diff --git a/pcp.spec b/pcp.spec index 1f82fd3..086765d 100644 --- a/pcp.spec +++ b/pcp.spec @@ -1,6 +1,6 @@ Name: pcp Version: 5.3.7 -Release: 21%{?dist} +Release: 22%{?dist} Summary: System-level performance monitoring and performance management License: GPLv2+ and LGPLv2+ and CC-BY URL: https://pcp.io @@ -29,6 +29,10 @@ Patch18: redhat-issues-RHEL-7507-pmdaopenmetrics-quoting.patch Patch19: redhat-issues-RHEL-7501-pmlogger_farm-selinux-policy.patch Patch20: redhat-issues-RHEL-30715-pmproxy-resp-proxy-disabled.patch Patch21: redhat-issues-RHEL-29708-python-day-of-year-range.patch +Patch22: redhat-issues-RHEL-57796-pmcd-pmstore-corruption.patch +Patch23: redhat-issues-RHEL-57799-pmpost-symlink-handling.patch +Patch24: redhat-issues-RHEL-34586-pmproxy-pmcd-fd-leak.patch +Patch25: redhat-issues-RHEL-57788-pmdahacluster-update.patch # The additional linker flags break out-of-tree PMDAs. # https://bugzilla.redhat.com/show_bug.cgi?id=2043092 @@ -3371,6 +3375,12 @@ fi %files zeroconf -f pcp-zeroconf-files.rpm %changelog +* Mon Sep 09 2024 Nathan Scott - 5.3.7-22 +- Fix buffer sizing checks in pmstore PDU handling (RHEL-57796) +- Guard against symlink attacks in pmpost program (RHEL-57799) +- Fix libpcp_web webgroup slow request refcounting (RHEL-58002) +- Update pmdahacluster for newer crm_mon versions (RHEL-57788) + * Thu Aug 08 2024 Nathan Scott - 5.3.7-21 - Fix python API day-of-year out of range bug (RHEL-29708) - Added spec deps on ps and diffutils for diff (RHEL-17081) diff --git a/redhat-issues-RHEL-34586-pmproxy-pmcd-fd-leak.patch b/redhat-issues-RHEL-34586-pmproxy-pmcd-fd-leak.patch new file mode 100644 index 0000000..bb1f6cc --- /dev/null +++ b/redhat-issues-RHEL-34586-pmproxy-pmcd-fd-leak.patch @@ -0,0 +1,320 @@ +diff -Naurp pcp-5.3.7.orig/qa/src/test_pcp_sockets.python pcp-5.3.7/qa/src/test_pcp_sockets.python +--- pcp-5.3.7.orig/qa/src/test_pcp_sockets.python 1970-01-01 10:00:00.000000000 +1000 ++++ pcp-5.3.7/qa/src/test_pcp_sockets.python 2024-09-09 13:47:06.848083320 +1000 +@@ -0,0 +1,23 @@ ++import socket ++import cpmapi as api ++from pcp import pmapi ++ ++address = 'localhost' ++port = 44321 ++ ++c = [] ++for i in range(0, 1234): ++ print('context', i) ++ ctx = pmapi.pmContext(api.PM_CONTEXT_HOST, "local:") ++ print('created', i) ++ c.append(ctx) ++ ++s = [] ++for i in range(0, 1234): ++ sock = socket.socket() ++ print('socket', i) ++ sock.connect((address, port)) ++ print('connect', i) ++ sock.send(b"abba\r") # -- gives a too-large PDU ++ print('send', i) ++ # s.append(sock) # -- exercise pduread: timeout +diff -Naurp pcp-5.3.7.orig/src/libpcp/src/pdu.c pcp-5.3.7/src/libpcp/src/pdu.c +--- pcp-5.3.7.orig/src/libpcp/src/pdu.c 2022-04-05 09:05:43.000000000 +1000 ++++ pcp-5.3.7/src/libpcp/src/pdu.c 2024-09-09 13:47:06.869083364 +1000 +@@ -186,10 +186,7 @@ pduread(int fd, char *buf, int len, int + * Need all parts of the PDU to be received by dead_hand + * This enforces a low overall timeout for the whole PDU + * (as opposed to just a timeout for individual calls to +- * recv). A more invasive alternative (better) approach +- * would see all I/O performed in the main event loop, +- * and I/O routines transformed to continuation-passing +- * style. ++ * recv). + */ + gettimeofday(&dead_hand, NULL); + dead_hand.tv_sec += wait.tv_sec; +@@ -499,9 +496,10 @@ PM_FAULT_RETURN(PM_ERR_TIMEOUT); + if (len == -1) { + if (! __pmSocketClosed()) { + char errmsg[PM_MAXERRMSGLEN]; +- pmNotifyErr(LOG_ERR, "%s: fd=%d hdr read: len=%d: %s", +- "__pmGetPDU", fd, len, +- pmErrStr_r(-oserror(), errmsg, sizeof(errmsg))); ++ if (pmDebugOptions.pdu) ++ pmNotifyErr(LOG_ERR, "%s: fd=%d hdr read: len=%d: %s", ++ "__pmGetPDU", fd, len, ++ pmErrStr_r(-oserror(), errmsg, sizeof(errmsg))); + } + } + else if (len >= (int)sizeof(php->len)) { +@@ -520,15 +518,17 @@ PM_FAULT_RETURN(PM_ERR_TIMEOUT); + } + else if (len < 0) { + char errmsg[PM_MAXERRMSGLEN]; +- pmNotifyErr(LOG_ERR, "%s: fd=%d hdr read: len=%d: %s", +- "__pmGetPDU", fd, len, +- pmErrStr_r(len, errmsg, sizeof(errmsg))); ++ if (pmDebugOptions.pdu) ++ pmNotifyErr(LOG_ERR, "%s: fd=%d hdr read: len=%d: %s", ++ "__pmGetPDU", fd, len, ++ pmErrStr_r(len, errmsg, sizeof(errmsg))); + __pmUnpinPDUBuf(pdubuf); + return PM_ERR_IPC; + } + else if (len > 0) { +- pmNotifyErr(LOG_ERR, "%s: fd=%d hdr read: bad len=%d", +- "__pmGetPDU", fd, len); ++ if (pmDebugOptions.pdu) ++ pmNotifyErr(LOG_ERR, "%s: fd=%d hdr read: bad len=%d", ++ "__pmGetPDU", fd, len); + __pmUnpinPDUBuf(pdubuf); + return PM_ERR_IPC; + } +@@ -547,8 +547,9 @@ check_read_len: + * PDU length indicates insufficient bytes for a PDU header + * ... looks like DOS attack like PV 935490 + */ +- pmNotifyErr(LOG_ERR, "%s: fd=%d illegal PDU len=%d in hdr", +- "__pmGetPDU", fd, php->len); ++ if (pmDebugOptions.pdu) ++ pmNotifyErr(LOG_ERR, "%s: fd=%d illegal PDU len=%d in hdr", ++ "__pmGetPDU", fd, php->len); + __pmUnpinPDUBuf(pdubuf); + return PM_ERR_IPC; + } +@@ -559,16 +560,18 @@ check_read_len: + * (note, pmcd and pmdas have to be able to _send_ large PDUs, + * e.g. for a pmResult or instance domain enquiry) + */ +- if (len < (int)(sizeof(php->len) + sizeof(php->type))) +- /* PDU too short to provide a valid type */ +- pmNotifyErr(LOG_ERR, "%s: fd=%d bad PDU len=%d in hdr " +- "exceeds maximum client PDU size (%d)", +- "__pmGetPDU", fd, php->len, ceiling); +- else +- pmNotifyErr(LOG_ERR, "%s: fd=%d type=0x%x bad PDU len=%d in hdr " +- "exceeds maximum client PDU size (%d)", +- "__pmGetPDU", fd, (unsigned)ntohl(php->type), +- php->len, ceiling); ++ if (pmDebugOptions.pdu) { ++ if (len < (int)(sizeof(php->len) + sizeof(php->type))) ++ /* PDU too short to provide a valid type */ ++ pmNotifyErr(LOG_ERR, "%s: fd=%d bad PDU len=%d in hdr" ++ " exceeds maximum client PDU size (%d)", ++ "__pmGetPDU", fd, php->len, ceiling); ++ else ++ pmNotifyErr(LOG_ERR, "%s: fd=%d type=0x%x bad PDU len=%d in hdr" ++ " exceeds maximum client PDU size (%d)", ++ "__pmGetPDU", fd, (unsigned)ntohl(php->type), ++ php->len, ceiling); ++ } + __pmUnpinPDUBuf(pdubuf); + return PM_ERR_TOOBIG; + } +@@ -608,6 +611,10 @@ check_read_len: + __pmUnpinPDUBuf(pdubuf); + return PM_ERR_TIMEOUT; + } ++ else if (!pmDebugOptions.pdu) { ++ __pmUnpinPDUBuf(pdubuf); ++ return PM_ERR_IPC; ++ } + else if (len < 0) { + char errmsg[PM_MAXERRMSGLEN]; + pmNotifyErr(LOG_ERR, "%s: fd=%d data read: len=%d: %s", +@@ -641,7 +648,8 @@ check_read_len: + * PDU type is bad ... could be a possible mem leak attack like + * https://bugzilla.redhat.com/show_bug.cgi?id=841319 + */ +- pmNotifyErr(LOG_ERR, "%s: fd=%d illegal PDU type=%d in hdr", ++ if (pmDebugOptions.pdu) ++ pmNotifyErr(LOG_ERR, "%s: fd=%d illegal PDU type=%d in hdr", + "__pmGetPDU", fd, php->type); + __pmUnpinPDUBuf(pdubuf); + return PM_ERR_IPC; +diff -Naurp pcp-5.3.7.orig/src/libpcp_web/src/load.h pcp-5.3.7/src/libpcp_web/src/load.h +--- pcp-5.3.7.orig/src/libpcp_web/src/load.h 2021-02-17 15:27:41.000000000 +1100 ++++ pcp-5.3.7/src/libpcp_web/src/load.h 2024-09-09 13:45:56.531933622 +1000 +@@ -42,8 +42,9 @@ typedef struct context { + unsigned int setup : 1; /* context established */ + unsigned int cached : 1; /* context/source in cache */ + unsigned int garbage : 1; /* context pending removal */ ++ unsigned int inactive: 1; /* context removal deferred */ + unsigned int updated : 1; /* context labels are updated */ +- unsigned int padding : 4; /* zero-filled struct padding */ ++ unsigned int padding : 3; /* zero-filled struct padding */ + unsigned int refcount : 16; /* currently-referenced counter */ + unsigned int timeout; /* context timeout in milliseconds */ + uv_timer_t timer; +diff -Naurp pcp-5.3.7.orig/src/libpcp_web/src/webgroup.c pcp-5.3.7/src/libpcp_web/src/webgroup.c +--- pcp-5.3.7.orig/src/libpcp_web/src/webgroup.c 2024-09-09 13:44:34.166748200 +1000 ++++ pcp-5.3.7/src/libpcp_web/src/webgroup.c 2024-09-09 13:45:56.531933622 +1000 +@@ -134,9 +134,18 @@ webgroup_timeout_context(uv_timer_t *arg + * is returned to zero by the caller, or background cleanup + * finds this context and cleans it. + */ +- if (cp->refcount == 0 && cp->garbage == 0) { +- cp->garbage = 1; +- uv_timer_stop(&cp->timer); ++ if (cp->refcount == 0) { ++ if (cp->garbage == 0) { ++ cp->garbage = 1; ++ uv_timer_stop(&cp->timer); ++ } ++ } else { ++ /* ++ * Context timed out but still referenced, must wait ++ * until the caller releases its reference (shortly) ++ * before beginning garbage collection process. ++ */ ++ cp->inactive = 1; + } + } + +@@ -298,20 +307,28 @@ webgroup_garbage_collect(struct webgroup + dictIterator *iterator; + dictEntry *entry; + context_t *cp; +- unsigned int count = 0, drops = 0; ++ unsigned int count = 0, drops = 0, garbageset = 0, inactiveset = 0; + + if (pmDebugOptions.http || pmDebugOptions.libweb) +- fprintf(stderr, "%s: started\n", "webgroup_garbage_collect"); ++ fprintf(stderr, "%s: started for groups %p\n", ++ "webgroup_garbage_collect", groups); + + /* do context GC if we get the lock (else don't block here) */ + if (uv_mutex_trylock(&groups->mutex) == 0) { + iterator = dictGetSafeIterator(groups->contexts); + for (entry = dictNext(iterator); entry;) { + cp = (context_t *)dictGetVal(entry); ++ if (cp->privdata != groups) ++ continue; + entry = dictNext(iterator); +- if (cp->garbage && cp->privdata == groups) { ++ if (cp->garbage) ++ garbageset++; ++ if (cp->inactive && cp->refcount == 0) ++ inactiveset++; ++ if (cp->garbage || (cp->inactive && cp->refcount == 0)) { + if (pmDebugOptions.http || pmDebugOptions.libweb) +- fprintf(stderr, "GC context %u (%p)\n", cp->randomid, cp); ++ fprintf(stderr, "GC dropping context %u (%p)\n", ++ cp->randomid, cp); + uv_mutex_unlock(&groups->mutex); + webgroup_drop_context(cp, groups); + uv_mutex_lock(&groups->mutex); +@@ -324,7 +341,8 @@ webgroup_garbage_collect(struct webgroup + /* if dropping the last remaining context, do cleanup */ + if (groups->active && drops == count) { + if (pmDebugOptions.http || pmDebugOptions.libweb) +- fprintf(stderr, "%s: freezing\n", "webgroup_garbage_collect"); ++ fprintf(stderr, "%s: freezing groups %p\n", ++ "webgroup_garbage_collect", groups); + webgroup_timers_stop(groups); + } + uv_mutex_unlock(&groups->mutex); +@@ -334,8 +352,10 @@ webgroup_garbage_collect(struct webgroup + mmv_set(groups->map, groups->metrics[WEBGROUP_GC_COUNT], &count); + + if (pmDebugOptions.http || pmDebugOptions.libweb) +- fprintf(stderr, "%s: finished [%u drops from %u entries]\n", +- "webgroup_garbage_collect", drops, count); ++ fprintf(stderr, "%s: finished [%u drops from %u entries," ++ " %u garbageset, %u inactiveset]\n", ++ "webgroup_garbage_collect", drops, count, ++ garbageset, inactiveset); + } + + static void +@@ -354,7 +374,7 @@ webgroup_use_context(struct context *cp, + int sts; + struct webgroups *gp = (struct webgroups *)cp->privdata; + +- if (cp->garbage == 0) { ++ if (cp->garbage == 0 && cp->inactive == 0) { + if (cp->setup == 0) { + if ((sts = pmReconnectContext(cp->context)) < 0) { + infofmt(*message, "cannot reconnect context: %s", +@@ -424,7 +444,7 @@ webgroup_lookup_context(pmWebGroupSettin + *status = -ENOTCONN; + return NULL; + } +- if (cp->garbage == 0) { ++ if (cp->garbage == 0 && cp->inactive == 0) { + access.username = cp->username; + access.password = cp->password; + access.realm = cp->realm; +diff -Naurp pcp-5.3.7.orig/src/pmcd/src/client.c pcp-5.3.7/src/pmcd/src/client.c +--- pcp-5.3.7.orig/src/pmcd/src/client.c 2018-01-15 15:49:13.000000000 +1100 ++++ pcp-5.3.7/src/pmcd/src/client.c 2024-09-09 13:47:06.870083366 +1000 +@@ -74,7 +74,8 @@ NotifyEndContext(int ctx) + ClientInfo * + AcceptNewClient(int reqfd) + { +- static unsigned int seq = 0; ++ static unsigned int seq, saved, count; ++ static struct timeval then; + int i, fd; + __pmSockLen addrlen; + struct timeval now; +@@ -83,21 +84,30 @@ AcceptNewClient(int reqfd) + addrlen = __pmSockAddrSize(); + fd = __pmAccept(reqfd, client[i].addr, &addrlen); + if (fd == -1) { +- if (neterror() == EPERM) { +- pmNotifyErr(LOG_NOTICE, "AcceptNewClient(%d): " +- "Permission Denied\n", reqfd); +- } +- else if (neterror() == ECONNABORTED) { ++ if (neterror() == ECONNABORTED) { + /* quietly ignore this one ... */ + ; + } + else { +- /* +- * unexpected ... ignore the client (we used to kill off pmcd +- * but that seems way too extreme) ++ /* Permission denied or an unexpected error (e.g. EMFILE) ++ * - rate limit the logging and make this client go away. + */ +- pmNotifyErr(LOG_ERR, "AcceptNewClient(%d): Unexpected error from __pmAccept: %d: %s\n", +- reqfd, neterror(), netstrerror()); ++ pmtimevalNow(&now); ++ if (neterror() != saved || now.tv_sec > then.tv_sec + 60) { ++ if (neterror() == EPERM) ++ pmNotifyErr(LOG_NOTICE, "AcceptNewClient(%d): " ++ "Permission Denied (%d suppressed)\n", ++ reqfd, count); ++ else ++ pmNotifyErr(LOG_ERR, "AcceptNewClient(%d): " ++ "Accept error (%d suppressed): %d: %s\n", ++ reqfd, count, neterror(), netstrerror()); ++ saved = neterror(); ++ count = 0; ++ } else { ++ count++; ++ } ++ then = now; + } + client[i].fd = -1; + DeleteClient(&client[i]); +diff -Naurp pcp-5.3.7.orig/src/pmcd/src/pmcd.c pcp-5.3.7/src/pmcd/src/pmcd.c +--- pcp-5.3.7.orig/src/pmcd/src/pmcd.c 2021-10-13 10:48:23.000000000 +1100 ++++ pcp-5.3.7/src/pmcd/src/pmcd.c 2024-09-09 13:47:06.871083368 +1000 +@@ -685,7 +685,7 @@ HandleReadyAgents(__pmFdSet *readyFds) + } + + static void +-CheckNewClient(__pmFdSet * fdset, int rfd, int family) ++CheckNewClient(__pmFdSet *fdset, int rfd, int family) + { + int s, sts, accepted = 1; + __uint32_t challenge; diff --git a/redhat-issues-RHEL-57788-pmdahacluster-update.patch b/redhat-issues-RHEL-57788-pmdahacluster-update.patch new file mode 100644 index 0000000..11c4471 --- /dev/null +++ b/redhat-issues-RHEL-57788-pmdahacluster-update.patch @@ -0,0 +1,1404 @@ +diff -Naurp pcp-5.3.7.orig/qa/1897.out pcp-5.3.7/qa/1897.out +--- pcp-5.3.7.orig/qa/1897.out 2024-09-09 13:44:34.187748248 +1000 ++++ pcp-5.3.7/qa/1897.out 2024-09-09 14:11:15.741568486 +1000 +@@ -132,8 +132,8 @@ ha_cluster.drbd.connections.all PMID: 15 + Data Type: 32-bit unsigned int InDom: 155.16 0x26c00010 + Semantics: instant Units: count + Help: +-Value is 1 if a drbd peer connection exists. The details of the corresponding DRBD peer +-connection is given as label metadata values for this metric. ++Value is 1 if a DRBD peer connection exists. Details of the corresponding ++DRBD peer connection are given as label metadata values for this metric. + inst [0 or "drbd1:1"] value 1 + + ha_cluster.drbd.connections.peer_disk_state PMID: 155.11.4 [Peer disk state] +@@ -238,8 +238,8 @@ ha_cluster.drbd.resources.all PMID: 155. + Data Type: 32-bit unsigned int InDom: 155.15 0x26c0000f + Semantics: instant Units: count + Help: +-Value is 1 if a drbd resource exists. The details of the corresponding drbd resource +-is given as label metadata values for this metric. ++Value is 1 if a DRBD resource exists. Details of the corresponding DRBD ++resource are given as label metadata values for this metric. + inst [0 or "drbd1:0"] value 1 + + ha_cluster.drbd.resources.disk_state PMID: 155.10.3 [Disk state] +@@ -819,8 +819,8 @@ ha_cluster.drbd.connections.all PMID: 15 + Data Type: 32-bit unsigned int InDom: 155.16 0x26c00010 + Semantics: instant Units: count + Help: +-Value is 1 if a drbd peer connection exists. The details of the corresponding DRBD peer +-connection is given as label metadata values for this metric. ++Value is 1 if a DRBD peer connection exists. Details of the corresponding ++DRBD peer connection are given as label metadata values for this metric. + No value(s) available! + + ha_cluster.drbd.connections.peer_disk_state PMID: 155.11.4 [Peer disk state] +@@ -925,8 +925,8 @@ ha_cluster.drbd.resources.all PMID: 155. + Data Type: 32-bit unsigned int InDom: 155.15 0x26c0000f + Semantics: instant Units: count + Help: +-Value is 1 if a drbd resource exists. The details of the corresponding drbd resource +-is given as label metadata values for this metric. ++Value is 1 if a DRBD resource exists. Details of the corresponding DRBD ++resource are given as label metadata values for this metric. + No value(s) available! + + ha_cluster.drbd.resources.disk_state PMID: 155.10.3 [Disk state] +@@ -1293,6 +1293,1280 @@ No value(s) available! + === std out === + + ha_cluster.pacemaker.config_last_change ++ value 1687428694 ++ ++ha_cluster.corosync.quorate ++ value 1 ++ ++ha_cluster.sbd.devices.path ++No value(s) available! ++ ++ha_cluster.drbd.split_brain ++No value(s) available! ++=== std err === ++=== filtered valgrind report === ++Memcheck, a memory error detector ++Command: pminfo -L -K clear -K add,155,PCP_PMDAS_DIR/hacluster/pmda_hacluster.so,hacluster_init -f ha_cluster.pacemaker.config_last_change ha_cluster.corosync.quorate ha_cluster.sbd.devices.path ha_cluster.drbd.split_brain ++LEAK SUMMARY: ++definitely lost: 0 bytes in 0 blocks ++indirectly lost: 0 bytes in 0 blocks ++ERROR SUMMARY: 0 errors from 0 contexts ... ++ ++== done ++ ++== Checking metric descriptors and values - hacluster-root-003.tgz ++ ++ha_cluster.corosync.member_votes.local PMID: 155.6.1 [Votes that are local to this node] ++ Data Type: 32-bit unsigned int InDom: 155.5 0x26c00005 ++ Semantics: instant Units: count ++Help: ++The quorum votes which are local to this node in the cluster. ++ inst [0 or "rhel9-node1"] value 1 ++ inst [1 or "rhel9-node2"] value 0 ++ ++ha_cluster.corosync.member_votes.node_id PMID: 155.6.2 [Node ID] ++ Data Type: 64-bit unsigned int InDom: 155.5 0x26c00005 ++ Semantics: instant Units: count ++Help: ++The full corosync ID for the nodes in the cluster. ++ inst [0 or "rhel9-node1"] value 1 ++ inst [1 or "rhel9-node2"] value 2 ++ ++ha_cluster.corosync.member_votes.votes PMID: 155.6.0 [Quorum votes per node] ++ Data Type: 32-bit unsigned int InDom: 155.5 0x26c00005 ++ Semantics: instant Units: count ++Help: ++The number of quorum votes allocated to each node in the cluster. ++ inst [0 or "rhel9-node1"] value 1 ++ inst [1 or "rhel9-node2"] value 1 ++ ++ha_cluster.corosync.quorate PMID: 155.7.0 [Value given for quorate] ++ Data Type: 32-bit unsigned int InDom: PM_INDOM_NULL 0xffffffff ++ Semantics: instant Units: count ++Help: ++The value represents whether or not the cluster is quorate. ++ value 1 ++ ++ha_cluster.corosync.quorum_votes.expected_votes PMID: 155.7.1 [Expected vote count] ++ Data Type: 32-bit unsigned int InDom: PM_INDOM_NULL 0xffffffff ++ Semantics: instant Units: count ++Help: ++The number of expected quorum votes for the cluster. ++ value 2 ++ ++ha_cluster.corosync.quorum_votes.highest_expected PMID: 155.7.2 [Highest expected vote count] ++ Data Type: 32-bit unsigned int InDom: PM_INDOM_NULL 0xffffffff ++ Semantics: instant Units: count ++Help: ++The highest number of expected quorum votes for the cluster. ++ value 2 ++ ++ha_cluster.corosync.quorum_votes.quorum PMID: 155.7.4 [Whether cluster is quorate] ++ Data Type: 32-bit unsigned int InDom: PM_INDOM_NULL 0xffffffff ++ Semantics: instant Units: count ++Help: ++The value reported for the quorate for the cluster. ++ value 1 ++ ++ha_cluster.corosync.quorum_votes.total_votes PMID: 155.7.3 [Total number of votes] ++ Data Type: 32-bit unsigned int InDom: PM_INDOM_NULL 0xffffffff ++ Semantics: instant Units: count ++Help: ++The total number of quorum votes for the cluster. ++ value 2 ++ ++ha_cluster.corosync.ring_errors PMID: 155.7.5 [Number of faulty rings] ++ Data Type: 32-bit unsigned int InDom: PM_INDOM_NULL 0xffffffff ++ Semantics: instant Units: count ++Help: ++The total number of Corosync rings which are faulty. ++ value 0 ++ ++ha_cluster.corosync.rings.address PMID: 155.8.1 [IP Address for ring] ++ Data Type: string InDom: 155.6 0x26c00006 ++ Semantics: instant Units: count ++Help: ++The IP address locally linked to this ring. ++ inst [0 or "0"] value "192.168.122.148" ++ ++ha_cluster.corosync.rings.all PMID: 155.15.0 [Corosync rings information] ++ Data Type: 32-bit unsigned int InDom: 155.13 0x26c0000d ++ Semantics: instant Units: count ++Help: ++Value is 1 if a ring exists. The details of the corresponding ring ++is given as label metadata values for this metric. ++ inst [0 or "0"] value 1 ++ ++ha_cluster.corosync.rings.node_id PMID: 155.8.2 [ID of the local node] ++ Data Type: 64-bit unsigned int InDom: 155.6 0x26c00006 ++ Semantics: instant Units: count ++Help: ++The internal Corosync node ID to the node matched to the ring. ++ inst [0 or "0"] value 1 ++ ++ha_cluster.corosync.rings.number PMID: 155.8.3 [Ring number] ++ Data Type: 32-bit unsigned int InDom: 155.6 0x26c00006 ++ Semantics: instant Units: count ++Help: ++The number for the Corosync ring. ++ inst [0 or "0"] value 0 ++ ++ha_cluster.corosync.rings.ring_id PMID: 155.8.4 [Ring ID] ++ Data Type: string InDom: 155.6 0x26c00006 ++ Semantics: instant Units: count ++Help: ++The internal Corosync ring ID, corresponds to the first node to join. ++ inst [0 or "0"] value "1.9" ++ ++ha_cluster.corosync.rings.status PMID: 155.8.0 [Corosync ring status] ++ Data Type: 32-bit unsigned int InDom: 155.6 0x26c00006 ++ Semantics: instant Units: count ++Help: ++The status for each Corosync ring in the cluster, a value of 1 is faulty and ++0 is healthy. ++ inst [0 or "0"] value 0 ++ ++ha_cluster.drbd.al_writes PMID: 155.10.6 [Writes to the activity log] ++ Data Type: 64-bit unsigned int InDom: 155.8 0x26c00008 ++ Semantics: instant Units: count ++Help: ++Amount of writes to the activity log area of metadata by the DRBD ++resource:volume. ++No value(s) available! ++ ++ha_cluster.drbd.bm_writes PMID: 155.10.7 [Writes to bitmap area] ++ Data Type: 64-bit unsigned int InDom: 155.8 0x26c00008 ++ Semantics: instant Units: count ++Help: ++Amount of writes to the bitmap area of metadata by the DRBD resource:volume. ++No value(s) available! ++ ++ha_cluster.drbd.connections.all PMID: 155.18.0 [DRBD Peer disk information] ++ Data Type: 32-bit unsigned int InDom: 155.16 0x26c00010 ++ Semantics: instant Units: count ++Help: ++Value is 1 if a DRBD peer connection exists. Details of the corresponding ++DRBD peer connection are given as label metadata values for this metric. ++No value(s) available! ++ ++ha_cluster.drbd.connections.peer_disk_state PMID: 155.11.4 [Peer disk state] ++ Data Type: string InDom: 155.9 0x26c00009 ++ Semantics: instant Units: count ++Help: ++The reported peer disk state for the connection. ++No value(s) available! ++ ++ha_cluster.drbd.connections.peer_node_id PMID: 155.11.1 [The ID the connection is for] ++ Data Type: string InDom: 155.9 0x26c00009 ++ Semantics: instant Units: count ++Help: ++The given peer node ID for which the connection is for. ++No value(s) available! ++ ++ha_cluster.drbd.connections.peer_role PMID: 155.11.2 [Role of the connection] ++ Data Type: string InDom: 155.9 0x26c00009 ++ Semantics: instant Units: count ++Help: ++The reported role type for the connection. ++No value(s) available! ++ ++ha_cluster.drbd.connections.resource PMID: 155.11.0 [Resource that the connection is for] ++ Data Type: string InDom: 155.9 0x26c00009 ++ Semantics: instant Units: count ++Help: ++The given resource that the DRBD connection is for each resource:volume. ++No value(s) available! ++ ++ha_cluster.drbd.connections.volume PMID: 155.11.3 [Volume number] ++ Data Type: 32-bit unsigned int InDom: 155.9 0x26c00009 ++ Semantics: instant Units: count ++Help: ++The reported volume for the connection. ++No value(s) available! ++ ++ha_cluster.drbd.connections_pending PMID: 155.11.8 [Number of connections pending] ++ Data Type: 32-bit unsigned int InDom: 155.9 0x26c00009 ++ Semantics: instant Units: count ++Help: ++The number of requests sent which have not yet been received by DRBD for the ++resource:volume. ++No value(s) available! ++ ++ha_cluster.drbd.connections_received PMID: 155.11.6 [Volume of data received] ++ Data Type: 64-bit unsigned int InDom: 155.9 0x26c00009 ++ Semantics: instant Units: count ++Help: ++The volume of data received via the network connection in KiB by DRBD for the ++resource:volume. ++No value(s) available! ++ ++ha_cluster.drbd.connections_sent PMID: 155.11.7 [Volume of data sent] ++ Data Type: 64-bit unsigned int InDom: 155.9 0x26c00009 ++ Semantics: instant Units: count ++Help: ++The volume of data sent via the network connection in KiB by DRBD for the ++resource:volume. ++No value(s) available! ++ ++ha_cluster.drbd.connections_sync PMID: 155.11.5 [Connections in sync] ++ Data Type: float InDom: 155.9 0x26c00009 ++ Semantics: instant Units: count ++Help: ++The number of DRBD connections in sync for each resource:volume, this value is ++between 0 to 100. ++No value(s) available! ++ ++ha_cluster.drbd.connections_unacked PMID: 155.11.9 [Number of connection not acknowledged] ++ Data Type: 32-bit unsigned int InDom: 155.9 0x26c00009 ++ Semantics: instant Units: count ++Help: ++The number of requests sent which have not yet been acknowledged by DRBD for ++the resource:volume. ++No value(s) available! ++ ++ha_cluster.drbd.lower_pending PMID: 155.10.9 [Number of open requests] ++ Data Type: 64-bit unsigned int InDom: 155.8 0x26c00008 ++ Semantics: instant Units: count ++Help: ++The number of open requests to the local I/O subsystem by DRBD for the ++resource:volume. ++No value(s) available! ++ ++ha_cluster.drbd.quorum PMID: 155.10.10 [Quorum status of DRBD resource:volume] ++ Data Type: 32-bit unsigned int InDom: 155.8 0x26c00008 ++ Semantics: instant Units: count ++Help: ++The Quorum status of the DRBD resource according to resource:volume, 1 is ++quorate and 0 is non-quorate. ++No value(s) available! ++ ++ha_cluster.drbd.read PMID: 155.10.5 [Amount read by DRBD resource] ++ Data Type: 32-bit unsigned int InDom: 155.8 0x26c00008 ++ Semantics: instant Units: count ++Help: ++Amount in KiB read by the DRBD resource:volume. ++No value(s) available! ++ ++ha_cluster.drbd.resources.all PMID: 155.17.0 [DRBD resource information] ++ Data Type: 32-bit unsigned int InDom: 155.15 0x26c0000f ++ Semantics: instant Units: count ++Help: ++Value is 1 if a DRBD resource exists. Details of the corresponding DRBD ++resource are given as label metadata values for this metric. ++No value(s) available! ++ ++ha_cluster.drbd.resources.disk_state PMID: 155.10.3 [Disk state] ++ Data Type: string InDom: 155.8 0x26c00008 ++ Semantics: instant Units: count ++Help: ++The current reported disk state of for the resource:volume. ++No value(s) available! ++ ++ha_cluster.drbd.resources.resource PMID: 155.10.0 [Name of the resource] ++ Data Type: string InDom: 155.8 0x26c00008 ++ Semantics: instant Units: count ++Help: ++The name given for the DRBD resource for each resource:volume. ++No value(s) available! ++ ++ha_cluster.drbd.resources.role PMID: 155.10.1 [Role of the resource] ++ Data Type: string InDom: 155.8 0x26c00008 ++ Semantics: instant Units: count ++Help: ++The reported role for the DRBD resource for each resource:volume. ++No value(s) available! ++ ++ha_cluster.drbd.resources.volume PMID: 155.10.2 [Volume of the resource] ++ Data Type: string InDom: 155.8 0x26c00008 ++ Semantics: instant Units: count ++Help: ++The volume number of the resource for each resource:volume. ++No value(s) available! ++ ++ha_cluster.drbd.split_brain PMID: 155.10.11 [Signal for split brain detection.] ++ Data Type: 32-bit unsigned int InDom: 155.8 0x26c00008 ++ Semantics: instant Units: count ++Help: ++This metric signals if there has been a split brain occurring in DRBD for the ++resource:volume, value is 1 is a split brain has been detected. ++No value(s) available! ++ ++ha_cluster.drbd.upper_pending PMID: 155.10.8 [Block I/O requests pending] ++ Data Type: 64-bit unsigned int InDom: 155.8 0x26c00008 ++ Semantics: instant Units: count ++Help: ++The number of the block I/O requests forwarded but not yet answered by DRBD ++for the resource:volume. ++No value(s) available! ++ ++ha_cluster.drbd.written PMID: 155.10.4 [Amount written to DRBD resource] ++ Data Type: 32-bit unsigned int InDom: 155.8 0x26c00008 ++ Semantics: instant Units: count ++Help: ++Amount in KiB written to the DRBD resource:volume. ++No value(s) available! ++ ++ha_cluster.pacemaker.config_last_change PMID: 155.0.0 [Unix timestamp corresponding to last Pacemaker configuration change] ++ Data Type: 64-bit unsigned int InDom: PM_INDOM_NULL 0xffffffff ++ Semantics: instant Units: count ++Help: ++Unix timestamp in seconds corresponding to the last time that the Pacemaker ++configuration was changed on the system. ++ value 1687428694 ++ ++ha_cluster.pacemaker.fail_count PMID: 155.1.0 [The number of fail count recorded] ++ Data Type: 64-bit unsigned int InDom: 155.0 0x26c00000 ++ Semantics: instant Units: count ++Help: ++The number of fail count per node and resource ID, the actual maximum value ++depends on Pacemaker internals. ++ inst [0 or "rhel9-node1:VirtualIP"] value 0 ++ ++ha_cluster.pacemaker.location_constraints.all PMID: 155.12.0 [Location constraint information] ++ Data Type: 32-bit unsigned int InDom: 155.10 0x26c0000a ++ Semantics: instant Units: count ++Help: ++Value is 1 if a location constraint exists. The details of the location constraint ++is given as label metadata values for this metric. ++No value(s) available! ++ ++ha_cluster.pacemaker.location_constraints.node PMID: 155.2.0 [Node of the location constraint] ++ Data Type: string InDom: 155.1 0x26c00001 ++ Semantics: instant Units: count ++Help: ++The node that the location constraint applies to in the cluster. ++No value(s) available! ++ ++ha_cluster.pacemaker.location_constraints.resource PMID: 155.2.1 [Resource of the location constraint] ++ Data Type: string InDom: 155.1 0x26c00001 ++ Semantics: instant Units: count ++Help: ++The resource that the location constraint applies to in the cluster. ++No value(s) available! ++ ++ha_cluster.pacemaker.location_constraints.role PMID: 155.2.2 [Resource role of the location constraint] ++ Data Type: string InDom: 155.1 0x26c00001 ++ Semantics: instant Units: count ++Help: ++The resource role that the location constraint applies to, if any. ++No value(s) available! ++ ++ha_cluster.pacemaker.location_constraints.score PMID: 155.2.3 [Score of the location constraint] ++ Data Type: string InDom: 155.1 0x26c00001 ++ Semantics: instant Units: count ++Help: ++The score given to the location constraint by Pacemaker, the value depends on ++Pacemaker internals. ++No value(s) available! ++ ++ha_cluster.pacemaker.migration_threshold PMID: 155.1.1 [Migration threshold per node and resource ID] ++ Data Type: 64-bit unsigned int InDom: 155.0 0x26c00000 ++ Semantics: instant Units: count ++Help: ++The value for the migration threshold per node and resource ID set by the ++Pacemaker cluster. ++ inst [0 or "rhel9-node1:VirtualIP"] value 1000000 ++ ++ha_cluster.pacemaker.node_attributes PMID: 155.4.0 [Metadata used by Resource Agents] ++ Data Type: string InDom: 155.3 0x26c00003 ++ Semantics: instant Units: count ++Help: ++The raw values for the cluster metadata attributes and their value per node as ++used by the Resource Agents. ++No value(s) available! ++ ++ha_cluster.pacemaker.node_attributes_all PMID: 155.13.0 [Metadata information] ++ Data Type: 32-bit unsigned int InDom: 155.11 0x26c0000b ++ Semantics: instant Units: count ++Help: ++Value is 1 if a node metadata exists. The details of the node metadata ++is given as label metadata values for this metric. ++No value(s) available! ++ ++ha_cluster.pacemaker.nodes.status.dc PMID: 155.3.8 [Whether the node status is given as the DC] ++ Data Type: 32-bit unsigned int InDom: 155.2 0x26c00002 ++ Semantics: instant Units: count ++Help: ++Whether the DC status is reported by the node in the cluster, a ++value of 1 confirms the node status as the designated coordinator. ++ inst [0 or "rhel9-node1"] value 1 ++ inst [1 or "rhel9-node2"] value 0 ++ ++ha_cluster.pacemaker.nodes.status.expected_up PMID: 155.3.7 [Whether the node status is given as expected_up] ++ Data Type: 32-bit unsigned int InDom: 155.2 0x26c00002 ++ Semantics: instant Units: count ++Help: ++Whether the expected_up status is reported by the node in the cluster, a ++value of 1 confirms the node status as expected_up. ++ inst [0 or "rhel9-node1"] value 1 ++ inst [1 or "rhel9-node2"] value 1 ++ ++ha_cluster.pacemaker.nodes.status.maintenance PMID: 155.3.3 [Whether the node status is given as maintenance] ++ Data Type: 32-bit unsigned int InDom: 155.2 0x26c00002 ++ Semantics: instant Units: count ++Help: ++Whether the maintenance status is reported by the node in the cluster, a ++value of 1 confirms the node status as online. ++ inst [0 or "rhel9-node1"] value 0 ++ inst [1 or "rhel9-node2"] value 0 ++ ++ha_cluster.pacemaker.nodes.status.online PMID: 155.3.0 [Whether the node status is given as online] ++ Data Type: 32-bit unsigned int InDom: 155.2 0x26c00002 ++ Semantics: instant Units: count ++Help: ++Whether the online status is reported by the node in the cluster, a value of ++1 confirms the node status as online. ++ inst [0 or "rhel9-node1"] value 1 ++ inst [1 or "rhel9-node2"] value 1 ++ ++ha_cluster.pacemaker.nodes.status.pending PMID: 155.3.4 [Whether the node status is given as pending] ++ Data Type: 32-bit unsigned int InDom: 155.2 0x26c00002 ++ Semantics: instant Units: count ++Help: ++Whether the pending status is reported by the node in the cluster, a value of ++1 confirms the node status as pending. ++ inst [0 or "rhel9-node1"] value 0 ++ inst [1 or "rhel9-node2"] value 0 ++ ++ha_cluster.pacemaker.nodes.status.shutdown PMID: 155.3.6 [Whether the node status is given as shutdown] ++ Data Type: 32-bit unsigned int InDom: 155.2 0x26c00002 ++ Semantics: instant Units: count ++Help: ++Whether the shutdown status is reported by the node in the cluster, a value ++of 1 confirms the node status as shutdown. ++ inst [0 or "rhel9-node1"] value 0 ++ inst [1 or "rhel9-node2"] value 0 ++ ++ha_cluster.pacemaker.nodes.status.standby PMID: 155.3.1 [Whether the node status is given as standby] ++ Data Type: 32-bit unsigned int InDom: 155.2 0x26c00002 ++ Semantics: instant Units: count ++Help: ++Whether the standby status is reported by the node in the cluster, a value of ++1 confirms the node status as standby. ++ inst [0 or "rhel9-node1"] value 0 ++ inst [1 or "rhel9-node2"] value 0 ++ ++ha_cluster.pacemaker.nodes.status.standby_on_fail PMID: 155.3.2 [Whether the node status is given as standby_on_fail] ++ Data Type: 32-bit unsigned int InDom: 155.2 0x26c00002 ++ Semantics: instant Units: count ++Help: ++Whether the standby_on_fail status is reported by the node in the cluster, ++a value of 1 confirms the node status as standby_on_fail. ++ inst [0 or "rhel9-node1"] value 0 ++ inst [1 or "rhel9-node2"] value 0 ++ ++ha_cluster.pacemaker.nodes.status.unclean PMID: 155.3.5 [Whether the node status is given as unclean] ++ Data Type: 32-bit unsigned int InDom: 155.2 0x26c00002 ++ Semantics: instant Units: count ++Help: ++Whether the unclean status is reported by the node in the cluster, a value of ++1 confirms the node status as unclean. ++ inst [0 or "rhel9-node1"] value 0 ++ inst [1 or "rhel9-node2"] value 0 ++ ++ha_cluster.pacemaker.nodes.type PMID: 155.3.9 [The type given to the node] ++ Data Type: string InDom: 155.2 0x26c00002 ++ Semantics: instant Units: count ++Help: ++The membership type given to the node in the Pacemaker cluster. ++ inst [0 or "rhel9-node1"] value "member" ++ inst [1 or "rhel9-node2"] value "member" ++ ++ha_cluster.pacemaker.resources.agent PMID: 155.5.0 [The name of the resource agent for this resource] ++ Data Type: string InDom: 155.4 0x26c00004 ++ Semantics: instant Units: count ++Help: ++The name given for the resource agent for the given resource instance in the ++cluster. ++ inst [0 or "VirtualIP:rhel9-node1"] value "ocf:heartbeat:IPaddr2" ++ ++ha_cluster.pacemaker.resources.all PMID: 155.14.0 [Pacemaker resources information] ++ Data Type: 32-bit unsigned int InDom: 155.12 0x26c0000c ++ Semantics: instant Units: count ++Help: ++Value is 1 if a resources exists. The details of the resource ++is given as label metadata values for this metric. ++ inst [0 or "VirtualIP:rhel9-node1"] value 1 ++ ++ha_cluster.pacemaker.resources.clone PMID: 155.5.1 [The name of the clone given for this resource] ++ Data Type: string InDom: 155.4 0x26c00004 ++ Semantics: instant Units: count ++Help: ++The name given for the clone for the given resource instance in the cluster, ++if any. ++ inst [0 or "VirtualIP:rhel9-node1"] value "" ++ ++ha_cluster.pacemaker.resources.group PMID: 155.5.2 [The name of the group given for this resource] ++ Data Type: string InDom: 155.4 0x26c00004 ++ Semantics: instant Units: count ++Help: ++The name given for the group for the given resource instance in the cluster, ++if any. ++ inst [0 or "VirtualIP:rhel9-node1"] value "" ++ ++ha_cluster.pacemaker.resources.managed PMID: 155.5.3 [Value is either true or false] ++ Data Type: 32-bit unsigned int InDom: 155.4 0x26c00004 ++ Semantics: instant Units: count ++Help: ++The value of whether the resource instance in the cluster is managed or not. ++ inst [0 or "VirtualIP:rhel9-node1"] value 1 ++ ++ha_cluster.pacemaker.resources.role PMID: 155.5.4 [The given role state] ++ Data Type: string InDom: 155.4 0x26c00004 ++ Semantics: instant Units: count ++Help: ++The value of the given role state for the resource instance in the cluster. ++ inst [0 or "VirtualIP:rhel9-node1"] value "Started" ++ ++ha_cluster.pacemaker.resources.status.active PMID: 155.5.5 [Whether the resources status is given as active] ++ Data Type: 32-bit unsigned int InDom: 155.4 0x26c00004 ++ Semantics: instant Units: count ++Help: ++Whether the active status is reported by the resource in the cluster, a ++value of 1 confirms the resource status as active. ++ inst [0 or "VirtualIP:rhel9-node1"] value 1 ++ ++ha_cluster.pacemaker.resources.status.blocked PMID: 155.5.7 [Whether the resources status is given as blocked] ++ Data Type: 32-bit unsigned int InDom: 155.4 0x26c00004 ++ Semantics: instant Units: count ++Help: ++Whether the blocked status is reported by the resource in the cluster, a ++value of 1 confirms the resource status as blocked. ++ inst [0 or "VirtualIP:rhel9-node1"] value 0 ++ ++ha_cluster.pacemaker.resources.status.failed PMID: 155.5.8 [Whether the resources status is given as failed] ++ Data Type: 32-bit unsigned int InDom: 155.4 0x26c00004 ++ Semantics: instant Units: count ++Help: ++Whether the failed status is reported by the resource in the cluster, a ++value of 1 confirms the resource status as failed. ++ inst [0 or "VirtualIP:rhel9-node1"] value 0 ++ ++ha_cluster.pacemaker.resources.status.failure_ignored PMID: 155.5.9 [Whether the resources status is given as failure_ignored] ++ Data Type: 32-bit unsigned int InDom: 155.4 0x26c00004 ++ Semantics: instant Units: count ++Help: ++Whether the failure_ignored status is reported by the resource in the ++cluster, a value of 1 confirms the resource status as failure_ignored. ++ inst [0 or "VirtualIP:rhel9-node1"] value 0 ++ ++ha_cluster.pacemaker.resources.status.orphaned PMID: 155.5.6 [Whether the resources status is given as orphaned] ++ Data Type: 32-bit unsigned int InDom: 155.4 0x26c00004 ++ Semantics: instant Units: count ++Help: ++Whether the orphaned status is reported by the resource in the cluster, a ++value of 1 confirms the resource status as orphaned. ++ inst [0 or "VirtualIP:rhel9-node1"] value 0 ++ ++ha_cluster.pacemaker.stonith_enabled PMID: 155.0.1 [Whether stonith is enabled in the cluster] ++ Data Type: 32-bit unsigned int InDom: PM_INDOM_NULL 0xffffffff ++ Semantics: instant Units: count ++Help: ++Value returns as to whether stonith is enabled or disabled for the cluster. ++ value 0 ++ ++ha_cluster.sbd.all PMID: 155.16.0 [SBD device information] ++ Data Type: 32-bit unsigned int InDom: 155.14 0x26c0000e ++ Semantics: instant Units: count ++Help: ++Value is 1 if a sbd device exists. The details of the corresponding SBD device ++is given as label metadata values for this metric. ++No value(s) available! ++ ++ha_cluster.sbd.devices.path PMID: 155.9.0 [Path of SBD device] ++ Data Type: string InDom: 155.7 0x26c00007 ++ Semantics: instant Units: count ++Help: ++The full path given to each SBD device. ++No value(s) available! ++ ++ha_cluster.sbd.devices.status PMID: 155.9.1 [Status of the SBD device] ++ Data Type: string InDom: 155.7 0x26c00007 ++ Semantics: instant Units: count ++Help: ++The current status given for each of the SBD devices, the value is one of ++healthy or unhealthy. ++No value(s) available! ++ ++ha_cluster.sbd.timeouts.allocate PMID: 155.9.3 [allocate timeout value] ++ Data Type: 32-bit unsigned int InDom: 155.7 0x26c00007 ++ Semantics: instant Units: count ++Help: ++The value threshold for allocate timeouts for the given SBD device. ++No value(s) available! ++ ++ha_cluster.sbd.timeouts.loop PMID: 155.9.4 [loop timeout value] ++ Data Type: 32-bit unsigned int InDom: 155.7 0x26c00007 ++ Semantics: instant Units: count ++Help: ++The value threshold for loop timeouts for the given SBD device. ++No value(s) available! ++ ++ha_cluster.sbd.timeouts.mgswait PMID: 155.9.2 [mgswait timeout value] ++ Data Type: 32-bit unsigned int InDom: 155.7 0x26c00007 ++ Semantics: instant Units: count ++Help: ++The value threshold for msgwait timeouts for the given SBD device. ++No value(s) available! ++ ++ha_cluster.sbd.timeouts.watchdog PMID: 155.9.5 [watchdog timeout value] ++ Data Type: 32-bit unsigned int InDom: 155.7 0x26c00007 ++ Semantics: instant Units: count ++Help: ++The value threshold for watchdog timeouts for the given SBD device. ++No value(s) available! ++== Checking with valgrind - hacluster-root-003.tgz ++=== std out === ++ ++ha_cluster.pacemaker.config_last_change ++ value 1687428694 ++ ++ha_cluster.corosync.quorate ++ value 1 ++ ++ha_cluster.sbd.devices.path ++No value(s) available! ++ ++ha_cluster.drbd.split_brain ++No value(s) available! ++=== std err === ++=== filtered valgrind report === ++Memcheck, a memory error detector ++Command: pminfo -L -K clear -K add,155,PCP_PMDAS_DIR/hacluster/pmda_hacluster.so,hacluster_init -f ha_cluster.pacemaker.config_last_change ha_cluster.corosync.quorate ha_cluster.sbd.devices.path ha_cluster.drbd.split_brain ++LEAK SUMMARY: ++definitely lost: 0 bytes in 0 blocks ++indirectly lost: 0 bytes in 0 blocks ++ERROR SUMMARY: 0 errors from 0 contexts ... ++ ++== done ++ ++== Checking metric descriptors and values - hacluster-root-004.tgz ++ ++ha_cluster.corosync.member_votes.local PMID: 155.6.1 [Votes that are local to this node] ++ Data Type: 32-bit unsigned int InDom: 155.5 0x26c00005 ++ Semantics: instant Units: count ++Help: ++The quorum votes which are local to this node in the cluster. ++ inst [0 or "rhel9-node1"] value 1 ++ inst [1 or "rhel9-node2"] value 0 ++ ++ha_cluster.corosync.member_votes.node_id PMID: 155.6.2 [Node ID] ++ Data Type: 64-bit unsigned int InDom: 155.5 0x26c00005 ++ Semantics: instant Units: count ++Help: ++The full corosync ID for the nodes in the cluster. ++ inst [0 or "rhel9-node1"] value 1 ++ inst [1 or "rhel9-node2"] value 2 ++ ++ha_cluster.corosync.member_votes.votes PMID: 155.6.0 [Quorum votes per node] ++ Data Type: 32-bit unsigned int InDom: 155.5 0x26c00005 ++ Semantics: instant Units: count ++Help: ++The number of quorum votes allocated to each node in the cluster. ++ inst [0 or "rhel9-node1"] value 1 ++ inst [1 or "rhel9-node2"] value 1 ++ ++ha_cluster.corosync.quorate PMID: 155.7.0 [Value given for quorate] ++ Data Type: 32-bit unsigned int InDom: PM_INDOM_NULL 0xffffffff ++ Semantics: instant Units: count ++Help: ++The value represents whether or not the cluster is quorate. ++ value 1 ++ ++ha_cluster.corosync.quorum_votes.expected_votes PMID: 155.7.1 [Expected vote count] ++ Data Type: 32-bit unsigned int InDom: PM_INDOM_NULL 0xffffffff ++ Semantics: instant Units: count ++Help: ++The number of expected quorum votes for the cluster. ++ value 2 ++ ++ha_cluster.corosync.quorum_votes.highest_expected PMID: 155.7.2 [Highest expected vote count] ++ Data Type: 32-bit unsigned int InDom: PM_INDOM_NULL 0xffffffff ++ Semantics: instant Units: count ++Help: ++The highest number of expected quorum votes for the cluster. ++ value 2 ++ ++ha_cluster.corosync.quorum_votes.quorum PMID: 155.7.4 [Whether cluster is quorate] ++ Data Type: 32-bit unsigned int InDom: PM_INDOM_NULL 0xffffffff ++ Semantics: instant Units: count ++Help: ++The value reported for the quorate for the cluster. ++ value 1 ++ ++ha_cluster.corosync.quorum_votes.total_votes PMID: 155.7.3 [Total number of votes] ++ Data Type: 32-bit unsigned int InDom: PM_INDOM_NULL 0xffffffff ++ Semantics: instant Units: count ++Help: ++The total number of quorum votes for the cluster. ++ value 2 ++ ++ha_cluster.corosync.ring_errors PMID: 155.7.5 [Number of faulty rings] ++ Data Type: 32-bit unsigned int InDom: PM_INDOM_NULL 0xffffffff ++ Semantics: instant Units: count ++Help: ++The total number of Corosync rings which are faulty. ++ value 0 ++ ++ha_cluster.corosync.rings.address PMID: 155.8.1 [IP Address for ring] ++ Data Type: string InDom: 155.6 0x26c00006 ++ Semantics: instant Units: count ++Help: ++The IP address locally linked to this ring. ++ inst [0 or "0"] value "192.168.122.148" ++ ++ha_cluster.corosync.rings.all PMID: 155.15.0 [Corosync rings information] ++ Data Type: 32-bit unsigned int InDom: 155.13 0x26c0000d ++ Semantics: instant Units: count ++Help: ++Value is 1 if a ring exists. The details of the corresponding ring ++is given as label metadata values for this metric. ++ inst [0 or "0"] value 1 ++ ++ha_cluster.corosync.rings.node_id PMID: 155.8.2 [ID of the local node] ++ Data Type: 64-bit unsigned int InDom: 155.6 0x26c00006 ++ Semantics: instant Units: count ++Help: ++The internal Corosync node ID to the node matched to the ring. ++ inst [0 or "0"] value 1 ++ ++ha_cluster.corosync.rings.number PMID: 155.8.3 [Ring number] ++ Data Type: 32-bit unsigned int InDom: 155.6 0x26c00006 ++ Semantics: instant Units: count ++Help: ++The number for the Corosync ring. ++ inst [0 or "0"] value 0 ++ ++ha_cluster.corosync.rings.ring_id PMID: 155.8.4 [Ring ID] ++ Data Type: string InDom: 155.6 0x26c00006 ++ Semantics: instant Units: count ++Help: ++The internal Corosync ring ID, corresponds to the first node to join. ++ inst [0 or "0"] value "1.9" ++ ++ha_cluster.corosync.rings.status PMID: 155.8.0 [Corosync ring status] ++ Data Type: 32-bit unsigned int InDom: 155.6 0x26c00006 ++ Semantics: instant Units: count ++Help: ++The status for each Corosync ring in the cluster, a value of 1 is faulty and ++0 is healthy. ++ inst [0 or "0"] value 0 ++ ++ha_cluster.drbd.al_writes PMID: 155.10.6 [Writes to the activity log] ++ Data Type: 64-bit unsigned int InDom: 155.8 0x26c00008 ++ Semantics: instant Units: count ++Help: ++Amount of writes to the activity log area of metadata by the DRBD ++resource:volume. ++No value(s) available! ++ ++ha_cluster.drbd.bm_writes PMID: 155.10.7 [Writes to bitmap area] ++ Data Type: 64-bit unsigned int InDom: 155.8 0x26c00008 ++ Semantics: instant Units: count ++Help: ++Amount of writes to the bitmap area of metadata by the DRBD resource:volume. ++No value(s) available! ++ ++ha_cluster.drbd.connections.all PMID: 155.18.0 [DRBD Peer disk information] ++ Data Type: 32-bit unsigned int InDom: 155.16 0x26c00010 ++ Semantics: instant Units: count ++Help: ++Value is 1 if a DRBD peer connection exists. Details of the corresponding ++DRBD peer connection are given as label metadata values for this metric. ++No value(s) available! ++ ++ha_cluster.drbd.connections.peer_disk_state PMID: 155.11.4 [Peer disk state] ++ Data Type: string InDom: 155.9 0x26c00009 ++ Semantics: instant Units: count ++Help: ++The reported peer disk state for the connection. ++No value(s) available! ++ ++ha_cluster.drbd.connections.peer_node_id PMID: 155.11.1 [The ID the connection is for] ++ Data Type: string InDom: 155.9 0x26c00009 ++ Semantics: instant Units: count ++Help: ++The given peer node ID for which the connection is for. ++No value(s) available! ++ ++ha_cluster.drbd.connections.peer_role PMID: 155.11.2 [Role of the connection] ++ Data Type: string InDom: 155.9 0x26c00009 ++ Semantics: instant Units: count ++Help: ++The reported role type for the connection. ++No value(s) available! ++ ++ha_cluster.drbd.connections.resource PMID: 155.11.0 [Resource that the connection is for] ++ Data Type: string InDom: 155.9 0x26c00009 ++ Semantics: instant Units: count ++Help: ++The given resource that the DRBD connection is for each resource:volume. ++No value(s) available! ++ ++ha_cluster.drbd.connections.volume PMID: 155.11.3 [Volume number] ++ Data Type: 32-bit unsigned int InDom: 155.9 0x26c00009 ++ Semantics: instant Units: count ++Help: ++The reported volume for the connection. ++No value(s) available! ++ ++ha_cluster.drbd.connections_pending PMID: 155.11.8 [Number of connections pending] ++ Data Type: 32-bit unsigned int InDom: 155.9 0x26c00009 ++ Semantics: instant Units: count ++Help: ++The number of requests sent which have not yet been received by DRBD for the ++resource:volume. ++No value(s) available! ++ ++ha_cluster.drbd.connections_received PMID: 155.11.6 [Volume of data received] ++ Data Type: 64-bit unsigned int InDom: 155.9 0x26c00009 ++ Semantics: instant Units: count ++Help: ++The volume of data received via the network connection in KiB by DRBD for the ++resource:volume. ++No value(s) available! ++ ++ha_cluster.drbd.connections_sent PMID: 155.11.7 [Volume of data sent] ++ Data Type: 64-bit unsigned int InDom: 155.9 0x26c00009 ++ Semantics: instant Units: count ++Help: ++The volume of data sent via the network connection in KiB by DRBD for the ++resource:volume. ++No value(s) available! ++ ++ha_cluster.drbd.connections_sync PMID: 155.11.5 [Connections in sync] ++ Data Type: float InDom: 155.9 0x26c00009 ++ Semantics: instant Units: count ++Help: ++The number of DRBD connections in sync for each resource:volume, this value is ++between 0 to 100. ++No value(s) available! ++ ++ha_cluster.drbd.connections_unacked PMID: 155.11.9 [Number of connection not acknowledged] ++ Data Type: 32-bit unsigned int InDom: 155.9 0x26c00009 ++ Semantics: instant Units: count ++Help: ++The number of requests sent which have not yet been acknowledged by DRBD for ++the resource:volume. ++No value(s) available! ++ ++ha_cluster.drbd.lower_pending PMID: 155.10.9 [Number of open requests] ++ Data Type: 64-bit unsigned int InDom: 155.8 0x26c00008 ++ Semantics: instant Units: count ++Help: ++The number of open requests to the local I/O subsystem by DRBD for the ++resource:volume. ++No value(s) available! ++ ++ha_cluster.drbd.quorum PMID: 155.10.10 [Quorum status of DRBD resource:volume] ++ Data Type: 32-bit unsigned int InDom: 155.8 0x26c00008 ++ Semantics: instant Units: count ++Help: ++The Quorum status of the DRBD resource according to resource:volume, 1 is ++quorate and 0 is non-quorate. ++No value(s) available! ++ ++ha_cluster.drbd.read PMID: 155.10.5 [Amount read by DRBD resource] ++ Data Type: 32-bit unsigned int InDom: 155.8 0x26c00008 ++ Semantics: instant Units: count ++Help: ++Amount in KiB read by the DRBD resource:volume. ++No value(s) available! ++ ++ha_cluster.drbd.resources.all PMID: 155.17.0 [DRBD resource information] ++ Data Type: 32-bit unsigned int InDom: 155.15 0x26c0000f ++ Semantics: instant Units: count ++Help: ++Value is 1 if a DRBD resource exists. Details of the corresponding DRBD ++resource are given as label metadata values for this metric. ++No value(s) available! ++ ++ha_cluster.drbd.resources.disk_state PMID: 155.10.3 [Disk state] ++ Data Type: string InDom: 155.8 0x26c00008 ++ Semantics: instant Units: count ++Help: ++The current reported disk state of for the resource:volume. ++No value(s) available! ++ ++ha_cluster.drbd.resources.resource PMID: 155.10.0 [Name of the resource] ++ Data Type: string InDom: 155.8 0x26c00008 ++ Semantics: instant Units: count ++Help: ++The name given for the DRBD resource for each resource:volume. ++No value(s) available! ++ ++ha_cluster.drbd.resources.role PMID: 155.10.1 [Role of the resource] ++ Data Type: string InDom: 155.8 0x26c00008 ++ Semantics: instant Units: count ++Help: ++The reported role for the DRBD resource for each resource:volume. ++No value(s) available! ++ ++ha_cluster.drbd.resources.volume PMID: 155.10.2 [Volume of the resource] ++ Data Type: string InDom: 155.8 0x26c00008 ++ Semantics: instant Units: count ++Help: ++The volume number of the resource for each resource:volume. ++No value(s) available! ++ ++ha_cluster.drbd.split_brain PMID: 155.10.11 [Signal for split brain detection.] ++ Data Type: 32-bit unsigned int InDom: 155.8 0x26c00008 ++ Semantics: instant Units: count ++Help: ++This metric signals if there has been a split brain occurring in DRBD for the ++resource:volume, value is 1 is a split brain has been detected. ++No value(s) available! ++ ++ha_cluster.drbd.upper_pending PMID: 155.10.8 [Block I/O requests pending] ++ Data Type: 64-bit unsigned int InDom: 155.8 0x26c00008 ++ Semantics: instant Units: count ++Help: ++The number of the block I/O requests forwarded but not yet answered by DRBD ++for the resource:volume. ++No value(s) available! ++ ++ha_cluster.drbd.written PMID: 155.10.4 [Amount written to DRBD resource] ++ Data Type: 32-bit unsigned int InDom: 155.8 0x26c00008 ++ Semantics: instant Units: count ++Help: ++Amount in KiB written to the DRBD resource:volume. ++No value(s) available! ++ ++ha_cluster.pacemaker.config_last_change PMID: 155.0.0 [Unix timestamp corresponding to last Pacemaker configuration change] ++ Data Type: 64-bit unsigned int InDom: PM_INDOM_NULL 0xffffffff ++ Semantics: instant Units: count ++Help: ++Unix timestamp in seconds corresponding to the last time that the Pacemaker ++configuration was changed on the system. ++ value 1687428694 ++ ++ha_cluster.pacemaker.fail_count PMID: 155.1.0 [The number of fail count recorded] ++ Data Type: 64-bit unsigned int InDom: 155.0 0x26c00000 ++ Semantics: instant Units: count ++Help: ++The number of fail count per node and resource ID, the actual maximum value ++depends on Pacemaker internals. ++ inst [0 or "rhel9-node1:VirtualIP"] value 0 ++ ++ha_cluster.pacemaker.location_constraints.all PMID: 155.12.0 [Location constraint information] ++ Data Type: 32-bit unsigned int InDom: 155.10 0x26c0000a ++ Semantics: instant Units: count ++Help: ++Value is 1 if a location constraint exists. The details of the location constraint ++is given as label metadata values for this metric. ++No value(s) available! ++ ++ha_cluster.pacemaker.location_constraints.node PMID: 155.2.0 [Node of the location constraint] ++ Data Type: string InDom: 155.1 0x26c00001 ++ Semantics: instant Units: count ++Help: ++The node that the location constraint applies to in the cluster. ++No value(s) available! ++ ++ha_cluster.pacemaker.location_constraints.resource PMID: 155.2.1 [Resource of the location constraint] ++ Data Type: string InDom: 155.1 0x26c00001 ++ Semantics: instant Units: count ++Help: ++The resource that the location constraint applies to in the cluster. ++No value(s) available! ++ ++ha_cluster.pacemaker.location_constraints.role PMID: 155.2.2 [Resource role of the location constraint] ++ Data Type: string InDom: 155.1 0x26c00001 ++ Semantics: instant Units: count ++Help: ++The resource role that the location constraint applies to, if any. ++No value(s) available! ++ ++ha_cluster.pacemaker.location_constraints.score PMID: 155.2.3 [Score of the location constraint] ++ Data Type: string InDom: 155.1 0x26c00001 ++ Semantics: instant Units: count ++Help: ++The score given to the location constraint by Pacemaker, the value depends on ++Pacemaker internals. ++No value(s) available! ++ ++ha_cluster.pacemaker.migration_threshold PMID: 155.1.1 [Migration threshold per node and resource ID] ++ Data Type: 64-bit unsigned int InDom: 155.0 0x26c00000 ++ Semantics: instant Units: count ++Help: ++The value for the migration threshold per node and resource ID set by the ++Pacemaker cluster. ++ inst [0 or "rhel9-node1:VirtualIP"] value 1000000 ++ ++ha_cluster.pacemaker.node_attributes PMID: 155.4.0 [Metadata used by Resource Agents] ++ Data Type: string InDom: 155.3 0x26c00003 ++ Semantics: instant Units: count ++Help: ++The raw values for the cluster metadata attributes and their value per node as ++used by the Resource Agents. ++No value(s) available! ++ ++ha_cluster.pacemaker.node_attributes_all PMID: 155.13.0 [Metadata information] ++ Data Type: 32-bit unsigned int InDom: 155.11 0x26c0000b ++ Semantics: instant Units: count ++Help: ++Value is 1 if a node metadata exists. The details of the node metadata ++is given as label metadata values for this metric. ++No value(s) available! ++ ++ha_cluster.pacemaker.nodes.status.dc PMID: 155.3.8 [Whether the node status is given as the DC] ++ Data Type: 32-bit unsigned int InDom: 155.2 0x26c00002 ++ Semantics: instant Units: count ++Help: ++Whether the DC status is reported by the node in the cluster, a ++value of 1 confirms the node status as the designated coordinator. ++ inst [0 or "rhel9-node1"] value 1 ++ inst [1 or "rhel9-node2"] value 0 ++ ++ha_cluster.pacemaker.nodes.status.expected_up PMID: 155.3.7 [Whether the node status is given as expected_up] ++ Data Type: 32-bit unsigned int InDom: 155.2 0x26c00002 ++ Semantics: instant Units: count ++Help: ++Whether the expected_up status is reported by the node in the cluster, a ++value of 1 confirms the node status as expected_up. ++ inst [0 or "rhel9-node1"] value 1 ++ inst [1 or "rhel9-node2"] value 1 ++ ++ha_cluster.pacemaker.nodes.status.maintenance PMID: 155.3.3 [Whether the node status is given as maintenance] ++ Data Type: 32-bit unsigned int InDom: 155.2 0x26c00002 ++ Semantics: instant Units: count ++Help: ++Whether the maintenance status is reported by the node in the cluster, a ++value of 1 confirms the node status as online. ++ inst [0 or "rhel9-node1"] value 0 ++ inst [1 or "rhel9-node2"] value 0 ++ ++ha_cluster.pacemaker.nodes.status.online PMID: 155.3.0 [Whether the node status is given as online] ++ Data Type: 32-bit unsigned int InDom: 155.2 0x26c00002 ++ Semantics: instant Units: count ++Help: ++Whether the online status is reported by the node in the cluster, a value of ++1 confirms the node status as online. ++ inst [0 or "rhel9-node1"] value 1 ++ inst [1 or "rhel9-node2"] value 1 ++ ++ha_cluster.pacemaker.nodes.status.pending PMID: 155.3.4 [Whether the node status is given as pending] ++ Data Type: 32-bit unsigned int InDom: 155.2 0x26c00002 ++ Semantics: instant Units: count ++Help: ++Whether the pending status is reported by the node in the cluster, a value of ++1 confirms the node status as pending. ++ inst [0 or "rhel9-node1"] value 0 ++ inst [1 or "rhel9-node2"] value 0 ++ ++ha_cluster.pacemaker.nodes.status.shutdown PMID: 155.3.6 [Whether the node status is given as shutdown] ++ Data Type: 32-bit unsigned int InDom: 155.2 0x26c00002 ++ Semantics: instant Units: count ++Help: ++Whether the shutdown status is reported by the node in the cluster, a value ++of 1 confirms the node status as shutdown. ++ inst [0 or "rhel9-node1"] value 0 ++ inst [1 or "rhel9-node2"] value 0 ++ ++ha_cluster.pacemaker.nodes.status.standby PMID: 155.3.1 [Whether the node status is given as standby] ++ Data Type: 32-bit unsigned int InDom: 155.2 0x26c00002 ++ Semantics: instant Units: count ++Help: ++Whether the standby status is reported by the node in the cluster, a value of ++1 confirms the node status as standby. ++ inst [0 or "rhel9-node1"] value 0 ++ inst [1 or "rhel9-node2"] value 0 ++ ++ha_cluster.pacemaker.nodes.status.standby_on_fail PMID: 155.3.2 [Whether the node status is given as standby_on_fail] ++ Data Type: 32-bit unsigned int InDom: 155.2 0x26c00002 ++ Semantics: instant Units: count ++Help: ++Whether the standby_on_fail status is reported by the node in the cluster, ++a value of 1 confirms the node status as standby_on_fail. ++ inst [0 or "rhel9-node1"] value 0 ++ inst [1 or "rhel9-node2"] value 0 ++ ++ha_cluster.pacemaker.nodes.status.unclean PMID: 155.3.5 [Whether the node status is given as unclean] ++ Data Type: 32-bit unsigned int InDom: 155.2 0x26c00002 ++ Semantics: instant Units: count ++Help: ++Whether the unclean status is reported by the node in the cluster, a value of ++1 confirms the node status as unclean. ++ inst [0 or "rhel9-node1"] value 0 ++ inst [1 or "rhel9-node2"] value 0 ++ ++ha_cluster.pacemaker.nodes.type PMID: 155.3.9 [The type given to the node] ++ Data Type: string InDom: 155.2 0x26c00002 ++ Semantics: instant Units: count ++Help: ++The membership type given to the node in the Pacemaker cluster. ++ inst [0 or "rhel9-node1"] value "member" ++ inst [1 or "rhel9-node2"] value "member" ++ ++ha_cluster.pacemaker.resources.agent PMID: 155.5.0 [The name of the resource agent for this resource] ++ Data Type: string InDom: 155.4 0x26c00004 ++ Semantics: instant Units: count ++Help: ++The name given for the resource agent for the given resource instance in the ++cluster. ++ inst [2 or "SAPHana_HDB_00:rh9dhdb00l08b"] value "ocf:heartbeat:SAPHana" ++ inst [1 or "SAPHana_HDB_00:rh9dhdb00l18b"] value "ocf:heartbeat:SAPHana" ++ inst [0 or "VirtualIP:rhel9-node1"] value "ocf:heartbeat:IPaddr2" ++ ++ha_cluster.pacemaker.resources.all PMID: 155.14.0 [Pacemaker resources information] ++ Data Type: 32-bit unsigned int InDom: 155.12 0x26c0000c ++ Semantics: instant Units: count ++Help: ++Value is 1 if a resources exists. The details of the resource ++is given as label metadata values for this metric. ++ inst [2 or "SAPHana_HDB_00:rh9dhdb00l08b"] value 1 ++ inst [1 or "SAPHana_HDB_00:rh9dhdb00l18b"] value 1 ++ inst [0 or "VirtualIP:rhel9-node1"] value 1 ++ ++ha_cluster.pacemaker.resources.clone PMID: 155.5.1 [The name of the clone given for this resource] ++ Data Type: string InDom: 155.4 0x26c00004 ++ Semantics: instant Units: count ++Help: ++The name given for the clone for the given resource instance in the cluster, ++if any. ++ inst [2 or "SAPHana_HDB_00:rh9dhdb00l08b"] value "SAPHana_HDB_00-clone" ++ inst [1 or "SAPHana_HDB_00:rh9dhdb00l18b"] value "SAPHana_HDB_00-clone" ++ inst [0 or "VirtualIP:rhel9-node1"] value "" ++ ++ha_cluster.pacemaker.resources.group PMID: 155.5.2 [The name of the group given for this resource] ++ Data Type: string InDom: 155.4 0x26c00004 ++ Semantics: instant Units: count ++Help: ++The name given for the group for the given resource instance in the cluster, ++if any. ++ inst [2 or "SAPHana_HDB_00:rh9dhdb00l08b"] value "" ++ inst [1 or "SAPHana_HDB_00:rh9dhdb00l18b"] value "" ++ inst [0 or "VirtualIP:rhel9-node1"] value "" ++ ++ha_cluster.pacemaker.resources.managed PMID: 155.5.3 [Value is either true or false] ++ Data Type: 32-bit unsigned int InDom: 155.4 0x26c00004 ++ Semantics: instant Units: count ++Help: ++The value of whether the resource instance in the cluster is managed or not. ++ inst [2 or "SAPHana_HDB_00:rh9dhdb00l08b"] value 1 ++ inst [1 or "SAPHana_HDB_00:rh9dhdb00l18b"] value 1 ++ inst [0 or "VirtualIP:rhel9-node1"] value 1 ++ ++ha_cluster.pacemaker.resources.role PMID: 155.5.4 [The given role state] ++ Data Type: string InDom: 155.4 0x26c00004 ++ Semantics: instant Units: count ++Help: ++The value of the given role state for the resource instance in the cluster. ++ inst [2 or "SAPHana_HDB_00:rh9dhdb00l08b"] value "Unpromoted" ++ inst [1 or "SAPHana_HDB_00:rh9dhdb00l18b"] value "Promoted" ++ inst [0 or "VirtualIP:rhel9-node1"] value "Started" ++ ++ha_cluster.pacemaker.resources.status.active PMID: 155.5.5 [Whether the resources status is given as active] ++ Data Type: 32-bit unsigned int InDom: 155.4 0x26c00004 ++ Semantics: instant Units: count ++Help: ++Whether the active status is reported by the resource in the cluster, a ++value of 1 confirms the resource status as active. ++ inst [2 or "SAPHana_HDB_00:rh9dhdb00l08b"] value 1 ++ inst [1 or "SAPHana_HDB_00:rh9dhdb00l18b"] value 1 ++ inst [0 or "VirtualIP:rhel9-node1"] value 1 ++ ++ha_cluster.pacemaker.resources.status.blocked PMID: 155.5.7 [Whether the resources status is given as blocked] ++ Data Type: 32-bit unsigned int InDom: 155.4 0x26c00004 ++ Semantics: instant Units: count ++Help: ++Whether the blocked status is reported by the resource in the cluster, a ++value of 1 confirms the resource status as blocked. ++ inst [2 or "SAPHana_HDB_00:rh9dhdb00l08b"] value 0 ++ inst [1 or "SAPHana_HDB_00:rh9dhdb00l18b"] value 0 ++ inst [0 or "VirtualIP:rhel9-node1"] value 0 ++ ++ha_cluster.pacemaker.resources.status.failed PMID: 155.5.8 [Whether the resources status is given as failed] ++ Data Type: 32-bit unsigned int InDom: 155.4 0x26c00004 ++ Semantics: instant Units: count ++Help: ++Whether the failed status is reported by the resource in the cluster, a ++value of 1 confirms the resource status as failed. ++ inst [2 or "SAPHana_HDB_00:rh9dhdb00l08b"] value 0 ++ inst [1 or "SAPHana_HDB_00:rh9dhdb00l18b"] value 0 ++ inst [0 or "VirtualIP:rhel9-node1"] value 0 ++ ++ha_cluster.pacemaker.resources.status.failure_ignored PMID: 155.5.9 [Whether the resources status is given as failure_ignored] ++ Data Type: 32-bit unsigned int InDom: 155.4 0x26c00004 ++ Semantics: instant Units: count ++Help: ++Whether the failure_ignored status is reported by the resource in the ++cluster, a value of 1 confirms the resource status as failure_ignored. ++ inst [2 or "SAPHana_HDB_00:rh9dhdb00l08b"] value 0 ++ inst [1 or "SAPHana_HDB_00:rh9dhdb00l18b"] value 0 ++ inst [0 or "VirtualIP:rhel9-node1"] value 0 ++ ++ha_cluster.pacemaker.resources.status.orphaned PMID: 155.5.6 [Whether the resources status is given as orphaned] ++ Data Type: 32-bit unsigned int InDom: 155.4 0x26c00004 ++ Semantics: instant Units: count ++Help: ++Whether the orphaned status is reported by the resource in the cluster, a ++value of 1 confirms the resource status as orphaned. ++ inst [2 or "SAPHana_HDB_00:rh9dhdb00l08b"] value 0 ++ inst [1 or "SAPHana_HDB_00:rh9dhdb00l18b"] value 0 ++ inst [0 or "VirtualIP:rhel9-node1"] value 0 ++ ++ha_cluster.pacemaker.stonith_enabled PMID: 155.0.1 [Whether stonith is enabled in the cluster] ++ Data Type: 32-bit unsigned int InDom: PM_INDOM_NULL 0xffffffff ++ Semantics: instant Units: count ++Help: ++Value returns as to whether stonith is enabled or disabled for the cluster. ++ value 0 ++ ++ha_cluster.sbd.all PMID: 155.16.0 [SBD device information] ++ Data Type: 32-bit unsigned int InDom: 155.14 0x26c0000e ++ Semantics: instant Units: count ++Help: ++Value is 1 if a sbd device exists. The details of the corresponding SBD device ++is given as label metadata values for this metric. ++No value(s) available! ++ ++ha_cluster.sbd.devices.path PMID: 155.9.0 [Path of SBD device] ++ Data Type: string InDom: 155.7 0x26c00007 ++ Semantics: instant Units: count ++Help: ++The full path given to each SBD device. ++No value(s) available! ++ ++ha_cluster.sbd.devices.status PMID: 155.9.1 [Status of the SBD device] ++ Data Type: string InDom: 155.7 0x26c00007 ++ Semantics: instant Units: count ++Help: ++The current status given for each of the SBD devices, the value is one of ++healthy or unhealthy. ++No value(s) available! ++ ++ha_cluster.sbd.timeouts.allocate PMID: 155.9.3 [allocate timeout value] ++ Data Type: 32-bit unsigned int InDom: 155.7 0x26c00007 ++ Semantics: instant Units: count ++Help: ++The value threshold for allocate timeouts for the given SBD device. ++No value(s) available! ++ ++ha_cluster.sbd.timeouts.loop PMID: 155.9.4 [loop timeout value] ++ Data Type: 32-bit unsigned int InDom: 155.7 0x26c00007 ++ Semantics: instant Units: count ++Help: ++The value threshold for loop timeouts for the given SBD device. ++No value(s) available! ++ ++ha_cluster.sbd.timeouts.mgswait PMID: 155.9.2 [mgswait timeout value] ++ Data Type: 32-bit unsigned int InDom: 155.7 0x26c00007 ++ Semantics: instant Units: count ++Help: ++The value threshold for msgwait timeouts for the given SBD device. ++No value(s) available! ++ ++ha_cluster.sbd.timeouts.watchdog PMID: 155.9.5 [watchdog timeout value] ++ Data Type: 32-bit unsigned int InDom: 155.7 0x26c00007 ++ Semantics: instant Units: count ++Help: ++The value threshold for watchdog timeouts for the given SBD device. ++No value(s) available! ++== Checking with valgrind - hacluster-root-004.tgz ++=== std out === ++ ++ha_cluster.pacemaker.config_last_change + value 1687428694 + + ha_cluster.corosync.quorate +diff -Naurp pcp-5.3.7.orig/src/pmdas/hacluster/help pcp-5.3.7/src/pmdas/hacluster/help +--- pcp-5.3.7.orig/src/pmdas/hacluster/help 2024-09-09 13:44:34.188748251 +1000 ++++ pcp-5.3.7/src/pmdas/hacluster/help 2024-09-09 14:06:41.856001440 +1000 +@@ -281,8 +281,8 @@ The volume number of the resource for ea + The current reported disk state of for the resource:volume. + + @ ha_cluster.drbd.resources.all DRBD resource information +-Value is 1 if a drbd resource exists. The details of the corresponding drbd resource +-is given as label metadata values for this metric. ++Value is 1 if a DRBD resource exists. Details of the corresponding DRBD ++resource are given as label metadata values for this metric. + + @ ha_cluster.drbd.connections.resource Resource that the connection is for + The given resource that the DRBD connection is for each resource:volume. +@@ -300,5 +300,5 @@ The reported volume for the connection. + The reported peer disk state for the connection. + + @ ha_cluster.drbd.connections.all DRBD Peer disk information +-Value is 1 if a drbd peer connection exists. The details of the corresponding DRBD peer +-connection is given as label metadata values for this metric. ++Value is 1 if a DRBD peer connection exists. Details of the corresponding ++DRBD peer connection are given as label metadata values for this metric. +diff -Naurp pcp-5.3.7.orig/src/pmdas/hacluster/pacemaker.c pcp-5.3.7/src/pmdas/hacluster/pacemaker.c +--- pcp-5.3.7.orig/src/pmdas/hacluster/pacemaker.c 2024-09-09 13:44:34.188748251 +1000 ++++ pcp-5.3.7/src/pmdas/hacluster/pacemaker.c 2024-09-09 14:07:19.195073054 +1000 +@@ -707,6 +707,7 @@ hacluster_refresh_pacemaker_resources(co + /* Collect our metrics */ + if (strstr(buffer, "resource id=") && strstr(buffer, resource_id)) { + ++ /* Pacemaker v2.14 and prior crm_mon format */ + if (strstr(buffer, "target_role")) { + sscanf(buffer, "%*s %*s resource_agent=\"%[^\"]\" role=\"%[^\"]\" %*s active=\"%7[^\"]\" orphaned=\"%7[^\"]\" blocked=\"%7[^\"]\" managed=\"%7[^\"]\" failed=\"%7[^\"]\" failure_ignored=\"%7[^\"]\"", + resources->agent, +@@ -718,6 +719,21 @@ hacluster_refresh_pacemaker_resources(co + failed, + failure_ignored + ); ++ ++ /* Pacemaker v2.16+ crm_mon format */ ++ } else if (strstr(buffer, "maintenance")) { ++ sscanf(buffer, "%*s %*s resource_agent=\"%[^\"]\" role=\"%[^\"]\" active=\"%7[^\"]\" orphaned=\"%7[^\"]\" blocked=\"%7[^\"]\" %*s managed=\"%7[^\"]\" failed=\"%7[^\"]\" failure_ignored=\"%7[^\"]\"", ++ resources->agent, ++ resources->role, ++ active, ++ orphaned, ++ blocked, ++ managed, ++ failed, ++ failure_ignored ++ ); ++ ++ /* Pacemaker v2.15 crm_mon format */ + } else { + sscanf(buffer, "%*s %*s resource_agent=\"%[^\"]\" role=\"%[^\"]\" active=\"%7[^\"]\" orphaned=\"%7[^\"]\" blocked=\"%7[^\"]\" managed=\"%7[^\"]\" failed=\"%7[^\"]\" failure_ignored=\"%7[^\"]\"", + resources->agent, +diff -Naurp pcp-5.3.7.orig/src/pmdas/hacluster/pacemaker.h pcp-5.3.7/src/pmdas/hacluster/pacemaker.h +--- pcp-5.3.7.orig/src/pmdas/hacluster/pacemaker.h 2021-07-13 09:34:38.000000000 +1000 ++++ pcp-5.3.7/src/pmdas/hacluster/pacemaker.h 2024-09-09 14:09:15.311326455 +1000 +@@ -83,7 +83,7 @@ struct fail_count { + struct location_constraints { + char node[128]; + char resource[128]; +- char role[10]; ++ char role[18]; + char score[10]; + }; + +@@ -109,7 +109,7 @@ struct resources { + char clone[128]; + char group[128]; + uint8_t managed; +- char role[10]; ++ char role[18]; + uint8_t active; + uint8_t orphaned; + uint8_t blocked; diff --git a/redhat-issues-RHEL-57796-pmcd-pmstore-corruption.patch b/redhat-issues-RHEL-57796-pmcd-pmstore-corruption.patch new file mode 100644 index 0000000..e74d5f5 --- /dev/null +++ b/redhat-issues-RHEL-57796-pmcd-pmstore-corruption.patch @@ -0,0 +1,403 @@ +diff -Naurp pcp-5.3.7.orig/qa/1518 pcp-5.3.7/qa/1518 +--- pcp-5.3.7.orig/qa/1518 1970-01-01 10:00:00.000000000 +1000 ++++ pcp-5.3.7/qa/1518 2024-09-09 13:13:14.561437414 +1000 +@@ -0,0 +1,75 @@ ++#!/bin/sh ++# PCP QA Test No. 1518 ++# SUSE Issue A) ++# __pmDecodeValueSet() Miscalculates Available Buffer Space ++# Leading to a Possible Heap Corruption ++# ++# Copyright (c) 2024 Ken McDonell. All Rights Reserved. ++# Copyright (c) 2024 Matthias Gerstner. All Rights Reserved. ++# ++ ++if [ $# -eq 0 ] ++then ++ seq=`basename $0` ++ echo "QA output created by $seq" ++else ++ # use $seq from caller, unless not set ++ [ -n "$seq" ] || seq=`basename $0` ++ echo "QA output created by `basename $0` $*" ++fi ++ ++# get standard environment, filters and checks ++. ./common.product ++. ./common.filter ++. ./common.check ++ ++$sudo rm -rf $tmp $tmp.* $seq.full ++ ++which nc >/dev/null 2>&1 || _notrun "no nc executable installed" ++_check_valgrind ++ ++_cleanup() ++{ ++ cat pmcd.log >>$here/$seq.full ++ cd $here ++ $sudo rm -rf $tmp $tmp.* ++} ++ ++status=0 # success is the default! ++trap "_cleanup; exit \$status" 0 1 2 3 15 ++ ++_filter() ++{ ++ sed \ ++ -e '/^Command: /d' \ ++ # end ++} ++ ++mkdir $tmp || exit 1 ++cd $tmp ++grep sampledso $PCP_PMCDCONF_PATH >pmcd.conf ++cat pmcd.conf >>$here/$seq.full ++port=`_find_free_port` ++echo "port=$port" >>$here/$seq.full ++ ++# real QA test starts here ++valgrind $PCP_BINADM_DIR/pmcd -f -Dpdu -c ./pmcd.conf -s ./pmcd.socket -p $port >out 2>err & ++valgrind_pid=$! ++sleep 2 ++pmcd_pid=`$PCP_PS_PROG $PCP_PS_ALL_FLAGS | grep '[p]mcd -f -Dpdu' | $PCP_AWK_PROG '{ print $2 }'` ++echo "pmcd_pid=$pmcd_pid" >>$here/$seq.full ++nc -N -U ./pmcd.socket <$here/binary/decode-value-set-out-of-bound-write 2>&1 \ ++| od -c >>$here/$seq.full ++sleep 2 ++kill -TERM $pmcd_pid ++wait ++ ++echo "expect error to be logged ..." ++grep __pmDecodeValueSet pmcd.log ++ ++echo ++echo "and no valgrind badness ..." ++cat out err | _filter_valgrind | _filter ++ ++# success, all done ++exit +diff -Naurp pcp-5.3.7.orig/qa/1518.out pcp-5.3.7/qa/1518.out +--- pcp-5.3.7.orig/qa/1518.out 1970-01-01 10:00:00.000000000 +1000 ++++ pcp-5.3.7/qa/1518.out 2024-09-09 13:13:14.561437414 +1000 +@@ -0,0 +1,11 @@ ++QA output created by 1518 ++expect error to be logged ... ++__pmDecodeValueSet: PM_ERR_IPC: pmid[0] value[0] vindex=1020 (max=255) ++ ++and no valgrind badness ... ++Memcheck, a memory error detector ++LEAK SUMMARY: ++definitely lost: 0 bytes in 0 blocks ++indirectly lost: 0 bytes in 0 blocks ++Rerun with --leak-check=full to see details of leaked memory ++ERROR SUMMARY: 0 errors from 0 contexts ... +diff -Naurp pcp-5.3.7.orig/qa/group pcp-5.3.7/qa/group +--- pcp-5.3.7.orig/qa/group 2024-09-09 13:11:13.796450545 +1000 ++++ pcp-5.3.7/qa/group 2024-09-09 13:13:49.419437747 +1000 +@@ -1847,6 +1847,7 @@ x11 + 1490 python local labels + 1495 pmlogrewrite labels pmdumplog local + 1511 pmcd local pmda.sample ++1518 pmcd libpcp local + 1530 pmda.zfs local valgrind + 1531 pmda.zfs local valgrind + 1532 pmda.zfs local +diff -Naurp pcp-5.3.7.orig/src/libpcp/src/endian.c pcp-5.3.7/src/libpcp/src/endian.c +--- pcp-5.3.7.orig/src/libpcp/src/endian.c 2022-04-05 09:05:43.000000000 +1000 ++++ pcp-5.3.7/src/libpcp/src/endian.c 2024-09-09 13:20:56.967560588 +1000 +@@ -268,13 +268,17 @@ ntohEventArray(pmValueBlock * const vb, + } + + void +-__ntohpmValueBlock(pmValueBlock * const vb) ++__ntohpmValueBlock_hdr(pmValueBlock * const vb) + { + unsigned int *ip = (unsigned int *)vb; + + /* Swab the first word, which contain vtype and vlen */ + *ip = ntohl(*ip); ++} + ++void ++__ntohpmValueBlock_buf(pmValueBlock * const vb) ++{ + switch (vb->vtype) { + case PM_TYPE_U64: + case PM_TYPE_64: +@@ -298,6 +302,13 @@ __ntohpmValueBlock(pmValueBlock * const + break; + } + } ++ ++void ++__ntohpmValueBlock(pmValueBlock * const vb) ++{ ++ __ntohpmValueBlock_hdr(vb); ++ __ntohpmValueBlock_buf(vb); ++} + #endif + + #ifndef __htonpmPDUInfo +diff -Naurp pcp-5.3.7.orig/src/libpcp/src/internal.h pcp-5.3.7/src/libpcp/src/internal.h +--- pcp-5.3.7.orig/src/libpcp/src/internal.h 2022-04-05 09:05:43.000000000 +1000 ++++ pcp-5.3.7/src/libpcp/src/internal.h 2024-09-09 13:21:44.336608061 +1000 +@@ -60,6 +60,8 @@ extern int __pmGetDate(struct timespec * + #define __ntohpmLabel(a) /* noop */ + #define __htonpmValueBlock(a) /* noop */ + #define __ntohpmValueBlock(a) /* noop */ ++#define __ntohpmValueBlock_hdr(a) /* noop */ ++#define __ntohpmValueBlock_buf(a) /* noop */ + #define __htonpmTimespec(a) /* noop */ + #define __ntohpmTimespec(a) /* noop */ + #define __htonpmTimestamp(a) /* noop */ +@@ -94,6 +96,8 @@ extern void __htonpmLabel(pmLabel * cons + extern void __ntohpmLabel(pmLabel * const) _PCP_HIDDEN; + extern void __htonpmValueBlock(pmValueBlock * const) _PCP_HIDDEN; + extern void __ntohpmValueBlock(pmValueBlock * const) _PCP_HIDDEN; ++extern void __ntohpmValueBlock_hdr(pmValueBlock * const) _PCP_HIDDEN; ++extern void __ntohpmValueBlock_buf(pmValueBlock * const) _PCP_HIDDEN; + extern void __htonpmTimespec(pmTimespec * const ) _PCP_HIDDEN; + extern void __ntohpmTimespec(pmTimespec * const ) _PCP_HIDDEN; + extern void __htonpmTimestamp(__pmTimestamp * const ); +diff -Naurp pcp-5.3.7.orig/src/libpcp/src/p_result.c pcp-5.3.7/src/libpcp/src/p_result.c +--- pcp-5.3.7.orig/src/libpcp/src/p_result.c 2022-04-05 09:05:43.000000000 +1000 ++++ pcp-5.3.7/src/libpcp/src/p_result.c 2024-09-09 13:27:16.651969214 +1000 +@@ -277,6 +277,135 @@ __pmSendHighResResult(int fd, int from, + return __pmSendHighResResult_ctx(NULL, fd, from, result); + } + ++/* Check that a network encoded event array is within a given buffer size */ ++int ++__pmEventArrayCheck(pmValueBlock * const vb, int highres, int pmid, int value, size_t check) ++{ ++ char *base; ++ int r; /* records */ ++ int p; /* parameters in a record ... */ ++ int nrecords; ++ int nparams; ++ ++ if (highres) { ++ pmHighResEventArray *hreap = (pmHighResEventArray *)vb; ++ base = (char *)&hreap->ea_record[0]; ++ if (base > (char *)vb + check) { ++ if (pmDebugOptions.pdu) ++ fprintf(stderr, "__pmEventArrayCheck #1: PM_ERR_IPC: pmid[%d] value[%d] highres event records past end of PDU buffer\n", ++ pmid, value); ++ return PM_ERR_IPC; ++ } ++ nrecords = ntohl(hreap->ea_nrecords); ++ } ++ else { ++ pmEventArray *eap = (pmEventArray *)vb; ++ base = (char *)&eap->ea_record[0]; ++ if (base > (char *)vb + check) { ++ if (pmDebugOptions.pdu) ++ fprintf(stderr, "__pmEventArrayCheck #2: PM_ERR_IPC: pmid[%d] value[%d] event records past end of PDU buffer\n", ++ pmid, value); ++ return PM_ERR_IPC; ++ } ++ nrecords = ntohl(eap->ea_nrecords); ++ } ++ ++ /* walk packed event record array */ ++ for (r = 0; r < nrecords; r++) { ++ unsigned int flags, type; ++ size_t size, remaining; ++ ++ remaining = check - (base - (char *)vb); ++ if (highres) { ++ pmHighResEventRecord *hrerp = (pmHighResEventRecord *)base; ++ size = sizeof(hrerp->er_timestamp) + sizeof(hrerp->er_flags) + ++ sizeof(hrerp->er_nparams); ++ if (size > remaining) { ++ if (pmDebugOptions.pdu) ++ fprintf(stderr, "__pmEventArrayCheck #3: PM_ERR_IPC: pmid[%d] value[%d] record[%d] highres event record past end of PDU buffer\n", ++ pmid, value, r); ++ return PM_ERR_IPC; ++ } ++ nparams = ntohl(hrerp->er_nparams); ++ flags = ntohl(hrerp->er_flags); ++ } ++ else { ++ pmEventRecord *erp = (pmEventRecord *)base; ++ size = sizeof(erp->er_timestamp) + sizeof(erp->er_flags) + ++ sizeof(erp->er_nparams); ++ if (size > remaining) { ++ if (pmDebugOptions.pdu) ++ fprintf(stderr, "__pmEventArrayCheck #4: PM_ERR_IPC: pmid[%d] value[%d] record[%d] event record past end of PDU buffer\n", ++ pmid, value, r); ++ return PM_ERR_IPC; ++ } ++ nparams = ntohl(erp->er_nparams); ++ flags = ntohl(erp->er_flags); ++ } ++ ++ if (flags & PM_EVENT_FLAG_MISSED) ++ nparams = 0; ++ ++ base += size; ++ remaining = check - (base - (char *)vb); ++ ++ for (p = 0; p < nparams; p++) { ++ __uint32_t *tp; /* points to int holding vtype/vlen */ ++ pmEventParameter *epp = (pmEventParameter *)base; ++ ++ if (sizeof(pmEventParameter) > remaining) { ++ if (pmDebugOptions.pdu) ++ fprintf(stderr, "__pmEventArrayCheck #5: PM_ERR_IPC: pmid[%d] value[%d] record[%d] param[%d] event record past end of PDU buffer\n", ++ pmid, value, r, p); ++ return PM_ERR_IPC; ++ } ++ ++ tp = (__uint32_t *)&epp->ep_pmid; ++ tp++; /* now points to ep_type/ep_len */ ++ *tp = ntohl(*tp); ++ type = epp->ep_type; ++ size = epp->ep_len; ++ *tp = htonl(*tp); /* leave the buffer how we found it */ ++ ++ if (sizeof(pmID) + size > remaining) { ++ if (pmDebugOptions.pdu) ++ fprintf(stderr, "__pmEventArrayCheck #6: PM_ERR_IPC: pmid[%d] value[%d] record[%d] param[%d] event record past end of PDU buffer\n", ++ pmid, value, r, p); ++ return PM_ERR_IPC; ++ } ++ ++ base += sizeof(pmID) + PM_PDU_SIZE_BYTES(size); ++ ++ /* ++ * final check for the types below, ep_len should be 4 or ++ * 8, but a malformed PDU could have smaller ep_len values ++ * and then unpacking these types risk going past the end ++ * of the PDU buffer ++ */ ++ size = 0; ++ switch (type) { ++ case PM_TYPE_32: ++ case PM_TYPE_U32: ++ case PM_TYPE_FLOAT: ++ size = 4; /* 32-bit types */ ++ break; ++ case PM_TYPE_64: ++ case PM_TYPE_U64: ++ case PM_TYPE_DOUBLE: ++ size = 8; /* 64-bit types */ ++ break; ++ } ++ if (size > 0 && sizeof(pmID) + size > remaining) { ++ if (pmDebugOptions.pdu) ++ fprintf(stderr, "__pmEventArrayCheck #7: PM_ERR_IPC: pmid[%d] value[%d] record[%d] param[%d] event record past end of PDU buffer\n", ++ pmid, value, r, p); ++ return PM_ERR_IPC; ++ } ++ } ++ } ++ return 0; ++} ++ + #if defined(HAVE_64BIT_PTR) + static int + __pmDecodeValueSet(__pmPDU *pdubuf, int pdulen, __pmPDU *data, char *pduend, +@@ -290,7 +419,7 @@ __pmDecodeValueSet(__pmPDU *pdubuf, int + int i, j; + /* + * Note: all sizes are in units of bytes ... beware that 'data' is in +- * units of __pmPDU ++ * units of __pmPDU (four bytes) + */ + int vsize; /* size of vlist_t's in PDU buffer */ + int nvsize; /* size of pmValue's after decode */ +@@ -368,11 +497,10 @@ __pmDecodeValueSet(__pmPDU *pdubuf, int + return PM_ERR_IPC; + } + vindex = ntohl(pduvp->value.lval); +- if (vindex < 0 || vindex > pdulen) { ++ if (vindex < 0 || (char *)&pdubuf[vindex] >= pduend) { + if (pmDebugOptions.pdu && pmDebugOptions.desperate) +- fprintf(stderr, "%s: Bad: pmid[%d] value[%d] " +- "vindex=%d\n", +- "__pmDecodeValueSet", i, j, vindex); ++ fprintf(stderr, "__pmDecodeValueSet: PM_ERR_IPC: pmid[%d] value[%d] vindex=%d (max=%ld)\n", ++ i, j, vindex, (long)((pduend-(char *)pdubuf) / sizeof(pdubuf[0])-1)); + return PM_ERR_IPC; + } + pduvbp = (pmValueBlock *)&pdubuf[vindex]; +@@ -387,7 +515,7 @@ __pmDecodeValueSet(__pmPDU *pdubuf, int + "__pmDecodeValueSet", i, j); + return PM_ERR_IPC; + } +- __ntohpmValueBlock(pduvbp); ++ __ntohpmValueBlock_hdr(pduvbp); + if (pduvbp->vlen < PM_VAL_HDR_SIZE || + pduvbp->vlen > pdulen) { + if (pmDebugOptions.pdu && pmDebugOptions.desperate) +@@ -396,13 +524,20 @@ __pmDecodeValueSet(__pmPDU *pdubuf, int + i, j, pduvbp->vlen); + return PM_ERR_IPC; + } +- if (pduvbp->vlen > (size_t)(pduend - (char *)pduvbp)) { ++ if (pduvbp->vlen > check) { + if (pmDebugOptions.pdu && pmDebugOptions.desperate) + fprintf(stderr, "%s: Bad: pmid[%d] value[%d] " + "pduvp past end of PDU buffer\n", + "__pmDecodeValueSet", i, j); + return PM_ERR_IPC; + } ++ if (pduvbp->vtype == PM_TYPE_HIGHRES_EVENT || ++ pduvbp->vtype == PM_TYPE_EVENT) { ++ vindex = (pduvbp->vtype == PM_TYPE_HIGHRES_EVENT); ++ if (__pmEventArrayCheck(pduvbp, vindex, i, j, check) < 0) ++ return PM_ERR_IPC; ++ } ++ __ntohpmValueBlock_buf(pduvbp); + vbsize += PM_PDU_SIZE_BYTES(pduvbp->vlen); + if (pmDebugOptions.pdu && pmDebugOptions.desperate) { + fprintf(stderr, " len: %d type: %d", +@@ -635,11 +770,10 @@ __pmDecodeValueSet(__pmPDU *pdubuf, int + } else { + /* salvage pmValueBlocks from end of PDU */ + vindex = ntohl(pduvp->value.lval); +- if (vindex < 0 || vindex > pdulen) { ++ if (vindex < 0 || (char *)&pdubuf[vindex] >= pduend) { + if (pmDebugOptions.pdu && pmDebugOptions.desperate) +- fprintf(stderr, "%s: Bad: pmid[%d] value[%d] " +- "vindex=%d\n", +- "__pmDecodeValueSet", i, j, vindex); ++ fprintf(stderr, "__pmDecodeValueSet: PM_ERR_IPC: pmid[%d] value[%d] vindex=%d (max=%ld)\n", ++ i, j, vindex, (long)((pduend-(char *)pdubuf) / sizeof(pdubuf[0])-1)); + return PM_ERR_IPC; + } + pduvbp = (pmValueBlock *)&pdubuf[vindex]; +@@ -654,7 +788,8 @@ __pmDecodeValueSet(__pmPDU *pdubuf, int + "__pmDecodeValueSet", i, j); + return PM_ERR_IPC; + } +- __ntohpmValueBlock(pduvbp); ++ ++ __ntohpmValueBlock_hdr(pduvbp); + if (pduvbp->vlen < PM_VAL_HDR_SIZE || + pduvbp->vlen > pdulen) { + if (pmDebugOptions.pdu && pmDebugOptions.desperate) +@@ -663,13 +798,20 @@ __pmDecodeValueSet(__pmPDU *pdubuf, int + i, j, pduvbp->vlen); + return PM_ERR_IPC; + } +- if (pduvbp->vlen > (size_t)(pduend - (char *)pduvbp)) { ++ if (pduvbp->vlen > check) { + if (pmDebugOptions.pdu && pmDebugOptions.desperate) + fprintf(stderr, "%s: Bad: pmid[%d] value[%d] " + "pduvp past end of PDU buffer\n", + "__pmDecodeValueSet", i, j); + return PM_ERR_IPC; + } ++ if (pduvbp->vtype == PM_TYPE_HIGHRES_EVENT || ++ pduvbp->vtype == PM_TYPE_EVENT) { ++ vindex = (pduvbp->vtype == PM_TYPE_HIGHRES_EVENT); ++ if (__pmEventArrayCheck(pduvbp, vindex, i, j, check) < 0) ++ return PM_ERR_IPC; ++ } ++ __ntohpmValueBlock_buf(pduvbp); + pduvp->value.pval = pduvbp; + } + } diff --git a/redhat-issues-RHEL-57799-pmpost-symlink-handling.patch b/redhat-issues-RHEL-57799-pmpost-symlink-handling.patch new file mode 100644 index 0000000..5691c34 --- /dev/null +++ b/redhat-issues-RHEL-57799-pmpost-symlink-handling.patch @@ -0,0 +1,99 @@ +diff -Naurp pcp-5.3.7.orig/qa/640 pcp-5.3.7/qa/640 +--- pcp-5.3.7.orig/qa/640 2017-08-17 10:54:57.000000000 +1000 ++++ pcp-5.3.7/qa/640 2024-09-09 13:41:12.440235947 +1000 +@@ -6,6 +6,10 @@ + # years; so we now simply check the right permissions are in place + # and move right along... + # ++# Aug 2024 update ++# SuSE Issue G identifies another possible exploit, so try that ++# as well. ++# + # Copyright (c) 1995-2002 Silicon Graphics, Inc. All Rights Reserved. + # + +@@ -17,13 +21,54 @@ echo "QA output created by $seq" + . ./common.filter + . ./common.check + +-status=0 # success is the default! +-trap "$sudo rm -f $tmp.*; exit \$status" 0 1 2 3 15 ++rm -f $seq.full ++ls -li $PCP_LOG_DIR/NOTICES $tmp/badness >>$seq.full 2>&1 ++ ++_cleanup() ++{ ++ if [ -f $PCP_LOG_DIR/NOTICES.$seq ] ++ then ++ $sudo rm -f $PCP_LOG_DIR/NOTICES ++ $sudo mv $PCP_LOG_DIR/NOTICES.$seq $PCP_LOG_DIR/NOTICES ++ fi ++ ls -li $PCP_LOG_DIR/NOTICES $tmp/badness >>$seq.full 2>&1 ++ $sudo rm -rf $tmp $tmp.* ++} ++ ++status=1 # failure is the default! ++trap "_cleanup; exit \$status" 0 1 2 3 15 ++ ++_filter() ++{ ++ sed \ ++ -e "s@$PCP_LOG_DIR@PCP_LOG_DIR@g" \ ++ -e '/^pmpost:/s/\[.*]/[DATE]/' \ ++ # end ++} + + # real QA test starts here + pmpost=$PCP_BINADM_DIR/pmpost +-echo "Using pmpost binary: $pmpost" > $seq.full ++echo "Using pmpost binary: $pmpost" >>$seq.full + test -u "$pmpost" && echo "FAIL: pmpost has setuid bit set" + test -g "$pmpost" && echo "FAIL: pmpost has setgid bit set" ++ ++$sudo mkdir $tmp || exit ++$sudo chmod 700 $tmp || exit ++$sudo -u $PCP_USER mv $PCP_LOG_DIR/NOTICES $PCP_LOG_DIR/NOTICES.$seq ++ ++$sudo -u $PCP_USER ln -s $tmp/badness $PCP_LOG_DIR/NOTICES >>$seq.full ++$pmpost ordinary user 2>&1 | _filter ++$sudo ls -li $PCP_LOG_DIR/NOTICES $tmp/badness >>$seq.full 2>&1 ++$sudo -u pcp $pmpost pcp user 2>&1 | _filter ++$sudo ls -li $PCP_LOG_DIR/NOTICES $tmp/badness >>$seq.full 2>&1 ++$sudo $pmpost root user 2>&1 | _filter ++$sudo ls -li $PCP_LOG_DIR/NOTICES $tmp/badness >>$seq.full 2>&1 ++if $sudo test -f $tmp/badness ++then ++ $sudo cat $tmp/badness ++fi ++ + echo "Test complete" ++ ++status=0 + exit +diff -Naurp pcp-5.3.7.orig/qa/640.out pcp-5.3.7/qa/640.out +--- pcp-5.3.7.orig/qa/640.out 2017-08-17 10:54:57.000000000 +1000 ++++ pcp-5.3.7/qa/640.out 2024-09-09 13:41:12.440235947 +1000 +@@ -1,2 +1,5 @@ + QA output created by 640 ++pmpost: unposted message: [DATE] ordinary user ++pmpost: unposted message: [DATE] pcp user ++pmpost: unposted message: [DATE] root user + Test complete +diff -Naurp pcp-5.3.7.orig/src/pmpost/pmpost.c pcp-5.3.7/src/pmpost/pmpost.c +--- pcp-5.3.7.orig/src/pmpost/pmpost.c 2021-02-17 15:27:41.000000000 +1100 ++++ pcp-5.3.7/src/pmpost/pmpost.c 2024-09-09 13:41:12.440235947 +1000 +@@ -141,8 +141,12 @@ main(int argc, char **argv) + goto oops; + } + +- if ((fd = open(notices, O_WRONLY|O_APPEND, 0)) < 0) { +- if ((fd = open(notices, O_WRONLY|O_CREAT|O_APPEND, 0664)) < 0) { ++ if ((fd = open(notices, O_WRONLY|O_APPEND|O_NOFOLLOW, 0)) < 0) { ++ if (oserror() == ELOOP) { ++ /* last component is symlink => attack? ... bail! */ ++ goto oops; ++ } ++ if ((fd = open(notices, O_WRONLY|O_CREAT|O_APPEND|O_NOFOLLOW, 0664)) < 0) { + fprintf(stderr, "pmpost: cannot open or create file \"%s\": %s\n", + notices, osstrerror()); + goto oops;