Remove bogus kernel hints in allocator=malloc

resolves: rhbz#1992542
2021-08-11 12:40:31 +01:00 · 2021-08-11 12:40:31 +01:00 · b56fe54678
parent 704d2b18ae
commit b56fe54678
2 changed files with 68 additions and 1 deletions
--- a/0023-common-allocators-malloc.c-Remove-bogus-kernel-hints.patch
+++ b/0023-common-allocators-malloc.c-Remove-bogus-kernel-hints.patch
@ -0,0 +1,62 @@
+From 85aea60685b493eac5e7664581c1887ede987461 Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Wed, 11 Aug 2021 05:54:15 -0400
+Subject: [PATCH] common/allocators/malloc.c: Remove bogus kernel hints
+
+These kernel hints are wrong in several ways.
+
+MADV_DONTFORK should not be used because when we use captive nbdkit
+(the --run option) we do actually fork and run nbdkit as the child.
+However the kernel does not have to provide the mallocd memory to this
+child process so it disappears.
+
+Even if the hints were not wrong, setting them using
+madvise (ma->ba.ptr ...) would be wrong because the allocator buffer
+can be extended at any time using realloc and could move in memory.
+The hints would then apply to unrelated glibc allocations.  I believe
+this is what caused the crash I observed.
+
+For some reason the bug was only seen on s390x where it caused memory
+corruption in glibc followed by a crash, but I don't believe this bug
+is specific to s390x, it's just something about that architecture that
+made it more likely to happen.
+
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1992542
+(cherry picked from commit 557a7a85c944dcd247feb0d670b0deca8da46576)
+---
+ common/allocators/malloc.c | 19 -------------------
+ 1 file changed, 19 deletions(-)
+
+diff --git a/common/allocators/malloc.c b/common/allocators/malloc.c
+index 9dc25a8e..59409c24 100644
+--- a/common/allocators/malloc.c
+++ b/common/allocators/malloc.c
+@@ -105,25 +105,6 @@ extend (struct m_alloc *ma, uint64_t new_size)
+       return -1;
+     }
+ 
+-    /* Hints to the kernel.  Doesn't matter if these fail.
+-     * XXX Consider in future: MADV_MERGEABLE (tunable)
+-     */
+-#ifdef MADV_RANDOM
+-    madvise (ma->ba.ptr, ma->ba.alloc, MADV_RANDOM);
+-#endif
+-#ifdef MADV_WILLNEED
+-    madvise (ma->ba.ptr, ma->ba.alloc, MADV_WILLNEED);
+-#endif
+-#ifdef MADV_DONTFORK
+-    madvise (ma->ba.ptr, ma->ba.alloc, MADV_DONTFORK);
+-#endif
+-#ifdef MADV_HUGEPAGE
+-    madvise (ma->ba.ptr, ma->ba.alloc, MADV_HUGEPAGE);
+-#endif
+-#ifdef MADV_DONTDUMP
+-    madvise (ma->ba.ptr, ma->ba.alloc, MADV_DONTDUMP);
+-#endif
+-
+     /* Initialize the newly allocated memory to 0. */
+     memset (ma->ba.ptr + old_size, 0, n);
+ 
+-- 
+2.31.1
+
--- a/nbdkit.spec
+++ b/nbdkit.spec
@ -51,7 +51,7 @@ ExclusiveArch:  x86_64

 Name:           nbdkit
 Version:        1.26.3
-Release:        3%{?dist}
+Release:        4%{?dist}
 Summary:        NBD server

 License:        BSD
@ -98,6 +98,7 @@ Patch0019:     0019-server-Return-from-nbdkit_nanosleep-early-if-the-soc.patch
 Patch0020:     0020-server-nanosleep-Change-error-for-early-end-of-sleep.patch
 Patch0021:     0021-delay-Fix-delay-close.patch
 Patch0022:     0022-delay-Test-delay-open-and-delay-close.patch
+Patch0023:     0023-common-allocators-malloc.c-Remove-bogus-kernel-hints.patch

 BuildRequires: make
 %if 0%{patches_touch_autotools}
@ -1268,6 +1269,10 @@ export LIBGUESTFS_TRACE=1


 %changelog
+* Wed Aug 11 2021 Richard W.M. Jones <rjones@redhat.com> - 1.26.3-4
+- Remove bogus kernel hints in allocator=malloc
+  resolves: rhbz#1992542
+
 * Tue Aug 10 2021 Richard W.M. Jones <rjones@redhat.com> - 1.26.3-3
 - Fix parsing of delay-* options
  resolves: rhbz#1991649