!824 [sync] PR-819: sync upstream patch

From: @openeuler-sync-bot Reviewed-by: @liqingqing_1229 Signed-off-by: @liqingqing_1229
2024-05-08 00:52:52 +00:00 · 2024-05-08 00:52:52 +00:00 · 1c3cc8e3e4
commit 1c3cc8e3e4
parent 7c6cd412b2 ad10043b98
3 changed files with 152 additions and 1 deletions
--- a/backport-Skip-unusable-entries-in-first-pass-in-prune_cache.patch
+++ b/backport-Skip-unusable-entries-in-first-pass-in-prune_cache.patch
@ -0,0 +1,93 @@
+From c00b984fcd53f679ca2dafcd1aee2c89836e6e73 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Tue, 29 Aug 2023 08:28:31 +0200
+Subject: [PATCH] nscd: Skip unusable entries in first pass in prune_cache (bug
+ 30800)
+
+Previously, if an entry was marked unusable for any reason, but had
+not timed out yet, the assert would trigger.
+
+One way to get into such state is if a data change is detected during
+re-validation of an entry.  This causes the entry to be marked as not
+usable.  If exits nscd soon after that, then the clock jumps
+backwards, and nscd restarted, the cache re-validation run after
+startup triggers the removed assert.
+
+The change is more complicated than just the removal of the assert
+because entries marked as not usable should be garbage-collected in
+the second pass.  To make this happen, it is necessary to update some
+book-keeping data.
+
+Reviewed-by: DJ Delorie <dj@redhat.com>
+
+Conflict:NA
+Reference:https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=c00b984fcd53f679ca2dafcd1aee2c89836e6e73
+
+---
+ nscd/cache.c | 25 +++++++++++--------------
+ 1 file changed, 11 insertions(+), 14 deletions(-)
+
+diff --git a/nscd/cache.c b/nscd/cache.c
+index 78b22697..ac5902ae 100644
+--- a/nscd/cache.c
+++ b/nscd/cache.c
+@@ -371,8 +371,11 @@ prune_cache (struct database_dyn *table, time_t now, int fd)
+ 		       serv2str[runp->type], str, dh->timeout);
+ 	    }
+ 
+-	  /* Check whether the entry timed out.  */
+-	  if (dh->timeout < now)
+	  /* Check whether the entry timed out.  Timed out entries
+	     will be revalidated.  For unusable records, it is still
+	     necessary to record that the bucket needs to be scanned
+	     again below.  */
+	  if (dh->timeout < now || !dh->usable)
+ 	    {
+ 	      /* This hash bucket could contain entries which need to
+ 		 be looked at.  */
+@@ -384,7 +387,7 @@ prune_cache (struct database_dyn *table, time_t now, int fd)
+ 	      /* We only have to look at the data of the first entries
+ 		 since the count information is kept in the data part
+ 		 which is shared.  */
+-	      if (runp->first)
+	      if (runp->first && dh->usable)
+ 		{
+ 
+ 		  /* At this point there are two choices: we reload the
+@@ -400,9 +403,6 @@ prune_cache (struct database_dyn *table, time_t now, int fd)
+ 		    {
+ 		      /* Remove the value.  */
+ 		      dh->usable = false;
+-
+-		      /* We definitely have some garbage entries now.  */
+-		      any = true;
+ 		    }
+ 		  else
+ 		    {
+@@ -414,18 +414,15 @@ prune_cache (struct database_dyn *table, time_t now, int fd)
+ 
+ 		      time_t timeout = readdfcts[runp->type] (table, runp, dh);
+ 		      next_timeout = MIN (next_timeout, timeout);
+-
+-		      /* If the entry has been replaced, we might need
+-			 cleanup.  */
+-		      any |= !dh->usable;
+ 		    }
+ 		}
+
+	      /* If the entry has been replaced, we might need cleanup.  */
+	      any |= !dh->usable;
+ 	    }
+ 	  else
+-	    {
+-	      assert (dh->usable);
+-	      next_timeout = MIN (next_timeout, dh->timeout);
+-	    }
+	    /* Entry has not timed out and is usable.  */
+	    next_timeout = MIN (next_timeout, dh->timeout);
+ 
+ 	  run = runp->next;
+ 	}
+-- 
+2.33.0
+
--- a/backport-Use-errval-not-errno-to-guide-cache-update.patch
+++ b/backport-Use-errval-not-errno-to-guide-cache-update.patch
@ -0,0 +1,49 @@
+From 2d472b48610f6a298d28035b683ab13e9afac4cb Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 24 Jul 2023 15:12:26 +0200
+Subject: [PATCH] nscd: Use errval, not errno to guide cache update (bug 30662)
+
+The errno variable is potentially clobbered by the preceding
+send call.  It is not related to the to-be-cached information.
+The parallel code in hstcache.c and servicescache.c already uses
+errval.
+
+Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
+
+Conflict:NA
+Reference:https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=2d472b48610f6a298d28035b683ab13e9afac4cb
+
+---
+ nscd/grpcache.c | 2 +-
+ nscd/pwdcache.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/nscd/grpcache.c b/nscd/grpcache.c
+index 457ca4d8..d18bcabe 100644
+--- a/nscd/grpcache.c
+++ b/nscd/grpcache.c
+@@ -117,7 +117,7 @@ cache_addgr (struct database_dyn *db, int fd, request_header *req,
+ 
+ 	  /* If we have a transient error or cannot permanently store
+ 	     the result, so be it.  */
+-	  if (errno == EAGAIN || __builtin_expect (db->negtimeout == 0, 0))
+	  if (errval == EAGAIN || __glibc_unlikely (db->negtimeout == 0))
+ 	    {
+ 	      /* Mark the old entry as obsolete.  */
+ 	      if (dh != NULL)
+diff --git a/nscd/pwdcache.c b/nscd/pwdcache.c
+index dfafb526..409c5acd 100644
+--- a/nscd/pwdcache.c
+++ b/nscd/pwdcache.c
+@@ -123,7 +123,7 @@ cache_addpw (struct database_dyn *db, int fd, request_header *req,
+ 
+ 	  /* If we have a transient error or cannot permanently store
+ 	     the result, so be it.  */
+-	  if (errno == EAGAIN || __builtin_expect (db->negtimeout == 0, 0))
+	  if (errval == EAGAIN || __glibc_unlikely (db->negtimeout == 0))
+ 	    {
+ 	      /* Mark the old entry as obsolete.  */
+ 	      if (dh != NULL)
+-- 
+2.33.0
+
--- a/glibc.spec
+++ b/glibc.spec
@ -66,7 +66,7 @@
 ##############################################################################
 Name: 	 	glibc
 Version: 	2.34
-Release: 	148
+Release: 	149
 Summary: 	The GNU libc libraries
 License:	%{all_license}
 URL: 		http://www.gnu.org/software/glibc/
@ -290,6 +290,8 @@ Patch203: backport-CVE-2024-33599-nscd-Stack-based-buffer-overflow-in-netgroup-c
 Patch204: backport-CVE-2024-33600-nscd-Do-not-send-missing-not-found-response.patch
 Patch205: backport-CVE-2024-33600-nscd-Avoid-null-pointer-crash-after-not-found-response.patch
 Patch206: backport-CVE-2024-33601-CVE-2024-33602-nscd-Use-two-buffer-in-addgetnetgrentX.patch
+Patch207: backport-Use-errval-not-errno-to-guide-cache-update.patch
+Patch208: backport-Skip-unusable-entries-in-first-pass-in-prune_cache.patch

 Patch9000: turn-default-value-of-x86_rep_stosb_threshold_form_2K_to_1M.patch
 Patch9001: delete-no-hard-link-to-avoid-all_language-package-to.patch 
@ -1505,6 +1507,13 @@ fi
 %endif

 %changelog
+* Mon May 06 2024 chengyechun <chengyechun1@huaiwe.com> - 2.34-149
+- Type:bugfix
+- ID:
+- SUG:NA
+- DESC:nscd: Use errval, not errno to guide cache update
+       nsce :Skip unusable entries in first pass in prune_cache
+
 * Mon Apr 29 2024 chengyechun <chengyechun1@huawei.com> - 2.34-148
 - Type:CVE
 - ID:CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602