packages/libcgroup
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

libcgroup: new upstream release 0.42.2

Browse Source 
fix !I1RU2L

The upstream is migrated from "sourceforge" to "github",
we need to upgrade accordingly.

Signed-off-by: leizhongkai <leizhongkai@huawei.com>
This commit is contained in:
leizhongkai 2020-11-04 10:58:25 +08:00 committed by holyfei
parent 38993f1cf0
commit 4a718e1133
19 changed files with 57 additions and 633 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
bugfix-change-parser-match-order-fix-cgconfig-error.patch
View File

@ -1,12 +0,0 @@
diff -Nur libcgroup-0.41.org/configure libcgroup-0.41/configure
--- libcgroup-0.41.org/configure 2018-08-23 04:23:34.965000000 -0400
+++ libcgroup-0.41/configure 2018-08-23 04:24:16.706000000 -0400
@@ -4689,7 +4689,7 @@
fi
-for ac_prog in 'bison -y' byacc
+for ac_prog in byacc 'bison -y'
do
# Extract the first word of "$ac_prog", so it can be a program name with args.
set dummy $ac_prog; ac_word=$2

4
config.patch
View File

@ -1,5 +1,5 @@
--- libcgroup-0.41/samples/cgconfig.sysconfig.orig 2019-12-19 11:25:25.547000000 +0800
+++ libcgroup-0.41/samples/cgconfig.sysconfig 2019-12-19 11:26:01.142000000 +0800
--- libcgroup-0.42.2/samples/cgconfig.sysconfig.orig 2019-12-19 11:25:25.547000000 +0800
+++ libcgroup-0.42.2/samples/cgconfig.sysconfig 2019-12-19 11:26:01.142000000 +0800
@@ -5,8 +5,5 @@
# controller to limit cpu.shares of this default group and allowing some more
# important group take most of the CPU.

13
libcgroup-0.37-chmod.patch
View File

@ -1,7 +1,8 @@
diff -up libcgroup-0.41/src/api.c.chmod libcgroup-0.41/src/api.c
--- libcgroup-0.41/src/api.c.chmod 2014-01-13 15:05:56.000000000 +0100
+++ libcgroup-0.41/src/api.c 2014-01-13 20:41:55.255577622 +0100
@@ -153,6 +153,10 @@ static int cg_chown_file(FTS *fts, FTSEN
diff --git libcgroup-0.42.2/src/api.c libcgroup-0.42.2/src/api.c
index 24ae48d..54a6736 100644
--- libcgroup-0.42.2/src/api.c
+++ libcgroup-0.42.2/src/api.c
@@ -159,6 +159,10 @@ static int cg_chown_file(FTS *fts, FTSENT *ent, uid_t owner, gid_t group)
return ret;
}
@ -12,7 +13,7 @@ diff -up libcgroup-0.41/src/api.c.chmod libcgroup-0.41/src/api.c
/*
* TODO: Need to decide a better place to put this function.
*/
@@ -160,6 +164,8 @@ static int cg_chown_recursive(char **pat
@@ -166,6 +170,8 @@ static int cg_chown_recursive(char **path, uid_t owner, gid_t group)
{
int ret = 0;
FTS *fts;
@ -21,7 +22,7 @@ diff -up libcgroup-0.41/src/api.c.chmod libcgroup-0.41/src/api.c
cgroup_dbg("chown: path is %s\n", *path);
fts = fts_open(path, FTS_PHYSICAL | FTS_NOCHDIR |
@@ -177,6 +183,7 @@ static int cg_chown_recursive(char **pat
@@ -183,6 +189,7 @@ static int cg_chown_recursive(char **path, uid_t owner, gid_t group)
cgroup_warn("Warning: fts_read failed\n");
break;
}

56
libcgroup-0.40.rc1-coverity.patch
View File

@ -1,18 +1,8 @@
diff -up libcgroup-0.41/src/api.c.coverity libcgroup-0.41/src/api.c
--- libcgroup-0.41/src/api.c.coverity 2014-01-13 20:52:49.853838149 +0100
+++ libcgroup-0.41/src/api.c 2014-01-13 20:52:49.854838142 +0100
@@ -2791,7 +2791,6 @@ static int cgroup_create_template_group(
if (group_name == NULL) {
ret = ECGOTHER;
last_errno = errno;
- free(template_name);
goto end;
}
diff -up libcgroup-0.41/src/config.c.coverity libcgroup-0.41/src/config.c
--- libcgroup-0.41/src/config.c.coverity 2014-01-13 15:05:56.000000000 +0100
+++ libcgroup-0.41/src/config.c 2014-01-13 20:52:49.854838142 +0100
@@ -323,7 +323,7 @@ int config_group_task_perm(char *perm_ty
diff --git libcgroup-0.42.2/src/config.c libcgroup-0.42.2/src/config.c
index 3ffa263..b5d51b3 100644
--- libcgroup-0.42.2/src/config.c
+++ libcgroup-0.42.2/src/config.c
@@ -326,7 +326,7 @@ int config_group_task_perm(char *perm_type, char *value, int flag)
long val = atoi(value);
char buffer[CGROUP_BUFFER_LEN];
struct cgroup *config_cgroup;
@ -21,7 +11,7 @@ diff -up libcgroup-0.41/src/config.c.coverity libcgroup-0.41/src/config.c
switch (flag) {
case CGROUP:
@@ -367,10 +367,10 @@ int config_group_task_perm(char *perm_ty
@@ -370,10 +370,10 @@ int config_group_task_perm(char *perm_type, char *value, int flag)
if (!group)
goto group_task_error;
@ -34,7 +24,7 @@ diff -up libcgroup-0.41/src/config.c.coverity libcgroup-0.41/src/config.c
free(group);
goto group_task_error;
}
@@ -436,7 +436,7 @@ int config_group_admin_perm(char *perm_t
@@ -439,7 +439,7 @@ int config_group_admin_perm(char *perm_type, char *value, int flag)
struct cgroup *config_cgroup;
long val = atoi(value);
char buffer[CGROUP_BUFFER_LEN];
@ -43,7 +33,7 @@ diff -up libcgroup-0.41/src/config.c.coverity libcgroup-0.41/src/config.c
switch (flag) {
case CGROUP:
@@ -479,10 +479,10 @@ int config_group_admin_perm(char *perm_t
@@ -482,10 +482,10 @@ int config_group_admin_perm(char *perm_type, char *value, int flag)
if (!group)
goto admin_error;
@ -56,10 +46,11 @@ diff -up libcgroup-0.41/src/config.c.coverity libcgroup-0.41/src/config.c
free(group);
goto admin_error;
}
diff -up libcgroup-0.41/src/daemon/cgrulesengd.c.coverity libcgroup-0.41/src/daemon/cgrulesengd.c
--- libcgroup-0.41/src/daemon/cgrulesengd.c.coverity 2014-01-13 15:05:56.000000000 +0100
+++ libcgroup-0.41/src/daemon/cgrulesengd.c 2014-01-13 20:52:49.854838142 +0100
@@ -646,7 +646,7 @@ close:
diff --git libcgroup-0.42.2/src/daemon/cgrulesengd.c libcgroup-0.42.2/src/daemon/cgrulesengd.c
index 4cef53e..90920d1 100644
--- libcgroup-0.42.2/src/daemon/cgrulesengd.c
+++ libcgroup-0.42.2/src/daemon/cgrulesengd.c
@@ -654,7 +654,7 @@ close:
static int cgre_create_netlink_socket_process_msg(void)
{
@ -68,22 +59,11 @@ diff -up libcgroup-0.41/src/daemon/cgrulesengd.c.coverity libcgroup-0.41/src/dae
struct sockaddr_nl my_nla;
char buff[BUFF_SIZE];
int rc = -1;
@@ -784,9 +784,9 @@ static int cgre_create_netlink_socket_pr
}
close_and_exit:
- if (sk_nl > 0)
+ if (sk_nl > -1)
close(sk_nl);
- if (sk_unix > 0)
+ if (sk_unix > -1)
close(sk_unix);
return rc;
}
diff -upr libcgroup-0.40.rc1.orig/src/tools/lscgroup.c libcgroup-0.40.rc1/src/tools/lscgroup.c
--- libcgroup-0.40.rc1.orig/src/tools/lscgroup.c 2013-05-21 15:36:04.000000000 +0200
+++ libcgroup-0.40.rc1/src/tools/lscgroup.c 2013-11-04 14:26:53.400473523 +0100
@@ -97,11 +97,11 @@ static int display_controller_data(char
diff --git libcgroup-0.42.2/src/tools/lscgroup.c libcgroup-0.42.2/src/tools/lscgroup.c
index bfb1724..d15a0c2 100644
--- libcgroup-0.42.2/src/tools/lscgroup.c
+++ libcgroup-0.42.2/src/tools/lscgroup.c
@@ -96,11 +96,11 @@ static int display_controller_data(char *input_path, char *controller, char *nam
if (ret != 0)
return ret;

17
libcgroup-0.40.rc1-fread.patch
View File

@ -1,7 +1,8 @@
diff -up libcgroup-0.41/src/api.c.fread libcgroup-0.41/src/api.c
--- libcgroup-0.41/src/api.c.fread 2014-01-13 21:01:32.067067615 +0100
+++ libcgroup-0.41/src/api.c 2014-01-13 21:01:32.070067594 +0100
@@ -2232,29 +2232,29 @@ static int cg_rd_ctrl_file(const char *s
diff --git libcgroup-0.42.2/src/api.c libcgroup-0.42.2/src/api.c
index 54a6736..1557393 100644
--- libcgroup-0.42.2/src/api.c
+++ libcgroup-0.42.2/src/api.c
@@ -2482,29 +2482,29 @@ static int cg_rd_ctrl_file(const char *subsys, const char *cgroup,
const char *file, char **value)
{
char path[FILENAME_MAX];
@ -20,7 +21,7 @@ diff -up libcgroup-0.41/src/api.c.fread libcgroup-0.41/src/api.c
+ if (ctrl_file < 0)
return ECGROUPVALUENOTEXIST;
*value = calloc(CG_VALUE_MAX, 1);
*value = calloc(CG_CONTROL_VALUE_MAX, 1);
if (!*value) {
- fclose(ctrl_file);
+ close(ctrl_file);
@ -33,12 +34,12 @@ diff -up libcgroup-0.41/src/api.c.fread libcgroup-0.41/src/api.c
+ * using %as or fread crashes when we try to read from files like
* memory.stat
*/
- ret = fread(*value, 1, CG_VALUE_MAX-1, ctrl_file);
+ ret = read(ctrl_file, *value, CG_VALUE_MAX-1);
- ret = fread(*value, 1, CG_CONTROL_VALUE_MAX-1, ctrl_file);
+ ret = read(ctrl_file, *value, CG_CONTROL_VALUE_MAX-1);
if (ret < 0) {
free(*value);
*value = NULL;
@@ -2264,7 +2264,7 @@ static int cg_rd_ctrl_file(const char *s
@@ -2514,7 +2514,7 @@ static int cg_rd_ctrl_file(const char *subsys, const char *cgroup,
(*value)[ret-1] = '\0';
}

9
libcgroup-0.40.rc1-templates-fix.patch
View File

@ -1,7 +1,8 @@
diff -up libcgroup-0.41/src/api.c.templates-fix libcgroup-0.41/src/api.c
--- libcgroup-0.41/src/api.c.templates-fix 2014-01-13 21:04:36.933747000 +0100
+++ libcgroup-0.41/src/api.c 2014-01-13 21:16:44.478580105 +0100
@@ -2974,10 +2974,10 @@ int cgroup_change_cgroup_flags(uid_t uid
diff --git libcgroup-0.42.2/src/api.c libcgroup-0.42.2/src/api.c
index 1557393..318a438 100644
--- libcgroup-0.42.2/src/api.c
+++ libcgroup-0.42.2/src/api.c
@@ -3457,10 +3457,10 @@ int cgroup_change_cgroup_flags(uid_t uid, gid_t gid,
available, "%d", pid);
break;
case 'p':

33
libcgroup-0.41-CVE-2018-14348.patch
View File

@ -1,33 +0,0 @@
From 94e9dcead2e8bce00deeef08ea364ec6dc7e1f45 Mon Sep 17 00:00:00 2001
From: Michal Hocko <mhocko@suse.com>
Date: Wed, 18 Jul 2018 11:24:29 +0200
Subject: [PATCH] cgrulesengd: remove umask(0)
One of our partners has noticed that cgred daemon is creating a log file
(/var/log/cgred) with too wide permissions (0666) and that is seen as
a security bug because an untrusted user can write to otherwise
restricted area. CVE-2018-14348 has been assigned to this issue.
Signed-off-by: Michal Hocko <mhocko@suse.com>
Acked-by: Balbir Singh <bsingharora@gmail.com>
---
src/daemon/cgrulesengd.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/src/daemon/cgrulesengd.c b/src/daemon/cgrulesengd.c
index 170837a..41aadd4 100644
--- a/src/daemon/cgrulesengd.c
+++ b/src/daemon/cgrulesengd.c
@@ -885,9 +885,6 @@ int cgre_start_daemon(const char *logp, const int logf,
} else if (pid > 0) {
exit(EXIT_SUCCESS);
}
-
- /* Change the file mode mask. */
- umask(0);
} else {
flog(LOG_DEBUG, "Not using daemon mode\n");
pid = getpid();
--
2.17.1

66
libcgroup-0.41-api.c-fix-order-of-memory-subsystem-parameters.patch
View File

@ -1,66 +0,0 @@
From 72a9e0c3d4f8daca9f7dc389edbc1013d7c0d808 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nikola=20Forr=C3=B3?= <nforro@redhat.com>
Date: Fri, 8 Apr 2016 17:00:19 +0200
Subject: [PATCH] api.c: fix order of memory subsystem parameters generated by
cgsnapshot
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Order of parameters usually doesn't matter, but that's not the case with
memory.limit_in_bytes and memory.memsw.limit_in_bytes. When the latter
is first in the list of parameters, the resulting configuration is not
loadable with cgconfigparser.
This happens because when a cgroup is created, both memory.limit_in_bytes
and memory.memsw.limit_in_bytes parameters are initialized to highest
value possible (RESOURCE_MAX). And because memory.memsw.limit_in_bytes
must be always higher or equal to memory.limit_in_bytes, it's impossible
to change its value first.
Make sure that after constructing parameter list of memory subsystem,
the mentioned parameters are in correct order.
Signed-off-by: Nikola Forró <nforro@redhat.com>
---
src/api.c | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/src/api.c b/src/api.c
index 0bf0615..f5da553 100644
--- a/src/api.c
+++ b/src/api.c
@@ -2651,6 +2651,30 @@ int cgroup_get_cgroup(struct cgroup *cgroup)
}
}
closedir(dir);
+
+ if (! strcmp(cgc->name, "memory")) {
+ /*
+ * Make sure that memory.limit_in_bytes is placed before
+ * memory.memsw.limit_in_bytes in the list of values
+ */
+ int memsw_limit = -1;
+ int mem_limit = -1;
+
+ for (j = 0; j < cgc->index; j++) {
+ if (! strcmp(cgc->values[j]->name,
+ "memory.memsw.limit_in_bytes"))
+ memsw_limit = j;
+ else if (! strcmp(cgc->values[j]->name,
+ "memory.limit_in_bytes"))
+ mem_limit = j;
+ }
+
+ if (memsw_limit >= 0 && memsw_limit < mem_limit) {
+ struct control_value *val = cgc->values[memsw_limit];
+ cgc->values[memsw_limit] = cgc->values[mem_limit];
+ cgc->values[mem_limit] = val;
+ }
+ }
}
/* Check if the group really exists or not */
--
2.4.11

33
libcgroup-0.41-api.c-preserve-dirty-flag.patch
View File

@ -1,33 +0,0 @@
From ad27a46d8c0e180f71b4606d7b2a3bd3bebd7bbf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nikola=20Forr=C3=B3?= <nforro@redhat.com>
Date: Thu, 13 Oct 2016 13:42:30 +0200
Subject: [PATCH] api.c: preserve dirty flag when copying controller values
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
When setting cgroup parameters with cgset fails, no error is reported.
This is caused by the fact that cgroup_copy_controller_values is not
preserving dirty flags of the values, so it's making all errors
considered non-fatal.
Signed-off-by: Nikola Forró <nforro@redhat.com>
---
src/api.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/api.c b/src/api.c
index 0bf0615..daf4ef0 100644
--- a/src/api.c
+++ b/src/api.c
@@ -1687,6 +1687,7 @@ static int cgroup_copy_controller_values(struct cgroup_controller *dst,
dst_val = dst->values[i];
strncpy(dst_val->value, src_val->value, CG_VALUE_MAX);
strncpy(dst_val->name, src_val->name, FILENAME_MAX);
+ dst_val->dirty = src_val->dirty;
}
err:
return ret;
--
2.7.4

63
libcgroup-0.41-change-cgroup-of-threads.patch
View File

@ -1,63 +0,0 @@
From 647274d80d18686a3129a2b50605869ac5178ccf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nikola=20Forr=C3=B3?= <nforro@redhat.com>
Date: Tue, 8 Dec 2015 17:09:08 +0100
Subject: [PATCH 1/6] api.c: change cgroup of every thread of a process
When changing cgroup of multi-threaded process, only the main threads
cgroup actually changed. Now all threads of a process are enumerated
and cgroup is changed for each of them.
---
src/api.c | 26 +++++++++++++++++++++-----
1 file changed, 21 insertions(+), 5 deletions(-)
diff --git a/src/api.c b/src/api.c
index 0cc15c6..df90a6f 100644
--- a/src/api.c
+++ b/src/api.c
@@ -3177,10 +3177,13 @@ int cgroup_change_all_cgroups(void)
return -ECGOTHER;
while ((pid_dir = readdir(dir)) != NULL) {
- int err, pid;
+ int err, pid, tid;
uid_t euid;
gid_t egid;
char *procname = NULL;
+ DIR *tdir;
+ struct dirent *tid_dir = NULL;
+ char tpath[FILENAME_MAX] = { '\0' };
err = sscanf(pid_dir->d_name, "%i", &pid);
if (err < 1)
@@ -3194,11 +3197,24 @@ int cgroup_change_all_cgroups(void)
if (err)
continue;
- err = cgroup_change_cgroup_flags(euid,
- egid, procname, pid, CGFLAG_USECACHE);
- if (err)
- cgroup_dbg("cgroup change pid %i failed\n", pid);
+ snprintf(tpath, FILENAME_MAX, "%s%d/task/", path, pid);
+
+ tdir = opendir(tpath);
+ if (!tdir)
+ continue;
+
+ while ((tid_dir = readdir(tdir)) != NULL) {
+ err = sscanf(tid_dir->d_name, "%i", &tid);
+ if (err < 1)
+ continue;
+
+ err = cgroup_change_cgroup_flags(euid,
+ egid, procname, tid, CGFLAG_USECACHE);
+ if (err)
+ cgroup_dbg("cgroup change tid %i failed\n", tid);
+ }
+ closedir(tdir);
free(procname);
}
--
2.17.0

40
libcgroup-0.41-fix-infinite-loop.patch
View File

@ -1,40 +0,0 @@
From 62bab9d121d4fb416205f5ac53ad342184ae42b6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nikola=20Forr=C3=B3?= <nforro@redhat.com>
Date: Tue, 8 Dec 2015 16:53:41 +0100
Subject: [PATCH 2/6] api.c: fix infinite loop
If getgrnam or getpwuid functions failed, the program entered
an infinite loop, because the rule pointer was never advanced.
This is now fixed by updating the pointer before continuing
to the next iteration.
---
src/api.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/api.c b/src/api.c
index df90a6f..217d6c9 100644
--- a/src/api.c
+++ b/src/api.c
@@ -2664,13 +2664,17 @@ static struct cgroup_rule *cgroup_find_matching_rule_uid_gid(uid_t uid,
/* Get the group data. */
sp = &(rule->username[1]);
grp = getgrnam(sp);
- if (!grp)
+ if (!grp) {
+ rule = rule->next;
continue;
+ }
/* Get the data for UID. */
usr = getpwuid(uid);
- if (!usr)
+ if (!usr) {
+ rule = rule->next;
continue;
+ }
/* If UID is a member of group, we matched. */
for (i = 0; grp->gr_mem[i]; i++) {
--
2.17.0

38
libcgroup-0.41-fix-log-level.patch
View File

@ -1,38 +0,0 @@
From 7c99c167f41d3f8810808436d2ac58afc3a7d6c7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nikola=20Forr=C3=B3?= <nforro@redhat.com>
Date: Tue, 17 Apr 2018 13:33:03 +0200
Subject: [PATCH 5/6] api.c: Fix level of failed user/group lookup warnings
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Nikola Forró <nforro@redhat.com>
---
src/api.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/api.c b/src/api.c
index 51081b4..efde2d1 100644
--- a/src/api.c
+++ b/src/api.c
@@ -639,7 +639,7 @@ static int cgroup_parse_rules(bool cache, uid_t muid,
uid = CGRULE_INVALID;
gid = grp->gr_gid;
} else {
- cgroup_dbg("Warning: Entry for %s not"
+ cgroup_warn("Warning: Entry for %s not"
"found. Skipping rule on line"
" %d.\n", itr, linenum);
skipped = true;
@@ -656,7 +656,7 @@ static int cgroup_parse_rules(bool cache, uid_t muid,
uid = pwd->pw_uid;
gid = CGRULE_INVALID;
} else {
- cgroup_dbg("Warning: Entry for %s not"
+ cgroup_warn("Warning: Entry for %s not"
"found. Skipping rule on line"
" %d.\n", user, linenum);
skipped = true;
--
2.17.0

25
libcgroup-0.41-lex.patch
View File

@ -1,25 +0,0 @@
From a8c2e967e74d280cd3b8554af0c95d823647d1c0 Mon Sep 17 00:00:00 2001
From: Jan Chaloupka <jchaloup@redhat.com>
Date: Thu, 6 Feb 2014 11:43:18 +0100
Subject: [PATCH] lex updated, additional '\' char for ID token
---
libcgroup-0.41/src/lex.l | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libcgroup-0.41/src/lex.l b/libcgroup-0.41/src/lex.l
index 1b357db..d7bf575 100644
--- a/libcgroup-0.41/src/lex.l
+++ b/libcgroup-0.41/src/lex.l
@@ -43,7 +43,7 @@ jmp_buf parser_error_env;
"namespace" {return NAMESPACE;}
"template" {return TEMPLATE;}
"default" {return DEFAULT;}
-[a-zA-Z0-9_\-\/\.\,\%\@]+ {yylval.name = strdup(yytext); return ID;}
+[a-zA-Z0-9_\-\/\.\,\%\@\\]+ {yylval.name = strdup(yytext); return ID;}
\"[^"]*\" {yylval.name = strdup(yytext+1); yylval.name[strlen(yylval.name)-1] = '\0'; return ID; }
. {return yytext[0];}
%%
--
1.8.5.3

46
libcgroup-0.41-prevent-buffer-overflow.patch
View File

@ -1,46 +0,0 @@
From 9c80e2cb4bca26993a12027c46a274bb43645630 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nikola=20Forr=C3=B3?= <nforro@redhat.com>
Date: Wed, 22 Jun 2016 14:12:46 +0200
Subject: [PATCH 3/6] api.c: fix potential buffer overflow
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
It is assumed that arguments read from /proc/<pid>/cmdline don't exceed
buf_pname buffer size, which is FILENAME_MAX - 1 characters, but that's
not always the case.
Add check to prevent buffer overflow and discard the excessive part of
an argument.
Signed-off-by: Nikola Forró <nforro@redhat.com>
---
src/api.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/api.c b/src/api.c
index 217d6c9..4d98081 100644
--- a/src/api.c
+++ b/src/api.c
@@ -4065,13 +4065,17 @@ static int cg_get_procname_from_proc_cmdline(pid_t pid,
while (c != EOF) {
c = fgetc(f);
- if ((c != EOF) && (c != '\0')) {
+ if ((c != EOF) && (c != '\0') && (len < FILENAME_MAX - 1)) {
buf_pname[len] = c;
len++;
continue;
}
buf_pname[len] = '\0';
+ if (len == FILENAME_MAX - 1)
+ while ((c != EOF) && (c != '\0'))
+ c = fgetc(f);
+
/*
* The taken process name from /proc/<pid>/status is
* shortened to 15 characters if it is over. So the
--
2.17.0

142
libcgroup-0.41-size-of-controller-values.patch
View File

@ -1,142 +0,0 @@
From 5a64a79144e58a62426a34ef51b14e891f042fa2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nikola=20Forr=C3=B3?= <nforro@redhat.com>
Date: Tue, 17 Apr 2018 13:54:38 +0200
Subject: [PATCH 6/6] Increase maximal size of controller values
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Maximal length of a controller value is determined by CG_VALUE_MAX,
which is equal to 100. That is not sufficient in some cases.
Add new constant CG_CONTROL_VALUE_MAX (to prevent breaking current API)
and set it to 4096, which is usually equal to the amount of bytes that
can be written to a sysctl file directly.
Add warning message about exceeding the limit while parsing
configuration file.
Signed-off-by: Nikola Forró <nforro@redhat.com>
---
src/api.c | 6 +++---
src/libcgroup-internal.h | 5 ++++-
src/tools/cgset.c | 4 ++--
src/wrapper.c | 17 ++++++++++++-----
4 files changed, 21 insertions(+), 11 deletions(-)
diff --git a/src/api.c b/src/api.c
index efde2d1..1cd30df 100644
--- a/src/api.c
+++ b/src/api.c
@@ -1561,7 +1561,7 @@ static int cgroup_copy_controller_values(struct cgroup_controller *dst,
}
dst_val = dst->values[i];
- strncpy(dst_val->value, src_val->value, CG_VALUE_MAX);
+ strncpy(dst_val->value, src_val->value, CG_CONTROL_VALUE_MAX);
strncpy(dst_val->name, src_val->name, FILENAME_MAX);
dst_val->dirty = src_val->dirty;
}
@@ -2286,7 +2286,7 @@ static int cg_rd_ctrl_file(const char *subsys, const char *cgroup,
if (ctrl_file < 0)
return ECGROUPVALUENOTEXIST;
- *value = calloc(CG_VALUE_MAX, 1);
+ *value = calloc(CG_CONTROL_VALUE_MAX, 1);
if (!*value) {
close(ctrl_file);
last_errno = errno;
@@ -2297,7 +2297,7 @@ static int cg_rd_ctrl_file(const char *subsys, const char *cgroup,
* using %as or fread crashes when we try to read from files like
* memory.stat
*/
- ret = read(ctrl_file, *value, CG_VALUE_MAX-1);
+ ret = read(ctrl_file, *value, CG_CONTROL_VALUE_MAX-1);
if (ret < 0) {
free(*value);
*value = NULL;
diff --git a/src/libcgroup-internal.h b/src/libcgroup-internal.h
index 4c0f46c..3a8e336 100644
--- a/src/libcgroup-internal.h
+++ b/src/libcgroup-internal.h
@@ -32,6 +32,9 @@ __BEGIN_DECLS
/* Estimated number of groups created */
#define MAX_GROUP_ELEMENTS 128
+/* Maximum length of a value */
+#define CG_CONTROL_VALUE_MAX 4096
+
#define CG_NV_MAX 100
#define CG_CONTROLLER_MAX 100
/* Max number of mounted hierarchies. Event if one controller is mounted per
@@ -73,7 +76,7 @@ __BEGIN_DECLS
struct control_value {
char name[FILENAME_MAX];
- char value[CG_VALUE_MAX];
+ char value[CG_CONTROL_VALUE_MAX];
bool dirty;
};
diff --git a/src/tools/cgset.c b/src/tools/cgset.c
index ea9f90d..3d3c8cc 100644
--- a/src/tools/cgset.c
+++ b/src/tools/cgset.c
@@ -151,8 +151,8 @@ int main(int argc, char *argv[])
goto err;
}
- strncpy(name_value[nv_number].value, buf, CG_VALUE_MAX);
- name_value[nv_number].value[CG_VALUE_MAX-1] = '\0';
+ strncpy(name_value[nv_number].value, buf, CG_CONTROL_VALUE_MAX);
+ name_value[nv_number].value[CG_CONTROL_VALUE_MAX-1] = '\0';
nv_number++;
break;
diff --git a/src/wrapper.c b/src/wrapper.c
index c03472a..0952823 100644
--- a/src/wrapper.c
+++ b/src/wrapper.c
@@ -132,10 +132,10 @@ int cgroup_add_value_string(struct cgroup_controller *controller,
if (!controller)
return ECGINVAL;
- if (controller->index >= CG_VALUE_MAX)
+ if (controller->index >= CG_NV_MAX)
return ECGMAXVALUESEXCEEDED;
- for (i = 0; i < controller->index && i < CG_VALUE_MAX; i++) {
+ for (i = 0; i < controller->index && i < CG_NV_MAX; i++) {
if (!strcmp(controller->values[i]->name, name))
return ECGVALUEEXISTS;
}
@@ -145,8 +145,15 @@ int cgroup_add_value_string(struct cgroup_controller *controller,
if (!cntl_value)
return ECGCONTROLLERCREATEFAILED;
- strncpy(cntl_value->name, name, sizeof(cntl_value->name));
- strncpy(cntl_value->value, value, sizeof(cntl_value->value));
+ if (strlen(value) >= sizeof(cntl_value->value)) {
+ fprintf(stderr, "value exceeds the maximum of %d characters\n",
+ sizeof(cntl_value->value));
+ free(cntl_value);
+ return ECGCONFIGPARSEFAIL;
+ }
+
+ strncpy(cntl_value->name, name, sizeof(cntl_value->name) - 1);
+ strncpy(cntl_value->value, value, sizeof(cntl_value->value) - 1);
cntl_value->dirty = true;
controller->values[controller->index] = cntl_value;
controller->index++;
@@ -356,7 +363,7 @@ int cgroup_set_value_string(struct cgroup_controller *controller,
for (i = 0; i < controller->index; i++) {
struct control_value *val = controller->values[i];
if (!strcmp(val->name, name)) {
- strncpy(val->value, value, CG_VALUE_MAX);
+ strncpy(val->value, value, CG_CONTROL_VALUE_MAX - 1);
val->dirty = true;
return 0;
}
--
2.17.0

49
libcgroup-0.41-tasks-file-warning.patch
View File

@ -1,49 +0,0 @@
From 437b68f34c459d136c806e61dafb5825d2f97170 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nikola=20Forr=C3=B3?= <nforro@redhat.com>
Date: Tue, 17 Apr 2018 13:32:28 +0200
Subject: [PATCH 4/6] api.c: Show warning when tasks file can not be opened
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Nikola Forró <nforro@redhat.com>
---
src/api.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/src/api.c b/src/api.c
index 4d98081..51081b4 100644
--- a/src/api.c
+++ b/src/api.c
@@ -1190,12 +1190,15 @@ static int __cgroup_attach_task_pid(char *path, pid_t tid)
if (!tasks) {
switch (errno) {
case EPERM:
- return ECGROUPNOTOWNER;
+ ret = ECGROUPNOTOWNER;
+ break;
case ENOENT:
- return ECGROUPNOTEXIST;
+ ret = ECGROUPNOTEXIST;
+ break;
default:
- return ECGROUPNOTALLOWED;
+ ret = ECGROUPNOTALLOWED;
}
+ goto err;
}
ret = fprintf(tasks, "%d", tid);
if (ret < 0) {
@@ -1214,7 +1217,8 @@ static int __cgroup_attach_task_pid(char *path, pid_t tid)
err:
cgroup_warn("Warning: cannot write tid %d to %s:%s\n",
tid, path, strerror(errno));
- fclose(tasks);
+ if (tasks)
+ fclose(tasks);
return ret;
}
--
2.17.0

BIN
libcgroup-0.41.tar.bz2
View File

Binary file not shown.

BIN
libcgroup-v0.42.2.tar.gz Normal file
View File

Binary file not shown.

44
libcgroup.spec
View File

@ -4,11 +4,11 @@
Summary: Libcgroup is a library that abstracts the control group file system in Linux
Name: libcgroup
Version: 0.41
Release: 23
Version: 0.42.2
Release: 1
License: LGPLv2+
URL: http://libcg.sourceforge.net/
Source0: http://downloads.sourceforge.net/libcg/%{name}-%{version}.tar.bz2
Source0: https://github.com/%{name}/%{name}/archive/v%{version}/%{name}-v%{version}.tar.gz
Source1: cgconfig.service
Provides: libcgroup-pam libcgroup-tools
Obsoletes: libcgroup-pam libcgroup-tools
@ -18,18 +18,8 @@ Patch1: libcgroup-0.37-chmod.patch
Patch2: libcgroup-0.40.rc1-coverity.patch
Patch3: libcgroup-0.40.rc1-fread.patch
Patch4: libcgroup-0.40.rc1-templates-fix.patch
Patch5: libcgroup-0.41-lex.patch
Patch6: libcgroup-0.41-api.c-fix-order-of-memory-subsystem-parameters.patch
Patch7: libcgroup-0.41-api.c-preserve-dirty-flag.patch
Patch8: libcgroup-0.41-change-cgroup-of-threads.patch
Patch9: libcgroup-0.41-fix-infinite-loop.patch
Patch10: libcgroup-0.41-prevent-buffer-overflow.patch
Patch11: libcgroup-0.41-tasks-file-warning.patch
Patch12: libcgroup-0.41-fix-log-level.patch
Patch13: libcgroup-0.41-size-of-controller-values.patch
Patch14: libcgroup-0.41-CVE-2018-14348.patch
Patch9000: bugfix-change-parser-match-order-fix-cgconfig-error.patch
BuildRequires: autoconf, automake, libtool
BuildRequires: gcc,gcc-c++,byacc
BuildRequires: systemd-units,pam-devel,flex,coreutils
@ -60,19 +50,9 @@ It provides helpful information for libcgroup-pam,libcgroup-devel,libcgroup-tool
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p2
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch9000 -p1
%build
autoreconf -vif
%configure --enable-pam-module-dir=%{_libdir}/security --enable-opaque-hierarchy="name=systemd" --disable-daemon
make %{?_smp_mflags}
@ -87,9 +67,11 @@ install -m 644 samples/cgsnapshot_blacklist.conf $RPM_BUILD_ROOT%{_sysconfdir}/c
# Only one pam_cgroup.so is needed
mv -f $RPM_BUILD_ROOT%{_libdir}/security/pam_cgroup.so.*.*.* $RPM_BUILD_ROOT%{_libdir}/security/pam_cgroup.so
rm -f $RPM_BUILD_ROOT%{_libdir}/security/pam_cgroup.so.*
rm -f $RPM_BUILD_ROOT%{_libdir}/security/pam_cgroup.la
rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
rm -f $RPM_BUILD_ROOT%{_libdir}/security/pam_cgroup.{,l}a $RPM_BUILD_ROOT%{_libdir}/security/pam_cgroup.so.*
rm -f $RPM_BUILD_ROOT%{_libdir}/*.{,l}a
rm -f $RPM_BUILD_ROOT%{_libdir}/libcgroupfortesting.*
rm -f $RPM_BUILD_ROOT%{_mandir}/man5/cgred.conf.5*
rm -f $RPM_BUILD_ROOT%{_mandir}/man5/cgrules.conf.5*
@ -152,6 +134,12 @@ getent group cgred >/dev/null || groupadd -r cgred
%attr(0644, root, root) %{_mandir}/man8/*
%changelog
* Wed Nov 4 2020 leizhongkai<leizhongkai@huawei.com> - 0.42.2-1
- Type: upgrade
- Id:NA
- SUG:NA
- DESC:new upstream release 0.42.2
* Tue Jan 7 2020 openEuler Buildteam <buildteam@openeuler.org> - 0.41-23
- Type:enhancement
- Id:NA