summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChen Qi <Qi.Chen@windriver.com>2015-10-28 10:30:09 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2015-11-16 11:39:30 +0000
commit42a5378647bc43c966594b766270059ce32637eb (patch)
tree02b275d1b71fc1c97266bdc8a063098204304689
parent77e324609231974f18ddbb58988e96c72aa0f119 (diff)
downloadpoky-42a5378647bc43c966594b766270059ce32637eb.tar.gz
nfs-utils/statd: fix a segfault
Fix the segfault by separating the socket used in statd from the sockets of RPC core. (From OE-Core rev: 1f2ef653f5fb0b46daa17e08485468cc235cfbcc) Signed-off-by: Shan Hai <shan.hai@windriver.com> Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-connectivity/nfs-utils/nfs-utils/0001-nfs-utils-statd-fix-a-segfault-caused-by-improper-us.patch113
-rw-r--r--meta/recipes-connectivity/nfs-utils/nfs-utils_1.3.1.bb1
2 files changed, 114 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-nfs-utils-statd-fix-a-segfault-caused-by-improper-us.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-nfs-utils-statd-fix-a-segfault-caused-by-improper-us.patch
new file mode 100644
index 0000000000..de0b045c8c
--- /dev/null
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-nfs-utils-statd-fix-a-segfault-caused-by-improper-us.patch
@@ -0,0 +1,113 @@
1Upstream-Status: Pending
2
3Subject: nfs-utils/statd: fix a segfault caused by improper usage of RPC interface
4
5There is a hack which uses the bottom-level RPC improperly as below
6in the current statd implementation:
7insert a socket in the svc_fdset without a corresponding transport handle
8and passes the socket to the svc_getreqset subroutine, this usage causes
9a segfault of statd on a huge amount of sm-notifications.
10
11Fix the issue by separating the non-RPC-server sock from RPC dispatcher.
12
13Signed-off-by: Shan Hai <shan.hai@windriver.com>
14Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
15---
16 utils/statd/rmtcall.c | 1 -
17 utils/statd/statd.c | 5 +++--
18 utils/statd/statd.h | 2 +-
19 utils/statd/svc_run.c | 8 ++++++--
20 4 files changed, 10 insertions(+), 6 deletions(-)
21
22diff --git a/utils/statd/rmtcall.c b/utils/statd/rmtcall.c
23index fd576d9..cde091b 100644
24--- a/utils/statd/rmtcall.c
25+++ b/utils/statd/rmtcall.c
26@@ -104,7 +104,6 @@ statd_get_socket(void)
27 if (sockfd < 0)
28 return -1;
29
30- FD_SET(sockfd, &SVC_FDSET);
31 return sockfd;
32 }
33
34diff --git a/utils/statd/statd.c b/utils/statd/statd.c
35index 51a016e..e21a259 100644
36--- a/utils/statd/statd.c
37+++ b/utils/statd/statd.c
38@@ -247,6 +247,7 @@ int main (int argc, char **argv)
39 int port = 0, out_port = 0;
40 int nlm_udp = 0, nlm_tcp = 0;
41 struct rlimit rlim;
42+ int notify_sockfd;
43
44 int pipefds[2] = { -1, -1};
45 char status;
46@@ -473,7 +474,7 @@ int main (int argc, char **argv)
47 }
48
49 /* Make sure we have a privilege port for calling into the kernel */
50- if (statd_get_socket() < 0)
51+ if ((notify_sockfd = statd_get_socket()) < 0)
52 exit(1);
53
54 /* If sm-notify didn't take all the state files, load
55@@ -528,7 +529,7 @@ int main (int argc, char **argv)
56 * Handle incoming requests: SM_NOTIFY socket requests, as
57 * well as callbacks from lockd.
58 */
59- my_svc_run(); /* I rolled my own, Olaf made it better... */
60+ my_svc_run(notify_sockfd); /* I rolled my own, Olaf made it better... */
61
62 /* Only get here when simulating a crash so we should probably
63 * start sm-notify running again. As we have already dropped
64diff --git a/utils/statd/statd.h b/utils/statd/statd.h
65index a1d8035..231ac7e 100644
66--- a/utils/statd/statd.h
67+++ b/utils/statd/statd.h
68@@ -28,7 +28,7 @@ extern _Bool statd_present_address(const struct sockaddr *sap, char *buf,
69 __attribute__((__malloc__))
70 extern char * statd_canonical_name(const char *hostname);
71
72-extern void my_svc_run(void);
73+extern void my_svc_run(int);
74 extern void notify_hosts(void);
75 extern void shuffle_dirs(void);
76 extern int statd_get_socket(void);
77diff --git a/utils/statd/svc_run.c b/utils/statd/svc_run.c
78index d98ecee..28c1ad6 100644
79--- a/utils/statd/svc_run.c
80+++ b/utils/statd/svc_run.c
81@@ -78,7 +78,7 @@ my_svc_exit(void)
82 * The heart of the server. A crib from libc for the most part...
83 */
84 void
85-my_svc_run(void)
86+my_svc_run(int sockfd)
87 {
88 FD_SET_TYPE readfds;
89 int selret;
90@@ -96,6 +96,8 @@ my_svc_run(void)
91 }
92
93 readfds = SVC_FDSET;
94+ /* Set notify sockfd for waiting for reply */
95+ FD_SET(sockfd, &readfds);
96 if (notify) {
97 struct timeval tv;
98
99@@ -125,8 +127,10 @@ my_svc_run(void)
100
101 default:
102 selret -= process_reply(&readfds);
103- if (selret)
104+ if (selret) {
105+ FD_CLR(sockfd, &readfds);
106 svc_getreqset(&readfds);
107+ }
108 }
109 }
110 }
111--
1121.9.1
113
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils_1.3.1.bb b/meta/recipes-connectivity/nfs-utils/nfs-utils_1.3.1.bb
index 42101de795..317ee85062 100644
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils_1.3.1.bb
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils_1.3.1.bb
@@ -31,6 +31,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.x
31 file://proc-fs-nfsd.mount \ 31 file://proc-fs-nfsd.mount \
32 file://nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch \ 32 file://nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch \
33 file://nfs-utils-debianize-start-statd.patch \ 33 file://nfs-utils-debianize-start-statd.patch \
34 file://0001-nfs-utils-statd-fix-a-segfault-caused-by-improper-us.patch \
34" 35"
35 36
36SRC_URI[md5sum] = "8de676b9ff34b8f9addc1d0800fabdf8" 37SRC_URI[md5sum] = "8de676b9ff34b8f9addc1d0800fabdf8"