diff options
author | Chen Qi <Qi.Chen@windriver.com> | 2015-10-28 10:30:09 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2015-11-16 11:39:30 +0000 |
commit | 42a5378647bc43c966594b766270059ce32637eb (patch) | |
tree | 02b275d1b71fc1c97266bdc8a063098204304689 | |
parent | 77e324609231974f18ddbb58988e96c72aa0f119 (diff) | |
download | poky-42a5378647bc43c966594b766270059ce32637eb.tar.gz |
nfs-utils/statd: fix a segfault
Fix the segfault by separating the socket used in statd from the sockets
of RPC core.
(From OE-Core rev: 1f2ef653f5fb0b46daa17e08485468cc235cfbcc)
Signed-off-by: Shan Hai <shan.hai@windriver.com>
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-connectivity/nfs-utils/nfs-utils/0001-nfs-utils-statd-fix-a-segfault-caused-by-improper-us.patch | 113 | ||||
-rw-r--r-- | meta/recipes-connectivity/nfs-utils/nfs-utils_1.3.1.bb | 1 |
2 files changed, 114 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-nfs-utils-statd-fix-a-segfault-caused-by-improper-us.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-nfs-utils-statd-fix-a-segfault-caused-by-improper-us.patch new file mode 100644 index 0000000000..de0b045c8c --- /dev/null +++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-nfs-utils-statd-fix-a-segfault-caused-by-improper-us.patch | |||
@@ -0,0 +1,113 @@ | |||
1 | Upstream-Status: Pending | ||
2 | |||
3 | Subject: nfs-utils/statd: fix a segfault caused by improper usage of RPC interface | ||
4 | |||
5 | There is a hack which uses the bottom-level RPC improperly as below | ||
6 | in the current statd implementation: | ||
7 | insert a socket in the svc_fdset without a corresponding transport handle | ||
8 | and passes the socket to the svc_getreqset subroutine, this usage causes | ||
9 | a segfault of statd on a huge amount of sm-notifications. | ||
10 | |||
11 | Fix the issue by separating the non-RPC-server sock from RPC dispatcher. | ||
12 | |||
13 | Signed-off-by: Shan Hai <shan.hai@windriver.com> | ||
14 | Signed-off-by: Chen Qi <Qi.Chen@windriver.com> | ||
15 | --- | ||
16 | utils/statd/rmtcall.c | 1 - | ||
17 | utils/statd/statd.c | 5 +++-- | ||
18 | utils/statd/statd.h | 2 +- | ||
19 | utils/statd/svc_run.c | 8 ++++++-- | ||
20 | 4 files changed, 10 insertions(+), 6 deletions(-) | ||
21 | |||
22 | diff --git a/utils/statd/rmtcall.c b/utils/statd/rmtcall.c | ||
23 | index fd576d9..cde091b 100644 | ||
24 | --- a/utils/statd/rmtcall.c | ||
25 | +++ b/utils/statd/rmtcall.c | ||
26 | @@ -104,7 +104,6 @@ statd_get_socket(void) | ||
27 | if (sockfd < 0) | ||
28 | return -1; | ||
29 | |||
30 | - FD_SET(sockfd, &SVC_FDSET); | ||
31 | return sockfd; | ||
32 | } | ||
33 | |||
34 | diff --git a/utils/statd/statd.c b/utils/statd/statd.c | ||
35 | index 51a016e..e21a259 100644 | ||
36 | --- a/utils/statd/statd.c | ||
37 | +++ b/utils/statd/statd.c | ||
38 | @@ -247,6 +247,7 @@ int main (int argc, char **argv) | ||
39 | int port = 0, out_port = 0; | ||
40 | int nlm_udp = 0, nlm_tcp = 0; | ||
41 | struct rlimit rlim; | ||
42 | + int notify_sockfd; | ||
43 | |||
44 | int pipefds[2] = { -1, -1}; | ||
45 | char status; | ||
46 | @@ -473,7 +474,7 @@ int main (int argc, char **argv) | ||
47 | } | ||
48 | |||
49 | /* Make sure we have a privilege port for calling into the kernel */ | ||
50 | - if (statd_get_socket() < 0) | ||
51 | + if ((notify_sockfd = statd_get_socket()) < 0) | ||
52 | exit(1); | ||
53 | |||
54 | /* If sm-notify didn't take all the state files, load | ||
55 | @@ -528,7 +529,7 @@ int main (int argc, char **argv) | ||
56 | * Handle incoming requests: SM_NOTIFY socket requests, as | ||
57 | * well as callbacks from lockd. | ||
58 | */ | ||
59 | - my_svc_run(); /* I rolled my own, Olaf made it better... */ | ||
60 | + my_svc_run(notify_sockfd); /* I rolled my own, Olaf made it better... */ | ||
61 | |||
62 | /* Only get here when simulating a crash so we should probably | ||
63 | * start sm-notify running again. As we have already dropped | ||
64 | diff --git a/utils/statd/statd.h b/utils/statd/statd.h | ||
65 | index a1d8035..231ac7e 100644 | ||
66 | --- a/utils/statd/statd.h | ||
67 | +++ b/utils/statd/statd.h | ||
68 | @@ -28,7 +28,7 @@ extern _Bool statd_present_address(const struct sockaddr *sap, char *buf, | ||
69 | __attribute__((__malloc__)) | ||
70 | extern char * statd_canonical_name(const char *hostname); | ||
71 | |||
72 | -extern void my_svc_run(void); | ||
73 | +extern void my_svc_run(int); | ||
74 | extern void notify_hosts(void); | ||
75 | extern void shuffle_dirs(void); | ||
76 | extern int statd_get_socket(void); | ||
77 | diff --git a/utils/statd/svc_run.c b/utils/statd/svc_run.c | ||
78 | index d98ecee..28c1ad6 100644 | ||
79 | --- a/utils/statd/svc_run.c | ||
80 | +++ b/utils/statd/svc_run.c | ||
81 | @@ -78,7 +78,7 @@ my_svc_exit(void) | ||
82 | * The heart of the server. A crib from libc for the most part... | ||
83 | */ | ||
84 | void | ||
85 | -my_svc_run(void) | ||
86 | +my_svc_run(int sockfd) | ||
87 | { | ||
88 | FD_SET_TYPE readfds; | ||
89 | int selret; | ||
90 | @@ -96,6 +96,8 @@ my_svc_run(void) | ||
91 | } | ||
92 | |||
93 | readfds = SVC_FDSET; | ||
94 | + /* Set notify sockfd for waiting for reply */ | ||
95 | + FD_SET(sockfd, &readfds); | ||
96 | if (notify) { | ||
97 | struct timeval tv; | ||
98 | |||
99 | @@ -125,8 +127,10 @@ my_svc_run(void) | ||
100 | |||
101 | default: | ||
102 | selret -= process_reply(&readfds); | ||
103 | - if (selret) | ||
104 | + if (selret) { | ||
105 | + FD_CLR(sockfd, &readfds); | ||
106 | svc_getreqset(&readfds); | ||
107 | + } | ||
108 | } | ||
109 | } | ||
110 | } | ||
111 | -- | ||
112 | 1.9.1 | ||
113 | |||
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils_1.3.1.bb b/meta/recipes-connectivity/nfs-utils/nfs-utils_1.3.1.bb index 42101de795..317ee85062 100644 --- a/meta/recipes-connectivity/nfs-utils/nfs-utils_1.3.1.bb +++ b/meta/recipes-connectivity/nfs-utils/nfs-utils_1.3.1.bb | |||
@@ -31,6 +31,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.x | |||
31 | file://proc-fs-nfsd.mount \ | 31 | file://proc-fs-nfsd.mount \ |
32 | file://nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch \ | 32 | file://nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch \ |
33 | file://nfs-utils-debianize-start-statd.patch \ | 33 | file://nfs-utils-debianize-start-statd.patch \ |
34 | file://0001-nfs-utils-statd-fix-a-segfault-caused-by-improper-us.patch \ | ||
34 | " | 35 | " |
35 | 36 | ||
36 | SRC_URI[md5sum] = "8de676b9ff34b8f9addc1d0800fabdf8" | 37 | SRC_URI[md5sum] = "8de676b9ff34b8f9addc1d0800fabdf8" |