From 653aaca8c972f4218f2e4177f3853b50d0994ee7 Mon Sep 17 00:00:00 2001 From: "Frank Ch. Eigler" Date: Sat, 27 Apr 2024 10:02:32 -0400 Subject: [PATCH] Resolves: RHEL-29528 --- .gitignore | 1 + RHEL-16549.patch | 59 ------------------- RHEL-18334.patch | 147 ----------------------------------------------- sources | 2 +- systemtap.spec | 39 ++++++++----- 5 files changed, 27 insertions(+), 221 deletions(-) delete mode 100644 RHEL-16549.patch delete mode 100644 RHEL-18334.patch diff --git a/.gitignore b/.gitignore index cab9e0d..c2ff5b6 100644 --- a/.gitignore +++ b/.gitignore @@ -64,3 +64,4 @@ /systemtap-4.8.tar.gz /systemtap-4.9.tar.gz /systemtap-5.0.tar.gz +/systemtap-5.1.tar.gz diff --git a/RHEL-16549.patch b/RHEL-16549.patch deleted file mode 100644 index 4469759..0000000 --- a/RHEL-16549.patch +++ /dev/null @@ -1,59 +0,0 @@ -commit 0fef0bd60ff4b359a32da52262855dfe82fe51ae -gpg: Signature made Tue 14 Nov 2023 03:20:12 PM EST -gpg: using RSA key 4B35DCD2EA45C4E0783135BC8094BE9C9F4696A1 -gpg: Can't check signature: No public key -Author: Yichun Zhang (agentzh) -Date: Fri Nov 10 21:51:56 2023 -0800 - - PR31051: memory and uprobe leaks in early uprobe registraton code when errors happen - -diff --git a/runtime/linux/uprobes-inode.c b/runtime/linux/uprobes-inode.c -index 997f4528d..289cce00b 100644 ---- a/runtime/linux/uprobes-inode.c -+++ b/runtime/linux/uprobes-inode.c -@@ -529,6 +529,16 @@ stapiu_init(struct stapiu_consumer *consumers, size_t nconsumers) - } - - if (unlikely(ret != 0)) { -+ for ( ;; ) { -+ struct stapiu_consumer *c = &consumers[i]; -+ // protect against conceivable stapiu_refresh() at same time -+ mutex_lock(& c->consumer_lock); -+ stapiu_consumer_unreg(c); -+ mutex_unlock(& c->consumer_lock); -+ if (i == 0) -+ break; -+ i--; -+ } - return ret; - } - -@@ -545,7 +555,27 @@ stapiu_init(struct stapiu_consumer *consumers, size_t nconsumers) - break; - } - } -- return ret; -+ -+ if (unlikely(ret != 0)) { -+ int j; -+ for (j = 0; j < nconsumers; ++j) { -+ struct stapiu_consumer *c = &consumers[j]; -+ // protect against conceivable stapiu_refresh() at same time -+ mutex_lock(& c->consumer_lock); -+ stapiu_consumer_unreg(c); -+ mutex_unlock(& c->consumer_lock); -+ } -+ for ( ;; ) { -+ struct stapiu_consumer *c = &consumers[i]; -+ stap_cleanup_task_finder_target(&c->finder); -+ if (i == 0) -+ break; -+ i--; -+ } -+ return ret; -+ } -+ -+ return 0; - } - - diff --git a/RHEL-18334.patch b/RHEL-18334.patch deleted file mode 100644 index 4b1c536..0000000 --- a/RHEL-18334.patch +++ /dev/null @@ -1,147 +0,0 @@ -commit b84a5e8c2c5a857c0790a71df7824259a95131cf -Author: William Cohen -Date: Mon Dec 4 11:28:10 2023 -0500 - - PR31074: Ensure that the set_kernel_string* functions limit their writes - - Both the set_kernel_string and set_kernel_string_n function use the - underlying _stp_store_deref_string_ function to write strings. There - were two issues with the this function: - - 1) wrote MAXSTRINGLEN bytes even if string was shorter - 2) null write at end could spill past end of buffer - - The first issue was addressed by stopping to write once a null - character is encountered. The second issue is a side effect of C - implicit promotion of character constants to ints and was addressed by - explicitlying casting the character constants as a char. - - The pr31074.exp test was added to verify that the write length are - limited to string length and the null write does not go beyond the end - of the buffer. - -diff --git a/runtime/linux/loc2c-runtime.h b/runtime/linux/loc2c-runtime.h -index 68fbe2ab6..663360293 100644 ---- a/runtime/linux/loc2c-runtime.h -+++ b/runtime/linux/loc2c-runtime.h -@@ -1007,11 +1007,14 @@ static inline int _stp_store_deref_string_(char *src, void *addr, size_t len, - { - for (i = 0; i < len - 1; ++i) - { -+ if (*src == '\0') -+ break; - err = __stp_put_either(*src++, (u8 *)addr + i, seg); - if (err) - goto out; - } -- err = __stp_put_either('\0', (u8 *)addr + i, seg); -+ /* PR31074: cast (char) '\0' to make sure right size */ -+ err = __stp_put_either((char) '\0', (u8 *)addr + i, seg); - } - - out: -diff --git a/testsuite/systemtap.base/pr31074.exp b/testsuite/systemtap.base/pr31074.exp -new file mode 100644 -index 000000000..5b382b789 ---- /dev/null -+++ b/testsuite/systemtap.base/pr31074.exp -@@ -0,0 +1,5 @@ -+# Check that the set_kernel_* functions work correctly. -+ -+set test "pr31074" -+ -+stap_run $test no_load $all_pass_string -g $srcdir/$subdir/$test.stp -diff --git a/testsuite/systemtap.base/pr31074.stp b/testsuite/systemtap.base/pr31074.stp -new file mode 100644 -index 000000000..930c276b5 ---- /dev/null -+++ b/testsuite/systemtap.base/pr31074.stp -@@ -0,0 +1,88 @@ -+/* -+ * pr31074.stp -+ * -+ * Check that the set_kernel_string function work correctly. -+ */ -+ -+probe begin { println("systemtap starting probe") } -+probe end { println("systemtap ending probe") } -+ -+global errors = 0 -+ -+function assert_string(test, expected, value) -+{ -+ if (value == expected) -+ return 1 -+ printf("systemtap test failure - %s: expected \"%s\", got \"%s\"\n", -+ test, expected, value) -+ errors++ -+ return 0 -+} -+ -+function assert_not_reached(test) -+{ -+ printf("systemtap test failure - %s: missing exception\n", test) -+ errors++ -+} -+ -+function assert_buffer_untouched(test, addr) -+{ -+ if (!buffer_42(addr)) { -+ printf("systemtap test failure - %s: buffer overwritten\n", test) -+ errors++ -+ } -+} -+ -+ -+probe end(1) -+{ -+ test = "set_kernel_string" -+ addr3 = get_buffer3() -+ addr2 = get_buffer2() -+ if (assert_string(test, "", kernel_string(addr2))) { -+ set_kernel_string(addr2, "bar") -+ assert_string(test, "bar", kernel_string(addr2)) -+ } -+ addr1 = get_buffer1() -+ if (assert_string(test, "", kernel_string(addr1))) { -+ set_kernel_string(addr1, "foo") -+ assert_string(test, "foo", kernel_string(addr1)) -+ } -+ /* now check to make sure that "bar" has not been overwritten */ -+ assert_string("no null overrun", "bar", kernel_string(addr2)) -+ assert_buffer_untouched("no overrun", addr3) -+ if (!errors) -+ println("systemtap test success") -+} -+ -+%{ -+ static char buffer_x[4+4+MAXSTRINGLEN]; -+%} -+ -+function get_buffer1:long () %{ -+ static char *buffer1 = &(buffer_x[0]); -+ memset(buffer1, 0, 4); -+ STAP_RETVALUE = (long)buffer1; -+%} -+ -+function get_buffer2:long () %{ -+ static char *buffer2 = &(buffer_x[4]); -+ memset(buffer2, 0, 4); -+ STAP_RETVALUE = (long)buffer2; -+%} -+ -+function get_buffer3:long () %{ -+ static char *buffer3 = &(buffer_x[8]); -+ memset(buffer3, 42, MAXSTRINGLEN); -+ STAP_RETVALUE = (long)buffer3; -+%} -+ -+function buffer_42:long (addr:long) %{ -+ int i; -+ char *buffer3 = (char *)STAP_ARG_addr; -+ STAP_RETVALUE = 1; -+ for(i=0; i< MAXSTRINGLEN; ++i){ -+ if (buffer3[i] != 42) -+ STAP_RETVALUE = 0; -+ } -+%} diff --git a/sources b/sources index 9271007..b6cca60 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemtap-5.0.tar.gz) = dc511a05e66abcbbd8c926973962751196180f3c571d0cd2a3b158ae367c5339ad32967a680ecd03224ab5f7ed2c55be7064867e4fb1b1cd7ea1cb21b2436e4c +SHA512 (systemtap-5.1.tar.gz) = da0fe237d2124031a5786d1221dbb420d90da5497376715fd43a7a9f61a354a229c1128e67ce6becbc012aa3796dc5d337149e239e3c1def0651b179e5bf199f diff --git a/systemtap.spec b/systemtap.spec index 0d5b080..7b21a44 100644 --- a/systemtap.spec +++ b/systemtap.spec @@ -1,3 +1,5 @@ +# work around flakey gcc warnings +%{!?with_Werror: %global with_Werror 0} %{!?with_sqlite: %global with_sqlite 0%{?fedora} >= 17 || 0%{?rhel} >= 7} # prefer prebuilt docs %{!?with_docs: %global with_docs 0} @@ -90,7 +92,10 @@ \ g stapusr 156\ g stapsys 157\ -g stapdev 158 +g stapdev 158\ +g stapunpriv 159\ +u stapunpriv 159 "systemtap unprivileged user" /var/lib/stapunpriv /sbin/nologin\ +m stapunpriv stapunpriv %define _systemtap_server_preinstall \ # See systemd-sysusers(8) sysusers.d(5)\ @@ -115,8 +120,8 @@ m stapdev stapdev Name: systemtap # PRERELEASE -Version: 5.0 -Release: 4%{?release_override}%{?dist} +Version: 5.1 +Release: 1%{?release_override}%{?dist} # for version, see also configure.ac @@ -153,9 +158,6 @@ License: GPL-2.0-or-later URL: http://sourceware.org/systemtap/ Source: ftp://sourceware.org/pub/systemtap/releases/systemtap-%{version}.tar.gz -Patch1: RHEL-16549.patch -Patch2: RHEL-18334.patch - # Build* BuildRequires: make BuildRequires: gcc-c++ @@ -397,7 +399,7 @@ with the optional dtrace-compatibility preprocessor to process related %package testsuite Summary: Instrumentation System Testsuite -License: GPL-2.0-or-later AND GPL-2.0-only AND GPL-3.0-or-later AND MIT +License: GPL-2.0-or-later AND GPL AND GPL-2.0-only AND GPL-3.0-or-later AND MIT URL: http://sourceware.org/systemtap/ Requires: systemtap = %{version}-%{release} Requires: systemtap-sdt-devel = %{version}-%{release} @@ -566,7 +568,6 @@ This package installs the services necessary on a virtual machine for a systemtap-runtime-virthost machine to execute systemtap scripts. %endif -%if %{with_python3} && %{with_monitor} %package jupyter Summary: ISystemtap jupyter kernel and examples License: GPL-2.0-or-later @@ -577,13 +578,11 @@ Requires: systemtap = %{version}-%{release} This package includes files needed to build and run the interactive systemtap Jupyter kernel, either locally or within a container. -%endif + # ------------------------------------------------------------------------ %prep %setup -q -%patch -P1 -p1 -%patch -P2 -p1 %build @@ -594,6 +593,13 @@ or within a container. %global dyninst_config --without-dyninst %endif +# Enable/disable the dyninst pure-userspace backend +%if %{with_Werror} +%global Werror_config --enable-Werror +%else +%global Werror_config --disable-Werror +%endif + # Enable/disable the sqlite coverage testing support %if %{with_sqlite} %global sqlite_config --enable-sqlite @@ -681,7 +687,7 @@ or within a container. # We don't ship compileworthy python code, just oddball samples %global py_auto_byte_compile 0 -%configure %{dyninst_config} %{sqlite_config} %{crash_config} %{docs_config} %{rpm_config} %{java_config} %{virt_config} %{dracut_config} %{python3_config} %{python2_probes_config} %{python3_probes_config} %{httpd_config} %{bpf_config} %{debuginfod_config} --disable-silent-rules --with-extra-version="rpm %{version}-%{release}" +%configure %{Werror_config} %{dyninst_config} %{sqlite_config} %{crash_config} %{docs_config} %{rpm_config} %{java_config} %{virt_config} %{dracut_config} %{python3_config} %{python2_probes_config} %{python3_probes_config} %{httpd_config} %{bpf_config} %{debuginfod_config} --disable-silent-rules --with-extra-version="rpm %{version}-%{release}" make %{?_smp_mflags} V=1 @@ -839,6 +845,9 @@ echo '%_systemtap_runtime_preinstall' | systemd-sysusers --replace=%{_sysusersdi getent group stapusr >/dev/null || groupadd -f -g 156 -r stapusr getent group stapsys >/dev/null || groupadd -f -g 157 -r stapsys getent group stapdev >/dev/null || groupadd -f -g 158 -r stapdev +getent passwd stapunpriv >/dev/null || \ + useradd -c "Systemtap Unprivileged User" -u 159 -g stapunpriv -d %{_localstatedir}/lib/stapunpriv -r -s /sbin/nologin stapunpriv 2>/dev/null || \ + useradd -c "Systemtap Unprivileged User" -g stapunpriv -d %{_localstatedir}/lib/stapunpriv -r -s /sbin/nologin stapunpriv %endif exit 0 @@ -1285,14 +1294,12 @@ exit 0 %{_sbindir}/stap-exporter %endif -%if %{with_python3} && %{with_monitor} %files jupyter %{_bindir}/stap-jupyter-container %{_bindir}/stap-jupyter-install %{_mandir}/man1/stap-jupyter.1* %dir %{_datadir}/systemtap %{_datadir}/systemtap/interactive-notebook -%endif # ------------------------------------------------------------------------ @@ -1303,6 +1310,10 @@ exit 0 # PRERELEASE %changelog +* Fri Apr 26 2024 Frank Ch. Eigler - 5.1-1 +- Upstream release, see wiki page below for detailed notes. + https://sourceware.org/systemtap/wiki/SystemTapReleases + * Wed Dec 6 2023 William Cohen - 5.0-4 - RHEL-18334