From 0db5bfbdba844ac3681e0818e488036f19af95ea Mon Sep 17 00:00:00 2001
From: Ian Kent <ikent@redhat.com>
Date: Mon, 12 May 2025 15:33:46 +0800
Subject: [PATCH] - Add fix for Jira RHEL-90571.

---
 ....1.9-fix-handling-of-ignored-offsets.patch | 89 +++++++++++++++++++
 ...d-map-entry-handling-in-hosts-module.patch | 40 +++++++++
 autofs.spec                                   | 12 ++-
 3 files changed, 140 insertions(+), 1 deletion(-)
 create mode 100644 autofs-5.1.9-fix-handling-of-ignored-offsets.patch
 create mode 100644 autofs-5.1.9-fix-invalidated-map-entry-handling-in-hosts-module.patch

diff --git a/autofs-5.1.9-fix-handling-of-ignored-offsets.patch b/autofs-5.1.9-fix-handling-of-ignored-offsets.patch
new file mode 100644
index 0000000..3ac77c0
--- /dev/null
+++ b/autofs-5.1.9-fix-handling-of-ignored-offsets.patch
@@ -0,0 +1,89 @@
+autofs-5.1.9 - fix handling of ignored offsets
+
+From: Ian Kent <raven@themaw.net>
+
+If a map entry offset path already has a real mount mounted on it then
+it's ignored as it has very likely been auto-mounted by the NFS client.
+
+But we have seen a case were autofs incorrectly makes a function call
+that attempts to mount the offset tree mounts again after successfully
+mounting the real mount on the offset. This causes automount(8) to see
+this as an NFS auto-mounted mount to be ignored and then incorrectly
+invalidates these offsets.
+
+Guard against this by flagging offset trigger mounts as mounted when
+they are initially successfully mounted and clearing it upon umounting
+them.
+
+Signed-off-by: Ian Kent <raven@themaw.net>
+---
+ CHANGELOG           |    1 +
+ daemon/direct.c     |    3 +++
+ include/automount.h |    3 +++
+ lib/mounts.c        |    7 ++++++-
+ 4 files changed, 13 insertions(+), 1 deletion(-)
+
+--- autofs-5.1.9.orig/CHANGELOG
++++ autofs-5.1.9/CHANGELOG
+@@ -20,6 +20,7 @@
+ - fix submount shutdown race.
+ - fix deadlock in master_notify_submount().
+ - fix lock ordering deadlock in expire_cleanup().
++- fix handling of ignored offsets.
+ 
+ 02/11/2023 autofs-5.1.9
+ - fix kernel mount status notification.
+--- autofs-5.1.9.orig/daemon/direct.c
++++ autofs-5.1.9/daemon/direct.c
+@@ -541,6 +541,7 @@ int umount_autofs_offset(struct autofs_p
+ 			debug(ap->logopt,
+ 			      "offset %s not mounted",
+ 			      me->key);
++			me->flags &= ~MOUNT_FLAG_OFFSET_MOUNTED;
+ 			return 0;
+ 		}
+ 		ioctlfd = open_ioctlfd(ap, me->key, me->dev);
+@@ -629,6 +630,7 @@ force_umount:
+ 		rv = umount2(me->key, MNT_DETACH);
+ 	} else
+ 		info(ap->logopt, "umounted offset mount %s", me->key);
++	me->flags &= ~MOUNT_FLAG_OFFSET_MOUNTED;
+ 
+ 	return rv;
+ }
+@@ -783,6 +785,7 @@ int mount_autofs_offset(struct autofs_po
+ 	cache_set_ino_index(me->mc, me);
+ 	notify_mount_result(ap, me->key, timeout, str_offset);
+ 	ops->close(ap->logopt, ioctlfd);
++	me->flags |= MOUNT_FLAG_OFFSET_MOUNTED;
+ 
+ 	debug(ap->logopt, "mounted trigger %s", me->key);
+ 
+--- autofs-5.1.9.orig/include/automount.h
++++ autofs-5.1.9/include/automount.h
+@@ -548,6 +548,9 @@ struct kernel_mod_version {
+ /* Indicator for applications to ignore the mount entry */
+ #define MOUNT_FLAG_IGNORE		0x1000
+ 
++/* Flag to show we have mounted the offset mount trigger */
++#define MOUNT_FLAG_OFFSET_MOUNTED	0x2000
++
+ struct autofs_point {
+ 	pthread_t thid;
+ 	char *path;			/* Mount point name */
+--- autofs-5.1.9.orig/lib/mounts.c
++++ autofs-5.1.9/lib/mounts.c
+@@ -1865,7 +1865,12 @@ static int tree_mapent_mount_offset(stru
+ 		if (ret != MOUNT_OFFSET_IGNORE) {
+ 			warn(ap->logopt, "failed to mount offset");
+ 			return 0;
+-		} else {
++		}
++
++		/* Only invalidate the offset trigger if a real mount
++		 * is not covering it.
++		 */
++		if (!(oe->flags & MOUNT_FLAG_OFFSET_MOUNTED)) {
+ 			debug(ap->logopt,
+ 			      "ignoring \"nohide\" trigger %s", oe->key);
+ 			/*
diff --git a/autofs-5.1.9-fix-invalidated-map-entry-handling-in-hosts-module.patch b/autofs-5.1.9-fix-invalidated-map-entry-handling-in-hosts-module.patch
new file mode 100644
index 0000000..b0544be
--- /dev/null
+++ b/autofs-5.1.9-fix-invalidated-map-entry-handling-in-hosts-module.patch
@@ -0,0 +1,40 @@
+autofs-5.1.9 - fix invalidated map entry handling in hosts module
+
+From: Ian Kent <raven@themaw.net>
+
+The multi-mount handling must be able to deal with NFS auto-mounting
+mounts itself within a mount tree. If this happens the mapent will have
+its ->mapent set to NULL but will not be marked with a negative timeout
+and mount attempts should silently succeed. All lookup modules handle
+this ok already except the hosts lookup module so fix it.
+
+Signed-off-by: Ian Kent <raven@themaw.net>
+---
+ CHANGELOG              |    1 +
+ modules/lookup_hosts.c |    5 +++++
+ 2 files changed, 6 insertions(+)
+
+--- autofs-5.1.9.orig/CHANGELOG
++++ autofs-5.1.9/CHANGELOG
+@@ -21,6 +21,7 @@
+ - fix deadlock in master_notify_submount().
+ - fix lock ordering deadlock in expire_cleanup().
+ - fix handling of ignored offsets.
++- fix invalidated map entry handling in hosts module.
+ 
+ 02/11/2023 autofs-5.1.9
+ - fix kernel mount status notification.
+--- autofs-5.1.9.orig/modules/lookup_hosts.c
++++ autofs-5.1.9/modules/lookup_hosts.c
+@@ -428,6 +428,11 @@ int lookup_mount(struct autofs_point *ap
+ 	 * it must be a mount request for one of the exports.
+ 	 */
+ 	if (*name == '/') {
++		/* Multi-mounts must be able to ignore offsets that have
++		 * been auto-mounted by NFS itself.
++		 */
++		if (!me->mapent)
++			return NSS_STATUS_SUCCESS;
+ 		pthread_cleanup_push(cache_lock_cleanup, mc);
+ 		mapent_len = strlen(me->mapent);
+ 		mapent = malloc(mapent_len + 1);
diff --git a/autofs.spec b/autofs.spec
index be596db..a24264a 100644
--- a/autofs.spec
+++ b/autofs.spec
@@ -12,7 +12,7 @@
 Summary: A tool for automatically mounting and unmounting filesystems
 Name: autofs
 Version: 5.1.9
-Release: 12%{?dist}
+Release: 13%{?dist}
 Epoch: 1
 License: GPL-2.0-or-later
 Source: https://www.kernel.org/pub/linux/daemons/autofs/v5/autofs-%{version}.tar.gz
@@ -40,6 +40,10 @@ Patch20: autofs-5.1.9-fix-submount-shutdown-race.patch
 Patch21: autofs-5.1.9-fix-deadlock-in-master_notify_submount.patch
 Patch22: autofs-5.1.9-fix-lock-ordering-deadlock-in-expire_cleanup.patch
 
+# RHEL-90571
+Patch30: autofs-5.1.9-fix-handling-of-ignored-offsets.patch
+Patch31: autofs-5.1.9-fix-invalidated-map-entry-handling-in-hosts-module.patch
+
 %if %{with_systemd}
 BuildRequires: systemd-units
 BuildRequires: systemd-devel
@@ -211,6 +215,12 @@ fi
 %dir /etc/auto.master.d
 
 %changelog
+* Mon May 12 2025 Ian Kent <ikent@redhat.com> - 1:5.1.9-13
+- RHEL-90571 - autofs: segfault while dereferencing null mapent [rhel-10]
+  - fix handling of ignored offsets.
+  - fix invalidated map entry handling in hosts module.
+- Resolves: RHEL-90571
+
 * Wed Apr 30 2025 Ian Kent <ikent@redhat.com> - 1:5.1.9-12
 - RHEL-87525 - autofs hang - autofs-5.1.4-114.el8_10.2 [rhel-10]
   - fix submount shutdown race.