From b56fe546781561cfa5479efc2987edd9ac7c3f03 Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Wed, 11 Aug 2021 12:40:31 +0100 Subject: [PATCH] Remove bogus kernel hints in allocator=malloc resolves: rhbz#1992542 --- ...s-malloc.c-Remove-bogus-kernel-hints.patch | 62 +++++++++++++++++++ nbdkit.spec | 7 ++- 2 files changed, 68 insertions(+), 1 deletion(-) create mode 100644 0023-common-allocators-malloc.c-Remove-bogus-kernel-hints.patch diff --git a/0023-common-allocators-malloc.c-Remove-bogus-kernel-hints.patch b/0023-common-allocators-malloc.c-Remove-bogus-kernel-hints.patch new file mode 100644 index 0000000..d6e4ef6 --- /dev/null +++ b/0023-common-allocators-malloc.c-Remove-bogus-kernel-hints.patch @@ -0,0 +1,62 @@ +From 85aea60685b493eac5e7664581c1887ede987461 Mon Sep 17 00:00:00 2001 +From: "Richard W.M. Jones" +Date: Wed, 11 Aug 2021 05:54:15 -0400 +Subject: [PATCH] common/allocators/malloc.c: Remove bogus kernel hints + +These kernel hints are wrong in several ways. + +MADV_DONTFORK should not be used because when we use captive nbdkit +(the --run option) we do actually fork and run nbdkit as the child. +However the kernel does not have to provide the mallocd memory to this +child process so it disappears. + +Even if the hints were not wrong, setting them using +madvise (ma->ba.ptr ...) would be wrong because the allocator buffer +can be extended at any time using realloc and could move in memory. +The hints would then apply to unrelated glibc allocations. I believe +this is what caused the crash I observed. + +For some reason the bug was only seen on s390x where it caused memory +corruption in glibc followed by a crash, but I don't believe this bug +is specific to s390x, it's just something about that architecture that +made it more likely to happen. + +Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1992542 +(cherry picked from commit 557a7a85c944dcd247feb0d670b0deca8da46576) +--- + common/allocators/malloc.c | 19 ------------------- + 1 file changed, 19 deletions(-) + +diff --git a/common/allocators/malloc.c b/common/allocators/malloc.c +index 9dc25a8e..59409c24 100644 +--- a/common/allocators/malloc.c ++++ b/common/allocators/malloc.c +@@ -105,25 +105,6 @@ extend (struct m_alloc *ma, uint64_t new_size) + return -1; + } + +- /* Hints to the kernel. Doesn't matter if these fail. +- * XXX Consider in future: MADV_MERGEABLE (tunable) +- */ +-#ifdef MADV_RANDOM +- madvise (ma->ba.ptr, ma->ba.alloc, MADV_RANDOM); +-#endif +-#ifdef MADV_WILLNEED +- madvise (ma->ba.ptr, ma->ba.alloc, MADV_WILLNEED); +-#endif +-#ifdef MADV_DONTFORK +- madvise (ma->ba.ptr, ma->ba.alloc, MADV_DONTFORK); +-#endif +-#ifdef MADV_HUGEPAGE +- madvise (ma->ba.ptr, ma->ba.alloc, MADV_HUGEPAGE); +-#endif +-#ifdef MADV_DONTDUMP +- madvise (ma->ba.ptr, ma->ba.alloc, MADV_DONTDUMP); +-#endif +- + /* Initialize the newly allocated memory to 0. */ + memset (ma->ba.ptr + old_size, 0, n); + +-- +2.31.1 + diff --git a/nbdkit.spec b/nbdkit.spec index 3681299..0867673 100644 --- a/nbdkit.spec +++ b/nbdkit.spec @@ -51,7 +51,7 @@ ExclusiveArch: x86_64 Name: nbdkit Version: 1.26.3 -Release: 3%{?dist} +Release: 4%{?dist} Summary: NBD server License: BSD @@ -98,6 +98,7 @@ Patch0019: 0019-server-Return-from-nbdkit_nanosleep-early-if-the-soc.patch Patch0020: 0020-server-nanosleep-Change-error-for-early-end-of-sleep.patch Patch0021: 0021-delay-Fix-delay-close.patch Patch0022: 0022-delay-Test-delay-open-and-delay-close.patch +Patch0023: 0023-common-allocators-malloc.c-Remove-bogus-kernel-hints.patch BuildRequires: make %if 0%{patches_touch_autotools} @@ -1268,6 +1269,10 @@ export LIBGUESTFS_TRACE=1 %changelog +* Wed Aug 11 2021 Richard W.M. Jones - 1.26.3-4 +- Remove bogus kernel hints in allocator=malloc + resolves: rhbz#1992542 + * Tue Aug 10 2021 Richard W.M. Jones - 1.26.3-3 - Fix parsing of delay-* options resolves: rhbz#1991649