diff --git a/autofs-5.1.7-dont-use-AUTOFS_DEV_IOCTL_CLOSEMOUNT.patch b/autofs-5.1.7-dont-use-AUTOFS_DEV_IOCTL_CLOSEMOUNT.patch new file mode 100644 index 0000000..aafaed5 --- /dev/null +++ b/autofs-5.1.7-dont-use-AUTOFS_DEV_IOCTL_CLOSEMOUNT.patch @@ -0,0 +1,47 @@ +autofs-5.1.7 - dont use AUTOFS_DEV_IOCTL_CLOSEMOUNT + +From: Ian Kent + +Using an ioctl (AUTOFS_DEV_IOCTL_CLOSEMOUNT) to close an autofs mount +file handle can race with copy_to_user() so the file handle needs to +be closed using close(2) instead. + +Signed-off-by: Ian Kent +--- + CHANGELOG | 1 + + lib/dev-ioctl-lib.c | 10 +--------- + 2 files changed, 2 insertions(+), 9 deletions(-) + +diff --git a/CHANGELOG b/CHANGELOG +index 06bf24b8..51e7767e 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -68,6 +68,7 @@ + - add ext_mount_hash_mutex lock helpers. + - fix amd section mounts map reload. + - fix dandling symlink creation if nis support is not available. ++- dont use AUTOFS_DEV_IOCTL_CLOSEMOUNT. + + 25/01/2021 autofs-5.1.7 + - make bind mounts propagation slave by default. +diff --git a/lib/dev-ioctl-lib.c b/lib/dev-ioctl-lib.c +index e7a1b42a..6b549d73 100644 +--- a/lib/dev-ioctl-lib.c ++++ b/lib/dev-ioctl-lib.c +@@ -404,15 +404,7 @@ err: + /* Close */ + static int dev_ioctl_close(unsigned int logopt, int ioctlfd) + { +- struct autofs_dev_ioctl param; +- +- init_autofs_dev_ioctl(¶m); +- param.ioctlfd = ioctlfd; +- +- if (ioctl(ctl.devfd, AUTOFS_DEV_IOCTL_CLOSEMOUNT, ¶m) == -1) +- return -1; +- +- return 0; ++ return close(ioctlfd); + } + + static int ioctl_close(unsigned int logopt, int ioctlfd) diff --git a/autofs-5.1.7-fix-lookup_prune_one_cache-refactoring-change.patch b/autofs-5.1.7-fix-lookup_prune_one_cache-refactoring-change.patch new file mode 100644 index 0000000..f157755 --- /dev/null +++ b/autofs-5.1.7-fix-lookup_prune_one_cache-refactoring-change.patch @@ -0,0 +1,60 @@ +autofs-5.1.7 - fix lookup_prune_one_cache() refactoring change + +From: Ian Kent + +Commit 256963d6b (autofs-5.1.7 - refactor lookup_prune_one_cache() a bit) +changed the position of the getting the next enumeration map entry but +failed to update a couple of other locations that assume the next map +entry has been set. Under certain fairly common conditions this leads +to an infinite loop. + +Signed-off-by: Ian Kent +--- + CHANGELOG | 1 + + daemon/lookup.c | 5 ++++- + 2 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/CHANGELOG b/CHANGELOG +index 51e7767e..698cc27a 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -69,6 +69,7 @@ + - fix amd section mounts map reload. + - fix dandling symlink creation if nis support is not available. + - dont use AUTOFS_DEV_IOCTL_CLOSEMOUNT. ++- fix lookup_prune_one_cache() refactoring change. + + 25/01/2021 autofs-5.1.7 + - make bind mounts propagation slave by default. +diff --git a/daemon/lookup.c b/daemon/lookup.c +index 3e9722e4..0b281f83 100644 +--- a/daemon/lookup.c ++++ b/daemon/lookup.c +@@ -1379,6 +1379,7 @@ void lookup_prune_one_cache(struct autofs_point *ap, struct mapent_cache *mc, ti + if (!key || strchr(key, '*')) { + if (key) + free(key); ++ me = cache_enumerate(mc, me); + continue; + } + +@@ -1386,6 +1387,7 @@ void lookup_prune_one_cache(struct autofs_point *ap, struct mapent_cache *mc, ti + if (!path) { + warn(ap->logopt, "can't malloc storage for path"); + free(key); ++ me = cache_enumerate(mc, me); + continue; + } + +@@ -1413,9 +1415,10 @@ void lookup_prune_one_cache(struct autofs_point *ap, struct mapent_cache *mc, ti + } + if (!valid && + is_mounted(path, MNTS_REAL)) { +- debug(ap->logopt, "prune posponed, %s mounted", path); ++ debug(ap->logopt, "prune postponed, %s mounted", path); + free(key); + free(path); ++ me = cache_enumerate(mc, me); + continue; + } + if (valid) diff --git a/autofs.spec b/autofs.spec index b17df30..8d94071 100644 --- a/autofs.spec +++ b/autofs.spec @@ -12,7 +12,7 @@ Summary: A tool for automatically mounting and unmounting filesystems Name: autofs Version: 5.1.7 -Release: 12%{?dist} +Release: 13%{?dist} Epoch: 1 License: GPLv2+ Source: https://www.kernel.org/pub/linux/daemons/autofs/v5/autofs-%{version}.tar.gz @@ -86,6 +86,8 @@ Patch66: autofs-5.1.7-cater-for-empty-mounts-list-in-mnts_get_expire_list.patch Patch67: autofs-5.1.7-add-ext_mount_hash_mutex-lock-helpers.patch Patch68: autofs-5.1.7-fix-amd-section-mounts-map-reload.patch Patch69: autofs-5.1.7-fix-dandling-symlink-creation-if-nis-support-is-not-available.patch +Patch70: autofs-5.1.7-dont-use-AUTOFS_DEV_IOCTL_CLOSEMOUNT.patch +Patch71: autofs-5.1.7-fix-lookup_prune_one_cache-refactoring-change.patch %if %{with_systemd} BuildRequires: systemd-units @@ -219,6 +221,8 @@ echo %{version}-%{release} > .version %patch67 -p1 %patch68 -p1 %patch69 -p1 +%patch70 -p1 +%patch71 -p1 %build LDFLAGS=-Wl,-z,now @@ -327,6 +331,10 @@ fi %dir /etc/auto.master.d %changelog +* Mon May 31 2021 Ian Kent - 1:5.1.7-13 +- dont use AUTOFS_DEV_IOCTL_CLOSEMOUNT. +- fix lookup_prune_one_cache() refactoring change. + * Mon Apr 19 2021 Ian Kent - 1:5.1.7-12 - Coverity fixes. - add missing free in handle_mounts().