From 9665627f9533e5c49e78a4b6fdfcbfa775e5be94 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Arkadiusz=20Mi=C5=9Bkiewicz?= Date: Tue, 6 Nov 2018 16:01:01 +0100 Subject: [PATCH] - rel 5; add patches from FC --- libcgroup-0.37-chmod.patch | 31 ++++ libcgroup-0.40.rc1-coverity.patch | 99 ++++++++++++ libcgroup-0.40.rc1-fread.patch | 49 ++++++ libcgroup-0.40.rc1-templates-fix.patch | 16 ++ libcgroup-0.41-CVE-2018-14348.patch | 33 ++++ ...order-of-memory-subsystem-parameters.patch | 66 ++++++++ ...group-0.41-api.c-preserve-dirty-flag.patch | 33 ++++ ...r-setting-multiline-values-in-contro.patch | 150 ++++++++++++++++++ libcgroup-0.41-change-cgroup-of-threads.patch | 63 ++++++++ libcgroup-0.41-fix-infinite-loop.patch | 40 +++++ libcgroup-0.41-fix-log-level.patch | 38 +++++ libcgroup-0.41-lex.patch | 25 +++ libcgroup-0.41-prevent-buffer-overflow.patch | 46 ++++++ ...group-0.41-size-of-controller-values.patch | 142 +++++++++++++++++ libcgroup-0.41-tasks-file-warning.patch | 49 ++++++ libcgroup.spec | 42 ++++- 16 files changed, 916 insertions(+), 6 deletions(-) create mode 100644 libcgroup-0.37-chmod.patch create mode 100644 libcgroup-0.40.rc1-coverity.patch create mode 100644 libcgroup-0.40.rc1-fread.patch create mode 100644 libcgroup-0.40.rc1-templates-fix.patch create mode 100644 libcgroup-0.41-CVE-2018-14348.patch create mode 100644 libcgroup-0.41-api.c-fix-order-of-memory-subsystem-parameters.patch create mode 100644 libcgroup-0.41-api.c-preserve-dirty-flag.patch create mode 100644 libcgroup-0.41-api.c-support-for-setting-multiline-values-in-contro.patch create mode 100644 libcgroup-0.41-change-cgroup-of-threads.patch create mode 100644 libcgroup-0.41-fix-infinite-loop.patch create mode 100644 libcgroup-0.41-fix-log-level.patch create mode 100644 libcgroup-0.41-lex.patch create mode 100644 libcgroup-0.41-prevent-buffer-overflow.patch create mode 100644 libcgroup-0.41-size-of-controller-values.patch create mode 100644 libcgroup-0.41-tasks-file-warning.patch diff --git a/libcgroup-0.37-chmod.patch b/libcgroup-0.37-chmod.patch new file mode 100644 index 0000000..bca595f --- /dev/null +++ b/libcgroup-0.37-chmod.patch @@ -0,0 +1,31 @@ +diff -up libcgroup-0.41/src/api.c.chmod libcgroup-0.41/src/api.c +--- libcgroup-0.41/src/api.c.chmod 2014-01-13 15:05:56.000000000 +0100 ++++ libcgroup-0.41/src/api.c 2014-01-13 20:41:55.255577622 +0100 +@@ -153,6 +153,10 @@ static int cg_chown_file(FTS *fts, FTSEN + return ret; + } + ++int cg_chmod_file(FTS *fts, FTSENT *ent, mode_t dir_mode, ++ int dirm_change, mode_t file_mode, int filem_change, ++ int owner_is_umask); ++ + /* + * TODO: Need to decide a better place to put this function. + */ +@@ -160,6 +164,8 @@ static int cg_chown_recursive(char **pat + { + int ret = 0; + FTS *fts; ++ /* mode 664 */ ++ mode_t mode = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH; + + cgroup_dbg("chown: path is %s\n", *path); + fts = fts_open(path, FTS_PHYSICAL | FTS_NOCHDIR | +@@ -177,6 +183,7 @@ static int cg_chown_recursive(char **pat + cgroup_warn("Warning: fts_read failed\n"); + break; + } ++ cg_chmod_file(fts, ent, mode, 0, mode, 1, 1); + ret = cg_chown_file(fts, ent, owner, group); + } + fts_close(fts); diff --git a/libcgroup-0.40.rc1-coverity.patch b/libcgroup-0.40.rc1-coverity.patch new file mode 100644 index 0000000..439abf1 --- /dev/null +++ b/libcgroup-0.40.rc1-coverity.patch @@ -0,0 +1,99 @@ +diff -up libcgroup-0.41/src/api.c.coverity libcgroup-0.41/src/api.c +--- libcgroup-0.41/src/api.c.coverity 2014-01-13 20:52:49.853838149 +0100 ++++ libcgroup-0.41/src/api.c 2014-01-13 20:52:49.854838142 +0100 +@@ -2791,7 +2791,6 @@ static int cgroup_create_template_group( + if (group_name == NULL) { + ret = ECGOTHER; + last_errno = errno; +- free(template_name); + goto end; + } + +diff -up libcgroup-0.41/src/config.c.coverity libcgroup-0.41/src/config.c +--- libcgroup-0.41/src/config.c.coverity 2014-01-13 15:05:56.000000000 +0100 ++++ libcgroup-0.41/src/config.c 2014-01-13 20:52:49.854838142 +0100 +@@ -323,7 +323,7 @@ int config_group_task_perm(char *perm_ty + long val = atoi(value); + char buffer[CGROUP_BUFFER_LEN]; + struct cgroup *config_cgroup; +- int table_index; ++ int table_index, ret; + + switch (flag) { + case CGROUP: +@@ -367,10 +367,10 @@ int config_group_task_perm(char *perm_ty + if (!group) + goto group_task_error; + +- getgrnam_r(value, group, buffer, ++ ret = getgrnam_r(value, group, buffer, + CGROUP_BUFFER_LEN, &group_buffer); + +- if (group_buffer == NULL) { ++ if (ret != 0 || group_buffer == NULL) { + free(group); + goto group_task_error; + } +@@ -436,7 +436,7 @@ int config_group_admin_perm(char *perm_t + struct cgroup *config_cgroup; + long val = atoi(value); + char buffer[CGROUP_BUFFER_LEN]; +- int table_index; ++ int table_index, ret; + + switch (flag) { + case CGROUP: +@@ -479,10 +479,10 @@ int config_group_admin_perm(char *perm_t + if (!group) + goto admin_error; + +- getgrnam_r(value, group, buffer, ++ ret = getgrnam_r(value, group, buffer, + CGROUP_BUFFER_LEN, &group_buffer); + +- if (group_buffer == NULL) { ++ if (ret != 0 || group_buffer == NULL) { + free(group); + goto admin_error; + } +diff -up libcgroup-0.41/src/daemon/cgrulesengd.c.coverity libcgroup-0.41/src/daemon/cgrulesengd.c +--- libcgroup-0.41/src/daemon/cgrulesengd.c.coverity 2014-01-13 15:05:56.000000000 +0100 ++++ libcgroup-0.41/src/daemon/cgrulesengd.c 2014-01-13 20:52:49.854838142 +0100 +@@ -646,7 +646,7 @@ close: + + static int cgre_create_netlink_socket_process_msg(void) + { +- int sk_nl = 0, sk_unix = 0, sk_max; ++ int sk_nl = -1, sk_unix = -1, sk_max; + struct sockaddr_nl my_nla; + char buff[BUFF_SIZE]; + int rc = -1; +@@ -784,9 +784,9 @@ static int cgre_create_netlink_socket_pr + } + + close_and_exit: +- if (sk_nl > 0) ++ if (sk_nl > -1) + close(sk_nl); +- if (sk_unix > 0) ++ if (sk_unix > -1) + close(sk_unix); + return rc; + } +diff -upr libcgroup-0.40.rc1.orig/src/tools/lscgroup.c libcgroup-0.40.rc1/src/tools/lscgroup.c +--- libcgroup-0.40.rc1.orig/src/tools/lscgroup.c 2013-05-21 15:36:04.000000000 +0200 ++++ libcgroup-0.40.rc1/src/tools/lscgroup.c 2013-11-04 14:26:53.400473523 +0100 +@@ -97,11 +97,11 @@ static int display_controller_data(char + if (ret != 0) + return ret; + +- strncpy(cgroup_dir_path, info.full_path, FILENAME_MAX); ++ strncpy(cgroup_dir_path, info.full_path, FILENAME_MAX - 1); + /* remove problematic '/' characters from cgroup directory path*/ + trim_filepath(cgroup_dir_path); + +- strncpy(input_dir_path, input_path, FILENAME_MAX); ++ strncpy(input_dir_path, input_path, FILENAME_MAX - 1); + + /* remove problematic '/' characters from input directory path*/ + trim_filepath(input_dir_path); diff --git a/libcgroup-0.40.rc1-fread.patch b/libcgroup-0.40.rc1-fread.patch new file mode 100644 index 0000000..acc7eba --- /dev/null +++ b/libcgroup-0.40.rc1-fread.patch @@ -0,0 +1,49 @@ +diff -up libcgroup-0.41/src/api.c.fread libcgroup-0.41/src/api.c +--- libcgroup-0.41/src/api.c.fread 2014-01-13 21:01:32.067067615 +0100 ++++ libcgroup-0.41/src/api.c 2014-01-13 21:01:32.070067594 +0100 +@@ -2232,29 +2232,29 @@ static int cg_rd_ctrl_file(const char *s + const char *file, char **value) + { + char path[FILENAME_MAX]; +- FILE *ctrl_file = NULL; +- int ret; ++ int ctrl_file = -1; ++ ssize_t ret; + + if (!cg_build_path_locked(cgroup, path, subsys)) + return ECGFAIL; + + strncat(path, file, sizeof(path) - strlen(path)); +- ctrl_file = fopen(path, "re"); +- if (!ctrl_file) ++ ctrl_file = open(path, O_RDONLY | O_CLOEXEC); ++ if (ctrl_file < 0) + return ECGROUPVALUENOTEXIST; + + *value = calloc(CG_VALUE_MAX, 1); + if (!*value) { +- fclose(ctrl_file); ++ close(ctrl_file); + last_errno = errno; + return ECGOTHER; + } + + /* +- * using %as crashes when we try to read from files like ++ * using %as or fread crashes when we try to read from files like + * memory.stat + */ +- ret = fread(*value, 1, CG_VALUE_MAX-1, ctrl_file); ++ ret = read(ctrl_file, *value, CG_VALUE_MAX-1); + if (ret < 0) { + free(*value); + *value = NULL; +@@ -2264,7 +2264,7 @@ static int cg_rd_ctrl_file(const char *s + (*value)[ret-1] = '\0'; + } + +- fclose(ctrl_file); ++ close(ctrl_file); + + return 0; + } diff --git a/libcgroup-0.40.rc1-templates-fix.patch b/libcgroup-0.40.rc1-templates-fix.patch new file mode 100644 index 0000000..50e9aea --- /dev/null +++ b/libcgroup-0.40.rc1-templates-fix.patch @@ -0,0 +1,16 @@ +diff -up libcgroup-0.41/src/api.c.templates-fix libcgroup-0.41/src/api.c +--- libcgroup-0.41/src/api.c.templates-fix 2014-01-13 21:04:36.933747000 +0100 ++++ libcgroup-0.41/src/api.c 2014-01-13 21:16:44.478580105 +0100 +@@ -2974,10 +2974,10 @@ int cgroup_change_cgroup_flags(uid_t uid + available, "%d", pid); + break; + case 'p': +- if(procname) { ++ if(procname && strlen(basename(procname))) { + written = snprintf(newdest + j, + available, "%s", +- procname); ++ basename(procname)); + } else { + written = snprintf(newdest + j, + available, "%d", pid); diff --git a/libcgroup-0.41-CVE-2018-14348.patch b/libcgroup-0.41-CVE-2018-14348.patch new file mode 100644 index 0000000..e43bca9 --- /dev/null +++ b/libcgroup-0.41-CVE-2018-14348.patch @@ -0,0 +1,33 @@ +From 94e9dcead2e8bce00deeef08ea364ec6dc7e1f45 Mon Sep 17 00:00:00 2001 +From: Michal Hocko +Date: Wed, 18 Jul 2018 11:24:29 +0200 +Subject: [PATCH] cgrulesengd: remove umask(0) + +One of our partners has noticed that cgred daemon is creating a log file +(/var/log/cgred) with too wide permissions (0666) and that is seen as +a security bug because an untrusted user can write to otherwise +restricted area. CVE-2018-14348 has been assigned to this issue. + +Signed-off-by: Michal Hocko +Acked-by: Balbir Singh +--- + src/daemon/cgrulesengd.c | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/src/daemon/cgrulesengd.c b/src/daemon/cgrulesengd.c +index 170837a..41aadd4 100644 +--- a/src/daemon/cgrulesengd.c ++++ b/src/daemon/cgrulesengd.c +@@ -885,9 +885,6 @@ int cgre_start_daemon(const char *logp, const int logf, + } else if (pid > 0) { + exit(EXIT_SUCCESS); + } +- +- /* Change the file mode mask. */ +- umask(0); + } else { + flog(LOG_DEBUG, "Not using daemon mode\n"); + pid = getpid(); +-- +2.17.1 + diff --git a/libcgroup-0.41-api.c-fix-order-of-memory-subsystem-parameters.patch b/libcgroup-0.41-api.c-fix-order-of-memory-subsystem-parameters.patch new file mode 100644 index 0000000..9700530 --- /dev/null +++ b/libcgroup-0.41-api.c-fix-order-of-memory-subsystem-parameters.patch @@ -0,0 +1,66 @@ +From 72a9e0c3d4f8daca9f7dc389edbc1013d7c0d808 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Nikola=20Forr=C3=B3?= +Date: Fri, 8 Apr 2016 17:00:19 +0200 +Subject: [PATCH] api.c: fix order of memory subsystem parameters generated by + cgsnapshot +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Order of parameters usually doesn't matter, but that's not the case with +memory.limit_in_bytes and memory.memsw.limit_in_bytes. When the latter +is first in the list of parameters, the resulting configuration is not +loadable with cgconfigparser. + +This happens because when a cgroup is created, both memory.limit_in_bytes +and memory.memsw.limit_in_bytes parameters are initialized to highest +value possible (RESOURCE_MAX). And because memory.memsw.limit_in_bytes +must be always higher or equal to memory.limit_in_bytes, it's impossible +to change its value first. + +Make sure that after constructing parameter list of memory subsystem, +the mentioned parameters are in correct order. + +Signed-off-by: Nikola Forró +--- + src/api.c | 24 ++++++++++++++++++++++++ + 1 file changed, 24 insertions(+) + +diff --git a/src/api.c b/src/api.c +index 0bf0615..f5da553 100644 +--- a/src/api.c ++++ b/src/api.c +@@ -2651,6 +2651,30 @@ int cgroup_get_cgroup(struct cgroup *cgroup) + } + } + closedir(dir); ++ ++ if (! strcmp(cgc->name, "memory")) { ++ /* ++ * Make sure that memory.limit_in_bytes is placed before ++ * memory.memsw.limit_in_bytes in the list of values ++ */ ++ int memsw_limit = -1; ++ int mem_limit = -1; ++ ++ for (j = 0; j < cgc->index; j++) { ++ if (! strcmp(cgc->values[j]->name, ++ "memory.memsw.limit_in_bytes")) ++ memsw_limit = j; ++ else if (! strcmp(cgc->values[j]->name, ++ "memory.limit_in_bytes")) ++ mem_limit = j; ++ } ++ ++ if (memsw_limit >= 0 && memsw_limit < mem_limit) { ++ struct control_value *val = cgc->values[memsw_limit]; ++ cgc->values[memsw_limit] = cgc->values[mem_limit]; ++ cgc->values[mem_limit] = val; ++ } ++ } + } + + /* Check if the group really exists or not */ +-- +2.4.11 + diff --git a/libcgroup-0.41-api.c-preserve-dirty-flag.patch b/libcgroup-0.41-api.c-preserve-dirty-flag.patch new file mode 100644 index 0000000..0836334 --- /dev/null +++ b/libcgroup-0.41-api.c-preserve-dirty-flag.patch @@ -0,0 +1,33 @@ +From ad27a46d8c0e180f71b4606d7b2a3bd3bebd7bbf Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Nikola=20Forr=C3=B3?= +Date: Thu, 13 Oct 2016 13:42:30 +0200 +Subject: [PATCH] api.c: preserve dirty flag when copying controller values +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +When setting cgroup parameters with cgset fails, no error is reported. +This is caused by the fact that cgroup_copy_controller_values is not +preserving dirty flags of the values, so it's making all errors +considered non-fatal. + +Signed-off-by: Nikola Forró +--- + src/api.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/api.c b/src/api.c +index 0bf0615..daf4ef0 100644 +--- a/src/api.c ++++ b/src/api.c +@@ -1687,6 +1687,7 @@ static int cgroup_copy_controller_values(struct cgroup_controller *dst, + dst_val = dst->values[i]; + strncpy(dst_val->value, src_val->value, CG_VALUE_MAX); + strncpy(dst_val->name, src_val->name, FILENAME_MAX); ++ dst_val->dirty = src_val->dirty; + } + err: + return ret; +-- +2.7.4 + diff --git a/libcgroup-0.41-api.c-support-for-setting-multiline-values-in-contro.patch b/libcgroup-0.41-api.c-support-for-setting-multiline-values-in-contro.patch new file mode 100644 index 0000000..fba6b9b --- /dev/null +++ b/libcgroup-0.41-api.c-support-for-setting-multiline-values-in-contro.patch @@ -0,0 +1,150 @@ +From 691430206f1104b752b0e52386f317e639137788 Mon Sep 17 00:00:00 2001 +From: Jan Chaloupka +Date: Mon, 15 Sep 2014 13:29:39 +0200 +Subject: [PATCH] api.c: support for setting multiline values in control files + +As of now, libcgroup does not support multiline values setting from configuration files. i.e. values in a form: + +net_prio.ifpriomap="lo 7 +eth0 66 +eth1 5 +eth2 4 +eth3 3"; + +Thus, setting of more network interfaces can not be done from configuration file. Or + +devices.allow="a *:* w +c 8:* r"; + +thus setting list of allow devices can not be set as well. The only way is to set it from userspace, e.g.: +# echo "lo 7" > /sys/fs/cgroup/net_prio/testGroup/net_prio.ifpriomap +# echo "eth 0" > /sys/fs/cgroup/net_prio/testGroup/net_prio.ifpriomap +# echo "eth 1" > /sys/fs/cgroup/net_prio/testGroup/net_prio.ifpriomap +# echo "eth 2" > /sys/fs/cgroup/net_prio/testGroup/net_prio.ifpriomap +# echo "eth 3" > /sys/fs/cgroup/net_prio/testGroup/net_prio.ifpriomap + +This patch allows setting of multiline variables. + +How this support works: +Multiline value is broken in lines and each line is set by write (man 2 write) syscall (without bufferring). +This implies change of fopen with open, fclose with close. +There is no control on multiline value, thus "eth0\n \t\n" can be set. However, setting +of " \t" will fail as write command returns -1. Thus administrator has to set correct +multiline values. + +Tested on virtual machine with fedora and rhel with network interface lo, eth0-eth3. Configuration file: + +# cat /etc/cgconfig.conf +group testGroup { + net_prio { + net_prio.ifpriomap="lo 7 +eth0 66 +eth1 5 +eth2 4 +eth3 3"; + } +} + +net_prio has to be created before: +# modprobe netprio_cgroup +# mkdir /sys/fs/cgroup/net_prio +# mount -t cgroup -onet_prio none /sys/fs/cgroup/net_prio + +Changelog: + test of success of strdup call + free str_val before return (str_val is changing in while cycle, + thus str_start_val points to the start of str_val before while) + +Signed-off-by: Jan Chaloupka +--- + src/api.c | 50 ++++++++++++++++++++++++++++++++++++++++++++------ + 1 file changed, 44 insertions(+), 6 deletions(-) + +diff --git a/src/api.c b/src/api.c +index 5751b8f..d6c9d3a 100644 +--- a/src/api.c ++++ b/src/api.c +@@ -1495,13 +1495,18 @@ static int cg_create_control_group(const char *path) + */ + static int cg_set_control_value(char *path, const char *val) + { +- FILE *control_file = NULL; ++ int ctl_file; ++ char *str_val; ++ char *str_val_start; ++ char *pos; ++ size_t len; ++ + if (!cg_test_mounted_fs()) + return ECGROUPNOTMOUNTED; + +- control_file = fopen(path, "r+e"); ++ ctl_file = open(path, O_RDWR | O_CLOEXEC); + +- if (!control_file) { ++ if (ctl_file == -1) { + if (errno == EPERM) { + /* + * We need to set the correct error value, does the +@@ -1512,6 +1517,7 @@ static int cg_set_control_value(char *path, const char *val) + */ + char *path_dir_end; + char *tasks_path; ++ FILE *control_file; + + path_dir_end = strrchr(path, '/'); + if (path_dir_end == NULL) +@@ -1543,15 +1549,47 @@ static int cg_set_control_value(char *path, const char *val) + return ECGROUPVALUENOTEXIST; + } + +- if (fprintf(control_file, "%s", val) < 0) { ++ /* Split the multiline value into lines. */ ++ /* One line is a special case of multiline value. */ ++ str_val = strdup(val); ++ if (str_val == NULL) { + last_errno = errno; +- fclose(control_file); ++ close(ctl_file); + return ECGOTHER; + } +- if (fclose(control_file) < 0) { ++ ++ str_val_start = str_val; ++ pos = str_val; ++ ++ do { ++ str_val = pos; ++ pos = strchr(str_val, '\n'); ++ ++ if (pos) { ++ *pos = '\0'; ++ ++pos; ++ } ++ ++ len = strlen(str_val); ++ if (len > 0) { ++ if (write(ctl_file, str_val, len) == -1) { ++ last_errno = errno; ++ free(str_val_start); ++ close(ctl_file); ++ return ECGOTHER; ++ } ++ } else ++ cgroup_warn("Warning: skipping empty line for %s\n", ++ path); ++ } while(pos); ++ ++ if (close(ctl_file)) { + last_errno = errno; ++ free(str_val_start); + return ECGOTHER; + } ++ ++ free(str_val_start); + return 0; + } + +-- +1.9.3 + diff --git a/libcgroup-0.41-change-cgroup-of-threads.patch b/libcgroup-0.41-change-cgroup-of-threads.patch new file mode 100644 index 0000000..913ce0f --- /dev/null +++ b/libcgroup-0.41-change-cgroup-of-threads.patch @@ -0,0 +1,63 @@ +From 647274d80d18686a3129a2b50605869ac5178ccf Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Nikola=20Forr=C3=B3?= +Date: Tue, 8 Dec 2015 17:09:08 +0100 +Subject: [PATCH 1/6] api.c: change cgroup of every thread of a process + +When changing cgroup of multi-threaded process, only the main threads +cgroup actually changed. Now all threads of a process are enumerated +and cgroup is changed for each of them. +--- + src/api.c | 26 +++++++++++++++++++++----- + 1 file changed, 21 insertions(+), 5 deletions(-) + +diff --git a/src/api.c b/src/api.c +index 0cc15c6..df90a6f 100644 +--- a/src/api.c ++++ b/src/api.c +@@ -3177,10 +3177,13 @@ int cgroup_change_all_cgroups(void) + return -ECGOTHER; + + while ((pid_dir = readdir(dir)) != NULL) { +- int err, pid; ++ int err, pid, tid; + uid_t euid; + gid_t egid; + char *procname = NULL; ++ DIR *tdir; ++ struct dirent *tid_dir = NULL; ++ char tpath[FILENAME_MAX] = { '\0' }; + + err = sscanf(pid_dir->d_name, "%i", &pid); + if (err < 1) +@@ -3194,11 +3197,24 @@ int cgroup_change_all_cgroups(void) + if (err) + continue; + +- err = cgroup_change_cgroup_flags(euid, +- egid, procname, pid, CGFLAG_USECACHE); +- if (err) +- cgroup_dbg("cgroup change pid %i failed\n", pid); ++ snprintf(tpath, FILENAME_MAX, "%s%d/task/", path, pid); ++ ++ tdir = opendir(tpath); ++ if (!tdir) ++ continue; ++ ++ while ((tid_dir = readdir(tdir)) != NULL) { ++ err = sscanf(tid_dir->d_name, "%i", &tid); ++ if (err < 1) ++ continue; ++ ++ err = cgroup_change_cgroup_flags(euid, ++ egid, procname, tid, CGFLAG_USECACHE); ++ if (err) ++ cgroup_dbg("cgroup change tid %i failed\n", tid); ++ } + ++ closedir(tdir); + free(procname); + } + +-- +2.17.0 + diff --git a/libcgroup-0.41-fix-infinite-loop.patch b/libcgroup-0.41-fix-infinite-loop.patch new file mode 100644 index 0000000..a41347b --- /dev/null +++ b/libcgroup-0.41-fix-infinite-loop.patch @@ -0,0 +1,40 @@ +From 62bab9d121d4fb416205f5ac53ad342184ae42b6 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Nikola=20Forr=C3=B3?= +Date: Tue, 8 Dec 2015 16:53:41 +0100 +Subject: [PATCH 2/6] api.c: fix infinite loop + +If getgrnam or getpwuid functions failed, the program entered +an infinite loop, because the rule pointer was never advanced. +This is now fixed by updating the pointer before continuing +to the next iteration. +--- + src/api.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/src/api.c b/src/api.c +index df90a6f..217d6c9 100644 +--- a/src/api.c ++++ b/src/api.c +@@ -2664,13 +2664,17 @@ static struct cgroup_rule *cgroup_find_matching_rule_uid_gid(uid_t uid, + /* Get the group data. */ + sp = &(rule->username[1]); + grp = getgrnam(sp); +- if (!grp) ++ if (!grp) { ++ rule = rule->next; + continue; ++ } + + /* Get the data for UID. */ + usr = getpwuid(uid); +- if (!usr) ++ if (!usr) { ++ rule = rule->next; + continue; ++ } + + /* If UID is a member of group, we matched. */ + for (i = 0; grp->gr_mem[i]; i++) { +-- +2.17.0 + diff --git a/libcgroup-0.41-fix-log-level.patch b/libcgroup-0.41-fix-log-level.patch new file mode 100644 index 0000000..30055e3 --- /dev/null +++ b/libcgroup-0.41-fix-log-level.patch @@ -0,0 +1,38 @@ +From 7c99c167f41d3f8810808436d2ac58afc3a7d6c7 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Nikola=20Forr=C3=B3?= +Date: Tue, 17 Apr 2018 13:33:03 +0200 +Subject: [PATCH 5/6] api.c: Fix level of failed user/group lookup warnings +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Nikola Forró +--- + src/api.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/api.c b/src/api.c +index 51081b4..efde2d1 100644 +--- a/src/api.c ++++ b/src/api.c +@@ -639,7 +639,7 @@ static int cgroup_parse_rules(bool cache, uid_t muid, + uid = CGRULE_INVALID; + gid = grp->gr_gid; + } else { +- cgroup_dbg("Warning: Entry for %s not" ++ cgroup_warn("Warning: Entry for %s not" + "found. Skipping rule on line" + " %d.\n", itr, linenum); + skipped = true; +@@ -656,7 +656,7 @@ static int cgroup_parse_rules(bool cache, uid_t muid, + uid = pwd->pw_uid; + gid = CGRULE_INVALID; + } else { +- cgroup_dbg("Warning: Entry for %s not" ++ cgroup_warn("Warning: Entry for %s not" + "found. Skipping rule on line" + " %d.\n", user, linenum); + skipped = true; +-- +2.17.0 + diff --git a/libcgroup-0.41-lex.patch b/libcgroup-0.41-lex.patch new file mode 100644 index 0000000..bcd536a --- /dev/null +++ b/libcgroup-0.41-lex.patch @@ -0,0 +1,25 @@ +From a8c2e967e74d280cd3b8554af0c95d823647d1c0 Mon Sep 17 00:00:00 2001 +From: Jan Chaloupka +Date: Thu, 6 Feb 2014 11:43:18 +0100 +Subject: [PATCH] lex updated, additional '\' char for ID token + +--- + libcgroup-0.41/src/lex.l | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libcgroup-0.41/src/lex.l b/libcgroup-0.41/src/lex.l +index 1b357db..d7bf575 100644 +--- a/libcgroup-0.41/src/lex.l ++++ b/libcgroup-0.41/src/lex.l +@@ -43,7 +43,7 @@ jmp_buf parser_error_env; + "namespace" {return NAMESPACE;} + "template" {return TEMPLATE;} + "default" {return DEFAULT;} +-[a-zA-Z0-9_\-\/\.\,\%\@]+ {yylval.name = strdup(yytext); return ID;} ++[a-zA-Z0-9_\-\/\.\,\%\@\\]+ {yylval.name = strdup(yytext); return ID;} + \"[^"]*\" {yylval.name = strdup(yytext+1); yylval.name[strlen(yylval.name)-1] = '\0'; return ID; } + . {return yytext[0];} + %% +-- +1.8.5.3 + diff --git a/libcgroup-0.41-prevent-buffer-overflow.patch b/libcgroup-0.41-prevent-buffer-overflow.patch new file mode 100644 index 0000000..d405159 --- /dev/null +++ b/libcgroup-0.41-prevent-buffer-overflow.patch @@ -0,0 +1,46 @@ +From 9c80e2cb4bca26993a12027c46a274bb43645630 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Nikola=20Forr=C3=B3?= +Date: Wed, 22 Jun 2016 14:12:46 +0200 +Subject: [PATCH 3/6] api.c: fix potential buffer overflow +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +It is assumed that arguments read from /proc//cmdline don't exceed +buf_pname buffer size, which is FILENAME_MAX - 1 characters, but that's +not always the case. + +Add check to prevent buffer overflow and discard the excessive part of +an argument. + +Signed-off-by: Nikola Forró +--- + src/api.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/src/api.c b/src/api.c +index 217d6c9..4d98081 100644 +--- a/src/api.c ++++ b/src/api.c +@@ -4065,13 +4065,17 @@ static int cg_get_procname_from_proc_cmdline(pid_t pid, + + while (c != EOF) { + c = fgetc(f); +- if ((c != EOF) && (c != '\0')) { ++ if ((c != EOF) && (c != '\0') && (len < FILENAME_MAX - 1)) { + buf_pname[len] = c; + len++; + continue; + } + buf_pname[len] = '\0'; + ++ if (len == FILENAME_MAX - 1) ++ while ((c != EOF) && (c != '\0')) ++ c = fgetc(f); ++ + /* + * The taken process name from /proc//status is + * shortened to 15 characters if it is over. So the +-- +2.17.0 + diff --git a/libcgroup-0.41-size-of-controller-values.patch b/libcgroup-0.41-size-of-controller-values.patch new file mode 100644 index 0000000..08aba87 --- /dev/null +++ b/libcgroup-0.41-size-of-controller-values.patch @@ -0,0 +1,142 @@ +From 5a64a79144e58a62426a34ef51b14e891f042fa2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Nikola=20Forr=C3=B3?= +Date: Tue, 17 Apr 2018 13:54:38 +0200 +Subject: [PATCH 6/6] Increase maximal size of controller values +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Maximal length of a controller value is determined by CG_VALUE_MAX, +which is equal to 100. That is not sufficient in some cases. + +Add new constant CG_CONTROL_VALUE_MAX (to prevent breaking current API) +and set it to 4096, which is usually equal to the amount of bytes that +can be written to a sysctl file directly. + +Add warning message about exceeding the limit while parsing +configuration file. + +Signed-off-by: Nikola Forró +--- + src/api.c | 6 +++--- + src/libcgroup-internal.h | 5 ++++- + src/tools/cgset.c | 4 ++-- + src/wrapper.c | 17 ++++++++++++----- + 4 files changed, 21 insertions(+), 11 deletions(-) + +diff --git a/src/api.c b/src/api.c +index efde2d1..1cd30df 100644 +--- a/src/api.c ++++ b/src/api.c +@@ -1561,7 +1561,7 @@ static int cgroup_copy_controller_values(struct cgroup_controller *dst, + } + + dst_val = dst->values[i]; +- strncpy(dst_val->value, src_val->value, CG_VALUE_MAX); ++ strncpy(dst_val->value, src_val->value, CG_CONTROL_VALUE_MAX); + strncpy(dst_val->name, src_val->name, FILENAME_MAX); + dst_val->dirty = src_val->dirty; + } +@@ -2286,7 +2286,7 @@ static int cg_rd_ctrl_file(const char *subsys, const char *cgroup, + if (ctrl_file < 0) + return ECGROUPVALUENOTEXIST; + +- *value = calloc(CG_VALUE_MAX, 1); ++ *value = calloc(CG_CONTROL_VALUE_MAX, 1); + if (!*value) { + close(ctrl_file); + last_errno = errno; +@@ -2297,7 +2297,7 @@ static int cg_rd_ctrl_file(const char *subsys, const char *cgroup, + * using %as or fread crashes when we try to read from files like + * memory.stat + */ +- ret = read(ctrl_file, *value, CG_VALUE_MAX-1); ++ ret = read(ctrl_file, *value, CG_CONTROL_VALUE_MAX-1); + if (ret < 0) { + free(*value); + *value = NULL; +diff --git a/src/libcgroup-internal.h b/src/libcgroup-internal.h +index 4c0f46c..3a8e336 100644 +--- a/src/libcgroup-internal.h ++++ b/src/libcgroup-internal.h +@@ -32,6 +32,9 @@ __BEGIN_DECLS + /* Estimated number of groups created */ + #define MAX_GROUP_ELEMENTS 128 + ++/* Maximum length of a value */ ++#define CG_CONTROL_VALUE_MAX 4096 ++ + #define CG_NV_MAX 100 + #define CG_CONTROLLER_MAX 100 + /* Max number of mounted hierarchies. Event if one controller is mounted per +@@ -73,7 +76,7 @@ __BEGIN_DECLS + + struct control_value { + char name[FILENAME_MAX]; +- char value[CG_VALUE_MAX]; ++ char value[CG_CONTROL_VALUE_MAX]; + bool dirty; + }; + +diff --git a/src/tools/cgset.c b/src/tools/cgset.c +index ea9f90d..3d3c8cc 100644 +--- a/src/tools/cgset.c ++++ b/src/tools/cgset.c +@@ -151,8 +151,8 @@ int main(int argc, char *argv[]) + goto err; + } + +- strncpy(name_value[nv_number].value, buf, CG_VALUE_MAX); +- name_value[nv_number].value[CG_VALUE_MAX-1] = '\0'; ++ strncpy(name_value[nv_number].value, buf, CG_CONTROL_VALUE_MAX); ++ name_value[nv_number].value[CG_CONTROL_VALUE_MAX-1] = '\0'; + + nv_number++; + break; +diff --git a/src/wrapper.c b/src/wrapper.c +index c03472a..0952823 100644 +--- a/src/wrapper.c ++++ b/src/wrapper.c +@@ -132,10 +132,10 @@ int cgroup_add_value_string(struct cgroup_controller *controller, + if (!controller) + return ECGINVAL; + +- if (controller->index >= CG_VALUE_MAX) ++ if (controller->index >= CG_NV_MAX) + return ECGMAXVALUESEXCEEDED; + +- for (i = 0; i < controller->index && i < CG_VALUE_MAX; i++) { ++ for (i = 0; i < controller->index && i < CG_NV_MAX; i++) { + if (!strcmp(controller->values[i]->name, name)) + return ECGVALUEEXISTS; + } +@@ -145,8 +145,15 @@ int cgroup_add_value_string(struct cgroup_controller *controller, + if (!cntl_value) + return ECGCONTROLLERCREATEFAILED; + +- strncpy(cntl_value->name, name, sizeof(cntl_value->name)); +- strncpy(cntl_value->value, value, sizeof(cntl_value->value)); ++ if (strlen(value) >= sizeof(cntl_value->value)) { ++ fprintf(stderr, "value exceeds the maximum of %d characters\n", ++ sizeof(cntl_value->value)); ++ free(cntl_value); ++ return ECGCONFIGPARSEFAIL; ++ } ++ ++ strncpy(cntl_value->name, name, sizeof(cntl_value->name) - 1); ++ strncpy(cntl_value->value, value, sizeof(cntl_value->value) - 1); + cntl_value->dirty = true; + controller->values[controller->index] = cntl_value; + controller->index++; +@@ -356,7 +363,7 @@ int cgroup_set_value_string(struct cgroup_controller *controller, + for (i = 0; i < controller->index; i++) { + struct control_value *val = controller->values[i]; + if (!strcmp(val->name, name)) { +- strncpy(val->value, value, CG_VALUE_MAX); ++ strncpy(val->value, value, CG_CONTROL_VALUE_MAX - 1); + val->dirty = true; + return 0; + } +-- +2.17.0 + diff --git a/libcgroup-0.41-tasks-file-warning.patch b/libcgroup-0.41-tasks-file-warning.patch new file mode 100644 index 0000000..e094613 --- /dev/null +++ b/libcgroup-0.41-tasks-file-warning.patch @@ -0,0 +1,49 @@ +From 437b68f34c459d136c806e61dafb5825d2f97170 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Nikola=20Forr=C3=B3?= +Date: Tue, 17 Apr 2018 13:32:28 +0200 +Subject: [PATCH 4/6] api.c: Show warning when tasks file can not be opened +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Nikola Forró +--- + src/api.c | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +diff --git a/src/api.c b/src/api.c +index 4d98081..51081b4 100644 +--- a/src/api.c ++++ b/src/api.c +@@ -1190,12 +1190,15 @@ static int __cgroup_attach_task_pid(char *path, pid_t tid) + if (!tasks) { + switch (errno) { + case EPERM: +- return ECGROUPNOTOWNER; ++ ret = ECGROUPNOTOWNER; ++ break; + case ENOENT: +- return ECGROUPNOTEXIST; ++ ret = ECGROUPNOTEXIST; ++ break; + default: +- return ECGROUPNOTALLOWED; ++ ret = ECGROUPNOTALLOWED; + } ++ goto err; + } + ret = fprintf(tasks, "%d", tid); + if (ret < 0) { +@@ -1214,7 +1217,8 @@ static int __cgroup_attach_task_pid(char *path, pid_t tid) + err: + cgroup_warn("Warning: cannot write tid %d to %s:%s\n", + tid, path, strerror(errno)); +- fclose(tasks); ++ if (tasks) ++ fclose(tasks); + return ret; + } + +-- +2.17.0 + diff --git a/libcgroup.spec b/libcgroup.spec index 13609de..145c2e7 100644 --- a/libcgroup.spec +++ b/libcgroup.spec @@ -2,7 +2,7 @@ Summary: Tools and library to control and monitor control groups Summary(pl.UTF-8): Narzędzia i biblioteka do kontrolowania i monitorowania grup kontroli Name: libcgroup Version: 0.41 -Release: 4 +Release: 5 License: LGPL v2+ Group: Applications/System Source0: http://downloads.sourceforge.net/libcg/%{name}-%{version}.tar.bz2 @@ -15,6 +15,21 @@ Source5: cgred.sysconfig Patch0: %{name}-pam.patch Patch1: %{name}-conf.patch Patch2: %{name}-missing.patch +Patch3: %{name}-0.37-chmod.patch +Patch4: %{name}-0.40.rc1-coverity.patch +Patch5: %{name}-0.40.rc1-fread.patch +Patch6: %{name}-0.40.rc1-templates-fix.patch +Patch7: %{name}-0.41-api.c-fix-order-of-memory-subsystem-parameters.patch +Patch8: %{name}-0.41-api.c-preserve-dirty-flag.patch +Patch9: %{name}-0.41-api.c-support-for-setting-multiline-values-in-contro.patch +Patch10: %{name}-0.41-change-cgroup-of-threads.patch +Patch11: %{name}-0.41-CVE-2018-14348.patch +Patch12: %{name}-0.41-fix-infinite-loop.patch +Patch13: %{name}-0.41-fix-log-level.patch +Patch14: %{name}-0.41-lex.patch +Patch15: %{name}-0.41-prevent-buffer-overflow.patch +Patch16: %{name}-0.41-size-of-controller-values.patch +Patch17: %{name}-0.41-tasks-file-warning.patch URL: http://libcg.sourceforge.net/ BuildRequires: autoconf >= 2.61 BuildRequires: automake @@ -110,6 +125,21 @@ Wiązania Pythona do biblioteki libcgroup. %patch0 -p1 %patch1 -p1 %patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 +%patch10 -p1 +%patch11 -p1 +%patch12 -p1 +%patch13 -p1 +%patch14 -p2 +%patch15 -p1 +%patch16 -p1 +%patch17 -p1 %build %{__libtoolize} @@ -133,13 +163,13 @@ install -d $RPM_BUILD_ROOT{/etc/sysconfig,%{systemdunitdir}} %{__make} install \ DESTDIR=$RPM_BUILD_ROOT -install %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/cgconfig -install %{SOURCE2} $RPM_BUILD_ROOT/etc/rc.d/init.d/cgred +cp -p %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/cgconfig +cp -p %{SOURCE2} $RPM_BUILD_ROOT/etc/rc.d/init.d/cgred -install %{SOURCE3} $RPM_BUILD_ROOT%{systemdunitdir}/cgconfig.service -install %{SOURCE4} $RPM_BUILD_ROOT%{systemdunitdir}/cgred.service +cp -p %{SOURCE3} $RPM_BUILD_ROOT%{systemdunitdir}/cgconfig.service +cp -p %{SOURCE4} $RPM_BUILD_ROOT%{systemdunitdir}/cgred.service -install %{SOURCE5} $RPM_BUILD_ROOT/etc/sysconfig/cgred +cp -p %{SOURCE5} $RPM_BUILD_ROOT/etc/sysconfig/cgred cp -a samples/cg{config,rules,snapshot_blacklist}.conf $RPM_BUILD_ROOT%{_sysconfdir} mv $RPM_BUILD_ROOT%{_libdir}/libcgroup.so.* $RPM_BUILD_ROOT/%{_lib} -- 2.44.0