Accepting request 1043227 from home:AndreasStieger:branches:server:database
redis 7.0.6 OBS-URL: https://build.opensuse.org/request/show/1043227 OBS-URL: https://build.opensuse.org/package/show/server:database/redis?expand=0&rev=211
This commit is contained in:
parent
472b89bba2
commit
9b69b46588
@ -1,202 +0,0 @@
|
||||
From 0bf90d944313919eb8e63d3588bf63a367f020a3 Mon Sep 17 00:00:00 2001
|
||||
From: "Meir Shpilraien (Spielrein)" <meir@redis.com>
|
||||
Date: Thu, 29 Sep 2022 08:58:58 +0300
|
||||
Subject: [PATCH] Avoid crash on crash report when a bad function pointer was
|
||||
called (#11298)
|
||||
|
||||
If Redis crashes due to calling an invalid function pointer,
|
||||
the `backtrace` function will try to dereference this invalid pointer
|
||||
which will cause a crash inside the crash report and will kill
|
||||
the processes without having all the crash report information.
|
||||
|
||||
Example:
|
||||
|
||||
```
|
||||
=== REDIS BUG REPORT START: Cut & paste starting from here ===
|
||||
198672:M 19 Sep 2022 18:06:12.936 # Redis 255.255.255 crashed by signal: 11, si_code: 1
|
||||
198672:M 19 Sep 2022 18:06:12.936 # Accessing address: 0x1
|
||||
198672:M 19 Sep 2022 18:06:12.936 # Crashed running the instruction at: 0x1
|
||||
// here the processes is crashing
|
||||
```
|
||||
|
||||
This PR tries to fix this crash be:
|
||||
1. Identify the issue when it happened.
|
||||
2. Replace the invalid pointer with a pointer to some dummy function
|
||||
so that `backtrace` will not crash.
|
||||
|
||||
I identification is done by comparing `eip` to `info->si_addr`, if they
|
||||
are the same we know that the crash happened on the same address it tries to
|
||||
accesses and we can conclude that it tries to call and invalid function pointer.
|
||||
|
||||
To replace the invalid pointer we introduce a new function, `setMcontextEip`,
|
||||
which is very similar to `getMcontextEip` and it knows to set the Eip for the
|
||||
different supported OS's. After printing the trace we retrieve the old `Eip` value.
|
||||
---
|
||||
src/debug.c | 80 ++++++++++++++++++++++++++++++++++++++---------------
|
||||
1 file changed, 58 insertions(+), 22 deletions(-)
|
||||
|
||||
diff --git a/src/debug.c b/src/debug.c
|
||||
index 8cc811be444b..b15ac8780d83 100644
|
||||
--- a/src/debug.c
|
||||
+++ b/src/debug.c
|
||||
@@ -1123,73 +1123,88 @@ void bugReportStart(void) {
|
||||
}
|
||||
|
||||
#ifdef HAVE_BACKTRACE
|
||||
-static void *getMcontextEip(ucontext_t *uc) {
|
||||
+
|
||||
+/* Returns the current eip and set it to the given new value (if its not NULL) */
|
||||
+static void* getAndSetMcontextEip(ucontext_t *uc, void *eip) {
|
||||
#define NOT_SUPPORTED() do {\
|
||||
UNUSED(uc);\
|
||||
+ UNUSED(eip);\
|
||||
return NULL;\
|
||||
} while(0)
|
||||
+#define GET_SET_RETURN(target_var, new_val) do {\
|
||||
+ void *old_val = (void*)target_var; \
|
||||
+ if (new_val) { \
|
||||
+ void **temp = (void**)&target_var; \
|
||||
+ *temp = new_val; \
|
||||
+ } \
|
||||
+ return old_val; \
|
||||
+} while(0)
|
||||
#if defined(__APPLE__) && !defined(MAC_OS_X_VERSION_10_6)
|
||||
/* OSX < 10.6 */
|
||||
#if defined(__x86_64__)
|
||||
- return (void*) uc->uc_mcontext->__ss.__rip;
|
||||
+ GET_SET_RETURN(uc->uc_mcontext->__ss.__rip, eip);
|
||||
#elif defined(__i386__)
|
||||
- return (void*) uc->uc_mcontext->__ss.__eip;
|
||||
+ GET_SET_RETURN(uc->uc_mcontext->__ss.__eip, eip);
|
||||
#else
|
||||
- return (void*) uc->uc_mcontext->__ss.__srr0;
|
||||
+ GET_SET_RETURN(uc->uc_mcontext->__ss.__srr0, eip);
|
||||
#endif
|
||||
#elif defined(__APPLE__) && defined(MAC_OS_X_VERSION_10_6)
|
||||
/* OSX >= 10.6 */
|
||||
#if defined(_STRUCT_X86_THREAD_STATE64) && !defined(__i386__)
|
||||
- return (void*) uc->uc_mcontext->__ss.__rip;
|
||||
+ GET_SET_RETURN(uc->uc_mcontext->__ss.__rip, eip);
|
||||
#elif defined(__i386__)
|
||||
- return (void*) uc->uc_mcontext->__ss.__eip;
|
||||
+ GET_SET_RETURN(uc->uc_mcontext->__ss.__eip, eip);
|
||||
#else
|
||||
/* OSX ARM64 */
|
||||
- return (void*) arm_thread_state64_get_pc(uc->uc_mcontext->__ss);
|
||||
+ void *old_val = (void*)arm_thread_state64_get_pc(uc->uc_mcontext->__ss);
|
||||
+ if (eip) {
|
||||
+ arm_thread_state64_set_pc_fptr(uc->uc_mcontext->__ss, eip);
|
||||
+ }
|
||||
+ return old_val;
|
||||
#endif
|
||||
#elif defined(__linux__)
|
||||
/* Linux */
|
||||
#if defined(__i386__) || ((defined(__X86_64__) || defined(__x86_64__)) && defined(__ILP32__))
|
||||
- return (void*) uc->uc_mcontext.gregs[14]; /* Linux 32 */
|
||||
+ GET_SET_RETURN(uc->uc_mcontext.gregs[14], eip);
|
||||
#elif defined(__X86_64__) || defined(__x86_64__)
|
||||
- return (void*) uc->uc_mcontext.gregs[16]; /* Linux 64 */
|
||||
+ GET_SET_RETURN(uc->uc_mcontext.gregs[16], eip);
|
||||
#elif defined(__ia64__) /* Linux IA64 */
|
||||
- return (void*) uc->uc_mcontext.sc_ip;
|
||||
+ GET_SET_RETURN(uc->uc_mcontext.sc_ip, eip);
|
||||
#elif defined(__arm__) /* Linux ARM */
|
||||
- return (void*) uc->uc_mcontext.arm_pc;
|
||||
+ GET_SET_RETURN(uc->uc_mcontext.arm_pc, eip);
|
||||
#elif defined(__aarch64__) /* Linux AArch64 */
|
||||
- return (void*) uc->uc_mcontext.pc;
|
||||
+ GET_SET_RETURN(uc->uc_mcontext.pc, eip);
|
||||
#else
|
||||
NOT_SUPPORTED();
|
||||
#endif
|
||||
#elif defined(__FreeBSD__)
|
||||
/* FreeBSD */
|
||||
#if defined(__i386__)
|
||||
- return (void*) uc->uc_mcontext.mc_eip;
|
||||
+ GET_SET_RETURN(uc->uc_mcontext.mc_eip, eip);
|
||||
#elif defined(__x86_64__)
|
||||
- return (void*) uc->uc_mcontext.mc_rip;
|
||||
+ GET_SET_RETURN(uc->uc_mcontext.mc_rip, eip);
|
||||
#else
|
||||
NOT_SUPPORTED();
|
||||
#endif
|
||||
#elif defined(__OpenBSD__)
|
||||
/* OpenBSD */
|
||||
#if defined(__i386__)
|
||||
- return (void*) uc->sc_eip;
|
||||
+ GET_SET_RETURN(uc->sc_eip, eip);
|
||||
#elif defined(__x86_64__)
|
||||
- return (void*) uc->sc_rip;
|
||||
+ GET_SET_RETURN(uc->sc_rip, eip);
|
||||
#else
|
||||
NOT_SUPPORTED();
|
||||
#endif
|
||||
#elif defined(__NetBSD__)
|
||||
#if defined(__i386__)
|
||||
- return (void*) uc->uc_mcontext.__gregs[_REG_EIP];
|
||||
+ GET_SET_RETURN(uc->uc_mcontext.__gregs[_REG_EIP], eip);
|
||||
#elif defined(__x86_64__)
|
||||
- return (void*) uc->uc_mcontext.__gregs[_REG_RIP];
|
||||
+ GET_SET_RETURN(uc->uc_mcontext.__gregs[_REG_RIP], eip);
|
||||
#else
|
||||
NOT_SUPPORTED();
|
||||
#endif
|
||||
#elif defined(__DragonFly__)
|
||||
- return (void*) uc->uc_mcontext.mc_rip;
|
||||
+ GET_SET_RETURN(uc->uc_mcontext.mc_rip, eip);
|
||||
#else
|
||||
NOT_SUPPORTED();
|
||||
#endif
|
||||
@@ -1951,6 +1966,10 @@ void dumpCodeAroundEIP(void *eip) {
|
||||
}
|
||||
}
|
||||
|
||||
+void invalidFunctionWasCalled() {}
|
||||
+
|
||||
+typedef void (*invalidFunctionWasCalledType)();
|
||||
+
|
||||
void sigsegvHandler(int sig, siginfo_t *info, void *secret) {
|
||||
UNUSED(secret);
|
||||
UNUSED(info);
|
||||
@@ -1968,13 +1987,30 @@ void sigsegvHandler(int sig, siginfo_t *info, void *secret) {
|
||||
|
||||
#ifdef HAVE_BACKTRACE
|
||||
ucontext_t *uc = (ucontext_t*) secret;
|
||||
- void *eip = getMcontextEip(uc);
|
||||
+ void *eip = getAndSetMcontextEip(uc, NULL);
|
||||
if (eip != NULL) {
|
||||
serverLog(LL_WARNING,
|
||||
"Crashed running the instruction at: %p", eip);
|
||||
}
|
||||
|
||||
- logStackTrace(getMcontextEip(uc), 1);
|
||||
+ if (eip == info->si_addr) {
|
||||
+ /* When eip matches the bad address, it's an indication that we crashed when calling a non-mapped
|
||||
+ * function pointer. In that case the call to backtrace will crash trying to access that address and we
|
||||
+ * won't get a crash report logged. Set it to a valid point to avoid that crash. */
|
||||
+
|
||||
+ /* This trick allow to avoid compiler warning */
|
||||
+ void *ptr;
|
||||
+ invalidFunctionWasCalledType *ptr_ptr = (invalidFunctionWasCalledType*)&ptr;
|
||||
+ *ptr_ptr = invalidFunctionWasCalled;
|
||||
+ getAndSetMcontextEip(uc, ptr);
|
||||
+ }
|
||||
+
|
||||
+ logStackTrace(eip, 1);
|
||||
+
|
||||
+ if (eip == info->si_addr) {
|
||||
+ /* Restore old eip */
|
||||
+ getAndSetMcontextEip(uc, eip);
|
||||
+ }
|
||||
|
||||
logRegisters(uc);
|
||||
#endif
|
||||
@@ -2079,7 +2115,7 @@ void watchdogSignalHandler(int sig, siginfo_t *info, void *secret) {
|
||||
|
||||
serverLogFromHandler(LL_WARNING,"\n--- WATCHDOG TIMER EXPIRED ---");
|
||||
#ifdef HAVE_BACKTRACE
|
||||
- logStackTrace(getMcontextEip(uc), 1);
|
||||
+ logStackTrace(getAndSetMcontextEip(uc, NULL), 1);
|
||||
#else
|
||||
serverLogFromHandler(LL_WARNING,"Sorry: no support for backtrace().");
|
||||
#endif
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:67054cc37b58c125df93bd78000261ec0ef4436a26b40f38262c780e56315cc3
|
||||
size 2968205
|
3
redis-7.0.6.tar.gz
Normal file
3
redis-7.0.6.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:7b33a7e890d13e27af1f246acb16312669ad8a1d56ce8f807dfbcd3c09aa7bb3
|
||||
size 2978882
|
@ -1,3 +1,22 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Dec 15 21:05:16 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
|
||||
|
||||
- Update to version 7.0.6:
|
||||
* RM_ResetDataset module API should not clear the functions
|
||||
* RM_Call module API used with the "C" flag to run scripts,
|
||||
would now cause the commands in the script to check ACL with
|
||||
the designated user
|
||||
* Geo commands speedups
|
||||
* Fix EVAL command performance regression from Redis 7.0
|
||||
* Reduce EXPIRE commands performance regression from Redis 7.0
|
||||
* Optimize commands returning double values, mainly affecting zset
|
||||
commands
|
||||
* Optimize Lua parsing of some command responses
|
||||
* Optimize client memory usage tracking operation while client
|
||||
eviction is disabled
|
||||
* Multiple bug fixes for crashes, hangs, and incorrect behavior
|
||||
- drop cve-2022-3647 now upstream
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Oct 24 14:56:10 UTC 2022 - Danilo Spinella <danilo.spinella@suse.com>
|
||||
|
||||
|
@ -143,3 +143,5 @@ hash redis-7.0.2.tar.gz sha256 5e57eafe7d4ac5ecb6a7d64d6b61db775616dbf903293b3fc
|
||||
hash redis-7.0.3.tar.gz sha256 2cde7d17214ffe305953da9fff12333e8a72caa57fd4923e4872f6362a208e73 http://download.redis.io/releases/redis-7.0.3.tar.gz
|
||||
hash redis-7.0.4.tar.gz sha256 f0e65fda74c44a3dd4fa9d512d4d4d833dd0939c934e946a5c622a630d057f2f http://download.redis.io/releases/redis-7.0.4.tar.gz
|
||||
hash redis-7.0.5.tar.gz sha256 67054cc37b58c125df93bd78000261ec0ef4436a26b40f38262c780e56315cc3 http://download.redis.io/releases/redis-7.0.5.tar.gz
|
||||
hash redis-6.2.8.tar.gz sha256 f91ab24bcb42673cb853292eb5d43c2017d11d659854808ed6a529c97297fdfe http://download.redis.io/releases/redis-6.2.8.tar.gz
|
||||
hash redis-7.0.6.tar.gz sha256 7b33a7e890d13e27af1f246acb16312669ad8a1d56ce8f807dfbcd3c09aa7bb3 http://download.redis.io/releases/redis-7.0.6.tar.gz
|
||||
|
@ -20,7 +20,7 @@
|
||||
%define _log_dir %{_localstatedir}/log/%{name}
|
||||
%define _conf_dir %{_sysconfdir}/%{name}
|
||||
Name: redis
|
||||
Version: 7.0.5
|
||||
Version: 7.0.6
|
||||
Release: 0
|
||||
Summary: Persistent key-value database
|
||||
License: BSD-3-Clause
|
||||
@ -40,9 +40,6 @@ Source10: https://raw.githubusercontent.com/redis/redis-hashes/master/READ
|
||||
Patch0: %{name}-conf.patch
|
||||
Patch3: reproducible.patch
|
||||
Patch4: ppc-atomic.patch
|
||||
# PATCH-FIX-UPSTREAm bsc#1204633 danilo.spinella@suse.com CVE-2022-3647
|
||||
# crash in sigsegvHandler debug function
|
||||
Patch5: cve-2022-3647.patch
|
||||
BuildRequires: jemalloc-devel
|
||||
BuildRequires: libopenssl-devel >= 1.1.1
|
||||
BuildRequires: pkgconfig
|
||||
@ -70,7 +67,6 @@ echo "`grep -F %{name}-%{version}.tar.gz %{SOURCE10} | cut -d' ' -f4` %{SOURCE0
|
||||
%patch0
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
|
||||
%build
|
||||
export HOST=OBS # for reproducible builds
|
||||
|
Loading…
Reference in New Issue
Block a user