Compare commits
3 Commits
359ea58b2e
...
1456891d13
Author | SHA1 | Date | |
---|---|---|---|
|
1456891d13 | ||
|
a0364ed82f | ||
|
4fe5bde8a9 |
59
RHEL-16549.patch
Normal file
59
RHEL-16549.patch
Normal file
@ -0,0 +1,59 @@
|
|||||||
|
commit 0fef0bd60ff4b359a32da52262855dfe82fe51ae
|
||||||
|
gpg: Signature made Tue 14 Nov 2023 03:20:12 PM EST
|
||||||
|
gpg: using RSA key 4B35DCD2EA45C4E0783135BC8094BE9C9F4696A1
|
||||||
|
gpg: Can't check signature: No public key
|
||||||
|
Author: Yichun Zhang (agentzh) <yichun@openresty.com>
|
||||||
|
Date: Fri Nov 10 21:51:56 2023 -0800
|
||||||
|
|
||||||
|
PR31051: memory and uprobe leaks in early uprobe registraton code when errors happen
|
||||||
|
|
||||||
|
diff --git a/runtime/linux/uprobes-inode.c b/runtime/linux/uprobes-inode.c
|
||||||
|
index 997f4528d..289cce00b 100644
|
||||||
|
--- a/runtime/linux/uprobes-inode.c
|
||||||
|
+++ b/runtime/linux/uprobes-inode.c
|
||||||
|
@@ -529,6 +529,16 @@ stapiu_init(struct stapiu_consumer *consumers, size_t nconsumers)
|
||||||
|
}
|
||||||
|
|
||||||
|
if (unlikely(ret != 0)) {
|
||||||
|
+ for ( ;; ) {
|
||||||
|
+ struct stapiu_consumer *c = &consumers[i];
|
||||||
|
+ // protect against conceivable stapiu_refresh() at same time
|
||||||
|
+ mutex_lock(& c->consumer_lock);
|
||||||
|
+ stapiu_consumer_unreg(c);
|
||||||
|
+ mutex_unlock(& c->consumer_lock);
|
||||||
|
+ if (i == 0)
|
||||||
|
+ break;
|
||||||
|
+ i--;
|
||||||
|
+ }
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -545,7 +555,27 @@ stapiu_init(struct stapiu_consumer *consumers, size_t nconsumers)
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
- return ret;
|
||||||
|
+
|
||||||
|
+ if (unlikely(ret != 0)) {
|
||||||
|
+ int j;
|
||||||
|
+ for (j = 0; j < nconsumers; ++j) {
|
||||||
|
+ struct stapiu_consumer *c = &consumers[j];
|
||||||
|
+ // protect against conceivable stapiu_refresh() at same time
|
||||||
|
+ mutex_lock(& c->consumer_lock);
|
||||||
|
+ stapiu_consumer_unreg(c);
|
||||||
|
+ mutex_unlock(& c->consumer_lock);
|
||||||
|
+ }
|
||||||
|
+ for ( ;; ) {
|
||||||
|
+ struct stapiu_consumer *c = &consumers[i];
|
||||||
|
+ stap_cleanup_task_finder_target(&c->finder);
|
||||||
|
+ if (i == 0)
|
||||||
|
+ break;
|
||||||
|
+ i--;
|
||||||
|
+ }
|
||||||
|
+ return ret;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
147
RHEL-18334.patch
Normal file
147
RHEL-18334.patch
Normal file
@ -0,0 +1,147 @@
|
|||||||
|
commit b84a5e8c2c5a857c0790a71df7824259a95131cf
|
||||||
|
Author: William Cohen <wcohen@redhat.com>
|
||||||
|
Date: Mon Dec 4 11:28:10 2023 -0500
|
||||||
|
|
||||||
|
PR31074: Ensure that the set_kernel_string* functions limit their writes
|
||||||
|
|
||||||
|
Both the set_kernel_string and set_kernel_string_n function use the
|
||||||
|
underlying _stp_store_deref_string_ function to write strings. There
|
||||||
|
were two issues with the this function:
|
||||||
|
|
||||||
|
1) wrote MAXSTRINGLEN bytes even if string was shorter
|
||||||
|
2) null write at end could spill past end of buffer
|
||||||
|
|
||||||
|
The first issue was addressed by stopping to write once a null
|
||||||
|
character is encountered. The second issue is a side effect of C
|
||||||
|
implicit promotion of character constants to ints and was addressed by
|
||||||
|
explicitlying casting the character constants as a char.
|
||||||
|
|
||||||
|
The pr31074.exp test was added to verify that the write length are
|
||||||
|
limited to string length and the null write does not go beyond the end
|
||||||
|
of the buffer.
|
||||||
|
|
||||||
|
diff --git a/runtime/linux/loc2c-runtime.h b/runtime/linux/loc2c-runtime.h
|
||||||
|
index 68fbe2ab6..663360293 100644
|
||||||
|
--- a/runtime/linux/loc2c-runtime.h
|
||||||
|
+++ b/runtime/linux/loc2c-runtime.h
|
||||||
|
@@ -1007,11 +1007,14 @@ static inline int _stp_store_deref_string_(char *src, void *addr, size_t len,
|
||||||
|
{
|
||||||
|
for (i = 0; i < len - 1; ++i)
|
||||||
|
{
|
||||||
|
+ if (*src == '\0')
|
||||||
|
+ break;
|
||||||
|
err = __stp_put_either(*src++, (u8 *)addr + i, seg);
|
||||||
|
if (err)
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
- err = __stp_put_either('\0', (u8 *)addr + i, seg);
|
||||||
|
+ /* PR31074: cast (char) '\0' to make sure right size */
|
||||||
|
+ err = __stp_put_either((char) '\0', (u8 *)addr + i, seg);
|
||||||
|
}
|
||||||
|
|
||||||
|
out:
|
||||||
|
diff --git a/testsuite/systemtap.base/pr31074.exp b/testsuite/systemtap.base/pr31074.exp
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000..5b382b789
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/testsuite/systemtap.base/pr31074.exp
|
||||||
|
@@ -0,0 +1,5 @@
|
||||||
|
+# Check that the set_kernel_* functions work correctly.
|
||||||
|
+
|
||||||
|
+set test "pr31074"
|
||||||
|
+
|
||||||
|
+stap_run $test no_load $all_pass_string -g $srcdir/$subdir/$test.stp
|
||||||
|
diff --git a/testsuite/systemtap.base/pr31074.stp b/testsuite/systemtap.base/pr31074.stp
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000..930c276b5
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/testsuite/systemtap.base/pr31074.stp
|
||||||
|
@@ -0,0 +1,88 @@
|
||||||
|
+/*
|
||||||
|
+ * pr31074.stp
|
||||||
|
+ *
|
||||||
|
+ * Check that the set_kernel_string function work correctly.
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+probe begin { println("systemtap starting probe") }
|
||||||
|
+probe end { println("systemtap ending probe") }
|
||||||
|
+
|
||||||
|
+global errors = 0
|
||||||
|
+
|
||||||
|
+function assert_string(test, expected, value)
|
||||||
|
+{
|
||||||
|
+ if (value == expected)
|
||||||
|
+ return 1
|
||||||
|
+ printf("systemtap test failure - %s: expected \"%s\", got \"%s\"\n",
|
||||||
|
+ test, expected, value)
|
||||||
|
+ errors++
|
||||||
|
+ return 0
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+function assert_not_reached(test)
|
||||||
|
+{
|
||||||
|
+ printf("systemtap test failure - %s: missing exception\n", test)
|
||||||
|
+ errors++
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+function assert_buffer_untouched(test, addr)
|
||||||
|
+{
|
||||||
|
+ if (!buffer_42(addr)) {
|
||||||
|
+ printf("systemtap test failure - %s: buffer overwritten\n", test)
|
||||||
|
+ errors++
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+probe end(1)
|
||||||
|
+{
|
||||||
|
+ test = "set_kernel_string"
|
||||||
|
+ addr3 = get_buffer3()
|
||||||
|
+ addr2 = get_buffer2()
|
||||||
|
+ if (assert_string(test, "", kernel_string(addr2))) {
|
||||||
|
+ set_kernel_string(addr2, "bar")
|
||||||
|
+ assert_string(test, "bar", kernel_string(addr2))
|
||||||
|
+ }
|
||||||
|
+ addr1 = get_buffer1()
|
||||||
|
+ if (assert_string(test, "", kernel_string(addr1))) {
|
||||||
|
+ set_kernel_string(addr1, "foo")
|
||||||
|
+ assert_string(test, "foo", kernel_string(addr1))
|
||||||
|
+ }
|
||||||
|
+ /* now check to make sure that "bar" has not been overwritten */
|
||||||
|
+ assert_string("no null overrun", "bar", kernel_string(addr2))
|
||||||
|
+ assert_buffer_untouched("no overrun", addr3)
|
||||||
|
+ if (!errors)
|
||||||
|
+ println("systemtap test success")
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+%{
|
||||||
|
+ static char buffer_x[4+4+MAXSTRINGLEN];
|
||||||
|
+%}
|
||||||
|
+
|
||||||
|
+function get_buffer1:long () %{
|
||||||
|
+ static char *buffer1 = &(buffer_x[0]);
|
||||||
|
+ memset(buffer1, 0, 4);
|
||||||
|
+ STAP_RETVALUE = (long)buffer1;
|
||||||
|
+%}
|
||||||
|
+
|
||||||
|
+function get_buffer2:long () %{
|
||||||
|
+ static char *buffer2 = &(buffer_x[4]);
|
||||||
|
+ memset(buffer2, 0, 4);
|
||||||
|
+ STAP_RETVALUE = (long)buffer2;
|
||||||
|
+%}
|
||||||
|
+
|
||||||
|
+function get_buffer3:long () %{
|
||||||
|
+ static char *buffer3 = &(buffer_x[8]);
|
||||||
|
+ memset(buffer3, 42, MAXSTRINGLEN);
|
||||||
|
+ STAP_RETVALUE = (long)buffer3;
|
||||||
|
+%}
|
||||||
|
+
|
||||||
|
+function buffer_42:long (addr:long) %{
|
||||||
|
+ int i;
|
||||||
|
+ char *buffer3 = (char *)STAP_ARG_addr;
|
||||||
|
+ STAP_RETVALUE = 1;
|
||||||
|
+ for(i=0; i< MAXSTRINGLEN; ++i){
|
||||||
|
+ if (buffer3[i] != 42)
|
||||||
|
+ STAP_RETVALUE = 0;
|
||||||
|
+ }
|
||||||
|
+%}
|
@ -116,7 +116,7 @@ m stapdev stapdev
|
|||||||
Name: systemtap
|
Name: systemtap
|
||||||
# PRERELEASE
|
# PRERELEASE
|
||||||
Version: 5.0
|
Version: 5.0
|
||||||
Release: 2%{?release_override}%{?dist}
|
Release: 4%{?release_override}%{?dist}
|
||||||
# for version, see also configure.ac
|
# for version, see also configure.ac
|
||||||
|
|
||||||
|
|
||||||
@ -153,6 +153,9 @@ License: GPL-2.0-or-later
|
|||||||
URL: http://sourceware.org/systemtap/
|
URL: http://sourceware.org/systemtap/
|
||||||
Source: ftp://sourceware.org/pub/systemtap/releases/systemtap-%{version}.tar.gz
|
Source: ftp://sourceware.org/pub/systemtap/releases/systemtap-%{version}.tar.gz
|
||||||
|
|
||||||
|
Patch1: RHEL-16549.patch
|
||||||
|
Patch2: RHEL-18334.patch
|
||||||
|
|
||||||
# Build*
|
# Build*
|
||||||
BuildRequires: make
|
BuildRequires: make
|
||||||
BuildRequires: gcc-c++
|
BuildRequires: gcc-c++
|
||||||
@ -579,6 +582,8 @@ or within a container.
|
|||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
|
%patch -P1 -p1
|
||||||
|
%patch -P2 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
|
|
||||||
@ -1298,6 +1303,12 @@ exit 0
|
|||||||
|
|
||||||
# PRERELEASE
|
# PRERELEASE
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Dec 6 2023 William Cohen <wcohen@redhat.com> - 5.0-4
|
||||||
|
- RHEL-18334
|
||||||
|
|
||||||
|
* Tue Nov 14 2023 Frank Ch. Eigler <fche@redhat.com> - 5.0-3
|
||||||
|
- RHEL-16549
|
||||||
|
|
||||||
* Mon Nov 06 2023 Frank Ch. Eigler <fche@redhat.com> - 5.0-2
|
* Mon Nov 06 2023 Frank Ch. Eigler <fche@redhat.com> - 5.0-2
|
||||||
- License header tweak
|
- License header tweak
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user