From 1f2ef653f5fb0b46daa17e08485468cc235cfbcc Mon Sep 17 00:00:00 2001 From: Chen Qi Date: Wed, 28 Oct 2015 10:30:09 +0800 Subject: nfs-utils/statd: fix a segfault Fix the segfault by separating the socket used in statd from the sockets of RPC core. Signed-off-by: Shan Hai Signed-off-by: Chen Qi Signed-off-by: Ross Burton --- ...tatd-fix-a-segfault-caused-by-improper-us.patch | 113 +++++++++++++++++++++ .../nfs-utils/nfs-utils_1.3.1.bb | 1 + 2 files changed, 114 insertions(+) create mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/0001-nfs-utils-statd-fix-a-segfault-caused-by-improper-us.patch (limited to 'meta/recipes-connectivity') diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-nfs-utils-statd-fix-a-segfault-caused-by-improper-us.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-nfs-utils-statd-fix-a-segfault-caused-by-improper-us.patch new file mode 100644 index 0000000000..de0b045c8c --- /dev/null +++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-nfs-utils-statd-fix-a-segfault-caused-by-improper-us.patch @@ -0,0 +1,113 @@ +Upstream-Status: Pending + +Subject: nfs-utils/statd: fix a segfault caused by improper usage of RPC interface + +There is a hack which uses the bottom-level RPC improperly as below +in the current statd implementation: +insert a socket in the svc_fdset without a corresponding transport handle +and passes the socket to the svc_getreqset subroutine, this usage causes +a segfault of statd on a huge amount of sm-notifications. + +Fix the issue by separating the non-RPC-server sock from RPC dispatcher. + +Signed-off-by: Shan Hai +Signed-off-by: Chen Qi +--- + utils/statd/rmtcall.c | 1 - + utils/statd/statd.c | 5 +++-- + utils/statd/statd.h | 2 +- + utils/statd/svc_run.c | 8 ++++++-- + 4 files changed, 10 insertions(+), 6 deletions(-) + +diff --git a/utils/statd/rmtcall.c b/utils/statd/rmtcall.c +index fd576d9..cde091b 100644 +--- a/utils/statd/rmtcall.c ++++ b/utils/statd/rmtcall.c +@@ -104,7 +104,6 @@ statd_get_socket(void) + if (sockfd < 0) + return -1; + +- FD_SET(sockfd, &SVC_FDSET); + return sockfd; + } + +diff --git a/utils/statd/statd.c b/utils/statd/statd.c +index 51a016e..e21a259 100644 +--- a/utils/statd/statd.c ++++ b/utils/statd/statd.c +@@ -247,6 +247,7 @@ int main (int argc, char **argv) + int port = 0, out_port = 0; + int nlm_udp = 0, nlm_tcp = 0; + struct rlimit rlim; ++ int notify_sockfd; + + int pipefds[2] = { -1, -1}; + char status; +@@ -473,7 +474,7 @@ int main (int argc, char **argv) + } + + /* Make sure we have a privilege port for calling into the kernel */ +- if (statd_get_socket() < 0) ++ if ((notify_sockfd = statd_get_socket()) < 0) + exit(1); + + /* If sm-notify didn't take all the state files, load +@@ -528,7 +529,7 @@ int main (int argc, char **argv) + * Handle incoming requests: SM_NOTIFY socket requests, as + * well as callbacks from lockd. + */ +- my_svc_run(); /* I rolled my own, Olaf made it better... */ ++ my_svc_run(notify_sockfd); /* I rolled my own, Olaf made it better... */ + + /* Only get here when simulating a crash so we should probably + * start sm-notify running again. As we have already dropped +diff --git a/utils/statd/statd.h b/utils/statd/statd.h +index a1d8035..231ac7e 100644 +--- a/utils/statd/statd.h ++++ b/utils/statd/statd.h +@@ -28,7 +28,7 @@ extern _Bool statd_present_address(const struct sockaddr *sap, char *buf, + __attribute__((__malloc__)) + extern char * statd_canonical_name(const char *hostname); + +-extern void my_svc_run(void); ++extern void my_svc_run(int); + extern void notify_hosts(void); + extern void shuffle_dirs(void); + extern int statd_get_socket(void); +diff --git a/utils/statd/svc_run.c b/utils/statd/svc_run.c +index d98ecee..28c1ad6 100644 +--- a/utils/statd/svc_run.c ++++ b/utils/statd/svc_run.c +@@ -78,7 +78,7 @@ my_svc_exit(void) + * The heart of the server. A crib from libc for the most part... + */ + void +-my_svc_run(void) ++my_svc_run(int sockfd) + { + FD_SET_TYPE readfds; + int selret; +@@ -96,6 +96,8 @@ my_svc_run(void) + } + + readfds = SVC_FDSET; ++ /* Set notify sockfd for waiting for reply */ ++ FD_SET(sockfd, &readfds); + if (notify) { + struct timeval tv; + +@@ -125,8 +127,10 @@ my_svc_run(void) + + default: + selret -= process_reply(&readfds); +- if (selret) ++ if (selret) { ++ FD_CLR(sockfd, &readfds); + svc_getreqset(&readfds); ++ } + } + } + } +-- +1.9.1 + diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils_1.3.1.bb b/meta/recipes-connectivity/nfs-utils/nfs-utils_1.3.1.bb index 42101de795..317ee85062 100644 --- a/meta/recipes-connectivity/nfs-utils/nfs-utils_1.3.1.bb +++ b/meta/recipes-connectivity/nfs-utils/nfs-utils_1.3.1.bb @@ -31,6 +31,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.x file://proc-fs-nfsd.mount \ file://nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch \ file://nfs-utils-debianize-start-statd.patch \ + file://0001-nfs-utils-statd-fix-a-segfault-caused-by-improper-us.patch \ " SRC_URI[md5sum] = "8de676b9ff34b8f9addc1d0800fabdf8" -- cgit v1.2.3