rsyslog/backport-bugfix-prevent-pot.-segfault-when-switchung.patch

From 1807410d18519520ed813dd4b9d2b2d34e583415 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Sun, 30 Oct 2022 18:43:26 +0100
Subject: [PATCH] [backport] bugfix: prevent pot. segfault when switchung to
 queue emergency mode

When switching to Disk queue emergency mode, we destructed the in-memory
queue object.  Practice has shown that this MAY cause races during
destruction which themselfs can lead to segfault. For that reason, we
now keep the disk queueu object. This will keep some ressources,
including disk space, allocated. But  we prefer that over a segfault.
After all, it only happens after a serious queue error when we are
already at the edge of hard problems.

see also: https://github.com/rsyslog/rsyslog/issues/4963

---

Conflict:NA
Type:bugfix
Reference:https://github.com/rsyslog/rsyslog/commit/eaac48d0d23afe0146454cd9f5004ddcb47cc81b

---
---
 runtime/queue.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/runtime/queue.c b/runtime/queue.c
index b3fdd5101..856b4df25 100644
--- a/runtime/queue.c
+++ b/runtime/queue.c
@@ -794,8 +794,12 @@ static rsRetVal qDelLinkedList(qqueue_t *pThis)
 /* The following function is used to "save" ourself from being killed by
  * a fatally failed disk queue. A fatal failure is, for example, if no
  * data can be read or written. In that case, the disk support is disabled,
- * with all on-disk structures kept as-is as much as possible. Instead, the
- * queue is switched to direct mode, so that at least
+ * with all on-disk structures kept as-is as much as possible. However,
+ * we do not really stop or destruct the in-memory disk queue object.
+ * Practice has shown that this may cause races during destruction which
+ * themselfs can lead to segfault. So we prefer to was some ressources by
+ * keeping the queue active.
+ * Instead, the queue is switched to direct mode, so that at least
  * some processing can happen. Of course, this may still have lots of
  * undesired side-effects, but is probably better than aborting the
  * syslogd. Note that this function *must* succeed in one way or another, as
@@ -808,7 +812,6 @@ queueSwitchToEmergencyMode(qqueue_t *pThis, rsRetVal initiatingError)
 {
 	pThis->iQueueSize = 0;
 	pThis->nLogDeq = 0;
-	qDestructDisk(pThis); /* free disk structures */
 
 	pThis->qType = QUEUETYPE_DIRECT;
 	pThis->qConstruct = qConstructDirect;
-- 
2.12.3
#I7DV6L:例行分析rsyslog软件包补丁 Signed-off-by: linzhuorong <linzhuorong@huawei.com> 2023-06-28 07:37:55 +00:00			`From 1807410d18519520ed813dd4b9d2b2d34e583415 Mon Sep 17 00:00:00 2001`
			`From: Rainer Gerhards <rgerhards@adiscon.com>`
			`Date: Sun, 30 Oct 2022 18:43:26 +0100`
			`Subject: [PATCH] [backport] bugfix: prevent pot. segfault when switchung to`
			`queue emergency mode`

			`When switching to Disk queue emergency mode, we destructed the in-memory`
			`queue object. Practice has shown that this MAY cause races during`
			`destruction which themselfs can lead to segfault. For that reason, we`
			`now keep the disk queueu object. This will keep some ressources,`
			`including disk space, allocated. But we prefer that over a segfault.`
			`After all, it only happens after a serious queue error when we are`
			`already at the edge of hard problems.`

			`see also: https://github.com/rsyslog/rsyslog/issues/4963`

			`---`

			`Conflict:NA`
			`Type:bugfix`
			`Reference:https://github.com/rsyslog/rsyslog/commit/eaac48d0d23afe0146454cd9f5004ddcb47cc81b`

			`---`
			`---`
			`runtime/queue.c \| 9 ++++++---`
			`1 file changed, 6 insertions(+), 3 deletions(-)`

			`diff --git a/runtime/queue.c b/runtime/queue.c`
			`index b3fdd5101..856b4df25 100644`
			`--- a/runtime/queue.c`
			`+++ b/runtime/queue.c`
			`@@ -794,8 +794,12 @@ static rsRetVal qDelLinkedList(qqueue_t *pThis)`
			`/* The following function is used to "save" ourself from being killed by`
			`* a fatally failed disk queue. A fatal failure is, for example, if no`
			`* data can be read or written. In that case, the disk support is disabled,`
			`- * with all on-disk structures kept as-is as much as possible. Instead, the`
			`- * queue is switched to direct mode, so that at least`
			`+ * with all on-disk structures kept as-is as much as possible. However,`
			`+ * we do not really stop or destruct the in-memory disk queue object.`
			`+ * Practice has shown that this may cause races during destruction which`
			`+ * themselfs can lead to segfault. So we prefer to was some ressources by`
			`+ * keeping the queue active.`
			`+ * Instead, the queue is switched to direct mode, so that at least`
			`* some processing can happen. Of course, this may still have lots of`
			`* undesired side-effects, but is probably better than aborting the`
			`* syslogd. Note that this function must succeed in one way or another, as`
			`@@ -808,7 +812,6 @@ queueSwitchToEmergencyMode(qqueue_t *pThis, rsRetVal initiatingError)`
			`{`
			`pThis->iQueueSize = 0;`
			`pThis->nLogDeq = 0;`
			`- qDestructDisk(pThis); /* free disk structures */`

			`pThis->qType = QUEUETYPE_DIRECT;`
			`pThis->qConstruct = qConstructDirect;`
			`--`
			`2.12.3`