mirror of
https://git.yoctoproject.org/poky
synced 2026-05-08 05:09:24 +00:00
nfs-utils/statd: fix a segfault
Fix the segfault by separating the socket used in statd from the sockets of RPC core. (From OE-Core rev: 1f2ef653f5fb0b46daa17e08485468cc235cfbcc) Signed-off-by: Shan Hai <shan.hai@windriver.com> Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Chen Qi
Richard Purdie
+113
@@ -0,0 +1,113 @@
|
||||
Upstream-Status: Pending
|
||||
|
||||
Subject: nfs-utils/statd: fix a segfault caused by improper usage of RPC interface
|
||||
|
||||
There is a hack which uses the bottom-level RPC improperly as below
|
||||
in the current statd implementation:
|
||||
insert a socket in the svc_fdset without a corresponding transport handle
|
||||
and passes the socket to the svc_getreqset subroutine, this usage causes
|
||||
a segfault of statd on a huge amount of sm-notifications.
|
||||
|
||||
Fix the issue by separating the non-RPC-server sock from RPC dispatcher.
|
||||
|
||||
Signed-off-by: Shan Hai <shan.hai@windriver.com>
|
||||
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
|
||||
---
|
||||
utils/statd/rmtcall.c | 1 -
|
||||
utils/statd/statd.c | 5 +++--
|
||||
utils/statd/statd.h | 2 +-
|
||||
utils/statd/svc_run.c | 8 ++++++--
|
||||
4 files changed, 10 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/utils/statd/rmtcall.c b/utils/statd/rmtcall.c
|
||||
index fd576d9..cde091b 100644
|
||||
--- a/utils/statd/rmtcall.c
|
||||
+++ b/utils/statd/rmtcall.c
|
||||
@@ -104,7 +104,6 @@ statd_get_socket(void)
|
||||
if (sockfd < 0)
|
||||
return -1;
|
||||
|
||||
- FD_SET(sockfd, &SVC_FDSET);
|
||||
return sockfd;
|
||||
}
|
||||
|
||||
diff --git a/utils/statd/statd.c b/utils/statd/statd.c
|
||||
index 51a016e..e21a259 100644
|
||||
--- a/utils/statd/statd.c
|
||||
+++ b/utils/statd/statd.c
|
||||
@@ -247,6 +247,7 @@ int main (int argc, char **argv)
|
||||
int port = 0, out_port = 0;
|
||||
int nlm_udp = 0, nlm_tcp = 0;
|
||||
struct rlimit rlim;
|
||||
+ int notify_sockfd;
|
||||
|
||||
int pipefds[2] = { -1, -1};
|
||||
char status;
|
||||
@@ -473,7 +474,7 @@ int main (int argc, char **argv)
|
||||
}
|
||||
|
||||
/* Make sure we have a privilege port for calling into the kernel */
|
||||
- if (statd_get_socket() < 0)
|
||||
+ if ((notify_sockfd = statd_get_socket()) < 0)
|
||||
exit(1);
|
||||
|
||||
/* If sm-notify didn't take all the state files, load
|
||||
@@ -528,7 +529,7 @@ int main (int argc, char **argv)
|
||||
* Handle incoming requests: SM_NOTIFY socket requests, as
|
||||
* well as callbacks from lockd.
|
||||
*/
|
||||
- my_svc_run(); /* I rolled my own, Olaf made it better... */
|
||||
+ my_svc_run(notify_sockfd); /* I rolled my own, Olaf made it better... */
|
||||
|
||||
/* Only get here when simulating a crash so we should probably
|
||||
* start sm-notify running again. As we have already dropped
|
||||
diff --git a/utils/statd/statd.h b/utils/statd/statd.h
|
||||
index a1d8035..231ac7e 100644
|
||||
--- a/utils/statd/statd.h
|
||||
+++ b/utils/statd/statd.h
|
||||
@@ -28,7 +28,7 @@ extern _Bool statd_present_address(const struct sockaddr *sap, char *buf,
|
||||
__attribute__((__malloc__))
|
||||
extern char * statd_canonical_name(const char *hostname);
|
||||
|
||||
-extern void my_svc_run(void);
|
||||
+extern void my_svc_run(int);
|
||||
extern void notify_hosts(void);
|
||||
extern void shuffle_dirs(void);
|
||||
extern int statd_get_socket(void);
|
||||
diff --git a/utils/statd/svc_run.c b/utils/statd/svc_run.c
|
||||
index d98ecee..28c1ad6 100644
|
||||
--- a/utils/statd/svc_run.c
|
||||
+++ b/utils/statd/svc_run.c
|
||||
@@ -78,7 +78,7 @@ my_svc_exit(void)
|
||||
* The heart of the server. A crib from libc for the most part...
|
||||
*/
|
||||
void
|
||||
-my_svc_run(void)
|
||||
+my_svc_run(int sockfd)
|
||||
{
|
||||
FD_SET_TYPE readfds;
|
||||
int selret;
|
||||
@@ -96,6 +96,8 @@ my_svc_run(void)
|
||||
}
|
||||
|
||||
readfds = SVC_FDSET;
|
||||
+ /* Set notify sockfd for waiting for reply */
|
||||
+ FD_SET(sockfd, &readfds);
|
||||
if (notify) {
|
||||
struct timeval tv;
|
||||
|
||||
@@ -125,8 +127,10 @@ my_svc_run(void)
|
||||
|
||||
default:
|
||||
selret -= process_reply(&readfds);
|
||||
- if (selret)
|
||||
+ if (selret) {
|
||||
+ FD_CLR(sockfd, &readfds);
|
||||
svc_getreqset(&readfds);
|
||||
+ }
|
||||
}
|
||||
}
|
||||
}
|
||||
--
|
||||
1.9.1
|
||||
|
||||
@@ -31,6 +31,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.x
|
||||
file://proc-fs-nfsd.mount \
|
||||
file://nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch \
|
||||
file://nfs-utils-debianize-start-statd.patch \
|
||||
file://0001-nfs-utils-statd-fix-a-segfault-caused-by-improper-us.patch \
|
||||
"
|
||||
|
||||
SRC_URI[md5sum] = "8de676b9ff34b8f9addc1d0800fabdf8"
|
||||
|
||||
Reference in New Issue
Block a user