From 2480ae94c119ac782f777ff8bbf255d31231cb97b56a575f9930ea400ea330ce Mon Sep 17 00:00:00 2001 From: "Dr. Werner Fink" Date: Thu, 28 Aug 2014 11:31:51 +0000 Subject: [PATCH] . OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=761 --- ...in-fix-memory-leak-on-DropController.patch | 36 +++++++ ...-race-where-we-might-miss-SIGTERMs-w.patch | 96 +++++++++++++++++++ ...rly-convert-object-size-on-big-endia.patch | 39 ++++++++ ...y-that-object-start-with-the-field-n.patch | 41 ++++++++ systemd-mini.changes | 5 + systemd-mini.spec | 12 +++ systemd.changes | 5 + systemd.spec | 12 +++ 8 files changed, 246 insertions(+) create mode 100644 0001-login-fix-memory-leak-on-DropController.patch create mode 100644 0002-util-fix-minimal-race-where-we-might-miss-SIGTERMs-w.patch create mode 100644 0003-sd-journal-properly-convert-object-size-on-big-endia.patch create mode 100644 0004-sd-journal-verify-that-object-start-with-the-field-n.patch diff --git a/0001-login-fix-memory-leak-on-DropController.patch b/0001-login-fix-memory-leak-on-DropController.patch new file mode 100644 index 00000000..ba5ed744 --- /dev/null +++ b/0001-login-fix-memory-leak-on-DropController.patch @@ -0,0 +1,36 @@ +From 60240797a4ce464ec7a0537ccbec4c83f599251c Mon Sep 17 00:00:00 2001 +From: David Herrmann +Date: Fri, 22 Aug 2014 14:57:11 +0200 +Subject: [PATCH] login: fix memory-leak on DropController() + +Our bus-name watch helpers only remove a bus-name if it's not a +controller, anymore. If we call manager_drop_busname() before +unregistering the controller, the busname will not be dropped. Therefore, +first drop the controller, then drop the bus-name. +--- + src/login/logind-session.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git src/login/logind-session.c src/login/logind-session.c +index 136bbce..0c6e425 100644 +--- src/login/logind-session.c ++++ src/login/logind-session.c +@@ -1061,11 +1061,13 @@ bool session_is_controller(Session *s, const char *sender) { + + static void session_swap_controller(Session *s, char *name) { + SessionDevice *sd; ++ char *c; + + if (s->controller) { +- manager_drop_busname(s->manager, s->controller); +- free(s->controller); ++ c = s->controller; + s->controller = NULL; ++ manager_drop_busname(s->manager, c); ++ free(c); + + /* Drop all devices as they're now unused. Do that after the + * controller is released to avoid sending out useles +-- +1.7.9.2 + diff --git a/0002-util-fix-minimal-race-where-we-might-miss-SIGTERMs-w.patch b/0002-util-fix-minimal-race-where-we-might-miss-SIGTERMs-w.patch new file mode 100644 index 00000000..9cd13c2d --- /dev/null +++ b/0002-util-fix-minimal-race-where-we-might-miss-SIGTERMs-w.patch @@ -0,0 +1,96 @@ +Based on 8a7c93d858c342744adf481565d8bb03b9713dcf Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Wed, 27 Aug 2014 21:42:20 +0200 +Subject: [PATCH] util: fix minimal race where we might miss SIGTERMs when + forking off an agent + +Before forking, block all signals, and unblock them afterwards. This way +the child will have them blocked, and we won't lose them. +--- + src/shared/util.c | 39 ++++++++++++++++++++++++++++++++++----- + 1 file changed, 34 insertions(+), 5 deletions(-) + +--- src/shared/util.c ++++ src/shared/util.c 2014-08-28 10:32:06.442693437 +0000 +@@ -894,6 +894,18 @@ int reset_all_signal_handlers(void) { + return 0; + } + ++static int reset_signal_mask(void) { ++ sigset_t ss; ++ ++ if (sigemptyset(&ss) < 0) ++ return -errno; ++ ++ if (sigprocmask(SIG_SETMASK, &ss, NULL) < 0) ++ return -errno; ++ ++ return 0; ++} ++ + char *strstrip(char *s) { + char *e; + +@@ -5119,9 +5131,9 @@ int fd_inc_rcvbuf(int fd, size_t n) { + } + + int fork_agent(pid_t *pid, const int except[], unsigned n_except, const char *path, ...) { +- pid_t parent_pid, agent_pid; +- int fd; + bool stdout_is_tty, stderr_is_tty; ++ pid_t parent_pid, agent_pid; ++ sigset_t ss, saved_ss; + unsigned n, i; + va_list ap; + char **l; +@@ -5129,16 +5141,25 @@ int fork_agent(pid_t *pid, const int exc + assert(pid); + assert(path); + +- parent_pid = getpid(); +- + /* Spawns a temporary TTY agent, making sure it goes away when + * we go away */ + ++ parent_pid = getpid(); ++ ++ /* First we temporarily block all signals, so that the new ++ * child has them blocked initially. This way, we can be sure ++ * that SIGTERMs are not lost we might send to the agent. */ ++ assert_se(sigfillset(&ss) >= 0); ++ assert_se(sigprocmask(SIG_SETMASK, &ss, &saved_ss) >= 0); ++ + agent_pid = fork(); +- if (agent_pid < 0) ++ if (agent_pid < 0) { ++ assert_se(sigprocmask(SIG_SETMASK, &saved_ss, NULL) >= 0); + return -errno; ++ } + + if (agent_pid != 0) { ++ assert_se(sigprocmask(SIG_SETMASK, &saved_ss, NULL) >= 0); + *pid = agent_pid; + return 0; + } +@@ -5149,6 +5170,12 @@ int fork_agent(pid_t *pid, const int exc + if (prctl(PR_SET_PDEATHSIG, SIGTERM) < 0) + _exit(EXIT_FAILURE); + ++ /* Make sure we actually can kill the agent, if we need to, in ++ * case somebody invoked us from a shell script that trapped ++ * SIGTERM or so... */ ++ reset_all_signal_handlers(); ++ reset_signal_mask(); ++ + /* Check whether our parent died before we were able + * to set the death signal */ + if (getppid() != parent_pid) +@@ -5161,6 +5188,8 @@ int fork_agent(pid_t *pid, const int exc + stderr_is_tty = isatty(STDERR_FILENO); + + if (!stdout_is_tty || !stderr_is_tty) { ++ int fd; ++ + /* Detach from stdout/stderr. and reopen + * /dev/tty for them. This is important to + * ensure that when systemctl is started via diff --git a/0003-sd-journal-properly-convert-object-size-on-big-endia.patch b/0003-sd-journal-properly-convert-object-size-on-big-endia.patch new file mode 100644 index 00000000..40e8d57c --- /dev/null +++ b/0003-sd-journal-properly-convert-object-size-on-big-endia.patch @@ -0,0 +1,39 @@ +From 57cd09acf2c63a414aa2131c00a2b3f600eb0133 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Sat, 23 Aug 2014 22:35:03 -0400 +Subject: [PATCH] sd-journal: properly convert object->size on big endian + +mmap code crashes when attempting to map an object of zero size. + +https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758392 +https://bugs.freedesktop.org/show_bug.cgi?id=82894 +--- + src/journal/journal-file.h | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git src/journal/journal-file.h src/journal/journal-file.h +index 3d41682..da2ef3b 100644 +--- src/journal/journal-file.h ++++ src/journal/journal-file.h +@@ -214,14 +214,15 @@ static unsigned type_to_context(int type) { + + static inline int journal_file_object_keep(JournalFile *f, Object *o, uint64_t offset) { + unsigned context = type_to_context(o->object.type); ++ uint64_t s = le64toh(o->object.size); + + return mmap_cache_get(f->mmap, f->fd, f->prot, context, true, +- offset, o->object.size, &f->last_stat, NULL); ++ offset, s, &f->last_stat, NULL); + } + + static inline int journal_file_object_release(JournalFile *f, Object *o, uint64_t offset) { + unsigned context = type_to_context(o->object.type); ++ uint64_t s = le64toh(o->object.size); + +- return mmap_cache_release(f->mmap, f->fd, f->prot, context, +- offset, o->object.size); ++ return mmap_cache_release(f->mmap, f->fd, f->prot, context, offset, s); + } +-- +1.7.9.2 + diff --git a/0004-sd-journal-verify-that-object-start-with-the-field-n.patch b/0004-sd-journal-verify-that-object-start-with-the-field-n.patch new file mode 100644 index 00000000..e3ee663d --- /dev/null +++ b/0004-sd-journal-verify-that-object-start-with-the-field-n.patch @@ -0,0 +1,41 @@ +Based on 0f99f74a14ef193c1ebde687c5cc76e1d67b85ef Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Tue, 26 Aug 2014 23:54:31 -0400 +Subject: [PATCH] sd-journal: verify that object start with the field name + +If the journal is corrupted, we might return an object that does +not start with the expected field name and/or is shorter than it +should. +--- + src/journal/sd-journal.c | 15 +++++++++++++++ + 1 file changed, 15 insertions(+) + +diff --git src/journal/sd-journal.c src/journal/sd-journal.c +index 80ff8fe..693707c 100644 +--- src/journal/sd-journal.c ++++ src/journal/sd-journal.c +@@ -2571,6 +2571,21 @@ _public_ int sd_journal_enumerate_unique(sd_journal *j, const void **data, size_ + if (r < 0) + return r; + ++ /* Check if we have at least the field name and "=". */ ++ if (ol <= k) { ++ log_debug("%s:offset " OFSfmt ": object has size %zu, expected at least %zu", ++ j->unique_file->path, j->unique_offset, ++ ol, k + 1); ++ return -EBADMSG; ++ } ++ ++ if (memcmp(odata, j->unique_field, k) || ((const char*) odata)[k] != '=') { ++ log_debug("%s:offset " OFSfmt ": object does not start with \"%s=\"", ++ j->unique_file->path, j->unique_offset, ++ j->unique_field); ++ return -EBADMSG; ++ } ++ + /* OK, now let's see if we already returned this data + * object by checking if it exists in the earlier + * traversed files. */ +-- +1.7.9.2 + diff --git a/systemd-mini.changes b/systemd-mini.changes index 1c29b3be..28287a59 100644 --- a/systemd-mini.changes +++ b/systemd-mini.changes @@ -2,6 +2,11 @@ Thu Aug 28 10:07:10 UTC 2014 - werner@suse.de - Add upstream patches + 0001-login-fix-memory-leak-on-DropController.patch + 0002-util-fix-minimal-race-where-we-might-miss-SIGTERMs-w.patch + 0003-sd-journal-properly-convert-object-size-on-big-endia.patch + 0004-sd-journal-verify-that-object-start-with-the-field-n.patch +- Add upstream patch 1064-udev-hwdb-do-not-look-at-usb_device-parents.patch to avoid that hwdb ID's for unrecognised USB device are taken from the USB hub. diff --git a/systemd-mini.spec b/systemd-mini.spec index 285bc265..991e05e4 100644 --- a/systemd-mini.spec +++ b/systemd-mini.spec @@ -806,6 +806,14 @@ Patch387: 0001-systemctl-Correct-error-message-printed-when-bus_pro.patch Patch388: 0002-units-order-systemd-fsck-.service-after-local-fs-pre.patch # PATCH-FIX-UPSTREAM added at 2014/08/27 Patch389: 0003-keymap-Adjust-for-more-Samsung-900X4-series.patch +# PATCH-FIX-UPSTREAM added at 2014/08/28 +Patch390: 0001-login-fix-memory-leak-on-DropController.patch +# PATCH-FIX-UPSTREAM added at 2014/08/28 +Patch391: 0002-util-fix-minimal-race-where-we-might-miss-SIGTERMs-w.patch +# PATCH-FIX-UPSTREAM added at 2014/08/28 +Patch392: 0003-sd-journal-properly-convert-object-size-on-big-endia.patch +# PATCH-FIX-UPSTREAM added at 2014/08/28 +Patch393: 0004-sd-journal-verify-that-object-start-with-the-field-n.patch # UDEV PATCHES # ============ @@ -1489,6 +1497,10 @@ cp %{SOURCE7} m4/ %patch387 -p0 %patch388 -p0 %patch389 -p0 +%patch390 -p0 +%patch391 -p0 +%patch392 -p0 +%patch393 -p0 # udev patches %patch1001 -p1 diff --git a/systemd.changes b/systemd.changes index 1c29b3be..28287a59 100644 --- a/systemd.changes +++ b/systemd.changes @@ -2,6 +2,11 @@ Thu Aug 28 10:07:10 UTC 2014 - werner@suse.de - Add upstream patches + 0001-login-fix-memory-leak-on-DropController.patch + 0002-util-fix-minimal-race-where-we-might-miss-SIGTERMs-w.patch + 0003-sd-journal-properly-convert-object-size-on-big-endia.patch + 0004-sd-journal-verify-that-object-start-with-the-field-n.patch +- Add upstream patch 1064-udev-hwdb-do-not-look-at-usb_device-parents.patch to avoid that hwdb ID's for unrecognised USB device are taken from the USB hub. diff --git a/systemd.spec b/systemd.spec index 57c1f132..479cc115 100644 --- a/systemd.spec +++ b/systemd.spec @@ -801,6 +801,14 @@ Patch387: 0001-systemctl-Correct-error-message-printed-when-bus_pro.patch Patch388: 0002-units-order-systemd-fsck-.service-after-local-fs-pre.patch # PATCH-FIX-UPSTREAM added at 2014/08/27 Patch389: 0003-keymap-Adjust-for-more-Samsung-900X4-series.patch +# PATCH-FIX-UPSTREAM added at 2014/08/28 +Patch390: 0001-login-fix-memory-leak-on-DropController.patch +# PATCH-FIX-UPSTREAM added at 2014/08/28 +Patch391: 0002-util-fix-minimal-race-where-we-might-miss-SIGTERMs-w.patch +# PATCH-FIX-UPSTREAM added at 2014/08/28 +Patch392: 0003-sd-journal-properly-convert-object-size-on-big-endia.patch +# PATCH-FIX-UPSTREAM added at 2014/08/28 +Patch393: 0004-sd-journal-verify-that-object-start-with-the-field-n.patch # UDEV PATCHES # ============ @@ -1484,6 +1492,10 @@ cp %{SOURCE7} m4/ %patch387 -p0 %patch388 -p0 %patch389 -p0 +%patch390 -p0 +%patch391 -p0 +%patch392 -p0 +%patch393 -p0 # udev patches %patch1001 -p1