import sysstat-11.7.3-9.el8

This commit is contained in:
CentOS Sources 2023-03-28 13:16:41 +00:00 committed by Stepan Oksanichenko
parent b9c08b25e0
commit 43f59f0e6a
3 changed files with 197 additions and 1 deletions

View File

@ -0,0 +1,101 @@
From 560d88cb5a16636acb0e350d6997fe915cc4253e Mon Sep 17 00:00:00 2001
From: Kyle Walker <kwalker@redhat.com>
Date: Wed, 30 Jan 2019 07:50:55 -0500
Subject: [PATCH] sadc: Add a -f flag to force fdatasync() use
For quite some time, the sadc utility has not used fdatasync() when writing
stat information to disk. This resulted in instances where data files could
be corrupted or entries lost if a system encountered a sudden reset
condition. This change adds a "-f" flag which can be used to bring back the
previous behaviour if end users require it.
Note, the fdatasync() lowers the likelihood of lost data, but does so at
the expense of performance within the write operation.
---
man/sadc.in | 8 +++++++-
sa.h | 2 ++
sadc.c | 13 ++++++++++++-
3 files changed, 21 insertions(+), 2 deletions(-)
diff --git a/man/sadc.in b/man/sadc.in
index 2d754b71..ce8ee230 100644
--- a/man/sadc.in
+++ b/man/sadc.in
@@ -4,7 +4,7 @@ sadc \- System activity data collector.
.SH SYNOPSIS
.B @SA_LIB_DIR@/sadc [ -C
.I comment
-.B ] [ -D ] [ -F ] [ -L ] [ -V ] [ -S { DISK | INT | IPV6 | POWER | SNMP | XDISK | ALL | XALL [,...] } ] [
+.B ] [ -D ] [ -F ] [ -L ] [ -V ] [ -f ] [ -S { DISK | INT | IPV6 | POWER | SNMP | XDISK | ALL | XALL [,...] } ] [
.I interval
.B [
.I count
@@ -106,6 +106,12 @@ then it will be truncated. This may be useful for daily data files
created by an older version of
.B sadc
and whose format is no longer compatible with current one.
+.IP -f
+fdatasync() will be used to ensure data is written to disk. This differs
+from the normal operation in that a sudden system reset is less likely to
+result in the saDD datafiles being corrupted. However, this is at the
+expense of performance within the sadc process as forward progress will be
+blocked while data is written to underlying disk instead of just to cache.
.IP -L
.B sadc
will try to get an exclusive lock on the
diff --git a/sa.h b/sa.h
index 1cd0c3d9..d3236f7c 100644
--- a/sa.h
+++ b/sa.h
@@ -110,5 +110,6 @@
#define S_F_HUMAN_READ 0x01000000
#define S_F_ZERO_OMIT 0x02000000
+#define S_F_FDATASYNC 0x08000000
#define WANT_SINCE_BOOT(m) (((m) & S_F_SINCE_BOOT) == S_F_SINCE_BOOT)
#define WANT_SA_ROTAT(m) (((m) & S_F_SA_ROTAT) == S_F_SA_ROTAT)
@@ -138,5 +139,6 @@
#define PACK_VIEWS(m) (((m) & S_F_SVG_PACKED) == S_F_SVG_PACKED)
#define DISPLAY_HUMAN_READ(m) (((m) & S_F_HUMAN_READ) == S_F_HUMAN_READ)
+#define FDATASYNC(m) (((m) & S_F_FDATASYNC) == S_F_FDATASYNC)
#define AO_F_NULL 0x00000000
diff --git a/sadc.c b/sadc.c
index 826f4aed..139d490a 100644
--- a/sadc.c
+++ b/sadc.c
@@ -92,7 +92,7 @@ void usage(char *progname)
progname);
fprintf(stderr, _("Options are:\n"
- "[ -C <comment> ] [ -D ] [ -F ] [ -L ] [ -V ]\n"
+ "[ -C <comment> ] [ -D ] [ -F ] [ -L ] [ -V ] [ -f ]\n"
"[ -S { INT | DISK | IPV6 | POWER | SNMP | XDISK | ALL | XALL } ]\n"));
exit(1);
}
@@ -1109,6 +1109,13 @@ void rw_sa_stat_loop(long count, int stdfd, int ofd, char ofile[],
/* Flush data */
fflush(stdout);
+ if (FDATASYNC(flags)) {
+ /* If indicated, sync the data to media */
+ if (fdatasync(ofd) < 0) {
+ perror("fdatasync");
+ exit(4);
+ }
+ }
if (count > 0) {
count--;
@@ -1206,6 +1213,10 @@ int main(int argc, char **argv)
optz = 1;
}
+ else if (!strcmp(argv[opt], "-f")) {
+ flags |= S_F_FDATASYNC;
+ }
+
else if (!strcmp(argv[opt], "-C")) {
if (!argv[++opt]) {
usage(argv[0]);

View File

@ -0,0 +1,85 @@
From 9c4eaf150662ad40607923389d4519bc83b93540 Mon Sep 17 00:00:00 2001
From: Sebastien <seb@fedora-2.home>
Date: Sat, 15 Oct 2022 14:24:22 +0200
Subject: [PATCH] Fix size_t overflow in sa_common.c (GHSL-2022-074)
allocate_structures function located in sa_common.c insufficiently
checks bounds before arithmetic multiplication allowing for an
overflow in the size allocated for the buffer representing system
activities.
This patch checks that the post-multiplied value is not greater than
UINT_MAX.
Signed-off-by: Sebastien <seb@fedora-2.home>
---
common.c | 25 +++++++++++++++++++++++++
common.h | 2 ++
sa_common.c | 6 ++++++
3 files changed, 33 insertions(+)
diff --git a/common.c b/common.c
index 81c77624..1a84b052 100644
--- a/common.c
+++ b/common.c
@@ -1655,4 +1655,29 @@ int parse_values(char *strargv, unsigned char bitmap[], int max_val, const char
return 0;
}
+
+/*
+ ***************************************************************************
+ * Check if the multiplication of the 3 values may be greater than UINT_MAX.
+ *
+ * IN:
+ * @val1 First value.
+ * @val2 Second value.
+ * @val3 Third value.
+ ***************************************************************************
+ */
+void check_overflow(size_t val1, size_t val2, size_t val3)
+{
+ if ((unsigned long long) val1 *
+ (unsigned long long) val2 *
+ (unsigned long long) val3 > UINT_MAX) {
+#ifdef DEBUG
+ fprintf(stderr, "%s: Overflow detected (%llu). Aborting...\n",
+ __FUNCTION__,
+ (unsigned long long) val1 * (unsigned long long) val2 * (unsigned long long) val3);
+#endif
+ exit(4);
+ }
+}
+
#endif /* SOURCE_SADC undefined */
diff --git a/common.h b/common.h
index 55b6657d..e8ab98ab 100644
--- a/common.h
+++ b/common.h
@@ -260,6 +260,8 @@ int check_dir
(const char *, int);
#ifndef SOURCE_SADC
+void check_overflow
+ (size_t, size_t, size_t);
int count_bits
(void *, int);
int count_csvalues
diff --git a/sa_common.c b/sa_common.c
index 3699a840..b2cec4ad 100644
--- a/sa_common.c
+++ b/sa_common.c
@@ -459,7 +459,13 @@ void allocate_structures(struct activity *act[])
int i, j;
for (i = 0; i < NR_ACT; i++) {
+
if (act[i]->nr_ini > 0) {
+
+ /* Look for a possible overflow */
+ check_overflow((size_t) act[i]->msize, (size_t) act[i]->nr_ini,
+ (size_t) act[i]->nr2);
+
for (j = 0; j < 3; j++) {
SREALLOC(act[i]->buf[j], void,
(size_t) act[i]->msize * (size_t) act[i]->nr_ini * (size_t) act[i]->nr2);

View File

@ -1,7 +1,7 @@
Summary: Collection of performance monitoring tools for Linux Summary: Collection of performance monitoring tools for Linux
Name: sysstat Name: sysstat
Version: 11.7.3 Version: 11.7.3
Release: 7%{?dist} Release: 9%{?dist}
License: GPLv2+ License: GPLv2+
Group: Applications/System Group: Applications/System
URL: http://sebastien.godard.pagesperso-orange.fr/ URL: http://sebastien.godard.pagesperso-orange.fr/
@ -17,6 +17,8 @@ Patch02: 0001-ignoring-autofs-as-real-filesystem-by-counting-numbe.patch
Patch03: 0001-sar-Add-missing-gnice-CPU-value-for-tickless-CPU.patch Patch03: 0001-sar-Add-missing-gnice-CPU-value-for-tickless-CPU.patch
Patch04: 0001-sadf-Fix-seg-fault-on-empty-data-files.patch Patch04: 0001-sadf-Fix-seg-fault-on-empty-data-files.patch
Patch05: 0001-sar-Fix-typo-in-manual-page.patch Patch05: 0001-sar-Fix-typo-in-manual-page.patch
Patch06: CVE-2022-39377-arithmetic-overflow-in-allocate-structures-on-32-bit-systems.patch
Patch07: 0001-sadc-Add-a-f-flag-to-force-fdatasync-use.patch
BuildRequires: gettext, lm_sensors-devel, systemd BuildRequires: gettext, lm_sensors-devel, systemd
@ -50,6 +52,8 @@ The cifsiostat command reports I/O statistics for CIFS file systems.
%patch03 -p1 %patch03 -p1
%patch04 -p1 %patch04 -p1
%patch05 -p1 %patch05 -p1
%patch06 -p1
%patch07 -p1
%build %build
export CFLAGS="$RPM_OPT_FLAGS -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld" export CFLAGS="$RPM_OPT_FLAGS -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld"
@ -98,6 +102,12 @@ fi
%{_localstatedir}/log/sa %{_localstatedir}/log/sa
%changelog %changelog
* Wed Dec 14 2022 Lukáš Zaoral <lzaoral@redhat.com> - 11.7.3-9
- add -f flag to force fdatasync() after sa file update (#2153192)
* Thu Nov 10 2022 Lukáš Zaoral <lzaoral@redhat.com> - 11.7.3-8
- arithmetic overflow in allocate_structures() on 32 bit systems (CVE-2022-39377)
* Mon Nov 29 2021 <msekleta@redhat.com> - 11.7.3-7 * Mon Nov 29 2021 <msekleta@redhat.com> - 11.7.3-7
- Don't trigger autofs mounts when running sadc (#2000910) - Don't trigger autofs mounts when running sadc (#2000910)
- sar: Add missing %gnice CPU value for tickless CPU (#2000916) - sar: Add missing %gnice CPU value for tickless CPU (#2000916)