From 0ec657ffe77b5806687b37372433235f599793a8 Mon Sep 17 00:00:00 2001 From: yangjiaqi Date: Wed, 24 May 2023 10:10:42 +0800 Subject: [PATCH] lxcfs:sync with latest branch - master 0019-fix-dev-read-memory-leak-in-container.patch 0020-enable-cfs-option-to-show-correct-proc-cpuinfo-view.patch 0021-fix-pidfd_open-pidfd_send_signal-function-compilatio.patch 0022-cpuview-fix-possible-use-after-free-in-find_proc_sta.patch 0023-proc-fix-proc-diskstats-output-format.patch Signed-off-by: yangjiaqi (cherry picked from commit 6f7fa5fe1329e1a4cec21696c565e251d96a2178) --- ...ix-dev-read-memory-leak-in-container.patch | 34 ++++-- ...on-to-show-correct-proc-cpuinfo-view.patch | 25 ++++ ...idfd_send_signal-function-compilatio.patch | 37 ++++++ ...ible-use-after-free-in-find_proc_sta.patch | 109 ++++++++++++++++++ ...roc-fix-proc-diskstats-output-format.patch | 91 +++++++++++++++ lxcfs.spec | 33 +++++- 6 files changed, 317 insertions(+), 12 deletions(-) rename 0019-fix-dev_name-stack-overflow.patch => 0019-fix-dev-read-memory-leak-in-container.patch (48%) create mode 100644 0020-enable-cfs-option-to-show-correct-proc-cpuinfo-view.patch create mode 100644 0021-fix-pidfd_open-pidfd_send_signal-function-compilatio.patch create mode 100644 0022-cpuview-fix-possible-use-after-free-in-find_proc_sta.patch create mode 100644 0023-proc-fix-proc-diskstats-output-format.patch diff --git a/0019-fix-dev_name-stack-overflow.patch b/0019-fix-dev-read-memory-leak-in-container.patch similarity index 48% rename from 0019-fix-dev_name-stack-overflow.patch rename to 0019-fix-dev-read-memory-leak-in-container.patch index 2b45a30..ca0f771 100644 --- a/0019-fix-dev_name-stack-overflow.patch +++ b/0019-fix-dev-read-memory-leak-in-container.patch @@ -1,14 +1,15 @@ -From 89b2479830756188cfe81cbe34fbb83a33e67dfd Mon Sep 17 00:00:00 2001 -From: yangjiaqi -Date: Wed, 2 Mar 2022 14:20:40 +0800 -Subject: [PATCH] fix dev_name stack overflow +From d67982ddf6d742b92799d1fb2e4c89e8ff87d95b Mon Sep 17 00:00:00 2001 +From: zhangsong234 +Date: Wed, 11 May 2022 15:55:47 +0800 +Subject: [PATCH] fix dev read memory leak in container +Signed-off-by: zhangsong234 --- - src/proc_fuse.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) + src/proc_fuse.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/proc_fuse.c b/src/proc_fuse.c -index 0f66c40..a1c0265 100644 +index 0f66c40..6051e9a 100644 --- a/src/proc_fuse.c +++ b/src/proc_fuse.c @@ -497,7 +497,7 @@ struct devinfo* container_dev_read(pid_t pid) { @@ -20,6 +21,15 @@ index 0f66c40..a1c0265 100644 pid_t child_pid; int mypipe[2]; int dev_num; +@@ -558,7 +558,7 @@ struct devinfo* container_dev_read(pid_t pid) { + } + closedir(dir); + stat("/", &dev_stat); +- dev_num = dev_stat.st_dev & (~0xf); ++ dev_num = dev_stat.st_dev; + fprintf(stream, "sda %d end 0 ", dev_num); + fflush(stream); + child_out: @@ -574,6 +574,7 @@ child_out: } wait_for_pid(child_pid); @@ -36,6 +46,14 @@ index 0f66c40..a1c0265 100644 } err: if (stream) +@@ -883,6 +885,7 @@ static int proc_diskstats_read(char *buf, size_t size, off_t offset, + if (total_len > size) + total_len = size; + memcpy(buf, d->buf, total_len); ++ free_devinfo_list(container_devinfo); + + return total_len; + } -- -2.32.0 (Apple Git-132) +1.8.3.1 diff --git a/0020-enable-cfs-option-to-show-correct-proc-cpuinfo-view.patch b/0020-enable-cfs-option-to-show-correct-proc-cpuinfo-view.patch new file mode 100644 index 0000000..8f4895e --- /dev/null +++ b/0020-enable-cfs-option-to-show-correct-proc-cpuinfo-view.patch @@ -0,0 +1,25 @@ +From ed5823bf5b0d8bd425417d9b3590ece248fe1655 Mon Sep 17 00:00:00 2001 +From: yangjiaqi +Date: Sat, 26 Nov 2022 11:48:14 +0800 +Subject: [PATCH] enable cfs option to show correct proc cpuinfo view + +--- + config/init/systemd/lxcfs.service.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/config/init/systemd/lxcfs.service.in b/config/init/systemd/lxcfs.service.in +index bdaa2fa..3ee006b 100644 +--- a/config/init/systemd/lxcfs.service.in ++++ b/config/init/systemd/lxcfs.service.in +@@ -6,7 +6,7 @@ Documentation=man:lxcfs(1) + + [Service] + ExecStartPre=-/usr/local/bin/lxcfs-tools prestart +-ExecStart=/usr/bin/lxcfs /var/lib/lxc/lxcfs/ ++ExecStart=/usr/bin/lxcfs --enable-cfs /var/lib/lxc/lxcfs/ + ExecStartPost=-/usr/local/bin/lxcfs-tools remount -a + KillMode=process + ExecStop=-/usr/local/bin/lxcfs-tools umount -a +-- +2.30.0 + diff --git a/0021-fix-pidfd_open-pidfd_send_signal-function-compilatio.patch b/0021-fix-pidfd_open-pidfd_send_signal-function-compilatio.patch new file mode 100644 index 0000000..ebfa7e0 --- /dev/null +++ b/0021-fix-pidfd_open-pidfd_send_signal-function-compilatio.patch @@ -0,0 +1,37 @@ +From e3ca16cd280bea10a63e959623fd6625f7b868ce Mon Sep 17 00:00:00 2001 +From: yangjiaqi +Date: Thu, 24 Nov 2022 15:53:53 +0800 +Subject: [PATCH] fix pidfd_open&pidfd_send_signal function compilation bug in + glibc2.36+ + +--- + src/utils.h | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/utils.h b/src/utils.h +index 18d85a7..ab2da0f 100644 +--- a/src/utils.h ++++ b/src/utils.h +@@ -46,6 +46,9 @@ static inline int pidfd_open(pid_t pid, unsigned int flags) + { + return syscall(__NR_pidfd_open, pid, flags); + } ++#else ++#include ++extern int pidfd_open(pid_t pid, unsigned int flags); + #endif + + #if !HAVE_PIDFD_SEND_SIGNAL +@@ -54,6 +57,9 @@ static inline int pidfd_send_signal(int pidfd, int sig, siginfo_t *info, + { + return syscall(__NR_pidfd_send_signal, pidfd, sig, info, flags); + } ++#else ++#include ++extern int pidfd_send_signal(int pidfd, int sig, siginfo_t *info,unsigned int flags); + #endif + + extern FILE *fopen_cached(const char *path, const char *mode, +-- +2.30.0 + diff --git a/0022-cpuview-fix-possible-use-after-free-in-find_proc_sta.patch b/0022-cpuview-fix-possible-use-after-free-in-find_proc_sta.patch new file mode 100644 index 0000000..587c23f --- /dev/null +++ b/0022-cpuview-fix-possible-use-after-free-in-find_proc_sta.patch @@ -0,0 +1,109 @@ +From 765d4c48aeaad779008f82ff6643d9cdbe917bd1 Mon Sep 17 00:00:00 2001 +From: yangjiaqi +Date: Wed, 22 Mar 2023 09:31:04 +0800 +Subject: [PATCH] cpuview: fix possible use-after-free in find_proc_stat_node + +Signed-off-by: yangjiaqi +--- + src/proc_cpuview.c | 36 ++++++++++++++++++++++++++++++++---- + 1 file changed, 32 insertions(+), 4 deletions(-) + +diff --git a/src/proc_cpuview.c b/src/proc_cpuview.c +index 75006a6..207a6df 100644 +--- a/src/proc_cpuview.c ++++ b/src/proc_cpuview.c +@@ -171,6 +171,7 @@ static struct cg_proc_stat *add_proc_stat_node(struct cg_proc_stat *new_node) + } + + out_rwlock_unlock: ++ pthread_mutex_lock(&rv->lock); + pthread_rwlock_unlock(&head->lock); + return move_ptr(rv); + } +@@ -224,6 +225,7 @@ static bool cgroup_supports(const char *controller, const char *cgroup, + return faccessat(cfd, path, F_OK, 0) == 0; + } + ++/* should be called with wr-locked list */ + static struct cg_proc_stat *prune_proc_stat_list(struct cg_proc_stat *node) + { + struct cg_proc_stat *first = NULL; +@@ -232,6 +234,31 @@ static struct cg_proc_stat *prune_proc_stat_list(struct cg_proc_stat *node) + if (!cgroup_supports("cpu", node->cg, "cpu.shares")) { + struct cg_proc_stat *cur = node; + ++ /* ++ * We need to ensure that no one referenced this node, ++ * because we are going to remove it from the list and free memory. ++ * ++ * If we can't grab the lock then just keep this node for now. ++ */ ++ if (pthread_mutex_trylock(&cur->lock)) ++ goto next; ++ ++ /* ++ * Yes, we can put lock back just after taking it, as we ensured ++ * that we are only one user of it right now. ++ * ++ * It follows from three facts: ++ * - we are under pthread_rwlock_wrlock(hash_table_bucket) ++ * - pthread_mutex_lock is taken by find_proc_stat_node() ++ * with pthread_rwlock_rdlock(hash_table_bucket) held. ++ * - pthread_mutex_lock is taken by add_proc_stat_node() ++ * with pthread_rwlock_wrlock(hash_table_bucket) held. ++ * ++ * It means that nobody can get a pointer to (cur) node in a parallel ++ * thread and all old users of (cur) node have released pthread_mutex_lock(cur). ++ */ ++ pthread_mutex_unlock(&cur->lock); ++ + if (prev) + prev->next = node->next; + else +@@ -242,6 +269,7 @@ static struct cg_proc_stat *prune_proc_stat_list(struct cg_proc_stat *node) + + free_proc_stat_node(cur); + } else { ++next: + if (!first) + first = node; + prev = node; +@@ -279,6 +307,7 @@ static struct cg_proc_stat *find_proc_stat_node(struct cg_proc_stat_head *head, + { + struct cg_proc_stat *node; + ++ prune_proc_stat_history(); + pthread_rwlock_rdlock(&head->lock); + + if (!head->next) { +@@ -289,15 +318,16 @@ static struct cg_proc_stat *find_proc_stat_node(struct cg_proc_stat_head *head, + node = head->next; + + do { +- if (strcmp(cg, node->cg) == 0) ++ if (strcmp(cg, node->cg) == 0) { ++ pthread_mutex_lock(&node->lock); + goto out; ++ } + } while ((node = node->next)); + + node = NULL; + + out: + pthread_rwlock_unlock(&head->lock); +- prune_proc_stat_history(); + return node; + } + +@@ -318,8 +348,6 @@ static struct cg_proc_stat *find_or_create_proc_stat_node(struct cpuacct_usage * + lxcfs_debug("New stat node (%d) for %s\n", cpu_count, cg); + } + +- pthread_mutex_lock(&node->lock); +- + /* + * If additional CPUs on the host have been enabled, CPU usage counter + * arrays have to be expanded. +-- +2.30.0 + diff --git a/0023-proc-fix-proc-diskstats-output-format.patch b/0023-proc-fix-proc-diskstats-output-format.patch new file mode 100644 index 0000000..458e499 --- /dev/null +++ b/0023-proc-fix-proc-diskstats-output-format.patch @@ -0,0 +1,91 @@ +From d928f8d073f87fdacaf9e93b616f5b84695036e3 Mon Sep 17 00:00:00 2001 +From: yangjiaqi +Date: Wed, 22 Mar 2023 15:31:34 +0800 +Subject: [PATCH] proc: fix /proc/diskstats output format + +--- + src/proc_fuse.c | 24 +++++++++++++++++++----- + 1 file changed, 19 insertions(+), 5 deletions(-) + +diff --git a/src/proc_fuse.c b/src/proc_fuse.c +index fe81cad..ce22974 100644 +--- a/src/proc_fuse.c ++++ b/src/proc_fuse.c +@@ -784,10 +784,10 @@ static int proc_diskstats_read(char *buf, size_t size, off_t offset, + memset(lbuf, 0, 256); + if (stats.read || stats.write || stats.read_merged || stats.write_merged || + stats.read_sectors || stats.write_sectors || stats.read_ticks || +- stats.write_ticks || stats.ios_pgr || stats.total_ticks || stats.rq_ticks || ++ stats.write_ticks || stats.ios_pgr || stats.total_ticks || stats.rq_ticks || stats.discard || + stats.discard_merged || stats.discard_sectors || stats.discard_ticks) { + if (need_record_diskstats(stats.major, stats.minor)) { +- sscanf(line, "%u %u %71s %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu\n", ++ sscanf(line, "%u %u %71s %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu\n", + &stats.major, + &stats.minor, + tmp_dev_name, +@@ -802,11 +802,12 @@ static int proc_diskstats_read(char *buf, size_t size, off_t offset, + &stats.ios_pgr, + &stats.total_ticks, + &stats.rq_ticks, ++ &stats.discard, + &stats.discard_merged, + &stats.discard_sectors, + &stats.discard_ticks); + } +- snprintf(lbuf, 256, "%u %u %s %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu\n", ++ ret = snprintf(lbuf, 256, "%u %u %s %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu\n", + stats.major, + stats.minor, + stats.dev_name, +@@ -821,11 +822,17 @@ static int proc_diskstats_read(char *buf, size_t size, off_t offset, + stats.ios_pgr, + stats.total_ticks, + stats.rq_ticks, ++ stats.discard, + stats.discard_merged, + stats.discard_sectors, + stats.discard_ticks); ++ if(ret >= 256) { ++ lxcfs_error("Insufficient buffer for %u:%u %s diskstats", ++ stats.major, stats.minor, stats.dev_name); ++ continue; ++ } + } else if (need_record_diskstats(stats.major, stats.minor)) { +- sscanf(line, "%u %u %71s %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu\n", ++ sscanf(line, "%u %u %71s %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu\n", + &stats.major, + &stats.minor, + tmp_dev_name, +@@ -840,10 +847,11 @@ static int proc_diskstats_read(char *buf, size_t size, off_t offset, + &stats.ios_pgr, + &stats.total_ticks, + &stats.rq_ticks, ++ &stats.discard, + &stats.discard_merged, + &stats.discard_sectors, + &stats.discard_ticks); +- snprintf(lbuf, 256, "%u %u %s %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu\n", ++ ret = snprintf(lbuf, 256, "%u %u %s %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu\n", + stats.major, + stats.minor, + stats.dev_name, +@@ -858,9 +866,15 @@ static int proc_diskstats_read(char *buf, size_t size, off_t offset, + stats.ios_pgr, + stats.total_ticks, + stats.rq_ticks, ++ stats.discard, + stats.discard_merged, + stats.discard_sectors, + stats.discard_ticks); ++ if(ret >= 256) { ++ lxcfs_error("Insufficient buffer for %u:%u %s diskstats", ++ stats.major, stats.minor, stats.dev_name); ++ continue; ++ } + } else { + continue; + } +-- +2.30.0 + diff --git a/lxcfs.spec b/lxcfs.spec index 19372e9..b1ae440 100644 --- a/lxcfs.spec +++ b/lxcfs.spec @@ -4,7 +4,7 @@ #Basic Information Name: lxcfs Version: 4.0.11 -Release: 3 +Release: 8 Summary: FUSE filesystem for LXC License: LGPL 2.1+ URL: http://linuxcontainers.org @@ -28,7 +28,11 @@ Patch9015: 0015-lxcfs-adapt-4.18-kernel.patch Patch9016: 0016-remove-lxcfs-tools-dependency-for-common-use.patch Patch9017: 0017-proc_fuse-fix-wait-child-process-hang.patch Patch9018: 0018-fix-deadlock-problem-when-subprocess-exit.patch -Patch9019: 0019-fix-dev_name-stack-overflow.patch +Patch9019: 0019-fix-dev-read-memory-leak-in-container.patch +Patch9020: 0020-enable-cfs-option-to-show-correct-proc-cpuinfo-view.patch +Patch9021: 0021-fix-pidfd_open-pidfd_send_signal-function-compilatio.patch +Patch9022: 0022-cpuview-fix-possible-use-after-free-in-find_proc_sta.patch +Patch9023: 0023-proc-fix-proc-diskstats-output-format.patch #Dependency BuildRequires: autoconf automake libtool help2man @@ -90,8 +94,29 @@ fi %{_unitdir}/* %changelog -* Wed Mar 02 2022 yangjiaqi - 4.0.11-3 -- fix dev_name stack overflow when using fscanf +* Wed Mar 22 2023 yangjiaqi - 4.0.11-8 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:fix /proc/diskstats output format + +* Wed Mar 22 2023 yangjiaqi - 4.0.11-7 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:fix possible use-after-free in find_proc_stat_node + +* Mon Dec 12 2022 yangjiaqi - 4.0.11-6 +- add yaml + +* Thu Nov 24 2022 yangjiaqi - 4.0.11-5 +- fix pidfd_open&pidfd_send_signal function compilation bug in glibc2.36+ + +* Mon Jul 04 2022 yangjiaqi - 4.0.11-4 +- enable cfs option to show correct proc cpuinfo view + +* Wed May 11 2022 zhangsong234 - 4.0.11-3 +- fix dev read memory leak in container * Fri Dec 17 2021 yangjiaqi - 4.0.11-2 - fix deadlock caused by subprocess calling lxcfs_exit -- Gitee