* Mon Feb 12 2024 Tomas Bzatek <tbzatek@redhat.com> - 2.10.1-3

- Use a SPDX license tag - udiskslinuxblockobject: Try issuing BLKRRPART ioctl harder - udiskslinuxmanager: Fix use after free - tests: Fix targetcli_config.json
2024-02-12 15:30:13 +01:00 · 2024-02-12 15:30:13 +01:00 · 9213e56a43
commit 9213e56a43
parent 4fb3a071e2
4 changed files with 217 additions and 2 deletions
--- a/udisks-2.11.0-BLKRRPART_harder.patch
+++ b/udisks-2.11.0-BLKRRPART_harder.patch
@ -0,0 +1,55 @@
+From eb1d4a2bcbb8744074d17553bd0d55ffbd76bdeb Mon Sep 17 00:00:00 2001
+From: Tomas Bzatek <tbzatek@redhat.com>
+Date: Tue, 14 Nov 2023 13:16:39 +0000
+Subject: [PATCH] udiskslinuxblockobject: Try issuing BLKRRPART ioctl harder
+
+For some reason even after acquiring a voluntary BSD lock on
+the device the BLKRRPART ioctl still fails with EBUSY. Wait
+a couple of msec and everything is fine.
+
+So try harder, several attempts, if busy. There might be number
+of things going on in the system and it's out of our control
+even when holding a lock.
+---
+ src/udiskslinuxblockobject.c | 14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/src/udiskslinuxblockobject.c b/src/udiskslinuxblockobject.c
+index d5da4bc4d9..33604df841 100644
+--- a/src/udiskslinuxblockobject.c
+++ b/src/udiskslinuxblockobject.c
+@@ -1098,23 +1098,31 @@ udisks_linux_block_object_reread_partition_table (UDisksLinuxBlockObject  *objec
+     }
+   else
+     {
+-      gint num_tries = 0;
+      gint num_tries;
+ 
+       /* acquire an exclusive BSD lock to prevent udev probes.
+        * See also https://systemd.io/BLOCK_DEVICE_LOCKING
+        */
+      num_tries = 10;
+       while (flock (fd, LOCK_EX | LOCK_NB) != 0)
+         {
+           g_usleep (100 * 1000); /* microseconds */
+-          if (num_tries++ > 5)
+          if (num_tries-- < 0)
+             break;
+         }
+ 
+-      if (ioctl (fd, BLKRRPART) != 0)
+      num_tries = 5;
+      while (ioctl (fd, BLKRRPART) != 0)
+         {
+          if (errno == EBUSY && num_tries-- >= 0)
+            {
+              g_usleep (200 * 1000); /* microseconds */
+              continue;
+            }
+           g_set_error (error, G_IO_ERROR, g_io_error_from_errno (errno),
+                        "Error re-reading partition table (BLKRRPART ioctl) on %s: %m", device_file);
+           ret = FALSE;
+          break;
+         }
+       close (fd);
+     }
--- a/udisks-2.11.0-targetcli_config.json_netif_timeout.patch
+++ b/udisks-2.11.0-targetcli_config.json_netif_timeout.patch
@ -0,0 +1,38 @@
+From acae6bf4594f80da57855343ab325f87386178c4 Mon Sep 17 00:00:00 2001
+From: Tomas Bzatek <tbzatek@redhat.com>
+Date: Fri, 3 Nov 2023 16:40:54 +0100
+Subject: [PATCH] tests: Fix targetcli_config.json
+
+Not all attributes are available anymore in newer kernel versions.
+---
+ src/tests/dbus-tests/targetcli_config.json | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/src/tests/dbus-tests/targetcli_config.json b/src/tests/dbus-tests/targetcli_config.json
+index 3be9eac2be..f50bf7d4d2 100644
+--- a/src/tests/dbus-tests/targetcli_config.json
+++ b/src/tests/dbus-tests/targetcli_config.json
+@@ -331,7 +331,6 @@
+             "demo_mode_write_protect": 0,
+             "generate_node_acls": 1,
+             "login_timeout": 15,
+-            "netif_timeout": 2,
+             "prod_mode_write_protect": 0,
+             "t10_pi": 0,
+             "tpg_enabled_sendtargets": 1
+@@ -393,7 +392,6 @@
+             "demo_mode_write_protect": 1,
+             "generate_node_acls": 0,
+             "login_timeout": 15,
+-            "netif_timeout": 2,
+             "prod_mode_write_protect": 0,
+             "t10_pi": 0,
+             "tpg_enabled_sendtargets": 1
+@@ -479,7 +477,6 @@
+             "demo_mode_write_protect": 1,
+             "generate_node_acls": 0,
+             "login_timeout": 15,
+-            "netif_timeout": 2,
+             "prod_mode_write_protect": 0,
+             "t10_pi": 0,
+             "tpg_enabled_sendtargets": 1
--- a/udisks-2.11.0-udiskslinuxmanager_use_after_free.patch
+++ b/udisks-2.11.0-udiskslinuxmanager_use_after_free.patch
@ -0,0 +1,112 @@
+From 3dc036fb5045fc068c6abfbe4e62d0871d7ca82a Mon Sep 17 00:00:00 2001
+From: xinpeng wang <wangxinpeng@uniontech.com>
+Date: Thu, 21 Sep 2023 13:57:40 +0800
+Subject: [PATCH] udiskslinuxmanager:use dbus interface after free
+
+In handle_get_block_devices, call get_block_objects to obtain iface_block_device
+of all current UDisksLinuxBlockObject, and then obtain the corresponding
+UDisksLinuxBlockObject's object_path through iface_block_device.iface_block_device
+is a GDBusInterfaceSkeleton, which saves the object through
+g_dbus_interface_skeleton_set_object. g_object_add_weak_pointer is used here. This
+function is not thread-safe.At this time, if other threads are releasing the object,
+the program will crash.
+This scene can be reproduced by quickly plugging and unplugging the USB disk.
+The core is as follows (the redundant stack is omitted):
+When accessing object in thread 1, the object is released by thread 2
+info threads
+   Id Target Id Frame
+* 1 Thread 0x7f80979e70 (LWP 24559) 0x0000007f8a48dda0 in
+g_dbus_object_get_object_path (object=0x0) at ../../../gio/gdbusobject.c:109
+  2 Thread 0x7f88a43010 (LWP 1159) 0x0000007f8a0a6ae8 in __GI___libc_free
+(mem=0x556a919c80) at malloc.c:3093
+
+thread 1
+(gdb) bt
+0 0x0000007f8a48dda0 in g_dbus_object_get_object_path (object=0x0) at
+../../../gio/gdbusobject.c:109
+1 0x000000556a56911c in handle_get_block_devices (object=0x7f7c007ed0, invocation=
+0x7f74016f20 [GDBusMethodInvocation], arg_options=<optimized out>)
+     at udiskslinuxmanager.c:1063
+
+(gdb) p ((GObject*)(blocks_p->data))->ref_count
+$3 = 1
+(gdb) p *((GDBusInterfaceSkeleton*)(blocks_p->data))
+$6 = {parent_instance = {g_type_instance = {g_class = 0x556a64e740
+[g_type: UDisksLinuxBlock/UDisksBlockSkeleton/GDBusInterfaceSkeleton]}, ref_count = 1,
+qdata = 0x0},  priv = 0x7f7c004ac0}
+(gdb) p *((GDBusInterfaceSkeleton*)(blocks_p->data))->priv
+$7 = {lock = {p = 0x0, i = {0, 0}}, object = 0x0,
+flags = G_DBUS_INTERFACE_SKELETON_FLAGS_HANDLE_METHOD_INVOCATIONS_IN_THREAD,
+connections = 0x0, object_path = 0x0, hooked_vtable = 0x556a62b9f0}
+
+thread 2
+(gdb) bt
+0 0x0000007f8a0a6ae8 in __GI___libc_free (mem=0x556a919c80) at malloc.c:3093
+1 0x0000007f89ff1224 in () at /lib/aarch64-linux-gnu/libudev.so.1
+2 0x0000007f89ff1348 in () at /lib/aarch64-linux-gnu/libudev.so.1
+3 0x0000007f89ff5520 in () at /lib/aarch64-linux-gnu/libudev.so.1
+4 0x0000007f89fff878 in udev_device_unref () at /lib/aarch64-linux-gnu/libudev.so.1
+5 0x0000007f8a7aeb74 in () at /lib/aarch64-linux-gnu/libgudev-1.0.so.0
+6 0x0000007f8a3193f8 in g_object_unref (_object=<optimized out>) at
+../../../gobject/gobject.c:3346
+7 0x0000007f8a3193f8 in g_object_unref (_object=0x7f680038a0) at
+../../../gobject/gobject.c:3238
+8 0x000000556a57700c in udisks_linux_device_finalize (object=0x7f5c005730
+[UDisksLinuxDevice]) at udiskslinuxdevice.c:75
+9 0x0000007f8a3193f8 in g_object_unref (_object=<optimized out>) at
+../../../gobject/gobject.c:3346
+10 0x0000007f8a3193f8 in g_object_unref (_object=0x7f5c005730) at
+../../../gobject/gobject.c:3238
+11 0x000000556a55d0fc in udisks_linux_drive_object_uevent
+     (object=object@entry=0x556a5df370 [UDisksLinuxDriveObject],
+action=action@entry=0x556a87b120
+"remove",device=device@entry=0x7f74007610 [UDisksLinuxDevice])
+     at udiskslinuxdriveobject.c:715
+12 0x000000556a54840c in handle_block_uevent_for_drive
+     (provider=provider@entry=0x556a5c8200 [UDisksLinuxProvider],
+action=action@entry=0x556a87b120 "remove",device=device@entry=0x7f74007610
+[UDisksLinuxDevice]) at udiskslinuxprovider.c:1035
+13 0x000000556a548ab8 in handle_block_uevent (device=0x7f74007610 [UDisksLinuxDevice],
+action=0x556a87b120 "remove", provider=0x556a5c8200 [UDisksLinuxProvider]) at
+udiskslinuxprovider.c:1349
+14 0x000000556a548ab8 in udisks_linux_provider_handle_uevent
+     (provider=0x556a5c8200 [UDisksLinuxProvider], action=0x556a87b120 "remove",
+device=0x7f74007610 [UDisksLinuxDevice]) at udiskslinuxprovider.c:1399
+15 0x000000556a548cac in on_idle_with_probed_uevent (user_data=0x556a7e65a0) at
+udiskslinuxprovider.c:230
+---
+ src/udiskslinuxmanager.c | 13 +++++++++----
+ 1 file changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/src/udiskslinuxmanager.c b/src/udiskslinuxmanager.c
+index 5bfeec103..491edb92b 100644
+--- a/src/udiskslinuxmanager.c
+++ b/src/udiskslinuxmanager.c
+@@ -1196,8 +1196,11 @@ handle_get_block_devices (UDisksManager         *object,
+   blocks = get_block_objects (object, &num_blocks);
+   block_paths = g_new0 (const gchar *, num_blocks + 1);
+ 
+-  for (i = 0,blocks_p = blocks; blocks_p != NULL; blocks_p = blocks_p->next, i++)
+-      block_paths[i] = g_dbus_object_get_object_path (g_dbus_interface_get_object (G_DBUS_INTERFACE (blocks_p->data)));
+  for (blocks_p = blocks; blocks_p != NULL; blocks_p = blocks_p->next) {
+	  GDBusObject * block_object = g_dbus_interface_get_object (G_DBUS_INTERFACE (blocks_p->data));
+	  if (block_object)
+		  block_paths[i++] = g_dbus_object_get_object_path (block_object);
+  }
+ 
+   udisks_manager_complete_get_block_devices  (object,
+                                               invocation,
+@@ -1284,9 +1287,11 @@ handle_resolve_device (UDisksManager         *object,
+     }
+ 
+   ret_paths = g_new0 (const gchar *, num_found + 1);
+-  for (i = 0,ret_p = ret; ret_p != NULL; ret_p = ret_p->next, i++)
+  for (i = 0,ret_p = ret; ret_p != NULL; ret_p = ret_p->next)
+     {
+-      ret_paths[i] = g_dbus_object_get_object_path (g_dbus_interface_get_object (G_DBUS_INTERFACE (ret_p->data)));
+      GDBusObject *block_object = g_dbus_interface_get_object (G_DBUS_INTERFACE (ret_p->data));
+      if (block_object)
+        ret_paths[i++] = g_dbus_object_get_object_path (block_object);
+     }
+ 
+   udisks_manager_complete_resolve_device (object,
--- a/udisks2.spec
+++ b/udisks2.spec
@ -24,11 +24,15 @@
 Name:    udisks2
 Summary: Disk Manager
 Version: 2.10.1
-Release: 2%{?dist}
-License: GPLv2+
+Release: 3%{?dist}
+License: GPL-2.0-or-later
 URL:     https://github.com/storaged-project/udisks
 Source0: https://github.com/storaged-project/udisks/releases/download/udisks-%{version}/udisks-%{version}.tar.bz2

+Patch0:  udisks-2.11.0-BLKRRPART_harder.patch
+Patch1:  udisks-2.11.0-targetcli_config.json_netif_timeout.patch
+Patch2:  udisks-2.11.0-udiskslinuxmanager_use_after_free.patch
+
 BuildRequires: make
 BuildRequires: glib2-devel >= %{glib2_version}
 BuildRequires: gobject-introspection-devel >= %{gobject_introspection_version}
@ -332,6 +336,12 @@ fi
 %endif

 %changelog
+* Mon Feb 12 2024 Tomas Bzatek <tbzatek@redhat.com> - 2.10.1-3
+- Use a SPDX license tag
+- udiskslinuxblockobject: Try issuing BLKRRPART ioctl harder
+- udiskslinuxmanager: Fix use after free
+- tests: Fix targetcli_config.json
+
 * Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.10.1-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild