From 1a61f748b67090dd49a86d80b8db018b0e0020c0 Mon Sep 17 00:00:00 2001 From: sunsuwan Date: Mon, 12 Jun 2023 17:02:35 +0800 Subject: [PATCH] backport upstream patches and make service start not so offen (cherry picked from commit 2a8dccb8461dec80764666d72d960c5be8394cef) --- ...n-receive-netlink-message-for-static.patch | 33 ++++ ...r-memory-leaks-when-configuration-is.patch | 83 ++++++++++ ...e-last-entry-if-duplicate-definition.patch | 123 +++++++++++++++ keepalived-pid-check.sh | 54 +++++++ keepalived-start-post.sh | 39 +++++ keepalived-stop-post.sh | 19 +++ keepalived.service | 4 + keepalived.spec | 31 +++- ...-cancelling-timer-thread-on-ready-qu.patch | 44 ++++++ ...fault-when-enable_snmp_vrrp-is-added.patch | 146 ++++++++++++++++++ ...x-assert-on-shutdown-after-name-lost.patch | 38 +++++ ...ng-vrrp-instances-until-all-referenc.patch | 40 +++++ 12 files changed, 651 insertions(+), 3 deletions(-) create mode 100644 Fix-segfault-when-receive-netlink-message-for-static.patch create mode 100644 check-fix-further-memory-leaks-when-configuration-is.patch create mode 100644 check-use-last-entry-if-duplicate-definition.patch create mode 100644 keepalived-pid-check.sh create mode 100644 keepalived-start-post.sh create mode 100644 keepalived-stop-post.sh create mode 100644 scheduler-Handle-cancelling-timer-thread-on-ready-qu.patch create mode 100644 vrrp-Resolve-segfault-when-enable_snmp_vrrp-is-added.patch create mode 100644 vrrp-dbus-Fix-assert-on-shutdown-after-name-lost.patch create mode 100644 vrrp-deley-freeing-vrrp-instances-until-all-referenc.patch diff --git a/Fix-segfault-when-receive-netlink-message-for-static.patch b/Fix-segfault-when-receive-netlink-message-for-static.patch new file mode 100644 index 0000000..d556b1e --- /dev/null +++ b/Fix-segfault-when-receive-netlink-message-for-static.patch @@ -0,0 +1,33 @@ +From f46327dc6e2daab91b8f164fc0e77fcb4cb80c6a Mon Sep 17 00:00:00 2001 +From: Arthur Grosser <15238252+agrrto@users.noreply.github.com> +Date: Fri, 27 May 2022 15:22:25 +0200 +Subject: [PATCH] Fix segfault when receive netlink message for static default + route added + +This extends acassen@069a039 where the problem was fixed for virtual +routes. +Conflict: NA +Reference: https://github.com/acassen/keepalived/commit/f46327dc6e2daab91b8f164fc0e77fcb4cb80c6a +--- + keepalived/core/keepalived_netlink.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/keepalived/core/keepalived_netlink.c b/keepalived/core/keepalived_netlink.c +index ea8843f..5c078d2 100644 +--- a/keepalived/core/keepalived_netlink.c ++++ b/keepalived/core/keepalived_netlink.c +@@ -321,7 +321,10 @@ route_is_ours(struct rtmsg* rt, struct rtattr *tb[RTA_MAX + 1], vrrp_t** ret_vrr + tos != route->tos) + continue; + +- if (compare_addr(family, RTA_DATA(tb[RTA_DST]), route->dst)) ++ if (!tb[RTA_DST]) ++ memset(&default_addr, 0, sizeof(default_addr)); ++ ++ if (compare_addr(family, tb[RTA_DST] ? RTA_DATA(tb[RTA_DST]) : &default_addr, route->dst)) + continue; + + return route; +-- +2.23.0 + diff --git a/check-fix-further-memory-leaks-when-configuration-is.patch b/check-fix-further-memory-leaks-when-configuration-is.patch new file mode 100644 index 0000000..02d60a9 --- /dev/null +++ b/check-fix-further-memory-leaks-when-configuration-is.patch @@ -0,0 +1,83 @@ +From 4b269f8131591e3067b54dc1f587592bfca10fba Mon Sep 17 00:00:00 2001 +From: Quentin Armitage +Date: Tue, 26 Jul 2022 09:42:01 +0100 +Subject: [PATCH] check: fix further memory leaks when configuration is + repeated + +Signed-off-by: Quentin Armitage +Conflict: adapt path_handler because the pre patch 516032ec39169d05c613de0e8ee10845658748ff reconstructs the configuration resolution +Reference: https://github.com/acassen/keepalived/commit/4b269f8131591e3067b54dc1f587592bfca10fba + +--- + keepalived/check/check_http.c | 9 +++++++-- + keepalived/check/check_parser.c | 6 +----- + keepalived/check/check_smtp.c | 4 +++- + 3 files changed, 11 insertions(+), 8 deletions(-) + +diff --git a/keepalived/check/check_http.c b/keepalived/check/check_http.c +index 4b1f3f3..47a9ac1 100644 +--- a/keepalived/check/check_http.c ++++ b/keepalived/check/check_http.c +@@ -505,7 +505,7 @@ path_handler(const vector_t *strvec) + http_checker_t *http_get_chk = CHECKER_GET(); + url_t *url = list_last_entry(&http_get_chk->url, url_t, e_list); + +- url->path = set_value(strvec); ++ set_string(&url->path, strvec, "path"); + } + + static void +@@ -625,11 +625,16 @@ regex_handler(__attribute__((unused)) const vector_t *strvec) + const vector_t *strvec_qe = alloc_strvec_quoted_escaped(NULL); + + if (vector_size(strvec_qe) != 2) { +- log_message(LOG_INFO, "regex missing or too many fields"); ++ report_config_error(CONFIG_GENERAL_ERROR, "regex missing or too many fields"); + free_strvec(strvec_qe); + return; + } + ++ if (conf_regex_pattern) { ++ report_config_error(CONFIG_GENERAL_ERROR, "Duplicate regex specified - replacing %s with %s", conf_regex_pattern, strvec_slot(strvec, 1)); ++ FREE_CONST_PTR(conf_regex_pattern); ++ } ++ + conf_regex_pattern = PTR_CAST_CONST(unsigned char, set_value(strvec_qe)); + free_strvec(strvec_qe); + } +diff --git a/keepalived/check/check_parser.c b/keepalived/check/check_parser.c +index ec8f779..f24215e 100644 +--- a/keepalived/check/check_parser.c ++++ b/keepalived/check/check_parser.c +@@ -74,11 +74,7 @@ handle_ssl_file(const vector_t *strvec, const char **file_name, const char *type + return; + } + +- if (*file_name) { +- report_config_error(CONFIG_GENERAL_ERROR, "SSL %s already specified - replacing", type); +- FREE_CONST(*file_name); +- } +- *file_name = set_value(strvec); ++ set_string(file_name, strvec, "SSL"); + } + + static void +diff --git a/keepalived/check/check_smtp.c b/keepalived/check/check_smtp.c +index 034d891..65db135 100644 +--- a/keepalived/check/check_smtp.c ++++ b/keepalived/check/check_smtp.c +@@ -273,8 +273,10 @@ smtp_helo_name_handler(const vector_t *strvec) + return; + } + +- if (smtp_checker->helo_name) ++ if (smtp_checker->helo_name) { ++ report_config_error(CONFIG_GENERAL_ERROR, "SMTP_CHECK helo name already specified"); + FREE_CONST(smtp_checker->helo_name); ++ } + + smtp_checker->helo_name = set_value(strvec); + } +-- +2.33.0 + diff --git a/check-use-last-entry-if-duplicate-definition.patch b/check-use-last-entry-if-duplicate-definition.patch new file mode 100644 index 0000000..d689266 --- /dev/null +++ b/check-use-last-entry-if-duplicate-definition.patch @@ -0,0 +1,123 @@ +From 014f037b219d328d501ac90cc046efa9b84b3a32 Mon Sep 17 00:00:00 2001 +From: Quentin Armitage +Date: Mon, 25 Jul 2022 18:06:24 +0100 +Subject: [PATCH] check: use last entry if duplicate definition + +Commits 8a3f145 - "fix mem leaks when virtualhost and snmp_name +are duplicate" and 86bbb2e - "fix mem leaks when virtualhost is +duplicate" changed the behaviour of virtualhost and snmp_name +configuration if there were duplicate definitions to use the +first defined entry, whereas previously the last defined entry +was used, albeit with a memory leak. + +This commit retains the memory leak fixes, but reverts the +behaviour to use the last definition rather than the first. + +Signed-off-by: Quentin Armitage +Conflict: adapt the input parameter of set_string function because the pre patch 516032ec39169d05c613de0e8ee10845658748ff reconstructs the configuration resolution +Reference: https://github.com/acassen/keepalived/commit/014f037b219d328d501ac90cc046efa9b84b3a32 +--- + keepalived/check/check_http.c | 4 ++-- + keepalived/check/check_parser.c | 8 ++++---- + lib/parser.c | 10 ++++++++++ + lib/parser.h | 1 + + 4 files changed, 17 insertions(+), 6 deletions(-) + +diff --git a/keepalived/check/check_http.c b/keepalived/check/check_http.c +index e5f4dfa..4b1f3f3 100644 +--- a/keepalived/check/check_http.c ++++ b/keepalived/check/check_http.c +@@ -463,7 +463,7 @@ virtualhost_handler(const vector_t *strvec) + return; + } + +- http_get_chk->virtualhost = set_value(strvec); ++ set_string(&http_get_chk->virtualhost, strvec, "virtualhost"); + } + + static void +@@ -592,7 +592,7 @@ url_virtualhost_handler(const vector_t *strvec) + return; + } + +- url->virtualhost = set_value(strvec); ++ set_string(&url->virtualhost, strvec, "url virtualhost"); + } + + static void +diff --git a/keepalived/check/check_parser.c b/keepalived/check/check_parser.c +index a962581..ec8f779 100644 +--- a/keepalived/check/check_parser.c ++++ b/keepalived/check/check_parser.c +@@ -607,7 +607,7 @@ vs_virtualhost_handler(const vector_t *strvec) + return; + } + +- vs->virtualhost = set_value(strvec); ++ set_string(&vs->virtualhost, strvec, "vs virtualhost"); + } + + #ifdef _WITH_SNMP_CHECKER_ +@@ -621,7 +621,7 @@ vs_snmp_name_handler(const vector_t *strvec) + return; + } + +- vs->snmp_name = set_value(strvec); ++ set_string(&vs->snmp_name, strvec, "vs snmp_name"); + } + #endif + +@@ -891,7 +891,7 @@ rs_virtualhost_handler(const vector_t *strvec) + return; + } + +- rs->virtualhost = set_value(strvec); ++ set_string(&rs->virtualhost, strvec, "rs virtualhost"); + } + + #ifdef _WITH_SNMP_CHECKER_ +@@ -906,7 +906,7 @@ rs_snmp_name_handler(const vector_t *strvec) + return; + } + +- rs->snmp_name = set_value(strvec); ++ set_string(&rs->snmp_name, strvec, "rs snmp_name"); + } + #endif + +diff --git a/lib/parser.c b/lib/parser.c +index bcabd07..68a6e49 100644 +--- a/lib/parser.c ++++ b/lib/parser.c +@@ -804,6 +804,16 @@ read_hex_str(const char *str, uint8_t **data, uint8_t **data_mask) + return len; + } + ++void ++set_string(const char **var, const vector_t *strvec, const char *param_name) ++{ ++ if (*var) { ++ report_config_error(CONFIG_GENERAL_ERROR, "Duplicate %s - overwriting %s with %s", param_name, *var, strvec_slot(strvec, 1)); ++ FREE_CONST_PTR(*var); ++ } ++ *var = set_value(strvec); ++} ++ + void + set_random_seed(unsigned int seed) + { +diff --git a/lib/parser.h b/lib/parser.h +index 994eeb3..4fa0988 100644 +--- a/lib/parser.h ++++ b/lib/parser.h +@@ -116,6 +116,7 @@ set_value_r(const vector_t *strvec) + #endif + + /* Prototypes */ ++extern void set_string(const char **, const vector_t *, const char *); + extern void report_config_error(config_err_t, const char *format, ...) + __attribute__((format (printf, 2, 3))); + extern void use_disk_copy_for_config(const char *); +-- +2.33.0 + diff --git a/keepalived-pid-check.sh b/keepalived-pid-check.sh new file mode 100644 index 0000000..b2f3729 --- /dev/null +++ b/keepalived-pid-check.sh @@ -0,0 +1,54 @@ +#! /bin/bash + +if [ ! -f /run/keepalived.pid ] || [ ! -f /run/keepalived.pid.save ]; then + echo "check keepalived.pid and run/keepalived.pid.save file not exists" + exit 1 +fi + +NOW_MAIN_PID=$(/usr/bin/cat /run/keepalived.pid) + +if [ -f /run/checkers.pid ]; then + NOW_CHECKERS_PID=$(/usr/bin/cat /run/checkers.pid) +else + NOW_CHECKERS_PID=0 +fi + +if [ -f /run/vrrp.pid ]; then + NOW_VRRP_PID=$(/usr/bin/cat /run/vrrp.pid) +else + NOW_VRRP_PID=0 +fi + +count=1; + +while read LINE +do + if [ $count = 1 ]; then + if [ $NOW_MAIN_PID != $LINE ]; then + echo "check main pid $LINE ...... [fail]" + exit 1 + fi + echo "check main pid $LINE ...... [pass]" + fi + + if [ $count = 2 ]; then + if [ $NOW_CHECKERS_PID != $LINE ]; then + echo "check checker pid $LINE ... [fail]" + exit 1 + fi + echo "check checker pid $LINE ... [pass]" + fi + + if [ $count = 3 ]; then + if [ $NOW_VRRP_PID != $LINE ]; then + echo "check vrrp pid $LINE ...... [fail]" + exit 1 + fi + echo "check vrrp pid $LINE ...... [pass]" + fi + + count=$[ $count + 1 ] + +done < /run/keepalived.pid.save + +exit 0 diff --git a/keepalived-start-post.sh b/keepalived-start-post.sh new file mode 100644 index 0000000..7578d39 --- /dev/null +++ b/keepalived-start-post.sh @@ -0,0 +1,39 @@ +#!/bin/sh +umask 0027 + +echo "exec started post " + +CheckPidFile() +{ + ps -ef | grep "/usr/sbin/keepalived -D --all" | while read line; + do + PID=$(echo $line | awk '{print $2}') + FATHER=$(echo $line | awk '{print $3}') + CMD=$(echo $line| awk '{print $8}') + if [ $CMD = "/usr/sbin/keepalived" ] && [ $FATHER = "1" ]; then + echo $PID > /run/keepalived.pid + fi + done +} + +if [ -f /run/keepalived.pid ]; then + echo $(/usr/bin/cat /run/keepalived.pid) > /run/keepalived.pid.save +else + CheckPidFile +fi + +if [ -f /run/checkers.pid ]; then + echo $(/usr/bin/cat /run/checkers.pid) >> /run/keepalived.pid.save +else + echo 0 >> /run/keepalived.pid.save + +fi + +if [ -f /run/vrrp.pid ]; then + echo $(/usr/bin/cat /run/vrrp.pid) >> /run/keepalived.pid.save +else + echo 0 >> /run/keepalived.pid.save +fi + +exit 0 + diff --git a/keepalived-stop-post.sh b/keepalived-stop-post.sh new file mode 100644 index 0000000..a9a15fb --- /dev/null +++ b/keepalived-stop-post.sh @@ -0,0 +1,19 @@ +#!/bin/sh +if [ -f /run/checkers.pid ]; then + checkerpid=$(/usr/bin/cat /run/checkers.pid) + /bin/kill $checkerpid + echo "Kill checkers-pid $checkerpid , when execute stop-post keepalived" +fi + +if [ -f /run/vrrp.pid ]; then + vrrppid=$(/usr/bin/cat /run/vrrp.pid) + /bin/kill $vrrppid + echo "Kill vrrp-pid $vrrppid, when execute stop-post keepalived" +fi + +if [ -f /run/keepalived.pid.save ]; then + rm -rf /run/keepalived.pid.save +fi + +echo "Excuted stop-post keepalived" + diff --git a/keepalived.service b/keepalived.service index a5a9b28..3ab49a5 100644 --- a/keepalived.service +++ b/keepalived.service @@ -8,8 +8,12 @@ Type=forking PIDFile=/run/keepalived.pid KillMode=process EnvironmentFile=-/etc/sysconfig/keepalived +ExecStartPost=/usr/sbin/keepalived-start-post.sh ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS ExecReload=/bin/kill -HUP $MAINPID +ExecStopPost=/usr/sbin/keepalived-stop-post.sh +StartLimitBurst=1 +StartLimitInterval=1s [Install] WantedBy=multi-user.target diff --git a/keepalived.spec b/keepalived.spec index e551ba3..48ec656 100644 --- a/keepalived.spec +++ b/keepalived.spec @@ -9,15 +9,28 @@ Name: keepalived Version: 2.2.4 -Release: 2 +Release: 3 Summary: High Availability monitor built upon LVS, VRRP and service pollers License: GPLv2+ URL: http://www.keepalived.org/ Source0: http://www.keepalived.org/software/keepalived-%{version}.tar.gz Source1: keepalived.service +Source2: keepalived-stop-post.sh +Source3: keepalived-start-post.sh +Source4: keepalived-pid-check.sh Patch0001: CVE-2021-44225.patch - +Patch0002: scheduler-Handle-cancelling-timer-thread-on-ready-qu.patch +Patch0003: vrrp-dbus-Fix-assert-on-shutdown-after-name-lost.patch +Patch0004: vrrp-Resolve-segfault-when-enable_snmp_vrrp-is-added.patch +Patch0005: Fix-segfault-when-receive-netlink-message-for-static.patch +Patch0006: vrrp-deley-freeing-vrrp-instances-until-all-referenc.patch +Patch0007: check-use-last-entry-if-duplicate-definition.patch +Patch0008: check-fix-further-memory-leaks-when-configuration-is.patch + +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd BuildRequires: net-snmp-devel gcc systemd-units openssl-devel libnl3-devel BuildRequires: ipset-devel iptables-devel libnfnetlink-devel libnftnl-devel BuildRequires: file-devel libmnl-devel @@ -61,7 +74,10 @@ rm -rf .%{_sysconfdir}/keepalived/samples/ popd install -d -m 0755 %{buildroot}%{_unitdir} -install -p -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/keepalived.service +install -p -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/keepalived.service +install -p -D -m 0550 %{SOURCE2} %{buildroot}%{_sbindir}/keepalived-stop-post.sh +install -p -D -m 0550 %{SOURCE3} %{buildroot}%{_sbindir}/keepalived-start-post.sh +install -p -D -m 0550 %{SOURCE4} %{buildroot}%{_sbindir}/keepalived-pid-check.sh install -Dd -m 0755 %{buildroot}%{_libexecdir}/keepalived %post @@ -82,6 +98,9 @@ install -Dd -m 0755 %{buildroot}%{_libexecdir}/keepalived %attr(0755,root,root) %{_sbindir}/keepalived %dir %{_sysconfdir}/keepalived/ %dir %{_libexecdir}/keepalived/ +%attr(0550,root,root) %{_sbindir}/keepalived-stop-post.sh +%attr(0550,root,root) %{_sbindir}/keepalived-start-post.sh +%attr(0550,root,root) %{_sbindir}/keepalived-pid-check.sh %{_bindir}/genhash %{_datadir}/snmp/mibs/* %{_unitdir}/keepalived.service @@ -92,6 +111,12 @@ install -Dd -m 0755 %{buildroot}%{_libexecdir}/keepalived %{_mandir}/man* %changelog +* Mon Jun 12 2023 sunsuwan - 2.2.4-3 +- Type:CVE +- ID:NA +- SUG:NA +- DESC:backport upstream patches and make service start not so offen + * Tue Mar 29 2022 kwb0523 - 2.2.4-2 - Type:bugfix - ID:NA diff --git a/scheduler-Handle-cancelling-timer-thread-on-ready-qu.patch b/scheduler-Handle-cancelling-timer-thread-on-ready-qu.patch new file mode 100644 index 0000000..81f7ec7 --- /dev/null +++ b/scheduler-Handle-cancelling-timer-thread-on-ready-qu.patch @@ -0,0 +1,44 @@ +From 73ba6004b906b1ea022c169b25b9bdab589583e4 Mon Sep 17 00:00:00 2001 +From: Quentin Armitage +Date: Fri, 22 Oct 2021 15:16:01 +0100 +Subject: [PATCH] scheduler: Handle cancelling timer thread on ready queue + +The timer thread on the ready queue, if cancelled, was corrupting +the read list_head, since it assumed it was on a red black tree. + +Signed-off-by: Quentin Armitage +Conflict: NA +Reference: https://github.com/acassen/keepalived/commit/73ba6004b906b1ea022c169b25b9bdab589583e4 +--- + lib/scheduler.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/lib/scheduler.c b/lib/scheduler.c +index a588f52..ebf5ea3 100644 +--- a/lib/scheduler.c ++++ b/lib/scheduler.c +@@ -1527,6 +1527,7 @@ thread_cancel(thread_ref_t thread_cp) + break; + case THREAD_EVENT: + case THREAD_READY: ++ case THREAD_READY_TIMER: + #ifdef USE_SIGNAL_THREADS + case THREAD_SIGNAL: + #endif +@@ -1534,7 +1535,13 @@ thread_cancel(thread_ref_t thread_cp) + case THREAD_CHILD_TERMINATED: + list_del_init(&thread->e_list); + break; ++ case THREAD_TIMER_SHUTDOWN: ++ case THREAD_TERMINATE_START: ++ case THREAD_TERMINATE: ++ log_message(LOG_WARNING, "ERROR - thread_cancel called for THREAD_%s", thread->type == THREAD_TIMER_SHUTDOWN ? "TIMER_SHUTDOWN" : thread->type == THREAD_TERMINATE ? "TERMINATE" : "TERMINATE_START"); ++ return; + default: ++ log_message(LOG_WARNING, "ERROR - thread_cancel called for unknown thread type %u", thread->type); + break; + } + +-- +2.23.0 + diff --git a/vrrp-Resolve-segfault-when-enable_snmp_vrrp-is-added.patch b/vrrp-Resolve-segfault-when-enable_snmp_vrrp-is-added.patch new file mode 100644 index 0000000..064d388 --- /dev/null +++ b/vrrp-Resolve-segfault-when-enable_snmp_vrrp-is-added.patch @@ -0,0 +1,146 @@ +From 24f8a1e1220e5f1fa762e60669ef1215cc15d138 Mon Sep 17 00:00:00 2001 +From: Quentin Armitage +Date: Sun, 17 Apr 2022 14:52:44 +0100 +Subject: [PATCH] vrrp: Resolve segfault when enable_snmp_vrrp is added at a + reload + +Signed-off-by: Quentin Armitage +Conflict: NA +Reference: https://github.com/acassen/keepalived/commit/24f8a1e1220e5f1fa762e60669ef1215cc15d138 +--- + keepalived/core/snmp.c | 1 + + keepalived/include/vrrp_snmp.h | 3 ++- + keepalived/vrrp/vrrp_daemon.c | 10 ++++++++-- + keepalived/vrrp/vrrp_snmp.c | 18 +++++++++--------- + 4 files changed, 20 insertions(+), 12 deletions(-) + +diff --git a/keepalived/core/snmp.c b/keepalived/core/snmp.c +index 421484e..2aae126 100644 +--- a/keepalived/core/snmp.c ++++ b/keepalived/core/snmp.c +@@ -496,6 +496,7 @@ snmp_agent_close(bool base_mib) + if (base_mib) + snmp_unregister_mib(global_oid, OID_LENGTH(global_oid)); + snmp_shutdown(global_name); ++ shutdown_agent(); + + snmp_running = false; + } +diff --git a/keepalived/include/vrrp_snmp.h b/keepalived/include/vrrp_snmp.h +index f75d32f..028356a 100644 +--- a/keepalived/include/vrrp_snmp.h ++++ b/keepalived/include/vrrp_snmp.h +@@ -26,6 +26,7 @@ + + #include "config.h" + ++#include "global_data.h" + #ifdef _WITH_SNMP_RFC_ + #include "timer.h" + #endif +@@ -74,7 +75,7 @@ extern timeval_t snmp_vrrp_start_time; + + /* Prototypes */ + extern void vrrp_snmp_agent_init(const char *); +-extern void vrrp_snmp_agent_close(void); ++extern void vrrp_snmp_agent_close(const data_t *); + + #ifdef _WITH_SNMP_VRRP_ + extern void vrrp_snmp_instance_trap(vrrp_t *); +diff --git a/keepalived/vrrp/vrrp_daemon.c b/keepalived/vrrp/vrrp_daemon.c +index 036f9f2..5568a52 100644 +--- a/keepalived/vrrp/vrrp_daemon.c ++++ b/keepalived/vrrp/vrrp_daemon.c +@@ -286,7 +286,7 @@ vrrp_terminate_phase2(int exit_status) + global_data->enable_snmp_rfcv3 || + #endif + snmp_option) +- vrrp_snmp_agent_close(); ++ vrrp_snmp_agent_close(global_data); + #endif + + #ifdef _WITH_LVS_ +@@ -554,13 +554,19 @@ start_vrrp(data_t *prev_global_data) + global_data->enable_snmp_rfcv3 || + #endif + snmp_option)) { +- if (reload) ++ if (snmp_running) + snmp_epoll_info(master); + else + vrrp_snmp_agent_init(global_data->snmp_socket); + #ifdef _WITH_SNMP_RFC_ + snmp_vrrp_start_time = time_now; + #endif ++ } else { ++// We have a problem at reload if VRRP had SNMP and checker didn't, but now checker does. ++// Also race condition if changing so checker does and we dont, from other way round. ++// SOLUTION: Stop snmp before reload and start afterwards. ? A race anyway ++ if (snmp_running) ++ vrrp_snmp_agent_close(old_global_data); + } + #endif + +diff --git a/keepalived/vrrp/vrrp_snmp.c b/keepalived/vrrp/vrrp_snmp.c +index fc7749b..aa4c426 100644 +--- a/keepalived/vrrp/vrrp_snmp.c ++++ b/keepalived/vrrp/vrrp_snmp.c +@@ -4471,15 +4471,15 @@ vrrp_rfcv3_snmp_proto_err_notify(vrrp_t *vrrp) + #endif + + static bool +-vrrp_handles_global_oid(void) ++vrrp_handles_global_oid(const data_t *global_data_in_use) + { + #ifdef _WITH_SNMP_VRRP_ +- if (global_data->enable_snmp_vrrp) { ++ if (global_data_in_use->enable_snmp_vrrp) { + #ifdef _WITH_LVS_ + if (!running_checker()) + return true; + #ifdef _WITH_SNMP_CHECKER_ +- if (!global_data->enable_snmp_checker) ++ if (!global_data_in_use->enable_snmp_checker) + return true; + #endif + #else +@@ -4498,7 +4498,7 @@ vrrp_snmp_agent_init(const char *snmp_socket_name) + return; + + /* We let the check process handle the global OID if it is running and with snmp */ +- snmp_agent_init(snmp_socket_name, vrrp_handles_global_oid()); ++ snmp_agent_init(snmp_socket_name, vrrp_handles_global_oid(global_data)); + + #ifdef _WITH_SNMP_VRRP_ + if (global_data->enable_snmp_vrrp) +@@ -4524,22 +4524,22 @@ vrrp_snmp_agent_init(const char *snmp_socket_name) + } + + void +-vrrp_snmp_agent_close(void) ++vrrp_snmp_agent_close(const data_t *global_data_in_use) + { + if (!snmp_running) + return; + + #ifdef _WITH_SNMP_VRRP_ +- if (global_data->enable_snmp_vrrp) ++ if (global_data_in_use->enable_snmp_vrrp) + snmp_unregister_mib(vrrp_oid, OID_LENGTH(vrrp_oid)); + #endif + #ifdef _WITH_SNMP_RFCV2_ +- if (global_data->enable_snmp_rfcv2) ++ if (global_data_in_use->enable_snmp_rfcv2) + snmp_unregister_mib(vrrp_rfcv2_oid, OID_LENGTH(vrrp_rfcv2_oid)); + #endif + #ifdef _WITH_SNMP_RFCV3_ +- if (global_data->enable_snmp_rfcv3) ++ if (global_data_in_use->enable_snmp_rfcv3) + snmp_unregister_mib(vrrp_rfcv3_oid, OID_LENGTH(vrrp_rfcv3_oid)); + #endif +- snmp_agent_close(vrrp_handles_global_oid()); ++ snmp_agent_close(vrrp_handles_global_oid(global_data_in_use)); + } +-- +2.23.0 + diff --git a/vrrp-dbus-Fix-assert-on-shutdown-after-name-lost.patch b/vrrp-dbus-Fix-assert-on-shutdown-after-name-lost.patch new file mode 100644 index 0000000..eab8601 --- /dev/null +++ b/vrrp-dbus-Fix-assert-on-shutdown-after-name-lost.patch @@ -0,0 +1,38 @@ +From 5721b5b7144d7e0fa71badf4fc2666a0850ea1ee Mon Sep 17 00:00:00 2001 +From: Quentin Armitage +Date: Mon, 27 Sep 2021 16:57:54 +0100 +Subject: [PATCH] vrrp dbus: Fix assert on shutdown after name lost + +When DBus reports that the VRRP name has been lost on the session +bus, keepalived calls g_hash_table_foreach_remove(). However it called +the function again on shutdown causing an assert failure. This commit +ensures that g_hash_table_foreach_remove() is not called on shutdown +if it has already been called due to the name being lost. + +Signed-off-by: Quentin Armitage +Conflict: NA +Reference: https://github.com/acassen/keepalived/commit/5721b5b7144d7e0fa71badf4fc2666a0850ea1ee +--- + keepalived/vrrp/vrrp_dbus.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/keepalived/vrrp/vrrp_dbus.c b/keepalived/vrrp/vrrp_dbus.c +index c3b7c2c..0a223b4 100644 +--- a/keepalived/vrrp/vrrp_dbus.c ++++ b/keepalived/vrrp/vrrp_dbus.c +@@ -964,8 +964,10 @@ dbus_stop(void) + if (!dbus_running) + return; + +- g_hash_table_foreach_remove(objects, remove_object, NULL); +- objects = NULL; ++ if (objects) { ++ g_hash_table_foreach_remove(objects, remove_object, NULL); ++ objects = NULL; ++ } + + if (global_connection != NULL) { + path = dbus_object_create_path_vrrp(); +-- +2.23.0 + diff --git a/vrrp-deley-freeing-vrrp-instances-until-all-referenc.patch b/vrrp-deley-freeing-vrrp-instances-until-all-referenc.patch new file mode 100644 index 0000000..dc1ca81 --- /dev/null +++ b/vrrp-deley-freeing-vrrp-instances-until-all-referenc.patch @@ -0,0 +1,40 @@ +From 57dfaec99bafb0eb45e634c605daf52bb1cd5d0d Mon Sep 17 00:00:00 2001 +From: Quentin Armitage +Date: Thu, 30 Jun 2022 17:14:39 +0100 +Subject: [PATCH] vrrp: deley freeing vrrp instances until all references are + freed + +Trackers etc have lists for vrrp instances that are tracking them. +Therefore the trackers, and their references, must be freed before the +vrrp instances are freed. + +Signed-off-by: Quentin Armitage +Conflict: NA +Reference: https://github.com/acassen/keepalived/commit/57dfaec99bafb0eb45e634c605daf52bb1cd5d0d +--- + keepalived/vrrp/vrrp_data.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/keepalived/vrrp/vrrp_data.c b/keepalived/vrrp/vrrp_data.c +index b2c6f69..c144e64 100644 +--- a/keepalived/vrrp/vrrp_data.c ++++ b/keepalived/vrrp/vrrp_data.c +@@ -1223,7 +1223,6 @@ free_vrrp_data(vrrp_data_t * data) + free_iproute_list(&data->static_routes); + free_iprule_list(&data->static_rules); + free_static_track_groups_list(&data->static_track_groups); +- free_vrrp_list(&data->vrrp); + free_sync_group_list(&data->vrrp_sync_group); + free_vscript_list(&data->vrrp_script); + free_track_file_list(&data->vrrp_track_files); +@@ -1233,6 +1232,7 @@ free_vrrp_data(vrrp_data_t * data) + #ifdef _WITH_BFD_ + free_vrrp_tracked_bfd_list(&data->vrrp_track_bfds); + #endif ++ free_vrrp_list(&data->vrrp); + FREE(data); + } + +-- +2.23.0 + -- Gitee