Dr. Werner Fink 2014-08-28 11:31:51 +00:00 committed by Git OBS Bridge
parent 3203574c4c
commit 2480ae94c1
8 changed files with 246 additions and 0 deletions

View File

@ -0,0 +1,36 @@
From 60240797a4ce464ec7a0537ccbec4c83f599251c Mon Sep 17 00:00:00 2001
From: David Herrmann <dh.herrmann@gmail.com>
Date: Fri, 22 Aug 2014 14:57:11 +0200
Subject: [PATCH] login: fix memory-leak on DropController()
Our bus-name watch helpers only remove a bus-name if it's not a
controller, anymore. If we call manager_drop_busname() before
unregistering the controller, the busname will not be dropped. Therefore,
first drop the controller, then drop the bus-name.
---
src/login/logind-session.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git src/login/logind-session.c src/login/logind-session.c
index 136bbce..0c6e425 100644
--- src/login/logind-session.c
+++ src/login/logind-session.c
@@ -1061,11 +1061,13 @@ bool session_is_controller(Session *s, const char *sender) {
static void session_swap_controller(Session *s, char *name) {
SessionDevice *sd;
+ char *c;
if (s->controller) {
- manager_drop_busname(s->manager, s->controller);
- free(s->controller);
+ c = s->controller;
s->controller = NULL;
+ manager_drop_busname(s->manager, c);
+ free(c);
/* Drop all devices as they're now unused. Do that after the
* controller is released to avoid sending out useles
--
1.7.9.2

View File

@ -0,0 +1,96 @@
Based on 8a7c93d858c342744adf481565d8bb03b9713dcf Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 27 Aug 2014 21:42:20 +0200
Subject: [PATCH] util: fix minimal race where we might miss SIGTERMs when
forking off an agent
Before forking, block all signals, and unblock them afterwards. This way
the child will have them blocked, and we won't lose them.
---
src/shared/util.c | 39 ++++++++++++++++++++++++++++++++++-----
1 file changed, 34 insertions(+), 5 deletions(-)
--- src/shared/util.c
+++ src/shared/util.c 2014-08-28 10:32:06.442693437 +0000
@@ -894,6 +894,18 @@ int reset_all_signal_handlers(void) {
return 0;
}
+static int reset_signal_mask(void) {
+ sigset_t ss;
+
+ if (sigemptyset(&ss) < 0)
+ return -errno;
+
+ if (sigprocmask(SIG_SETMASK, &ss, NULL) < 0)
+ return -errno;
+
+ return 0;
+}
+
char *strstrip(char *s) {
char *e;
@@ -5119,9 +5131,9 @@ int fd_inc_rcvbuf(int fd, size_t n) {
}
int fork_agent(pid_t *pid, const int except[], unsigned n_except, const char *path, ...) {
- pid_t parent_pid, agent_pid;
- int fd;
bool stdout_is_tty, stderr_is_tty;
+ pid_t parent_pid, agent_pid;
+ sigset_t ss, saved_ss;
unsigned n, i;
va_list ap;
char **l;
@@ -5129,16 +5141,25 @@ int fork_agent(pid_t *pid, const int exc
assert(pid);
assert(path);
- parent_pid = getpid();
-
/* Spawns a temporary TTY agent, making sure it goes away when
* we go away */
+ parent_pid = getpid();
+
+ /* First we temporarily block all signals, so that the new
+ * child has them blocked initially. This way, we can be sure
+ * that SIGTERMs are not lost we might send to the agent. */
+ assert_se(sigfillset(&ss) >= 0);
+ assert_se(sigprocmask(SIG_SETMASK, &ss, &saved_ss) >= 0);
+
agent_pid = fork();
- if (agent_pid < 0)
+ if (agent_pid < 0) {
+ assert_se(sigprocmask(SIG_SETMASK, &saved_ss, NULL) >= 0);
return -errno;
+ }
if (agent_pid != 0) {
+ assert_se(sigprocmask(SIG_SETMASK, &saved_ss, NULL) >= 0);
*pid = agent_pid;
return 0;
}
@@ -5149,6 +5170,12 @@ int fork_agent(pid_t *pid, const int exc
if (prctl(PR_SET_PDEATHSIG, SIGTERM) < 0)
_exit(EXIT_FAILURE);
+ /* Make sure we actually can kill the agent, if we need to, in
+ * case somebody invoked us from a shell script that trapped
+ * SIGTERM or so... */
+ reset_all_signal_handlers();
+ reset_signal_mask();
+
/* Check whether our parent died before we were able
* to set the death signal */
if (getppid() != parent_pid)
@@ -5161,6 +5188,8 @@ int fork_agent(pid_t *pid, const int exc
stderr_is_tty = isatty(STDERR_FILENO);
if (!stdout_is_tty || !stderr_is_tty) {
+ int fd;
+
/* Detach from stdout/stderr. and reopen
* /dev/tty for them. This is important to
* ensure that when systemctl is started via

View File

@ -0,0 +1,39 @@
From 57cd09acf2c63a414aa2131c00a2b3f600eb0133 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sat, 23 Aug 2014 22:35:03 -0400
Subject: [PATCH] sd-journal: properly convert object->size on big endian
mmap code crashes when attempting to map an object of zero size.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758392
https://bugs.freedesktop.org/show_bug.cgi?id=82894
---
src/journal/journal-file.h | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git src/journal/journal-file.h src/journal/journal-file.h
index 3d41682..da2ef3b 100644
--- src/journal/journal-file.h
+++ src/journal/journal-file.h
@@ -214,14 +214,15 @@ static unsigned type_to_context(int type) {
static inline int journal_file_object_keep(JournalFile *f, Object *o, uint64_t offset) {
unsigned context = type_to_context(o->object.type);
+ uint64_t s = le64toh(o->object.size);
return mmap_cache_get(f->mmap, f->fd, f->prot, context, true,
- offset, o->object.size, &f->last_stat, NULL);
+ offset, s, &f->last_stat, NULL);
}
static inline int journal_file_object_release(JournalFile *f, Object *o, uint64_t offset) {
unsigned context = type_to_context(o->object.type);
+ uint64_t s = le64toh(o->object.size);
- return mmap_cache_release(f->mmap, f->fd, f->prot, context,
- offset, o->object.size);
+ return mmap_cache_release(f->mmap, f->fd, f->prot, context, offset, s);
}
--
1.7.9.2

View File

@ -0,0 +1,41 @@
Based on 0f99f74a14ef193c1ebde687c5cc76e1d67b85ef Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 26 Aug 2014 23:54:31 -0400
Subject: [PATCH] sd-journal: verify that object start with the field name
If the journal is corrupted, we might return an object that does
not start with the expected field name and/or is shorter than it
should.
---
src/journal/sd-journal.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git src/journal/sd-journal.c src/journal/sd-journal.c
index 80ff8fe..693707c 100644
--- src/journal/sd-journal.c
+++ src/journal/sd-journal.c
@@ -2571,6 +2571,21 @@ _public_ int sd_journal_enumerate_unique(sd_journal *j, const void **data, size_
if (r < 0)
return r;
+ /* Check if we have at least the field name and "=". */
+ if (ol <= k) {
+ log_debug("%s:offset " OFSfmt ": object has size %zu, expected at least %zu",
+ j->unique_file->path, j->unique_offset,
+ ol, k + 1);
+ return -EBADMSG;
+ }
+
+ if (memcmp(odata, j->unique_field, k) || ((const char*) odata)[k] != '=') {
+ log_debug("%s:offset " OFSfmt ": object does not start with \"%s=\"",
+ j->unique_file->path, j->unique_offset,
+ j->unique_field);
+ return -EBADMSG;
+ }
+
/* OK, now let's see if we already returned this data
* object by checking if it exists in the earlier
* traversed files. */
--
1.7.9.2

View File

@ -2,6 +2,11 @@
Thu Aug 28 10:07:10 UTC 2014 - werner@suse.de
- Add upstream patches
0001-login-fix-memory-leak-on-DropController.patch
0002-util-fix-minimal-race-where-we-might-miss-SIGTERMs-w.patch
0003-sd-journal-properly-convert-object-size-on-big-endia.patch
0004-sd-journal-verify-that-object-start-with-the-field-n.patch
- Add upstream patch
1064-udev-hwdb-do-not-look-at-usb_device-parents.patch
to avoid that hwdb ID's for unrecognised USB device are taken
from the USB hub.

View File

@ -806,6 +806,14 @@ Patch387: 0001-systemctl-Correct-error-message-printed-when-bus_pro.patch
Patch388: 0002-units-order-systemd-fsck-.service-after-local-fs-pre.patch
# PATCH-FIX-UPSTREAM added at 2014/08/27
Patch389: 0003-keymap-Adjust-for-more-Samsung-900X4-series.patch
# PATCH-FIX-UPSTREAM added at 2014/08/28
Patch390: 0001-login-fix-memory-leak-on-DropController.patch
# PATCH-FIX-UPSTREAM added at 2014/08/28
Patch391: 0002-util-fix-minimal-race-where-we-might-miss-SIGTERMs-w.patch
# PATCH-FIX-UPSTREAM added at 2014/08/28
Patch392: 0003-sd-journal-properly-convert-object-size-on-big-endia.patch
# PATCH-FIX-UPSTREAM added at 2014/08/28
Patch393: 0004-sd-journal-verify-that-object-start-with-the-field-n.patch
# UDEV PATCHES
# ============
@ -1489,6 +1497,10 @@ cp %{SOURCE7} m4/
%patch387 -p0
%patch388 -p0
%patch389 -p0
%patch390 -p0
%patch391 -p0
%patch392 -p0
%patch393 -p0
# udev patches
%patch1001 -p1

View File

@ -2,6 +2,11 @@
Thu Aug 28 10:07:10 UTC 2014 - werner@suse.de
- Add upstream patches
0001-login-fix-memory-leak-on-DropController.patch
0002-util-fix-minimal-race-where-we-might-miss-SIGTERMs-w.patch
0003-sd-journal-properly-convert-object-size-on-big-endia.patch
0004-sd-journal-verify-that-object-start-with-the-field-n.patch
- Add upstream patch
1064-udev-hwdb-do-not-look-at-usb_device-parents.patch
to avoid that hwdb ID's for unrecognised USB device are taken
from the USB hub.

View File

@ -801,6 +801,14 @@ Patch387: 0001-systemctl-Correct-error-message-printed-when-bus_pro.patch
Patch388: 0002-units-order-systemd-fsck-.service-after-local-fs-pre.patch
# PATCH-FIX-UPSTREAM added at 2014/08/27
Patch389: 0003-keymap-Adjust-for-more-Samsung-900X4-series.patch
# PATCH-FIX-UPSTREAM added at 2014/08/28
Patch390: 0001-login-fix-memory-leak-on-DropController.patch
# PATCH-FIX-UPSTREAM added at 2014/08/28
Patch391: 0002-util-fix-minimal-race-where-we-might-miss-SIGTERMs-w.patch
# PATCH-FIX-UPSTREAM added at 2014/08/28
Patch392: 0003-sd-journal-properly-convert-object-size-on-big-endia.patch
# PATCH-FIX-UPSTREAM added at 2014/08/28
Patch393: 0004-sd-journal-verify-that-object-start-with-the-field-n.patch
# UDEV PATCHES
# ============
@ -1484,6 +1492,10 @@ cp %{SOURCE7} m4/
%patch387 -p0
%patch388 -p0
%patch389 -p0
%patch390 -p0
%patch391 -p0
%patch392 -p0
%patch393 -p0
# udev patches
%patch1001 -p1