-jBJ_REeY5BakVb6_ww@mail.gmail.com/ +BugLink: https://bugzilla.opensuse.org/show_bug.cgi?id=1189537 +Suggested-by: Lucas De Marchi +Signed-off-by: Michal Suchanek +Reviewed-by: Petr Vorel +--- + libkmod/libkmod-module.c | 17 +++++++++-------- + 1 file changed, 9 insertions(+), 8 deletions(-) + +diff --git a/libkmod/libkmod-module.c b/libkmod/libkmod-module.c +index 6e0ff1a..6f7747c 100644 +--- a/libkmod/libkmod-module.c ++++ b/libkmod/libkmod-module.c +@@ -431,17 +431,18 @@ KMOD_EXPORT int kmod_module_new_from_path(struct kmod_ctx *ctx, + return -EEXIST; + } + +- *mod = kmod_module_ref(m); +- return 0; +- } ++ kmod_module_ref(m); ++ } else { ++ err = kmod_module_new(ctx, name, name, namelen, NULL, 0, &m); ++ if (err < 0) { ++ free(abspath); ++ return err; ++ } + +- err = kmod_module_new(ctx, name, name, namelen, NULL, 0, &m); +- if (err < 0) { +- free(abspath); +- return err; ++ m->path = abspath; + } + +- m->path = abspath; ++ m->builtin = KMOD_MODULE_BUILTIN_NO; + *mod = m; + + return 0; +-- +2.33.0 + diff --git a/backport-modprobe-fix-the-NULL-termination-of-new_argv.patch b/backport-modprobe-fix-the-NULL-termination-of-new_argv.patch new file mode 100644 index 0000000..119364f --- /dev/null +++ b/backport-modprobe-fix-the-NULL-termination-of-new_argv.patch @@ -0,0 +1,35 @@ +From 757b3599236c0fee9e2bb0770eb6b7c84a271276 Mon Sep 17 00:00:00 2001 +From: Masahiro Yamada +Date: Thu, 10 Feb 2022 11:14:22 +0900 +Subject: [PATCH] modprobe: fix the NULL-termination of new_argv + +Conflict:NA +Reference:https://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git/commit?id=757b3599236c0fee9e2bb0770eb6b7c84a271276 + +The number of new arguments is (i + argc - 1) as it is set to *p_argc +one line below. + +The correct location of NULL termination is new_argv[i + argc - 1]. + +Signed-off-by: Masahiro Yamada +Signed-off-by: Lucas De Marchi +--- + tools/modprobe.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/modprobe.c b/tools/modprobe.c +index eed951f..48b1c8c 100644 +--- a/tools/modprobe.c ++++ b/tools/modprobe.c +@@ -744,7 +744,7 @@ static char **prepend_options_from_env(int *p_argc, char **orig_argv) + } + + memcpy(new_argv + i, orig_argv + 1, sizeof(char *) * (argc - 1)); +- new_argv[i + argc] = NULL; ++ new_argv[i + argc - 1] = NULL; + *p_argc = i + argc - 1; + + return new_argv; +-- +2.33.0 + diff --git a/kmod.spec b/kmod.spec index be4c2c7..5c90bc9 100644 --- a/kmod.spec +++ b/kmod.spec @@ -1,6 +1,6 @@ Name: kmod Version: 29 -Release: 6 +Release: 7 Summary: Kernel module management # GPLv2+ is used by programs, LGPLv2+ is used for libraries. License: GPLv2+ and LGPLv2+ @@ -16,6 +16,8 @@ Patch4: 0004-don-t-check-module-s-refcnt-when-rmmod-with-r.patch Patch6000: backport-libkmod-do-not-crash-on-unknown-signature-algorithm.patch Patch6001: backport-libkmod-error-out-on-unknown-hash-algorithm.patch +Patch6002: backport-libkmod-Set-builtin-to-no-when-module-is-created-fro.patch +Patch6003: backport-modprobe-fix-the-NULL-termination-of-new_argv.patch BuildRequires: gcc chrpath zlib-devel xz-devel libxslt openssl-devel @@ -123,6 +125,10 @@ install -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d/dist.conf %doc TODO NEWS README %changelog +* Mon Apr 17 2023 Fang Chuangchuang - 29-7 +- libkmod: Set builtin to no when module is created from path. + modprobe: fix the NULL-termination of new_argv + * Sun Mar 26 2023 Lai Hangliang - 29-6 - libkmod: fix error out on unknown hash algorithm -- Gitee