--- /dev/null
+From ab9a41700a2b9d422ab0fda1fe3873b4ae70b47b Mon Sep 17 00:00:00 2001
+From: Wolfgang Bumiller <w.bumiller@proxmox.com>
+Date: Thu, 7 Jan 2016 11:23:24 +0100
+Subject: [PATCH lxcfs 1/5] fix missing dereferencing in must_strcat_pid
+
+Fixes a segfault when reading a /tasks file of a cgroup
+containing a large number of pids.
+
+Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
+---
+ lxcfs.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lxcfs.c b/lxcfs.c
+index fe5ac3e..767a344 100644
+--- a/lxcfs.c
++++ b/lxcfs.c
+@@ -85,7 +85,7 @@ static void must_strcat_pid(char **src, size_t *sz, size_t *asz, pid_t pid)
+ } while (!d);
+ *src = d;
+ *asz = BUF_RESERVE_SIZE;
+- } else if (strlen(tmp) + sz + 1 >= asz) {
++ } else if (strlen(tmp) + *sz + 1 >= *asz) {
+ do {
+ d = realloc(d, *asz + BUF_RESERVE_SIZE);
+ } while (!d);
+--
+2.1.4
+
--- /dev/null
+From cc1d9baadd760a3e6fc757d31569fbf46ad37dbd Mon Sep 17 00:00:00 2001
+From: Wolfgang Bumiller <w.bumiller@proxmox.com>
+Date: Thu, 7 Jan 2016 11:32:59 +0100
+Subject: [PATCH lxcfs 3/5] fix leak in realloc loop in must_strcat_pid
+
+If the first realloc() call fails then 'd' becomes NULL,
+subsequent realloc() retries will behave like malloc() and
+the the original src pointer is never freed. Further more
+the newly allocated data then contains uninitialized data
+where the previous pids had been stored.
+Avoid this by passing the the original pointer from '*src'
+to realloc().
+
+Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
+---
+ lxcfs.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lxcfs.c b/lxcfs.c
+index 8605000..d738e79 100644
+--- a/lxcfs.c
++++ b/lxcfs.c
+@@ -87,7 +87,7 @@ static void must_strcat_pid(char **src, size_t *sz, size_t *asz, pid_t pid)
+ *asz = BUF_RESERVE_SIZE;
+ } else if (tmplen + *sz + 1 >= *asz) {
+ do {
+- d = realloc(d, *asz + BUF_RESERVE_SIZE);
++ d = realloc(*src, *asz + BUF_RESERVE_SIZE);
+ } while (!d);
+ *src = d;
+ *asz += BUF_RESERVE_SIZE;
+--
+2.1.4
+
--- /dev/null
+From 4d373ffcfee6853662421370fad3df3701573712 Mon Sep 17 00:00:00 2001
+From: Wolfgang Bumiller <w.bumiller@proxmox.com>
+Date: Thu, 7 Jan 2016 12:49:51 +0100
+Subject: [PATCH lxcfs 4/5] cgfs: fix dorealloc's batch allocation
+
+The initial check should use real lengths as with modulo a
+new required length of eg. 52 would be considered smaller
+than an old length of 48 (2 < 48).
+
+To get the 'batches' count 'newlen' must be divided and not
+taken modulo BATCH_SIZE. Otherwise '101', which would need a
+3rd batch to reach 150, would end up with two (2*50 = 100
+bytes) and thereby be truncated instead.
+
+Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
+---
+ cgfs.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/cgfs.c b/cgfs.c
+index 0659e9e..681a478 100644
+--- a/cgfs.c
++++ b/cgfs.c
+@@ -75,9 +75,9 @@ static inline void drop_trailing_newlines(char *s)
+ static void dorealloc(char **mem, size_t oldlen, size_t newlen)
+ {
+ int batches;
+- if (newlen % BATCH_SIZE <= oldlen % BATCH_SIZE)
++ if (newlen <= oldlen)
+ return;
+- batches = (newlen % BATCH_SIZE) + 1;
++ batches = (newlen / BATCH_SIZE) + 1;
+ if (!*mem) {
+ do {
+ *mem = malloc(batches * BATCH_SIZE);
+--
+2.1.4
+
do-not-start-without-lxcfs.patch
0001-uptime-fix-pid1-and-reaper_busy-times.patch
+0001-fix-missing-dereferencing-in-must_strcat_pid.patch
+0003-fix-leak-in-realloc-loop-in-must_strcat_pid.patch
+0004-cgfs-fix-dorealloc-s-batch-allocation.patch
projects / lxcfs.git / commitdiff