Avoid SSH agent deadlocks (RHEL-11916)

Resolves: RHEL-11916
This commit is contained in:
David King 2024-04-12 14:54:37 +01:00 committed by David King
parent 40ceeffbbb
commit b2a40d33f8
3 changed files with 167 additions and 1 deletions

View File

@ -0,0 +1,82 @@
From dd92a85fb44ff68e075c348176d042448745fac8 Mon Sep 17 00:00:00 2001
From: Steven Luo <s_luo@berkeley.edu>
Date: Mon, 5 Feb 2024 10:22:02 -0800
Subject: [PATCH 1/2] ssh-agent: avoid deadlock when agent process dies before
we connect to it
gkd_ssh_agent_process_connect() waits for the ssh-agent process to
become ready to accept input by entering the main loop while holding
self->lock. However, if the ssh-agent process dies before becoming
ready, the main loop will call on_child_watch(), which needs to take
self->lock, causing a deadlock. Fix this by releasing the lock before
entering the main loop.
This should prevent a busyloop that's been reported multiple times [1]
[2] from lasting forever.
[1] https://bugzilla.gnome.org/show_bug.cgi?id=794848
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1841855 (migrated to
https://issues.redhat.com/browse/RHEL-9302)
---
daemon/ssh-agent/gkd-ssh-agent-process.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/daemon/ssh-agent/gkd-ssh-agent-process.c b/daemon/ssh-agent/gkd-ssh-agent-process.c
index d3bb3a7ed..cbf10ffb2 100644
--- a/daemon/ssh-agent/gkd-ssh-agent-process.c
+++ b/daemon/ssh-agent/gkd-ssh-agent-process.c
@@ -228,8 +228,11 @@ gkd_ssh_agent_process_connect (GkdSshAgentProcess *self,
if (started && !self->ready) {
source = g_timeout_add_seconds (5, on_timeout, &timedout);
- while (!self->ready && !timedout)
+ while (!self->ready && !timedout) {
+ g_mutex_unlock (&self->lock);
g_main_context_iteration (NULL, FALSE);
+ g_mutex_lock (&self->lock);
+ }
g_source_remove (source);
}
--
GitLab
From 03ca2228205bfaa7510116142f9beaaf2a682042 Mon Sep 17 00:00:00 2001
From: Steven Luo <s_luo@berkeley.edu>
Date: Mon, 5 Feb 2024 10:29:56 -0800
Subject: [PATCH 2/2] ssh-agent: stop waiting for agent to become ready if it's
dead
If the ssh-agent process we launch dies before it becomes ready to take
input, self->pid will be set to 0 by on_child_watch(). If that happens,
there's no point in continuing to wait for the process to become ready.
This should avoid an unnecessary five-second wait in cases like [1] or
[2].
[1] https://bugzilla.gnome.org/show_bug.cgi?id=794848
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1841855 (migrated to
https://issues.redhat.com/browse/RHEL-9302)
---
daemon/ssh-agent/gkd-ssh-agent-process.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/daemon/ssh-agent/gkd-ssh-agent-process.c b/daemon/ssh-agent/gkd-ssh-agent-process.c
index cbf10ffb2..82e5559fb 100644
--- a/daemon/ssh-agent/gkd-ssh-agent-process.c
+++ b/daemon/ssh-agent/gkd-ssh-agent-process.c
@@ -226,9 +226,9 @@ gkd_ssh_agent_process_connect (GkdSshAgentProcess *self,
started = TRUE;
}
- if (started && !self->ready) {
+ if (started && self->pid && !self->ready) {
source = g_timeout_add_seconds (5, on_timeout, &timedout);
- while (!self->ready && !timedout) {
+ while (self->pid && !self->ready && !timedout) {
g_mutex_unlock (&self->lock);
g_main_context_iteration (NULL, FALSE);
g_mutex_lock (&self->lock);
--
GitLab

View File

@ -0,0 +1,78 @@
From 6c4ad4cff086ba7fd79ef406311a283c6a942baf Mon Sep 17 00:00:00 2001
From: Matt Turner <mattst88@gmail.com>
Date: Sun, 22 May 2022 13:00:46 -0400
Subject: [PATCH] pkcs11: Don't use strncpy when copying paths
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Using strncpy produces the following warning, which indicates that the
destination string could be left unterminated.
CC daemon/control/gkd-control-server.lo
CCLD libgkd-control.la
CC pkcs11/rpc-layer/libgkm_rpc_layer_la-gkm-rpc-dispatch.lo
In file included from /usr/include/string.h:519,
from /usr/include/glib-2.0/glib/galloca.h:33,
from /usr/include/glib-2.0/glib.h:30,
from ./egg/egg-error.h:24,
from pkcs11/rpc-layer/gkm-rpc-dispatch.c:31:
In function strncpy,
inlined from gkm_rpc_layer_startup at pkcs11/rpc-layer/gkm-rpc-dispatch.c:2382:2:
/usr/include/bits/string_fortified.h:95:10: warning: __builtin_strncpy specified bound 108 equals destination size [-Wstringop-truncation]
95 | return __builtin___strncpy_chk (__dest, __src, __len,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
96 | __glibc_objsize (__dest));
| ~~~~~~~~~~~~~~~~~~~~~~~~~
---
pkcs11/rpc-layer/gkm-rpc-dispatch.c | 4 +++-
pkcs11/rpc-layer/gkm-rpc-module.c | 4 +++-
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/pkcs11/rpc-layer/gkm-rpc-dispatch.c b/pkcs11/rpc-layer/gkm-rpc-dispatch.c
index 72d2ced1f..dbedb355e 100644
--- a/pkcs11/rpc-layer/gkm-rpc-dispatch.c
+++ b/pkcs11/rpc-layer/gkm-rpc-dispatch.c
@@ -31,6 +31,8 @@
#include "egg/egg-error.h"
#include "egg/egg-unix-credentials.h"
+#include <glib.h>
+
#include <sys/types.h>
#include <sys/param.h>
#include <sys/socket.h>
@@ -2379,7 +2381,7 @@ gkm_rpc_layer_startup (const char *prefix)
memset(&addr, 0, sizeof(addr));
addr.sun_family = AF_UNIX;
unlink (pkcs11_socket_path);
- strncpy (addr.sun_path, pkcs11_socket_path, sizeof (addr.sun_path));
+ g_strlcpy (addr.sun_path, pkcs11_socket_path, sizeof (addr.sun_path));
if (bind (sock, (struct sockaddr*)&addr, sizeof (addr)) < 0) {
gkm_rpc_warn ("couldn't bind to pkcs11 socket: %s: %s",
pkcs11_socket_path, strerror (errno));
diff --git a/pkcs11/rpc-layer/gkm-rpc-module.c b/pkcs11/rpc-layer/gkm-rpc-module.c
index 24457ce18..515b18a4d 100644
--- a/pkcs11/rpc-layer/gkm-rpc-module.c
+++ b/pkcs11/rpc-layer/gkm-rpc-module.c
@@ -29,6 +29,8 @@
#include "egg/egg-unix-credentials.h"
+#include <glib.h>
+
#include <sys/types.h>
#include <sys/param.h>
#include <sys/socket.h>
@@ -233,7 +235,7 @@ call_connect (CallState *cs)
debug (("connecting to: %s", pkcs11_socket_path));
addr.sun_family = AF_UNIX;
- strncpy (addr.sun_path, pkcs11_socket_path, sizeof (addr.sun_path));
+ g_strlcpy (addr.sun_path, pkcs11_socket_path, sizeof (addr.sun_path));
sock = socket (AF_UNIX, SOCK_STREAM, 0);
if (sock < 0) {
--
GitLab

View File

@ -4,12 +4,15 @@
Name: gnome-keyring
Version: 3.28.2
Release: 1%{?dist}
Release: 2%{?dist}
Summary: Framework for managing passwords and other secrets
License: GPLv2+ and LGPLv2+
URL: https://wiki.gnome.org/Projects/GnomeKeyring
Source0: https://download.gnome.org/sources/%{name}/3.28/%{name}-%{version}.tar.xz
# https://issues.redhat.com/browse/RHEL-11916
Patch0: gnome-keyring-40.0-ssh-agent-avoid-deadlock.patch
Patch1: gnome-keyring-40.0-strncpy.patch
BuildRequires: pkgconfig(gcr-3) >= %{gcr_version}
BuildRequires: pkgconfig(glib-2.0) >= %{glib2_version}
@ -99,6 +102,9 @@ rm $RPM_BUILD_ROOT%{_libdir}/gnome-keyring/devel/*.la
%changelog
* Fri Apr 12 2024 David King <dking@redhat.com> - 3.28.2-2
- Avoid SSH agent deadlocks (RHEL-11916)
* Tue May 08 2018 Kalev Lember <klember@redhat.com> - 3.28.2-1
- Update to 3.28.2