From 5a4722cbbe215e3765cfa323dd6186c2c2a01b1d Mon Sep 17 00:00:00 2001
From: Ian Kent <raven@themaw.net>
Date: Tue, 19 Dec 2023 11:30:21 +0800
Subject: [PATCH] Fix a SEGV that occurs during a restart when remounting
 already mounted mounts.

Jira: https://issues.redhat.com/browse/RHEL-18035

In commit 635b90ecc (autofs-5.1.8 - fix mount tree startup reconnect)
when getting the parent the check for a multi-mount should include a
check for the root of the multi-mount as well since the root does not
set the parent.

There's also a possible deadlock when re-connecting to existing direct
mounts. If we're starting up or trying to re-connect to an existing
direct mount we could be iterating through the map entries with the
readlock held so we can't just take the writelock for direct mounts.
But when trying to re-connect to an existing mount at startup there
won't be any other process updating the map entry cache.

Signed-off-by: Ian Kent <ikent@redhat.com>
---
 autofs-5.1.9-fix-deadlock-in-remount.patch    | 68 +++++++++++++++++++
 ...ent-multi-mount-check-in-try_remount.patch | 43 ++++++++++++
 autofs.spec                                   | 15 +++-
 3 files changed, 125 insertions(+), 1 deletion(-)
 create mode 100644 autofs-5.1.9-fix-deadlock-in-remount.patch
 create mode 100644 autofs-5.1.9-fix-get-parent-multi-mount-check-in-try_remount.patch

diff --git a/autofs-5.1.9-fix-deadlock-in-remount.patch b/autofs-5.1.9-fix-deadlock-in-remount.patch
new file mode 100644
index 0000000..5a0f8c4
--- /dev/null
+++ b/autofs-5.1.9-fix-deadlock-in-remount.patch
@@ -0,0 +1,68 @@
+autofs-5.1.9 - fix deadlock in remount
+
+From: Ian Kent <raven@themaw.net>
+
+If we're starting up or trying to re-connect to an existing direct mount
+we could be iterating through the map entries with the cache readlock
+held so we can't just take the writelock for direct mounts. But when
+trying to re-connect to an existing mount at startup there won't be any
+other process updating the map entry cache.
+
+Signed-off-by: Ian Kent <raven@themaw.net>
+---
+ CHANGELOG           |    1 +
+ modules/parse_sun.c |   26 ++++++++++++++++++++++++--
+ 2 files changed, 25 insertions(+), 2 deletions(-)
+
+--- autofs-5.1.4.orig/CHANGELOG
++++ autofs-5.1.4/CHANGELOG
+@@ -153,6 +153,7 @@
+ - allow -null map in indirect maps.
+ - fix multi-mount check.
+ - fix get parent multi-mount check in try_remount().
++- fix deadlock in remount.
+ 
+ xx/xx/2018 autofs-5.1.5
+ - fix flag file permission.
+--- autofs-5.1.4.orig/modules/parse_sun.c
++++ autofs-5.1.4/modules/parse_sun.c
+@@ -888,7 +888,18 @@ update_offset_entry(struct autofs_point
+ 			strcpy(m_mapent, loc);
+ 	}
+ 
+-	cache_writelock(mc);
++	/*
++	 * If we're starting up or trying to re-connect to an existing
++	 * direct mount we could be iterating through the map entries
++	 * with the readlock held so we can't just take the writelock
++	 * for direct mounts. But at when trying to re-connect to an
++	 * existing mount at startup there won't be any other process
++	 * updating the map entry cache.
++	 */
++	if (ap->state == ST_INIT && ap->flags & MOUNT_FLAG_REMOUNT)
++		cache_readlock(mc);
++	else
++		cache_writelock(mc);
+ 	ret = cache_update_offset(mc, name, m_key, m_mapent, age);
+ 
+ 	me = cache_lookup_distinct(mc, m_key);
+@@ -1580,7 +1591,18 @@ dont_expand:
+ 			free(myoptions);
+ 		} while (*p == '/' || (*p == '"' && *(p + 1) == '/'));
+ 
+-		cache_writelock(mc);
++		/*
++		 * If we're starting up or trying to re-connect to an existing
++		 * direct mount we could be iterating through the map entries
++		 * with the readlock held so we can't just take the writelock
++		 * for direct mounts. But at when trying to re-connect to an
++		 * existing mount at startup there won't be any other process
++		 * updating the map entry cache.
++		 */
++		if (ap->state == ST_INIT && ap->flags & MOUNT_FLAG_REMOUNT)
++			cache_readlock(mc);
++		else
++			cache_writelock(mc);
+ 		me = cache_lookup_distinct(mc, name);
+ 		if (!me) {
+ 			cache_unlock(mc);
diff --git a/autofs-5.1.9-fix-get-parent-multi-mount-check-in-try_remount.patch b/autofs-5.1.9-fix-get-parent-multi-mount-check-in-try_remount.patch
new file mode 100644
index 0000000..48a07d8
--- /dev/null
+++ b/autofs-5.1.9-fix-get-parent-multi-mount-check-in-try_remount.patch
@@ -0,0 +1,43 @@
+autofs-5.1.9 - fix get parent multi-mount check in try_remount()
+
+From: Ian Kent <raven@themaw.net>
+
+In commit 635b90ecc (autofs-5.1.8 - fix mount tree startup reconnect)
+when getting the parent the check for a multi-mount should include a
+check for the root of the multi-mount as well since the root does not
+set its parent (it remains NULL).
+
+We could set the root parent to itself but that may have side effects
+because the convention has always been the parent is NULL for the
+multi-mount root.
+
+Reported-by: Roberto Bergantinos Corpas <rbergant@redhat.com>
+Suggested-by: Roberto Bergantinos Corpas <rbergant@redhat.com>
+
+Signed-off-by: Ian Kent <raven@themaw.net>
+---
+ CHANGELOG    |    1 +
+ lib/mounts.c |    2 +-
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+--- autofs-5.1.4.orig/CHANGELOG
++++ autofs-5.1.4/CHANGELOG
+@@ -152,6 +152,7 @@
+ - fix expire retry looping.
+ - allow -null map in indirect maps.
+ - fix multi-mount check.
++- fix get parent multi-mount check in try_remount().
+ 
+ xx/xx/2018 autofs-5.1.5
+ - fix flag file permission.
+--- autofs-5.1.4.orig/lib/mounts.c
++++ autofs-5.1.4/lib/mounts.c
+@@ -2878,7 +2878,7 @@ int try_remount(struct autofs_point *ap,
+ 	}
+ 
+ 	me->flags &= ~MOUNT_FLAG_DIR_CREATED;
+-	mapent = IS_MM(me) ? MM_PARENT(me) : me;
++	mapent = IS_MM(me) && !IS_MM_ROOT(me) ? MM_PARENT(me) : me;
+ 	/* Direct or offset mount, key is full path */
+ 	if (mapent->key[0] == '/') {
+ 		if (!is_mounted(mapent->key, MNTS_REAL))
diff --git a/autofs.spec b/autofs.spec
index 435b911..d178f09 100644
--- a/autofs.spec
+++ b/autofs.spec
@@ -8,7 +8,7 @@
 Summary: A tool for automatically mounting and unmounting filesystems
 Name: autofs
 Version: 5.1.4
-Release: 112%{?dist}
+Release: 113%{?dist}
 Epoch: 1
 License: GPLv2+
 Group: System Environment/Daemons
@@ -329,6 +329,9 @@ Patch326: autofs-5.1.8-fix-expire-retry-looping.patch
 Patch327: autofs-5.1.8-allow-null-map-in-indirect-maps.patch
 Patch328: autofs-5.1.8-fix-multi-mount-check.patch
 
+Patch329: autofs-5.1.9-fix-get-parent-multi-mount-check-in-try_remount.patch
+Patch330: autofs-5.1.9-fix-deadlock-in-remount.patch
+
 %if %{with_systemd}
 BuildRequires: systemd-units
 BuildRequires: systemd-devel
@@ -698,6 +701,9 @@ echo %{version}-%{release} > .version
 %patch327 -p1
 %patch328 -p1
 
+%patch329 -p1
+%patch330 -p1
+
 %build
 LDFLAGS=-Wl,-z,now
 %configure --disable-mount-locking --enable-ignore-busy --with-libtirpc --without-hesiod %{?systemd_configure_arg:}
@@ -792,6 +798,13 @@ fi
 %dir /etc/auto.master.d
 
 %changelog
+* Mon Dec 18 2023 Ian Kent <ikent@redhat.com> - 5.1.4-113
+- RHEL-18035 - SIGSEGV using hierarchical map entries on reload with
+  autofs-5.1.4-109
+  - fix get parent multi-mount check in try_remount().
+  - fix deadlock in remount.
+- Resolves: RHEL-18035
+
 * Mon Sep 18 2023 Ian Kent <ikent@redhat.com> - 5.1.4-112
 - RHEL-7997 - multi mount detection fails for share with blank+dash
   causing SEGV crash