!753 sysdeps: sem_open: Clear O_CREAT when semaphore file is expected to exist [BZ #30789]

From: @liqingqing_1229 Reviewed-by: @yang_yanchao Signed-off-by: @yang_yanchao
2023-12-08 03:23:55 +00:00 · 2023-12-08 03:23:55 +00:00 · ad19a9169e
commit ad19a9169e
parent df10a5591c baf2015a65
2 changed files with 111 additions and 1 deletions
--- a/glibc.spec
+++ b/glibc.spec
@ -67,7 +67,7 @@
 ##############################################################################
 Name: 	 	glibc
 Version: 	2.38
-Release: 	12
+Release: 	13
 Summary: 	The GNU libc libraries
 License:	%{all_license}
 URL: 		http://www.gnu.org/software/glibc/
@ -116,6 +116,7 @@ Patch27: 0004-tunables-Terminate-if-end-of-input-is-reached-CVE-20.patch
 Patch28: 0001-Revert-elf-Remove-unused-l_text_end-field-from-struc.patch
 Patch29: 0002-Revert-elf-Always-call-destructors-in-reverse-constr.patch
 Patch30: 0003-Revert-elf-Move-l_init_called_next-to-old-place-of-l.patch
+Patch31: sysdeps-sem_open-Clear-O_CREAT-when-semaphore-file-i.patch

 Patch9000: turn-default-value-of-x86_rep_stosb_threshold_form_2K_to_1M.patch
 Patch9001: locale-delete-no-hard-link-to-avoid-all_language-pac.patch 
@ -1329,6 +1330,10 @@ fi
 %endif

 %changelog
+* Thu Dec 7 2023 Qingqing Li <liqingqing3@huawei.com> - 2.38-13
+- sysdeps: sem_open: Clear O_CREAT when semaphore file is
+  expected to exist [BZ #30789]
+
 * Tue Oct 24 2023 Qingqing Li <liqingqing3@huawei.com> - 2.38-12
 - weekly backport patches from glibc upstream 2.38 branch

--- a/sysdeps-sem_open-Clear-O_CREAT-when-semaphore-file-i.patch
+++ b/sysdeps-sem_open-Clear-O_CREAT-when-semaphore-file-i.patch
@ -0,0 +1,105 @@
+From 63dbbc5c52f9823f86270f32fce20d1e91cdf484 Mon Sep 17 00:00:00 2001
+From: Sergio Durigan Junior <sergiodj@sergiodj.net>
+Date: Wed, 1 Nov 2023 18:15:23 -0400
+Subject: [PATCH] sysdeps: sem_open: Clear O_CREAT when semaphore file is
+ expected to exist [BZ #30789]
+
+When invoking sem_open with O_CREAT as one of its flags, we'll end up
+in the second part of sem_open's "if ((oflag & O_CREAT) == 0 || (oflag
+& O_EXCL) == 0)", which means that we don't expect the semaphore file
+to exist.
+
+In that part, open_flags is initialized as "O_RDWR | O_CREAT | O_EXCL
+| O_CLOEXEC" and there's an attempt to open(2) the file, which will
+likely fail because it won't exist.  After that first (expected)
+failure, some cleanup is done and we go back to the label "try_again",
+which lives in the first part of the aforementioned "if".
+
+The problem is that, in that part of the code, we expect the semaphore
+file to exist, and as such O_CREAT (this time the flag we pass to
+open(2)) needs to be cleaned from open_flags, otherwise we'll see
+another failure (this time unexpected) when trying to open the file,
+which will lead the call to sem_open to fail as well.
+
+This can cause very strange bugs, especially with OpenMPI, which makes
+extensive use of semaphores.
+
+Fix the bug by simplifying the logic when choosing open(2) flags and
+making sure O_CREAT is not set when the semaphore file is expected to
+exist.
+
+A regression test for this issue would require a complex and cpu time
+consuming logic, since to trigger the wrong code path is not
+straightforward due the racy condition.  There is a somewhat reliable
+reproducer in the bug, but it requires using OpenMPI.
+
+This resolves BZ #30789.
+
+See also: https://bugs.launchpad.net/ubuntu/+source/h5py/+bug/2031912
+
+Signed-off-by: Sergio Durigan Junior <sergiodj@sergiodj.net>
+Co-Authored-By: Simon Chopin <simon.chopin@canonical.com>
+Co-Authored-By: Adhemerval Zanella Netto <adhemerval.zanella@linaro.org>
+Fixes: 533deafbdf189f5fbb280c28562dd43ace2f4b0f ("Use O_CLOEXEC in more places (BZ #15722)")
+(cherry picked from commit f957f47df75b9fab995754011491edebc6feb147)
+---
+ NEWS                       |  2 ++
+ sysdeps/pthread/sem_open.c | 10 ++++------
+ 2 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/NEWS b/NEWS
+index f117874e34..5ac488bf9b 100644
+--- a/NEWS
+++ b/NEWS
+@@ -32,6 +32,8 @@ Security related changes:
+ The following bugs are resolved with this release:
+ 
+   [30723] posix_memalign repeatedly scans long bin lists
+  [30789] sem_open will fail on multithreaded scenarios when semaphore
+    file doesn't exist (O_CREAT)
+   [30804] F_GETLK, F_SETLK, and F_SETLKW value change for powerpc64 with
+     -D_FILE_OFFSET_BITS=64
+   [30842] Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527)
+diff --git a/sysdeps/pthread/sem_open.c b/sysdeps/pthread/sem_open.c
+index e5db929d20..0e331a7445 100644
+--- a/sysdeps/pthread/sem_open.c
+++ b/sysdeps/pthread/sem_open.c
+@@ -32,11 +32,12 @@
+ # define __unlink unlink
+ #endif
+ 
+#define SEM_OPEN_FLAGS (O_RDWR | O_NOFOLLOW | O_CLOEXEC)
+
+ sem_t *
+ __sem_open (const char *name, int oflag, ...)
+ {
+   int fd;
+-  int open_flags;
+   sem_t *result;
+ 
+   /* Check that shared futexes are supported.  */
+@@ -65,10 +66,8 @@ __sem_open (const char *name, int oflag, ...)
+   /* If the semaphore object has to exist simply open it.  */
+   if ((oflag & O_CREAT) == 0 || (oflag & O_EXCL) == 0)
+     {
+-      open_flags = O_RDWR | O_NOFOLLOW | O_CLOEXEC;
+-      open_flags |= (oflag & ~(O_CREAT|O_ACCMODE));
+     try_again:
+-      fd = __open (dirname.name, open_flags);
+      fd = __open (dirname.name, (oflag & O_EXCL) | SEM_OPEN_FLAGS);
+ 
+       if (fd == -1)
+ 	{
+@@ -135,8 +134,7 @@ __sem_open (const char *name, int oflag, ...)
+ 	    }
+ 
+ 	  /* Open the file.  Make sure we do not overwrite anything.  */
+-	  open_flags = O_RDWR | O_CREAT | O_EXCL | O_CLOEXEC;
+-	  fd = __open (tmpfname, open_flags, mode);
+	  fd = __open (tmpfname, O_CREAT | O_EXCL | SEM_OPEN_FLAGS, mode);
+ 	  if (fd == -1)
+ 	    {
+ 	      if (errno == EEXIST)
+-- 
+2.33.0
+