- Apply 0005-watchdog-add-arm_watchdog-and-disarm_watchdog-calls
0006-sbus-arm-watchdog-for-sbus_connect_init_send 0007-sysdb-fix-string-comparison-when-checking-for-overrides patches
This commit is contained in:
parent
87cae3c020
commit
5ddcf41b6f
@ -0,0 +1,106 @@
|
||||
From 2cd5a6a2c8fd1826177d6bb51e7d4f4ad368bcfb Mon Sep 17 00:00:00 2001
|
||||
From: Sumit Bose <sbose@redhat.com>
|
||||
Date: Fri, 9 Jun 2023 12:31:39 +0200
|
||||
Subject: [PATCH 1/2] watchdog: add arm_watchdog() and disarm_watchdog() calls
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Those two new calls can be used if there are requests stuck by e.g.
|
||||
waiting on replies where there is no other way to handle the timeout and
|
||||
get the system back into a stable state. They should be only used as a
|
||||
last resort.
|
||||
|
||||
Resolves: https://github.com/SSSD/sssd/issues/6803
|
||||
|
||||
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
|
||||
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
||||
(cherry picked from commit 75f2b35ad3b9256de905d05c5108400d35688554)
|
||||
---
|
||||
src/util/util.h | 12 ++++++++++++
|
||||
src/util/util_watchdog.c | 28 ++++++++++++++++++++++++++--
|
||||
2 files changed, 38 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/util/util.h b/src/util/util.h
|
||||
index a8356e0cd..9dbcf3301 100644
|
||||
--- a/src/util/util.h
|
||||
+++ b/src/util/util.h
|
||||
@@ -756,6 +756,18 @@ int setup_watchdog(struct tevent_context *ev, int interval);
|
||||
void teardown_watchdog(void);
|
||||
int get_watchdog_ticks(void);
|
||||
|
||||
+/* The arm_watchdog() and disarm_watchdog() calls will disable and re-enable
|
||||
+ * the watchdog reset, respectively. This means that after arm_watchdog() is
|
||||
+ * called the watchdog will not be resetted anymore and it will kill the
|
||||
+ * process if disarm_watchdog() wasn't called before.
|
||||
+ * Those calls should only be used when there is no other way to handle
|
||||
+ * waiting request and recover into a stable state.
|
||||
+ * Those calls cannot be nested, i.e. after calling arm_watchdog() it should
|
||||
+ * not be called a second time in a different request because then
|
||||
+ * disarm_watchdog() will disable the watchdog coverage for both. */
|
||||
+void arm_watchdog(void);
|
||||
+void disarm_watchdog(void);
|
||||
+
|
||||
/* from files.c */
|
||||
int sss_remove_tree(const char *root);
|
||||
int sss_remove_subtree(const char *root);
|
||||
diff --git a/src/util/util_watchdog.c b/src/util/util_watchdog.c
|
||||
index b1534e499..abafd94b9 100644
|
||||
--- a/src/util/util_watchdog.c
|
||||
+++ b/src/util/util_watchdog.c
|
||||
@@ -40,6 +40,7 @@ struct watchdog_ctx {
|
||||
time_t timestamp;
|
||||
struct tevent_fd *tfd;
|
||||
int pipefd[2];
|
||||
+ bool armed; /* if 'true' ticks counter will not be reset */
|
||||
} watchdog_ctx;
|
||||
|
||||
static void watchdog_detect_timeshift(void)
|
||||
@@ -89,8 +90,13 @@ static void watchdog_event_handler(struct tevent_context *ev,
|
||||
struct timeval current_time,
|
||||
void *private_data)
|
||||
{
|
||||
- /* first thing reset the watchdog ticks */
|
||||
- watchdog_reset();
|
||||
+ if (!watchdog_ctx.armed) {
|
||||
+ /* first thing reset the watchdog ticks */
|
||||
+ watchdog_reset();
|
||||
+ } else {
|
||||
+ DEBUG(SSSDBG_IMPORTANT_INFO,
|
||||
+ "Watchdog armed, process might be terminated soon.\n");
|
||||
+ }
|
||||
|
||||
/* then set a new watchodg event */
|
||||
watchdog_ctx.te = tevent_add_timer(ev, ev,
|
||||
@@ -197,6 +203,7 @@ int setup_watchdog(struct tevent_context *ev, int interval)
|
||||
watchdog_ctx.ev = ev;
|
||||
watchdog_ctx.input_interval = interval;
|
||||
watchdog_ctx.timestamp = time(NULL);
|
||||
+ watchdog_ctx.armed = false;
|
||||
|
||||
ret = pipe(watchdog_ctx.pipefd);
|
||||
if (ret == -1) {
|
||||
@@ -264,3 +271,20 @@ int get_watchdog_ticks(void)
|
||||
{
|
||||
return __sync_add_and_fetch(&watchdog_ctx.ticks, 0);
|
||||
}
|
||||
+
|
||||
+void arm_watchdog(void)
|
||||
+{
|
||||
+ if (watchdog_ctx.armed) {
|
||||
+ DEBUG(SSSDBG_CRIT_FAILURE,
|
||||
+ "arm_watchdog() is called although the watchdog is already armed. "
|
||||
+ "This indicates a programming error and should be avoided because "
|
||||
+ "it will most probably not work as expected.\n");
|
||||
+ }
|
||||
+
|
||||
+ watchdog_ctx.armed = true;
|
||||
+}
|
||||
+
|
||||
+void disarm_watchdog(void)
|
||||
+{
|
||||
+ watchdog_ctx.armed = false;
|
||||
+}
|
||||
--
|
||||
2.38.1
|
||||
|
@ -0,0 +1,53 @@
|
||||
From 55564defec8fdbb4d9df6b0124a8b18b31743230 Mon Sep 17 00:00:00 2001
|
||||
From: Sumit Bose <sbose@redhat.com>
|
||||
Date: Fri, 9 Jun 2023 13:01:47 +0200
|
||||
Subject: [PATCH 2/2] sbus: arm watchdog for sbus_connect_init_send()
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
There seem to be conditions where the reply in the
|
||||
sbus_call_DBus_Hello_send() request gets lost and the backend cannot
|
||||
properly initialize its sbus/DBus server. Since the backend cannot be
|
||||
connected by the frontends in this state the best way to recover would
|
||||
be a restart. Since the event-loop is active in this state, e.g. waiting
|
||||
for the reply, the watchdog will not consider the process as hung and
|
||||
will not restart the process.
|
||||
|
||||
To make the watchdog handle this case arm_watchdog() and
|
||||
disarm_watchdog() are called before and after the request, respectively.
|
||||
|
||||
Resolves: https://github.com/SSSD/sssd/issues/6803
|
||||
|
||||
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
|
||||
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
||||
(cherry picked from commit cca9361d92501e0be34d264d370fe897a0c970af)
|
||||
---
|
||||
src/sbus/connection/sbus_connection_connect.c | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/src/sbus/connection/sbus_connection_connect.c b/src/sbus/connection/sbus_connection_connect.c
|
||||
index 45a0fa491..edc090e15 100644
|
||||
--- a/src/sbus/connection/sbus_connection_connect.c
|
||||
+++ b/src/sbus/connection/sbus_connection_connect.c
|
||||
@@ -67,6 +67,8 @@ sbus_connect_init_send(TALLOC_CTX *mem_ctx,
|
||||
|
||||
tevent_req_set_callback(subreq, sbus_connect_init_hello_done, req);
|
||||
|
||||
+ arm_watchdog();
|
||||
+
|
||||
return req;
|
||||
}
|
||||
|
||||
@@ -111,6 +113,8 @@ static void sbus_connect_init_done(struct tevent_req *subreq)
|
||||
uint32_t res;
|
||||
errno_t ret;
|
||||
|
||||
+ disarm_watchdog();
|
||||
+
|
||||
req = tevent_req_callback_data(subreq, struct tevent_req);
|
||||
|
||||
ret = sbus_call_DBus_RequestName_recv(subreq, &res);
|
||||
--
|
||||
2.38.1
|
||||
|
@ -0,0 +1,36 @@
|
||||
From 01d02794e02f051ea9a78cd63b30384de3e7c9b0 Mon Sep 17 00:00:00 2001
|
||||
From: Sumit Bose <sbose@redhat.com>
|
||||
Date: Wed, 10 May 2023 10:27:08 +0200
|
||||
Subject: [PATCH] sysdb: fix string comparison when checking for overrides
|
||||
|
||||
When checking if the input group-name is the original name from AD or an
|
||||
overwritten one the comparison is currently done case sensitive. Since
|
||||
AD handles names case-insensitive and hence SSSD should do this as well
|
||||
this comparison might cause issues.
|
||||
|
||||
The patch replace the case sensitive comparison with a comparison with
|
||||
respects the case_sensitive of the domain the object is coming from.
|
||||
|
||||
Resolves: https://github.com/SSSD/sssd/issues/6720
|
||||
|
||||
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
|
||||
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
|
||||
---
|
||||
src/db/sysdb_search.c | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/db/sysdb_search.c b/src/db/sysdb_search.c
|
||||
index 7efd570e78..e4c53b8535 100644
|
||||
--- a/src/db/sysdb_search.c
|
||||
+++ b/src/db/sysdb_search.c
|
||||
@@ -1225,7 +1225,9 @@ int sysdb_getgrnam(TALLOC_CTX *mem_ctx,
|
||||
res->msgs[0], ORIGINALAD_PREFIX SYSDB_NAME, NULL);
|
||||
|
||||
if (originalad_sanitized_name != NULL
|
||||
- && strcmp(originalad_sanitized_name, sanitized_name) != 0) {
|
||||
+ && !sss_string_equal(domain->case_sensitive,
|
||||
+ originalad_sanitized_name,
|
||||
+ sanitized_name)) {
|
||||
fmt_filter = SYSDB_GRNAM_FILTER;
|
||||
base_dn = sysdb_group_base_dn(tmp_ctx, domain);
|
||||
res = NULL;
|
@ -19,7 +19,7 @@
|
||||
|
||||
Name: sssd
|
||||
Version: 2.8.2
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}.alma
|
||||
Group: Applications/System
|
||||
Summary: System Security Services Daemon
|
||||
License: GPLv3+
|
||||
@ -32,6 +32,13 @@ Patch0002: 0002-SSS_CLIENT-fix-error-codes-returned-by-common-read-w.patch
|
||||
Patch0003: 0003-SSS_CLIENT-if-poll-returns-POLLNVAL-then-socket-is-a.patch
|
||||
Patch0004: 0004-PAM_SSS-close-sss_cli_sd-should-also-be-protected-wi.patch
|
||||
|
||||
# Patches were taken from:
|
||||
# https://gitlab.com/redhat/centos-stream/rpms/sssd/-/commit/26c81cdfa6fdda4aab69e0184839be0fb74ef73d
|
||||
Patch0005: 0005-watchdog-add-arm_watchdog-and-disarm_watchdog-calls.patch
|
||||
Patch0006: 0006-sbus-arm-watchdog-for-sbus_connect_init_send.patch
|
||||
# https://github.com/SSSD/sssd/commit/01d02794e02f051ea9a78cd63b30384de3e7c9b0
|
||||
Patch0007: 0007-sysdb-fix-string-comparison-when-checking-for-overrides.patch
|
||||
|
||||
### Downstream Patches ###
|
||||
|
||||
### Dependencies ###
|
||||
@ -1213,6 +1220,11 @@ fi
|
||||
%systemd_postun_with_restart sssd.service
|
||||
|
||||
%changelog
|
||||
* Tue Aug 08 2023 Eduard Abdullin <eabdullin@almalinux.org> - 2.8.2-3.alma
|
||||
- Apply 0005-watchdog-add-arm_watchdog-and-disarm_watchdog-calls
|
||||
0006-sbus-arm-watchdog-for-sbus_connect_init_send
|
||||
0007-sysdb-fix-string-comparison-when-checking-for-overrides patches
|
||||
|
||||
* Mon Feb 13 2023 Alexey Tikhonov <atikhono@redhat.com> - 2.8.2-2
|
||||
- Resolves: rhbz#2149091 - Update to sssd-2.7.3-4.el8_7.1.x86_64 resulted in "Request to sssd failed. Device or resource busy"
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user