packages/lxcfs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

lxcfs:sync with latest branch - master

Browse Source 
0019-fix-dev-read-memory-leak-in-container.patch
0020-enable-cfs-option-to-show-correct-proc-cpuinfo-view.patch
0021-fix-pidfd_open-pidfd_send_signal-function-compilatio.patch
0022-cpuview-fix-possible-use-after-free-in-find_proc_sta.patch
0023-proc-fix-proc-diskstats-output-format.patch

Signed-off-by: yangjiaqi <yangjiaqi16@huawei.com>
(cherry picked from commit 6f7fa5fe1329e1a4cec21696c565e251d96a2178)
This commit is contained in:
yangjiaqi 2023-05-24 10:10:42 +08:00 committed by openeuler-sync-bot
parent fab986255e
commit 0ec657ffe7
7 changed files with 350 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
0019-fix-dev-read-memory-leak-in-container.patch Normal file
View File

@ -0,0 +1,59 @@
From d67982ddf6d742b92799d1fb2e4c89e8ff87d95b Mon Sep 17 00:00:00 2001
From: zhangsong234 <zhangsong34@huawei.com>
Date: Wed, 11 May 2022 15:55:47 +0800
Subject: [PATCH] fix dev read memory leak in container
Signed-off-by: zhangsong234 <zhangsong34@huawei.com>
---
src/proc_fuse.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/proc_fuse.c b/src/proc_fuse.c
index 0f66c40..6051e9a 100644
--- a/src/proc_fuse.c
+++ b/src/proc_fuse.c
@@ -497,7 +497,7 @@ struct devinfo* container_dev_read(pid_t pid) {
struct dirent *ptr;
struct stat dev_stat;
struct devinfo *head = NULL, *end;
- char fpath[100], dev_name[100];
+ char fpath[100], dev_name[101];
pid_t child_pid;
int mypipe[2];
int dev_num;
@@ -558,7 +558,7 @@ struct devinfo* container_dev_read(pid_t pid) {
}
closedir(dir);
stat("/", &dev_stat);
- dev_num = dev_stat.st_dev & (~0xf);
+ dev_num = dev_stat.st_dev;
fprintf(stream, "sda %d end 0 ", dev_num);
fflush(stream);
child_out:
@@ -574,6 +574,7 @@ child_out:
}
wait_for_pid(child_pid);
child_pid = 0;
+ memset(dev_name, 0, sizeof(dev_name));
while (fscanf(stream, "%100s%d", dev_name, &dev_num) == 2) {
if (dev_num == 0) {
break;
@@ -593,6 +594,7 @@ child_out:
end->name = must_copy_string(dev_name);
end->major = major(dev_num);
end->minor = minor(dev_num);
+ memset(dev_name, 0, sizeof(dev_name));
}
err:
if (stream)
@@ -883,6 +885,7 @@ static int proc_diskstats_read(char *buf, size_t size, off_t offset,
if (total_len > size)
total_len = size;
memcpy(buf, d->buf, total_len);
+ free_devinfo_list(container_devinfo);
return total_len;
}
--
1.8.3.1

41
0019-fix-dev_name-stack-overflow.patch
View File

@ -1,41 +0,0 @@
From 89b2479830756188cfe81cbe34fbb83a33e67dfd Mon Sep 17 00:00:00 2001
From: yangjiaqi <yangjiaqi16@huawei.com>
Date: Wed, 2 Mar 2022 14:20:40 +0800
Subject: [PATCH] fix dev_name stack overflow
---
src/proc_fuse.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/proc_fuse.c b/src/proc_fuse.c
index 0f66c40..a1c0265 100644
--- a/src/proc_fuse.c
+++ b/src/proc_fuse.c
@@ -497,7 +497,7 @@ struct devinfo* container_dev_read(pid_t pid) {
struct dirent *ptr;
struct stat dev_stat;
struct devinfo *head = NULL, *end;
- char fpath[100], dev_name[100];
+ char fpath[100], dev_name[101];
pid_t child_pid;
int mypipe[2];
int dev_num;
@@ -574,6 +574,7 @@ child_out:
}
wait_for_pid(child_pid);
child_pid = 0;
+ memset(dev_name, 0, sizeof(dev_name));
while (fscanf(stream, "%100s%d", dev_name, &dev_num) == 2) {
if (dev_num == 0) {
break;
@@ -593,6 +594,7 @@ child_out:
end->name = must_copy_string(dev_name);
end->major = major(dev_num);
end->minor = minor(dev_num);
+ memset(dev_name, 0, sizeof(dev_name));
}
err:
if (stream)
--
2.32.0 (Apple Git-132)

25
0020-enable-cfs-option-to-show-correct-proc-cpuinfo-view.patch Normal file
View File

@ -0,0 +1,25 @@
From ed5823bf5b0d8bd425417d9b3590ece248fe1655 Mon Sep 17 00:00:00 2001
From: yangjiaqi <yangjiaqi16@huawei.com>
Date: Sat, 26 Nov 2022 11:48:14 +0800
Subject: [PATCH] enable cfs option to show correct proc cpuinfo view
---
config/init/systemd/lxcfs.service.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/config/init/systemd/lxcfs.service.in b/config/init/systemd/lxcfs.service.in
index bdaa2fa..3ee006b 100644
--- a/config/init/systemd/lxcfs.service.in
+++ b/config/init/systemd/lxcfs.service.in
@@ -6,7 +6,7 @@ Documentation=man:lxcfs(1)
[Service]
ExecStartPre=-/usr/local/bin/lxcfs-tools prestart
-ExecStart=/usr/bin/lxcfs /var/lib/lxc/lxcfs/
+ExecStart=/usr/bin/lxcfs --enable-cfs /var/lib/lxc/lxcfs/
ExecStartPost=-/usr/local/bin/lxcfs-tools remount -a
KillMode=process
ExecStop=-/usr/local/bin/lxcfs-tools umount -a
--
2.30.0

37
0021-fix-pidfd_open-pidfd_send_signal-function-compilatio.patch Normal file
View File

@ -0,0 +1,37 @@
From e3ca16cd280bea10a63e959623fd6625f7b868ce Mon Sep 17 00:00:00 2001
From: yangjiaqi <yangjiaqi16@huawei.com>
Date: Thu, 24 Nov 2022 15:53:53 +0800
Subject: [PATCH] fix pidfd_open&pidfd_send_signal function compilation bug in
glibc2.36+
---
src/utils.h | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/utils.h b/src/utils.h
index 18d85a7..ab2da0f 100644
--- a/src/utils.h
+++ b/src/utils.h
@@ -46,6 +46,9 @@ static inline int pidfd_open(pid_t pid, unsigned int flags)
{
return syscall(__NR_pidfd_open, pid, flags);
}
+#else
+#include <sys/pidfd.h>
+extern int pidfd_open(pid_t pid, unsigned int flags);
#endif
#if !HAVE_PIDFD_SEND_SIGNAL
@@ -54,6 +57,9 @@ static inline int pidfd_send_signal(int pidfd, int sig, siginfo_t *info,
{
return syscall(__NR_pidfd_send_signal, pidfd, sig, info, flags);
}
+#else
+#include <sys/pidfd.h>
+extern int pidfd_send_signal(int pidfd, int sig, siginfo_t *info,unsigned int flags);
#endif
extern FILE *fopen_cached(const char *path, const char *mode,
--
2.30.0

109
0022-cpuview-fix-possible-use-after-free-in-find_proc_sta.patch Normal file
View File

@ -0,0 +1,109 @@
From 765d4c48aeaad779008f82ff6643d9cdbe917bd1 Mon Sep 17 00:00:00 2001
From: yangjiaqi <yangjiaqi16@huawei.com>
Date: Wed, 22 Mar 2023 09:31:04 +0800
Subject: [PATCH] cpuview: fix possible use-after-free in find_proc_stat_node
Signed-off-by: yangjiaqi <yangjiaqi16@huawei.com>
---
src/proc_cpuview.c | 36 ++++++++++++++++++++++++++++++++----
1 file changed, 32 insertions(+), 4 deletions(-)
diff --git a/src/proc_cpuview.c b/src/proc_cpuview.c
index 75006a6..207a6df 100644
--- a/src/proc_cpuview.c
+++ b/src/proc_cpuview.c
@@ -171,6 +171,7 @@ static struct cg_proc_stat *add_proc_stat_node(struct cg_proc_stat *new_node)
}
out_rwlock_unlock:
+ pthread_mutex_lock(&rv->lock);
pthread_rwlock_unlock(&head->lock);
return move_ptr(rv);
}
@@ -224,6 +225,7 @@ static bool cgroup_supports(const char *controller, const char *cgroup,
return faccessat(cfd, path, F_OK, 0) == 0;
}
+/* should be called with wr-locked list */
static struct cg_proc_stat *prune_proc_stat_list(struct cg_proc_stat *node)
{
struct cg_proc_stat *first = NULL;
@@ -232,6 +234,31 @@ static struct cg_proc_stat *prune_proc_stat_list(struct cg_proc_stat *node)
if (!cgroup_supports("cpu", node->cg, "cpu.shares")) {
struct cg_proc_stat *cur = node;
+ /*
+ * We need to ensure that no one referenced this node,
+ * because we are going to remove it from the list and free memory.
+ *
+ * If we can't grab the lock then just keep this node for now.
+ */
+ if (pthread_mutex_trylock(&cur->lock))
+ goto next;
+
+ /*
+ * Yes, we can put lock back just after taking it, as we ensured
+ * that we are only one user of it right now.
+ *
+ * It follows from three facts:
+ * - we are under pthread_rwlock_wrlock(hash_table_bucket)
+ * - pthread_mutex_lock is taken by find_proc_stat_node()
+ * with pthread_rwlock_rdlock(hash_table_bucket) held.
+ * - pthread_mutex_lock is taken by add_proc_stat_node()
+ * with pthread_rwlock_wrlock(hash_table_bucket) held.
+ *
+ * It means that nobody can get a pointer to (cur) node in a parallel
+ * thread and all old users of (cur) node have released pthread_mutex_lock(cur).
+ */
+ pthread_mutex_unlock(&cur->lock);
+
if (prev)
prev->next = node->next;
else
@@ -242,6 +269,7 @@ static struct cg_proc_stat *prune_proc_stat_list(struct cg_proc_stat *node)
free_proc_stat_node(cur);
} else {
+next:
if (!first)
first = node;
prev = node;
@@ -279,6 +307,7 @@ static struct cg_proc_stat *find_proc_stat_node(struct cg_proc_stat_head *head,
{
struct cg_proc_stat *node;
+ prune_proc_stat_history();
pthread_rwlock_rdlock(&head->lock);
if (!head->next) {
@@ -289,15 +318,16 @@ static struct cg_proc_stat *find_proc_stat_node(struct cg_proc_stat_head *head,
node = head->next;
do {
- if (strcmp(cg, node->cg) == 0)
+ if (strcmp(cg, node->cg) == 0) {
+ pthread_mutex_lock(&node->lock);
goto out;
+ }
} while ((node = node->next));
node = NULL;
out:
pthread_rwlock_unlock(&head->lock);
- prune_proc_stat_history();
return node;
}
@@ -318,8 +348,6 @@ static struct cg_proc_stat *find_or_create_proc_stat_node(struct cpuacct_usage *
lxcfs_debug("New stat node (%d) for %s\n", cpu_count, cg);
}
- pthread_mutex_lock(&node->lock);
-
/*
* If additional CPUs on the host have been enabled, CPU usage counter
* arrays have to be expanded.
--
2.30.0

91
0023-proc-fix-proc-diskstats-output-format.patch Normal file
View File

@ -0,0 +1,91 @@
From d928f8d073f87fdacaf9e93b616f5b84695036e3 Mon Sep 17 00:00:00 2001
From: yangjiaqi <yangjiaqi16@huawei.com>
Date: Wed, 22 Mar 2023 15:31:34 +0800
Subject: [PATCH] proc: fix /proc/diskstats output format
---
src/proc_fuse.c | 24 +++++++++++++++++++-----
1 file changed, 19 insertions(+), 5 deletions(-)
diff --git a/src/proc_fuse.c b/src/proc_fuse.c
index fe81cad..ce22974 100644
--- a/src/proc_fuse.c
+++ b/src/proc_fuse.c
@@ -784,10 +784,10 @@ static int proc_diskstats_read(char *buf, size_t size, off_t offset,
memset(lbuf, 0, 256);
if (stats.read || stats.write || stats.read_merged || stats.write_merged ||
stats.read_sectors || stats.write_sectors || stats.read_ticks ||
- stats.write_ticks || stats.ios_pgr || stats.total_ticks || stats.rq_ticks ||
+ stats.write_ticks || stats.ios_pgr || stats.total_ticks || stats.rq_ticks || stats.discard ||
stats.discard_merged || stats.discard_sectors || stats.discard_ticks) {
if (need_record_diskstats(stats.major, stats.minor)) {
- sscanf(line, "%u %u %71s %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu\n",
+ sscanf(line, "%u %u %71s %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu\n",
&stats.major,
&stats.minor,
tmp_dev_name,
@@ -802,11 +802,12 @@ static int proc_diskstats_read(char *buf, size_t size, off_t offset,
&stats.ios_pgr,
&stats.total_ticks,
&stats.rq_ticks,
+ &stats.discard,
&stats.discard_merged,
&stats.discard_sectors,
&stats.discard_ticks);
}
- snprintf(lbuf, 256, "%u %u %s %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu\n",
+ ret = snprintf(lbuf, 256, "%u %u %s %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu\n",
stats.major,
stats.minor,
stats.dev_name,
@@ -821,11 +822,17 @@ static int proc_diskstats_read(char *buf, size_t size, off_t offset,
stats.ios_pgr,
stats.total_ticks,
stats.rq_ticks,
+ stats.discard,
stats.discard_merged,
stats.discard_sectors,
stats.discard_ticks);
+ if(ret >= 256) {
+ lxcfs_error("Insufficient buffer for %u:%u %s diskstats",
+ stats.major, stats.minor, stats.dev_name);
+ continue;
+ }
} else if (need_record_diskstats(stats.major, stats.minor)) {
- sscanf(line, "%u %u %71s %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu\n",
+ sscanf(line, "%u %u %71s %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu\n",
&stats.major,
&stats.minor,
tmp_dev_name,
@@ -840,10 +847,11 @@ static int proc_diskstats_read(char *buf, size_t size, off_t offset,
&stats.ios_pgr,
&stats.total_ticks,
&stats.rq_ticks,
+ &stats.discard,
&stats.discard_merged,
&stats.discard_sectors,
&stats.discard_ticks);
- snprintf(lbuf, 256, "%u %u %s %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu\n",
+ ret = snprintf(lbuf, 256, "%u %u %s %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu\n",
stats.major,
stats.minor,
stats.dev_name,
@@ -858,9 +866,15 @@ static int proc_diskstats_read(char *buf, size_t size, off_t offset,
stats.ios_pgr,
stats.total_ticks,
stats.rq_ticks,
+ stats.discard,
stats.discard_merged,
stats.discard_sectors,
stats.discard_ticks);
+ if(ret >= 256) {
+ lxcfs_error("Insufficient buffer for %u:%u %s diskstats",
+ stats.major, stats.minor, stats.dev_name);
+ continue;
+ }
} else {
continue;
}
--
2.30.0

33
lxcfs.spec
View File

@ -4,7 +4,7 @@
#Basic Information
Name: lxcfs
Version: 4.0.11
Release: 3
Release: 8
Summary: FUSE filesystem for LXC
License: LGPL 2.1+
URL: http://linuxcontainers.org
@ -28,7 +28,11 @@ Patch9015: 0015-lxcfs-adapt-4.18-kernel.patch
Patch9016: 0016-remove-lxcfs-tools-dependency-for-common-use.patch
Patch9017: 0017-proc_fuse-fix-wait-child-process-hang.patch
Patch9018: 0018-fix-deadlock-problem-when-subprocess-exit.patch
Patch9019: 0019-fix-dev_name-stack-overflow.patch
Patch9019: 0019-fix-dev-read-memory-leak-in-container.patch
Patch9020: 0020-enable-cfs-option-to-show-correct-proc-cpuinfo-view.patch
Patch9021: 0021-fix-pidfd_open-pidfd_send_signal-function-compilatio.patch
Patch9022: 0022-cpuview-fix-possible-use-after-free-in-find_proc_sta.patch
Patch9023: 0023-proc-fix-proc-diskstats-output-format.patch
#Dependency
BuildRequires: autoconf automake libtool help2man
@ -90,8 +94,29 @@ fi
%{_unitdir}/*
%changelog
* Wed Mar 02 2022 yangjiaqi <yangjiaqi16@huawei.com> - 4.0.11-3
- fix dev_name stack overflow when using fscanf
* Wed Mar 22 2023 yangjiaqi <yangjiaqi16@huawei.com> - 4.0.11-8
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:fix /proc/diskstats output format
* Wed Mar 22 2023 yangjiaqi <yangjiaqi16@huawei.com> - 4.0.11-7
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:fix possible use-after-free in find_proc_stat_node
* Mon Dec 12 2022 yangjiaqi <yangjiaqi16@huawei.com> - 4.0.11-6
- add yaml
* Thu Nov 24 2022 yangjiaqi <yangjiaqi16@huawei.com> - 4.0.11-5
- fix pidfd_open&pidfd_send_signal function compilation bug in glibc2.36+
* Mon Jul 04 2022 yangjiaqi <yangjiaqi16@huawei.com> - 4.0.11-4
- enable cfs option to show correct proc cpuinfo view
* Wed May 11 2022 zhangsong234 <zhangsong34@huawei.com> - 4.0.11-3
- fix dev read memory leak in container
* Fri Dec 17 2021 yangjiaqi <yangjiaqi16@huawei.com> - 4.0.11-2
- fix deadlock caused by subprocess calling lxcfs_exit