diff --git a/backport-BUG-MINOR-debug-enter-ha_panic-only-once.patch b/backport-BUG-MINOR-debug-enter-ha_panic-only-once.patch new file mode 100644 index 0000000000000000000000000000000000000000..fe831358f9cb61a97ab9337e7f4a870b9d380d5c --- /dev/null +++ b/backport-BUG-MINOR-debug-enter-ha_panic-only-once.patch @@ -0,0 +1,65 @@ +From 853a6e20057d54dc0c23bb851a9b7ac15ca33a49 Mon Sep 17 00:00:00 2001 +From: Willy Tarreau +Date: Fri, 15 Jul 2022 12:48:58 +0200 +Subject: [PATCH] BUG/MINOR: debug: enter ha_panic() only once + +Some panic dumps are mangled or truncated due to the watchdog firing at +the same time on multiple threads and calling ha_panic() simultaneously. +What may happen in this case is that the second one waits for the first +one to finish but as soon as it's done the second one resets the buffer +and dumps again, sometimes resetting the first one's dump. Also the first +one's abort() may trigger while the second one is currently dumping, +resulting in a full dump followed by a truncated one, leading to +confusion. Sometimes some lines appear in the middle of a dump as well. +It doesn't happen often and is easier to trigger by causing massive +deadlocks. + +There's no reason for the process to resist to a panic, so we can safely +add a counter and no nothing on subsequent calls. Ideally we'd wait there +forever but as this may happen inside a signal handler (e.g. watchdog), +it doesn't always work, so the easiest thing to do is to return so that +the thread is interrupted as soon as possible and brought to the debug +handler to be dumped. + +This should be backported, at least to 2.6 and possibly to older versions +as well. + +(cherry picked from commit 55433f9b344b430f3f8ec91106b9d8772168eafc) + [ad: adjusted context.] +Signed-off-by: Amaury Denoyelle + +Conflict: NA +Reference: https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=853a6e20057d54dc0c23bb851a9b7ac15ca33a49 +--- + src/debug.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/src/debug.c b/src/debug.c +index 40b60f2f5..572c84436 100644 +--- a/src/debug.c ++++ b/src/debug.c +@@ -51,6 +51,7 @@ + * when USE_THREAD_DUMP is set. + */ + volatile unsigned long threads_to_dump = 0; ++unsigned int panic_started = 0; + unsigned int debug_commands_issued = 0; + + /* dumps a backtrace of the current thread that is appended to buffer . +@@ -331,6 +332,14 @@ static int debug_parse_cli_show_libs(char **args, char *payload, struct appctx * + /* dumps a state of all threads into the trash and on fd #2, then aborts. */ + void ha_panic() + { ++ if (HA_ATOMIC_FETCH_ADD(&panic_started, 1) != 0) { ++ /* a panic dump is already in progress, let's not disturb it, ++ * we'll be called via signal DEBUGSIG. By returning we may be ++ * able to leave a current signal handler (e.g. WDT) so that ++ * this will ensure more reliable signal delivery. ++ */ ++ return; ++ } + chunk_reset(&trash); + chunk_appendf(&trash, "Thread %u is about to kill the process.\n", tid + 1); + ha_thread_dump_all_to_trash(); +-- +2.33.0 \ No newline at end of file diff --git a/haproxy.spec b/haproxy.spec index 4310412f4d50571cc1de1d7ebfb18eb144277ba7..cc478f17481f645d628f3470ec38811a88753392 100644 --- a/haproxy.spec +++ b/haproxy.spec @@ -5,7 +5,7 @@ Name: haproxy Version: 2.4.8 -Release: 6 +Release: 7 Summary: The Reliable, High Performance TCP/HTTP Load Balancer License: GPLv2+ @@ -23,6 +23,7 @@ Patch3: CVE-2023-40225.patch Patch4: CVE-2023-0836.patch # https://github.com/haproxy/haproxy/commit/2eab6d354322932cfec2ed54de261e4347eca9a6 Patch5: CVE-2023-45539.patch +Patch6: backport-BUG-MINOR-debug-enter-ha_panic-only-once.patch BuildRequires: gcc lua-devel pcre2-devel openssl-devel systemd-devel systemd libatomic Requires(pre): shadow-utils @@ -126,6 +127,12 @@ exit 0 %{_mandir}/man1/* %changelog +* Mon Mar 11 2024 xinghe - 2.4.8-7 +- Type:bugfix +- ID:NA +- SUG:restart +- DESC:debug: enter ha_panic() only once + * Wed Dec 06 2023 yaoxin - 2.4.8-6 - Fix CVE-2023-45539