From: Wolfgang Bumiller Date: Mon, 4 Jul 2022 09:38:57 +0000 (+0200) Subject: pull in more fixes from master X-Git-Url: https://git.proxmox.com/?a=commitdiff_plain;h=35af27de3b8fb000421d1741817c96dc6cd912ad;p=lxc.git pull in more fixes from master Signed-off-by: Wolfgang Bumiller --- diff --git a/debian/patches/extra/0001-add-check-for-statvfs.patch b/debian/patches/extra/0001-add-check-for-statvfs.patch new file mode 100644 index 0000000..114a9fd --- /dev/null +++ b/debian/patches/extra/0001-add-check-for-statvfs.patch @@ -0,0 +1,44 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Wolfgang Bumiller +Date: Fri, 1 Jul 2022 11:09:15 +0200 +Subject: [PATCH] add check for statvfs + +we use HAVE_STATVFS in the code but with meson the check got +lost causing mount_entry to fail to remount some things such +as a bind mount of /dev/fuse via + + lxc.mount.entry = /dev/fuse dev/fuse none bind,create=file 0 0 + +which would cause the following log messages: + + DEBUG conf - ../src/lxc/conf.c:mount_entry:2416 - Remounting "/dev/fuse" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/fuse" to respect bind or remount options + ERROR conf - ../src/lxc/conf.c:mount_entry:2459 - Operation not permitted - Failed to mount "/dev/fuse" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/fuse" + +note that the `Flags for ... were ...` line is not showing +up there, which depends on HAVE_STATVFS + +Signed-off-by: Wolfgang Bumiller +--- + meson.build | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/meson.build b/meson.build +index 43362d37a..274511037 100644 +--- a/meson.build ++++ b/meson.build +@@ -493,6 +493,7 @@ foreach tuple: [ + ['sigdescr_np'], + ['signalfd'], + ['statx'], ++ ['statvfs'], + ['strlcat'], + ['strlcpy'], + ['unshare'], +@@ -622,6 +623,7 @@ foreach ident: [ + ['setns', '''#include '''], + ['sigdescr_np', '''#include '''], + ['signalfd', '''#include '''], ++ ['statvfs', '''#include '''], + ['statx', '''#include + #include + #include '''], diff --git a/debian/patches/extra/0002-Fix-off-by-one-error-constructing-mount-options.patch b/debian/patches/extra/0002-Fix-off-by-one-error-constructing-mount-options.patch new file mode 100644 index 0000000..0e518e3 --- /dev/null +++ b/debian/patches/extra/0002-Fix-off-by-one-error-constructing-mount-options.patch @@ -0,0 +1,25 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: srd424 +Date: Sun, 3 Jul 2022 10:21:30 +0100 +Subject: [PATCH] Fix off-by-one error constructing mount options + +This fixes a really subtle off-by-one error constructing overlay mount options if rootfs options are provided and modern overlayfs (i.e. requiring a workdir) is used. We need to allow for the extra "," required to separate the extra options when computing the length! + +Signed-off-by: srd424 +--- + src/lxc/storage/overlay.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/lxc/storage/overlay.c b/src/lxc/storage/overlay.c +index f8094fada..0c3fa1220 100644 +--- a/src/lxc/storage/overlay.c ++++ b/src/lxc/storage/overlay.c +@@ -445,7 +445,7 @@ int ovl_mount(struct lxc_storage *bdev) + upper, lower, mntdata); + + len2 = strlen(lower) + strlen(upper) + strlen(work) + +- strlen("upperdir=,lowerdir=,workdir=") + ++ strlen("upperdir=,lowerdir=,workdir=,") + + strlen(mntdata) + 1; + options_work = must_realloc(NULL, len2); + ret2 = snprintf(options, len2, diff --git a/debian/patches/extra/0003-Store-mount-options-in-correct-variable.patch b/debian/patches/extra/0003-Store-mount-options-in-correct-variable.patch new file mode 100644 index 0000000..200f367 --- /dev/null +++ b/debian/patches/extra/0003-Store-mount-options-in-correct-variable.patch @@ -0,0 +1,25 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: srd424 +Date: Sun, 3 Jul 2022 18:18:23 +0100 +Subject: [PATCH] Store mount options in correct variable + +This was exposed by the fix in the previous commit. + +Signed-off-by: srd424 +--- + src/lxc/storage/overlay.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/lxc/storage/overlay.c b/src/lxc/storage/overlay.c +index 0c3fa1220..f38f3a740 100644 +--- a/src/lxc/storage/overlay.c ++++ b/src/lxc/storage/overlay.c +@@ -448,7 +448,7 @@ int ovl_mount(struct lxc_storage *bdev) + strlen("upperdir=,lowerdir=,workdir=,") + + strlen(mntdata) + 1; + options_work = must_realloc(NULL, len2); +- ret2 = snprintf(options, len2, ++ ret2 = snprintf(options_work, len2, + "upperdir=%s,lowerdir=%s,workdir=%s,%s", upper, + lower, work, mntdata); + } else { diff --git a/debian/patches/extra/0004-Fix-uninitialized-read-in-parse_cap-when-libcap-is-n.patch b/debian/patches/extra/0004-Fix-uninitialized-read-in-parse_cap-when-libcap-is-n.patch new file mode 100644 index 0000000..0e13fcf --- /dev/null +++ b/debian/patches/extra/0004-Fix-uninitialized-read-in-parse_cap-when-libcap-is-n.patch @@ -0,0 +1,81 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Raphael Isemann +Date: Tue, 21 Jun 2022 13:10:40 +0200 +Subject: [PATCH] Fix uninitialized read in parse_cap when libcap is not used + +fuzz-lxc-cgroup-init currently fails for me with the input +``` + lxc.cap.keep=0 +``` + +with this report: + +``` +==640655==WARNING: MemorySanitizer: use-of-uninitialized-value + #0 0x833c77 in parse_cap /src/lxc/san_build/../src/lxc/conf.c:3161:6 + #1 0xaa5fd6 in add_cap_entry /src/lxc/san_build/../src/lxc/confile.c:2462:9 + #2 0x9eb69c in set_config_cap_keep /src/lxc/san_build/../src/lxc/confile.c:2503:8 + #3 0x974a76 in parse_line /src/lxc/san_build/../src/lxc/confile.c:3115:9 + #4 0xea8cac in lxc_file_for_each_line_mmap /src/lxc/san_build/../src/lxc/parse.c:123:9 + #5 0x9700a1 in lxc_config_read /src/lxc/san_build/../src/lxc/confile.c:3192:9 + #6 0x4a3b50 in LLVMFuzzerTestOneInput /src/lxc/san_build/../src/tests/fuzz-lxc-cgroup-init.c:40:8 + #7 0x10556e3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 + #8 0x1041372 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6 + #9 0x1046bbc in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:860:9 + #10 0x106f7b2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 + #11 0x7ffff7bc00b2 in __libc_start_main /build/glibc-sMfBJT/glibc-2.31/csu/../csu/libc-start.c:308:16 + #12 0x420a9d in _start (/home/fuzzer/oss-fuzz/build/out/lxc/fuzz-lxc-cgroup-init+0x420a9d) + + Uninitialized value was created by an allocation of 'last_cap' in the stack frame of function 'parse_cap' + #0 0x832e30 in parse_cap /src/lxc/san_build/../src/lxc/conf.c:3131 +``` + +The reason is that without libcap we parse_cap ends up comparing two +uninitialized values. See the snippet below: + +``` +int parse_cap(const char *cap_name, __u32 *cap) +{ + int ret; + unsigned int res; + __u32 last_cap; + + [...] + + ret = lxc_caps_last_cap(&last_cap); // NOTE: 1. Call here. + if (ret) // Not taken as dummy lxc_caps_last_cap returned 0. + return -1; + + if ((__u32)res > last_cap) // last_cap is uninitialized. + return -1; + + *cap = (__u32)res; + return 0; +} +``` + +Root cause seems to be that the dummy `lxc_caps_last_cap` returns 0 but +doesn't set the last_cap value. This patch just returns -1 as an error code +to avoid the uninitialized read. + +Note: When reproducing the bug you need to compile with O0 and *not* with O1 +otherwise you will not see the report. + +Signed-off-by: Raphael Isemann +--- + src/lxc/caps.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/lxc/caps.h b/src/lxc/caps.h +index fd1456b81..fbec1fdb5 100644 +--- a/src/lxc/caps.h ++++ b/src/lxc/caps.h +@@ -49,7 +49,7 @@ static inline int lxc_caps_init(void) + + static inline int lxc_caps_last_cap(__u32 *cap) + { +- return 0; ++ return -1; + } + + typedef int cap_value_t; diff --git a/debian/patches/extra/0005-meson-add-remaining-still-in-use-config-checks.patch b/debian/patches/extra/0005-meson-add-remaining-still-in-use-config-checks.patch new file mode 100644 index 0000000..e8a5788 --- /dev/null +++ b/debian/patches/extra/0005-meson-add-remaining-still-in-use-config-checks.patch @@ -0,0 +1,101 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Wolfgang Bumiller +Date: Mon, 4 Jul 2022 11:27:14 +0200 +Subject: [PATCH] meson: add remaining still-in-use config checks + +These are all still in use in the code but have not been +added to meson.build when switching over from autoconf. + +Signed-off-by: Wolfgang Bumiller +--- + meson.build | 31 ++++++++++++++++++++++++++----- + 1 file changed, 26 insertions(+), 5 deletions(-) + +diff --git a/meson.build b/meson.build +index 274511037..ebbd6b697 100644 +--- a/meson.build ++++ b/meson.build +@@ -375,6 +375,9 @@ if want_capabilities + if not libcap.found() + # Compat with Ubuntu 14.04 which ships libcap w/o .pc file + libcap = cc.find_library('cap', required: false) ++ else ++ have = cc.has_function('cap_get_file', dependencies: libcap, prefix: '#include ') ++ srcconf.set10('LIBCAP_SUPPORTS_FILE_CAPABILITIES', have) + endif + srcconf.set10('HAVE_LIBCAP', libcap.found()) + pkgconfig_libs += libcap +@@ -399,6 +402,8 @@ else + srcconf.set10('HAVE_STATIC_LIBCAP', false) + endif + ++libutil = cc.find_library('util', required: false) ++ + if want_oss_fuzz + srcconf.set10('FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION', true) + srcconf.set10('RUN_ON_OSS_FUZZ', true) +@@ -414,12 +419,21 @@ srcconf.set10('HAVE_PAM', pam.found()) + pkgconfig_libs += pam + + ## Others. ++have = cc.has_function('fmemopen', prefix: '#include ', args: '-D_GNU_SOURCE') ++srcconf.set10('HAVE_FMEMOPEN', have) ++ ++have_openpty = cc.has_function('openpty', dependencies: libutil, prefix: '#include ') ++srcconf.set10('HAVE_OPENPTY', have_openpty) ++ ++have = cc.has_function('pthread_setcancelstate', prefix: '#include ') ++srcconf.set10('HAVE_PTHREAD_SETCANCELSTATE', have) ++ ++have = cc.has_function('rand_r') ++srcconf.set10('HAVE_RAND_R', have) ++ + have = cc.has_function('strchrnul', prefix: '#include ', args: '-D_GNU_SOURCE') + srcconf.set10('HAVE_STRCHRNUL', have) + +-have = cc.has_function('openpty', prefix: '#include ', args: '-D_GNU_SOURCE') +-srcconf.set10('HAVE_OPENPTY', have) +- + have_func_strerror_r = cc.has_function('strerror_r', prefix: '#include ', args: '-D_GNU_SOURCE') + srcconf.set10('HAVE_STRERROR_R', have_func_strerror_r) + +@@ -520,16 +534,18 @@ decl_headers = ''' + #include + #include + #include +-#include ++#include + #include + #include ++#include + ''' + + foreach decl: [ + '__aligned_u64', ++ 'struct clone_args', + 'struct mount_attr', + 'struct open_how', +- 'struct clone_args', ++ 'struct rtnl_link_stats64', + ] + + # We get -1 if the size cannot be determined +@@ -549,6 +565,7 @@ foreach tuple: [ + ['__aligned_u64'], + ['struct mount_attr'], + ['struct open_how'], ++ ['struct rtnl_link_stats64'], + ] + + if tuple.length() >= 2 +@@ -751,6 +768,10 @@ if want_io_uring + liblxc_dependencies += [liburing] + endif + ++if have_openpty ++ liblxc_dependencies += [libutil] ++endif ++ + liblxc_link_whole = [liblxc_static] + + liblxc = shared_library( diff --git a/debian/patches/lxc/0001-add-check-for-statvfs.patch b/debian/patches/lxc/0001-add-check-for-statvfs.patch deleted file mode 100644 index 8900f86..0000000 --- a/debian/patches/lxc/0001-add-check-for-statvfs.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Wolfgang Bumiller -Date: Fri, 1 Jul 2022 11:09:15 +0200 -Subject: [PATCH lxc] add check for statvfs - -we use HAVE_STATVFS in the code but this was not added to -config.h - -Signed-off-by: Wolfgang Bumiller ---- - meson.build | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/meson.build b/meson.build -index 43362d37a..274511037 100644 ---- a/meson.build -+++ b/meson.build -@@ -493,6 +493,7 @@ foreach tuple: [ - ['sigdescr_np'], - ['signalfd'], - ['statx'], -+ ['statvfs'], - ['strlcat'], - ['strlcpy'], - ['unshare'], -@@ -622,6 +623,7 @@ foreach ident: [ - ['setns', '''#include '''], - ['sigdescr_np', '''#include '''], - ['signalfd', '''#include '''], -+ ['statvfs', '''#include '''], - ['statx', '''#include - #include - #include '''], diff --git a/debian/patches/series b/debian/patches/series index 16a3cb3..b5f1045 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,4 +1,8 @@ -lxc/0001-add-check-for-statvfs.patch +extra/0001-add-check-for-statvfs.patch +extra/0002-Fix-off-by-one-error-constructing-mount-options.patch +extra/0003-Store-mount-options-in-correct-variable.patch +extra/0004-Fix-uninitialized-read-in-parse_cap-when-libcap-is-n.patch +extra/0005-meson-add-remaining-still-in-use-config-checks.patch pve/0001-PVE-Config-lxc.service-start-after-a-potential-syslo.patch pve/0002-PVE-Config-deny-rw-mounting-of-sys-and-proc.patch pve/0003-PVE-Config-attach-always-use-getent.patch