diff --git a/SOURCES/autofs-5.1.7-fix-concat_options-error-handling.patch b/SOURCES/autofs-5.1.7-fix-concat_options-error-handling.patch new file mode 100644 index 0000000..f1aedc3 --- /dev/null +++ b/SOURCES/autofs-5.1.7-fix-concat_options-error-handling.patch @@ -0,0 +1,120 @@ +autofs-5.1.7 - fix concat_options() error handling + +From: Ian Kent + +There's a possibility of a memory leak in the mount options processing +when calling concat_options() in parse_mount() of the Sun format map +entry parsing. + +There's also a case in do_init() of the Sun map format parsing where +a previously freed value is used in a logging statement without being +set to MULL. + +So ensure concat_options() always frees it's arguments so that the +handling can be consistent in all places. + +Signed-off-by: Ian Kent +--- + CHANGELOG | 1 + + modules/parse_sun.c | 24 +++++++++++------------- + 2 files changed, 12 insertions(+), 13 deletions(-) + +--- autofs-5.1.4.orig/CHANGELOG ++++ autofs-5.1.4/CHANGELOG +@@ -102,6 +102,7 @@ + - fix hosts map deadlock on restart. + - fix deadlock with hosts map reload. + - fix memory leak in update_hosts_mounts(). ++- fix concat_options() error handling. + + xx/xx/2018 autofs-5.1.5 + - fix flag file permission. +--- autofs-5.1.4.orig/modules/parse_sun.c ++++ autofs-5.1.4/modules/parse_sun.c +@@ -380,7 +380,8 @@ static int do_init(int argc, const char + if (!tmp) { + char *estr = strerror_r(errno, buf, MAX_ERR_BUF); + logerr(MODPREFIX "concat_options: %s", estr); +- free(gbl_options); ++ /* freed in concat_options */ ++ ctxt->optstr = NULL; + } else + ctxt->optstr = tmp; + } else { +@@ -492,12 +493,16 @@ static char *concat_options(char *left, + char *ret; + + if (left == NULL || *left == '\0') { ++ if (!right || *right == '\0') ++ return NULL; + ret = strdup(right); + free(right); + return ret; + } + + if (right == NULL || *right == '\0') { ++ if (left == NULL || *left == '\0') ++ return NULL; + ret = strdup(left); + free(left); + return ret; +@@ -508,6 +513,8 @@ static char *concat_options(char *left, + if (ret == NULL) { + char *estr = strerror_r(errno, buf, MAX_ERR_BUF); + logerr(MODPREFIX "malloc: %s", estr); ++ free(left); ++ free(right); + return NULL; + } + +@@ -988,14 +995,13 @@ static int parse_mapent(const char *ent, + if (newopt && strstr(newopt, myoptions)) { + free(myoptions); + myoptions = newopt; +- } else { ++ } else if (newopt) { + tmp = concat_options(myoptions, newopt); + if (!tmp) { + char *estr; + estr = strerror_r(errno, buf, MAX_ERR_BUF); + error(logopt, MODPREFIX + "concat_options: %s", estr); +- free(myoptions); + return 0; + } + myoptions = tmp; +@@ -1363,16 +1369,12 @@ dont_expand: + if (mnt_options && noptions && strstr(noptions, mnt_options)) { + free(mnt_options); + mnt_options = noptions; +- } else { ++ } else if (noptions) { + tmp = concat_options(mnt_options, noptions); + if (!tmp) { + char *estr = strerror_r(errno, buf, MAX_ERR_BUF); + error(ap->logopt, + MODPREFIX "concat_options: %s", estr); +- if (noptions) +- free(noptions); +- if (mnt_options) +- free(mnt_options); + free(options); + free(pmapent); + return 1; +@@ -1392,15 +1394,11 @@ dont_expand: + if (options && mnt_options && strstr(mnt_options, options)) { + free(options); + options = mnt_options; +- } else { ++ } else if (mnt_options) { + tmp = concat_options(options, mnt_options); + if (!tmp) { + char *estr = strerror_r(errno, buf, MAX_ERR_BUF); + error(ap->logopt, MODPREFIX "concat_options: %s", estr); +- if (options) +- free(options); +- if (mnt_options) +- free(mnt_options); + free(pmapent); + return 1; + } diff --git a/SOURCES/autofs-5.1.8-coverity-fix-for-invalid-access.patch b/SOURCES/autofs-5.1.8-coverity-fix-for-invalid-access.patch new file mode 100644 index 0000000..0c93d92 --- /dev/null +++ b/SOURCES/autofs-5.1.8-coverity-fix-for-invalid-access.patch @@ -0,0 +1,32 @@ +autofs-5.1.8 - coverity fix for invalid access + +From: Ian Kent + +Fix invalid access in modules/parse_amd.c:do_host_mount(). + +Signed-off-by: Ian Kent +--- + CHANGELOG | 1 + + modules/parse_amd.c | 1 - + 2 files changed, 1 insertion(+), 1 deletion(-) + +--- autofs-5.1.4.orig/CHANGELOG ++++ autofs-5.1.4/CHANGELOG +@@ -98,6 +98,7 @@ + - fix invalid tsv access. + - fix parse module instance mutex naming. + - serialise lookup module open and reinit. ++- coverity fix for invalid access. + + xx/xx/2018 autofs-5.1.5 + - fix flag file permission. +--- autofs-5.1.4.orig/modules/parse_amd.c ++++ autofs-5.1.4/modules/parse_amd.c +@@ -1366,7 +1366,6 @@ static int do_host_mount(struct autofs_p + if (!instance) { + error(ap->logopt, MODPREFIX + "failed to create source instance for hosts map"); +- close_lookup(lookup); + goto out; + } + } diff --git a/SOURCES/autofs-5.1.8-fix-deadlock-with-hosts-map-reload.patch b/SOURCES/autofs-5.1.8-fix-deadlock-with-hosts-map-reload.patch new file mode 100644 index 0000000..eacd1ea --- /dev/null +++ b/SOURCES/autofs-5.1.8-fix-deadlock-with-hosts-map-reload.patch @@ -0,0 +1,169 @@ +autofs-5.1.8 - fix deadlock with hosts map reload + +From: Ian Kent + +When reloading maps the hosts map calls lookup method ->parse_mount() +for each multi-mount root entry in the map (each host) while holding +the cache read lock which leads to a cache lock deadlock. + +Remove the need to hold the cache read lock by creating an independent +list of entries for the update so the lock doesn't need to be taken. + +Signed-off-by: Ian Kent +--- + CHANGELOG | 1 + modules/lookup_hosts.c | 100 ++++++++++++++++++++++++++++++++++++++++--------- + 2 files changed, 83 insertions(+), 18 deletions(-) + +--- autofs-5.1.4.orig/CHANGELOG ++++ autofs-5.1.4/CHANGELOG +@@ -100,6 +100,7 @@ + - serialise lookup module open and reinit. + - coverity fix for invalid access. + - fix hosts map deadlock on restart. ++- fix deadlock with hosts map reload. + + xx/xx/2018 autofs-5.1.5 + - fix flag file permission. +--- autofs-5.1.4.orig/modules/lookup_hosts.c ++++ autofs-5.1.4/modules/lookup_hosts.c +@@ -201,10 +201,72 @@ static int do_parse_mount(struct autofs_ + return NSS_STATUS_SUCCESS; + } + ++struct update_context { ++ char *key; ++ int key_len; ++ char *entry; ++ struct update_context *next; ++}; ++ ++static int add_update_entry(struct update_context **entries, struct mapent *me) ++{ ++ struct update_context *upd; ++ char *key, *ent; ++ ++ key = strdup(me->key); ++ if (!key) ++ return 0; ++ ++ ent = strdup(me->mapent); ++ if (!ent) { ++ free(key); ++ return 0; ++ } ++ ++ upd = malloc(sizeof(struct update_context)); ++ if (!upd) { ++ free(ent); ++ free(key); ++ return 0; ++ } ++ ++ upd->key = key; ++ upd->key_len = me->len; ++ upd->entry = ent; ++ upd->next = NULL; ++ if (*entries) ++ (*entries)->next = upd; ++ *entries = upd; ++ ++ return 1; ++} ++ ++static void free_update_entries(struct update_context *entries) ++{ ++ struct update_context *this = entries; ++ ++ while (this) { ++ struct update_context *next = this->next; ++ free(this->key); ++ free(this->entry); ++ free(this); ++ this = next; ++ } ++} ++ ++void entries_cleanup(void *arg) ++{ ++ struct update_context *entries = arg; ++ ++ free_update_entries(entries); ++} ++ + static void update_hosts_mounts(struct autofs_point *ap, + struct map_source *source, time_t age, + struct lookup_context *ctxt) + { ++ struct update_context *head = NULL; ++ struct update_context *entries = NULL; + struct mapent_cache *mc; + struct mapent *me; + char *mapent; +@@ -212,6 +274,8 @@ static void update_hosts_mounts(struct a + + mc = source->mc; + ++ pthread_cleanup_push(entries_cleanup, head); ++ + pthread_cleanup_push(cache_lock_cleanup, mc); + cache_writelock(mc); + me = cache_lookup_first(mc); +@@ -224,39 +288,39 @@ static void update_hosts_mounts(struct a + + mapent = get_exports(ap, me->key); + if (mapent) { +- cache_update(mc, source, me->key, mapent, age); ++ int ret; ++ ++ ret = cache_update(mc, source, me->key, mapent, age); + free(mapent); ++ if (!IS_MM_ROOT(me)) ++ goto next; ++ if (ret != CHE_FAIL) { ++ if (!add_update_entry(&entries, me)) ++ warn(ap->logopt, MODPREFIX ++ "failed to add update entry for %s", me->key); ++ else if (!head) ++ head = entries; ++ } + } + next: + me = cache_lookup_next(mc, me); + } + pthread_cleanup_pop(1); + +- pthread_cleanup_push(cache_lock_cleanup, mc); +- cache_readlock(mc); +- me = cache_lookup_first(mc); +- while (me) { +- /* +- * Hosts map entry not yet expanded, already expired +- * or not the base of the tree +- */ +- if (!IS_MM(me) || !IS_MM_ROOT(me)) +- goto cont; +- ++ while (head) { + debug(ap->logopt, MODPREFIX +- "attempt to update exports for %s", me->key); ++ "attempt to update exports for %s", head->key); + + master_source_current_wait(ap->entry); + ap->entry->current = source; + ap->flags |= MOUNT_FLAG_REMOUNT; +- ret = ctxt->parse->parse_mount(ap, me->key, strlen(me->key), +- me->mapent, ctxt->parse->context); ++ ret = ctxt->parse->parse_mount(ap, head->key, strlen(head->key), ++ head->entry, ctxt->parse->context); + if (ret) + warn(ap->logopt, MODPREFIX +- "failed to parse mount %s", me->mapent); ++ "failed to parse mount %s", head->entry); + ap->flags &= ~MOUNT_FLAG_REMOUNT; +-cont: +- me = cache_lookup_next(mc, me); ++ head = head->next; + } + pthread_cleanup_pop(1); + } diff --git a/SOURCES/autofs-5.1.8-fix-hosts-map-deadlock-on-restart.patch b/SOURCES/autofs-5.1.8-fix-hosts-map-deadlock-on-restart.patch new file mode 100644 index 0000000..29498e3 --- /dev/null +++ b/SOURCES/autofs-5.1.8-fix-hosts-map-deadlock-on-restart.patch @@ -0,0 +1,97 @@ +autofs-5.1.8 - fix hosts map deadlock on restart + +From: Ian Kent + +When starting automount(8) with a hosts map that has mounts that were +in use at the last exit a deadlock can occur. + +In this case automount(8) will perform the same steps but not actually +perform the mount to re-construct the context of each mount. But, with +the hosts map, that leads to calling back into the sun parse module +while holding the map module read lock which will again try and take +the write lock. + +Fix this by only taking the write lock in the mount code path if the +module handle has not already been opened. + +Signed-off-by: Ian Kent +--- + CHANGELOG | 1 + + daemon/lookup.c | 22 ++++++++++++---------- + modules/parse_amd.c | 18 ++++++++++-------- + 3 files changed, 23 insertions(+), 18 deletions(-) + +--- autofs-5.1.4.orig/CHANGELOG ++++ autofs-5.1.4/CHANGELOG +@@ -99,6 +99,7 @@ + - fix parse module instance mutex naming. + - serialise lookup module open and reinit. + - coverity fix for invalid access. ++- fix hosts map deadlock on restart. + + xx/xx/2018 autofs-5.1.5 + - fix flag file permission. +--- autofs-5.1.4.orig/daemon/lookup.c ++++ autofs-5.1.4/daemon/lookup.c +@@ -815,19 +815,21 @@ int do_lookup_mount(struct autofs_point + struct lookup_mod *lookup; + int status; + +- map_module_writelock(map); + if (!map->lookup) { +- status = open_lookup(map->type, "", +- map->format, map->argc, map->argv, &lookup); +- if (status != NSS_STATUS_SUCCESS) { +- map_module_unlock(map); +- debug(ap->logopt, +- "lookup module %s open failed", map->type); +- return status; ++ map_module_writelock(map); ++ if (!map->lookup) { ++ status = open_lookup(map->type, "", ++ map->format, map->argc, map->argv, &lookup); ++ if (status != NSS_STATUS_SUCCESS) { ++ map_module_unlock(map); ++ debug(ap->logopt, ++ "lookup module %s open failed", map->type); ++ return status; ++ } ++ map->lookup = lookup; + } +- map->lookup = lookup; ++ map_module_unlock(map); + } +- map_module_unlock(map); + + master_source_current_wait(ap->entry); + ap->entry->current = map; +--- autofs-5.1.4.orig/modules/parse_amd.c ++++ autofs-5.1.4/modules/parse_amd.c +@@ -1370,17 +1370,19 @@ static int do_host_mount(struct autofs_p + } + } + +- map_module_writelock(instance); + if (!instance->lookup) { +- status = open_lookup("hosts", MODPREFIX, NULL, argc, pargv, &lookup); +- if (status != NSS_STATUS_SUCCESS) { +- map_module_unlock(instance); +- debug(ap->logopt, "open lookup module hosts failed"); +- goto out; ++ map_module_writelock(instance); ++ if (!instance->lookup) { ++ status = open_lookup("hosts", MODPREFIX, NULL, argc, pargv, &lookup); ++ if (status != NSS_STATUS_SUCCESS) { ++ map_module_unlock(instance); ++ debug(ap->logopt, "open lookup module hosts failed"); ++ goto out; ++ } ++ instance->lookup = lookup; + } +- instance->lookup = lookup; ++ map_module_unlock(instance); + } +- map_module_unlock(instance); + + cache_writelock(source->mc); + me = cache_lookup_distinct(source->mc, name); diff --git a/SOURCES/autofs-5.1.8-fix-incorrect-path-for-is_mounted-in-try_remount.patch b/SOURCES/autofs-5.1.8-fix-incorrect-path-for-is_mounted-in-try_remount.patch new file mode 100644 index 0000000..4e0d648 --- /dev/null +++ b/SOURCES/autofs-5.1.8-fix-incorrect-path-for-is_mounted-in-try_remount.patch @@ -0,0 +1,63 @@ +autofs-5.1.8 - fix incorrect path for is_mounted() in try_remount() + +From: Ian Kent + +A regression was introduced when the offset mount handling was rewritten. + +It resulted in an incorrect path sometimes being used in an is_mounted() +check. + +Signed-off-by: Ian Kent +--- + CHANGELOG | 1 + + lib/mounts.c | 26 +++++++++++++++++++++----- + 2 files changed, 22 insertions(+), 5 deletions(-) + +--- autofs-5.1.4.orig/CHANGELOG ++++ autofs-5.1.4/CHANGELOG +@@ -104,6 +104,7 @@ + - fix memory leak in update_hosts_mounts(). + - fix concat_options() error handling. + - fix minus only option handling in concat_options(). ++- fix incorrect path for is_mounted() in try_remount(). + + xx/xx/2018 autofs-5.1.5 + - fix flag file permission. +--- autofs-5.1.4.orig/lib/mounts.c ++++ autofs-5.1.4/lib/mounts.c +@@ -2803,14 +2803,30 @@ int try_remount(struct autofs_point *ap, + ap->flags &= ~MOUNT_FLAG_DIR_CREATED; + else + ap->flags |= MOUNT_FLAG_DIR_CREATED; ++ goto done; ++ } ++ ++ me->flags &= ~MOUNT_FLAG_DIR_CREATED; ++ /* Direct or offset mount, key is full path */ ++ if (MM_PARENT(me)->key[0] == '/') { ++ if (!is_mounted(MM_PARENT(me)->key, MNTS_REAL)) ++ me->flags |= MOUNT_FLAG_DIR_CREATED; + } else { +- me->flags &= ~MOUNT_FLAG_DIR_CREATED; +- if (type == t_offset) { +- if (!is_mounted(MM_PARENT(me)->key, MNTS_REAL)) +- me->flags |= MOUNT_FLAG_DIR_CREATED; ++ char *p_key = MM_PARENT(me)->key; ++ char mp[PATH_MAX + 1]; ++ int len; ++ ++ len = mount_fullpath(mp, PATH_MAX, ap->path, ap->len, p_key); ++ if (len > PATH_MAX) { ++ /* This should never happen due to earlier checks */ ++ error(ap->logopt, "mountpoint path too long"); ++ return 0; + } +- } + ++ if (!is_mounted(mp, MNTS_REAL)) ++ me->flags |= MOUNT_FLAG_DIR_CREATED; ++ } ++done: + /* + * Either we opened the mount or we're re-reading the map. + * If we opened the mount and ioctlfd is not -1 we have diff --git a/SOURCES/autofs-5.1.8-fix-memory-leak-in-update_hosts_mounts.patch b/SOURCES/autofs-5.1.8-fix-memory-leak-in-update_hosts_mounts.patch new file mode 100644 index 0000000..2f1e912 --- /dev/null +++ b/SOURCES/autofs-5.1.8-fix-memory-leak-in-update_hosts_mounts.patch @@ -0,0 +1,53 @@ +autofs-5.1.8 - fix memory leak in update_hosts_mounts() + +From: Ian Kent + +Coverity has reported a memory leak in update_hosts_mounts() introduced +by the map reload deadlock fix. + +Signed-off-by: Ian Kent +--- + CHANGELOG | 1 + + modules/lookup_hosts.c | 13 +++++++------ + 2 files changed, 8 insertions(+), 6 deletions(-) + +--- autofs-5.1.4.orig/CHANGELOG ++++ autofs-5.1.4/CHANGELOG +@@ -101,6 +101,7 @@ + - coverity fix for invalid access. + - fix hosts map deadlock on restart. + - fix deadlock with hosts map reload. ++- fix memory leak in update_hosts_mounts(). + + xx/xx/2018 autofs-5.1.5 + - fix flag file permission. +--- autofs-5.1.4.orig/modules/lookup_hosts.c ++++ autofs-5.1.4/modules/lookup_hosts.c +@@ -307,20 +307,21 @@ next: + } + pthread_cleanup_pop(1); + +- while (head) { ++ entries = head; ++ while (entries) { + debug(ap->logopt, MODPREFIX +- "attempt to update exports for %s", head->key); ++ "attempt to update exports for %s", entries->key); + + master_source_current_wait(ap->entry); + ap->entry->current = source; + ap->flags |= MOUNT_FLAG_REMOUNT; +- ret = ctxt->parse->parse_mount(ap, head->key, strlen(head->key), +- head->entry, ctxt->parse->context); ++ ret = ctxt->parse->parse_mount(ap, entries->key, strlen(entries->key), ++ entries->entry, ctxt->parse->context); + if (ret) + warn(ap->logopt, MODPREFIX +- "failed to parse mount %s", head->entry); ++ "failed to parse mount %s", entries->entry); + ap->flags &= ~MOUNT_FLAG_REMOUNT; +- head = head->next; ++ entries = entries->next; + } + pthread_cleanup_pop(1); + } diff --git a/SOURCES/autofs-5.1.8-fix-minus-only-option-handling-in-concat_options.patch b/SOURCES/autofs-5.1.8-fix-minus-only-option-handling-in-concat_options.patch new file mode 100644 index 0000000..ca0bc88 --- /dev/null +++ b/SOURCES/autofs-5.1.8-fix-minus-only-option-handling-in-concat_options.patch @@ -0,0 +1,88 @@ +autofs-5.1.8 - fix minus only option handling in concat_options() + +From: Ian Kent + +While a '-' alone isn't strictly valid it hadn't previously cuased a +parse error. So commit 9047e91ffa69 (autofs-5.1.7 - fix concat_options() +error handling) introduced a regression by no longer allowing this. + +Fix this regression by only failing if errno is set to a non-zero value +on return from concat_options() as well as returning NULL. + +Fixes: 9047e91ffa69 (autofs-5.1.7 - fix concat_options() error handling) +Signed-off-by: Ian Kent +--- + CHANGELOG | 1 + + modules/parse_sun.c | 25 +++++++++++++++++++------ + 2 files changed, 20 insertions(+), 6 deletions(-) + +--- autofs-5.1.4.orig/CHANGELOG ++++ autofs-5.1.4/CHANGELOG +@@ -103,6 +103,7 @@ + - fix deadlock with hosts map reload. + - fix memory leak in update_hosts_mounts(). + - fix concat_options() error handling. ++- fix minus only option handling in concat_options(). + + xx/xx/2018 autofs-5.1.5 + - fix flag file permission. +--- autofs-5.1.4.orig/modules/parse_sun.c ++++ autofs-5.1.4/modules/parse_sun.c +@@ -376,10 +376,16 @@ static int do_init(int argc, const char + if (gbl_options) { + append_options = defaults_get_append_options(); + if (append_options) { +- char *tmp = concat_options(gbl_options, ctxt->optstr); ++ char *tmp; ++ ++ errno = 0; ++ tmp = concat_options(gbl_options, ctxt->optstr); + if (!tmp) { +- char *estr = strerror_r(errno, buf, MAX_ERR_BUF); +- logerr(MODPREFIX "concat_options: %s", estr); ++ /* Ignore non-error NULL return */ ++ if (errno) { ++ char *estr = strerror_r(errno, buf, MAX_ERR_BUF); ++ logerr(MODPREFIX "concat_options: %s", estr); ++ } + /* freed in concat_options */ + ctxt->optstr = NULL; + } else +@@ -996,9 +1002,12 @@ static int parse_mapent(const char *ent, + free(myoptions); + myoptions = newopt; + } else if (newopt) { ++ errno = 0; + tmp = concat_options(myoptions, newopt); +- if (!tmp) { ++ /* Ignore non-error NULL return */ ++ if (!tmp && errno) { + char *estr; ++ + estr = strerror_r(errno, buf, MAX_ERR_BUF); + error(logopt, MODPREFIX + "concat_options: %s", estr); +@@ -1370,8 +1379,10 @@ dont_expand: + free(mnt_options); + mnt_options = noptions; + } else if (noptions) { ++ errno = 0; + tmp = concat_options(mnt_options, noptions); +- if (!tmp) { ++ /* Ignore non-error NULL return */ ++ if (!tmp && errno) { + char *estr = strerror_r(errno, buf, MAX_ERR_BUF); + error(ap->logopt, + MODPREFIX "concat_options: %s", estr); +@@ -1395,8 +1406,10 @@ dont_expand: + free(options); + options = mnt_options; + } else if (mnt_options) { ++ errno = 0; + tmp = concat_options(options, mnt_options); +- if (!tmp) { ++ /* Ignore non-error NULL return */ ++ if (!tmp && errno) { + char *estr = strerror_r(errno, buf, MAX_ERR_BUF); + error(ap->logopt, MODPREFIX "concat_options: %s", estr); + free(pmapent); diff --git a/SOURCES/autofs-5.1.8-fix-parse-module-instance-mutex-naming.patch b/SOURCES/autofs-5.1.8-fix-parse-module-instance-mutex-naming.patch new file mode 100644 index 0000000..6e1de50 --- /dev/null +++ b/SOURCES/autofs-5.1.8-fix-parse-module-instance-mutex-naming.patch @@ -0,0 +1,183 @@ +autofs-5.1.8 - fix parse module instance mutex naming + +From: Ian Kent + +The naming used for parse module instance locks is the same as that +used for map lookup instances. Rename these to make it clear they +are being used in the parse modules. + +Signed-off-by: Ian Kent +--- + CHANGELOG | 1 + + modules/parse_amd.c | 28 ++++++++++++++-------------- + modules/parse_sun.c | 20 ++++++++++---------- + 3 files changed, 25 insertions(+), 24 deletions(-) + +--- autofs-5.1.4.orig/CHANGELOG ++++ autofs-5.1.4/CHANGELOG +@@ -96,6 +96,7 @@ + - fix handling of incorrect return from umount_ent(). + - dont use initgroups() at spawn. + - fix invalid tsv access. ++- fix parse module instance mutex naming. + + xx/xx/2018 autofs-5.1.5 + - fix flag file permission. +--- autofs-5.1.4.orig/modules/parse_amd.c ++++ autofs-5.1.4/modules/parse_amd.c +@@ -39,18 +39,18 @@ int parse_version = AUTOFS_PARSE_VERSION + + static struct mount_mod *mount_nfs = NULL; + static int init_ctr = 0; +-static pthread_mutex_t instance_mutex = PTHREAD_MUTEX_INITIALIZER; ++static pthread_mutex_t parse_instance_mutex = PTHREAD_MUTEX_INITIALIZER; + +-static void instance_mutex_lock(void) ++static void parse_instance_mutex_lock(void) + { +- int status = pthread_mutex_lock(&instance_mutex); ++ int status = pthread_mutex_lock(&parse_instance_mutex); + if (status) + fatal(status); + } + +-static void instance_mutex_unlock(void) ++static void parse_instance_mutex_unlock(void) + { +- int status = pthread_mutex_unlock(&instance_mutex); ++ int status = pthread_mutex_unlock(&parse_instance_mutex); + if (status) + fatal(status); + } +@@ -112,7 +112,7 @@ int parse_init(int argc, const char *con + + /* We only need this once. NFS mounts are so common that we cache + this module. */ +- instance_mutex_lock(); ++ parse_instance_mutex_lock(); + if (mount_nfs) + init_ctr++; + else { +@@ -121,11 +121,11 @@ int parse_init(int argc, const char *con + } else { + kill_context(ctxt); + *context = NULL; +- instance_mutex_unlock(); ++ parse_instance_mutex_unlock(); + return 1; + } + } +- instance_mutex_unlock(); ++ parse_instance_mutex_unlock(); + + return 0; + } +@@ -1358,11 +1358,11 @@ static int do_host_mount(struct autofs_p + argc = 1; + } + +- instance_mutex_lock(); ++ parse_instance_mutex_lock(); + status = open_lookup("hosts", MODPREFIX, NULL, argc, pargv, &lookup); + if (status != NSS_STATUS_SUCCESS) { + debug(ap->logopt, "open lookup module hosts failed"); +- instance_mutex_unlock(); ++ parse_instance_mutex_unlock(); + goto out; + } + +@@ -1374,13 +1374,13 @@ static int do_host_mount(struct autofs_p + if (!instance) { + error(ap->logopt, MODPREFIX + "failed to create source instance for hosts map"); +- instance_mutex_unlock(); ++ parse_instance_mutex_unlock(); + close_lookup(lookup); + goto out; + } + } + instance->lookup = lookup; +- instance_mutex_unlock(); ++ parse_instance_mutex_unlock(); + + cache_writelock(source->mc); + me = cache_lookup_distinct(source->mc, name); +@@ -2373,12 +2373,12 @@ int parse_done(void *context) + int rv = 0; + struct parse_context *ctxt = (struct parse_context *) context; + +- instance_mutex_lock(); ++ parse_instance_mutex_lock(); + if (--init_ctr == 0) { + rv = close_mount(mount_nfs); + mount_nfs = NULL; + } +- instance_mutex_unlock(); ++ parse_instance_mutex_unlock(); + if (ctxt) + kill_context(ctxt); + +--- autofs-5.1.4.orig/modules/parse_sun.c ++++ autofs-5.1.4/modules/parse_sun.c +@@ -41,18 +41,18 @@ int parse_version = AUTOFS_PARSE_VERSION + + static struct mount_mod *mount_nfs = NULL; + static int init_ctr = 0; +-static pthread_mutex_t instance_mutex = PTHREAD_MUTEX_INITIALIZER; ++static pthread_mutex_t parse_instance_mutex = PTHREAD_MUTEX_INITIALIZER; + +-static void instance_mutex_lock(void) ++static void parse_instance_mutex_lock(void) + { +- int status = pthread_mutex_lock(&instance_mutex); ++ int status = pthread_mutex_lock(&parse_instance_mutex); + if (status) + fatal(status); + } + +-static void instance_mutex_unlock(void) ++static void parse_instance_mutex_unlock(void) + { +- int status = pthread_mutex_unlock(&instance_mutex); ++ int status = pthread_mutex_unlock(&parse_instance_mutex); + if (status) + fatal(status); + } +@@ -423,7 +423,7 @@ int parse_init(int argc, const char *con + + /* We only need this once. NFS mounts are so common that we cache + this module. */ +- instance_mutex_lock(); ++ parse_instance_mutex_lock(); + if (mount_nfs) + init_ctr++; + else { +@@ -431,11 +431,11 @@ int parse_init(int argc, const char *con + init_ctr++; + } else { + kill_context(ctxt); +- instance_mutex_unlock(); ++ parse_instance_mutex_unlock(); + return 1; + } + } +- instance_mutex_unlock(); ++ parse_instance_mutex_unlock(); + + *context = (void *) ctxt; + +@@ -1719,12 +1719,12 @@ int parse_done(void *context) + int rv = 0; + struct parse_context *ctxt = (struct parse_context *) context; + +- instance_mutex_lock(); ++ parse_instance_mutex_lock(); + if (--init_ctr == 0) { + rv = close_mount(mount_nfs); + mount_nfs = NULL; + } +- instance_mutex_unlock(); ++ parse_instance_mutex_unlock(); + if (ctxt) + kill_context(ctxt); + diff --git a/SOURCES/autofs-5.1.8-serialise-lookup-module-open-and-reinit.patch b/SOURCES/autofs-5.1.8-serialise-lookup-module-open-and-reinit.patch new file mode 100644 index 0000000..cba13c3 --- /dev/null +++ b/SOURCES/autofs-5.1.8-serialise-lookup-module-open-and-reinit.patch @@ -0,0 +1,272 @@ +autofs-5.1.8 - serialise lookup module open and reinit + +From: Ian Kent + +Add a map source lock to serialise map setting and use of module +structure fields such as the context. + +Signed-off-by: Ian Kent +--- + CHANGELOG | 1 + + daemon/lookup.c | 35 +++++++++++++++++++++-------------- + daemon/master.c | 43 +++++++++++++++++++++++++++++++++++++++++++ + include/master.h | 5 +++++ + modules/parse_amd.c | 26 +++++++++++++++----------- + 5 files changed, 85 insertions(+), 25 deletions(-) + +--- autofs-5.1.4.orig/CHANGELOG ++++ autofs-5.1.4/CHANGELOG +@@ -97,6 +97,7 @@ + - dont use initgroups() at spawn. + - fix invalid tsv access. + - fix parse module instance mutex naming. ++- serialise lookup module open and reinit. + + xx/xx/2018 autofs-5.1.5 + - fix flag file permission. +--- autofs-5.1.4.orig/daemon/lookup.c ++++ autofs-5.1.4/daemon/lookup.c +@@ -318,28 +318,27 @@ static int do_read_map(struct autofs_poi + struct lookup_mod *lookup; + int status; + +- lookup = NULL; +- master_source_writelock(ap->entry); ++ pthread_cleanup_push(map_module_lock_cleanup, map); ++ map_module_writelock(map); + if (!map->lookup) { + status = open_lookup(map->type, "", map->format, + map->argc, map->argv, &lookup); +- if (status != NSS_STATUS_SUCCESS) { +- master_source_unlock(ap->entry); ++ if (status == NSS_STATUS_SUCCESS) ++ map->lookup = lookup; ++ else + debug(ap->logopt, + "lookup module %s open failed", map->type); +- return status; +- } +- map->lookup = lookup; + } else { +- lookup = map->lookup; +- status = lookup->lookup_reinit(map->format, +- map->argc, map->argv, +- &lookup->context); ++ status = map->lookup->lookup_reinit(map->format, ++ map->argc, map->argv, ++ &map->lookup->context); + if (status) + warn(ap->logopt, + "lookup module %s reinit failed", map->type); + } +- master_source_unlock(ap->entry); ++ pthread_cleanup_pop(1); ++ if (status != NSS_STATUS_SUCCESS) ++ return status; + + if (!map->stale) + return NSS_STATUS_SUCCESS; +@@ -347,7 +346,11 @@ static int do_read_map(struct autofs_poi + master_source_current_wait(ap->entry); + ap->entry->current = map; + ++ pthread_cleanup_push(map_module_lock_cleanup, map); ++ map_module_readlock(map); ++ lookup = map->lookup; + status = lookup->lookup_read_map(ap, age, lookup->context); ++ pthread_cleanup_pop(1); + + if (status != NSS_STATUS_SUCCESS) + map->stale = 0; +@@ -812,23 +815,27 @@ int do_lookup_mount(struct autofs_point + struct lookup_mod *lookup; + int status; + ++ map_module_writelock(map); + if (!map->lookup) { + status = open_lookup(map->type, "", + map->format, map->argc, map->argv, &lookup); + if (status != NSS_STATUS_SUCCESS) { ++ map_module_unlock(map); + debug(ap->logopt, + "lookup module %s open failed", map->type); + return status; + } + map->lookup = lookup; + } +- +- lookup = map->lookup; ++ map_module_unlock(map); + + master_source_current_wait(ap->entry); + ap->entry->current = map; + ++ map_module_readlock(map); ++ lookup = map->lookup; + status = lookup->lookup_mount(ap, name, name_len, lookup->context); ++ map_module_unlock(map); + + return status; + } +--- autofs-5.1.4.orig/daemon/master.c ++++ autofs-5.1.4/daemon/master.c +@@ -65,6 +65,34 @@ void master_mutex_lock_cleanup(void *arg + return; + } + ++void map_module_writelock(struct map_source *map) ++{ ++ int status = pthread_rwlock_wrlock(&map->module_lock); ++ if (status) ++ fatal(status); ++} ++ ++void map_module_readlock(struct map_source *map) ++{ ++ int status = pthread_rwlock_rdlock(&map->module_lock); ++ if (status) ++ fatal(status); ++} ++ ++void map_module_unlock(struct map_source *map) ++{ ++ int status = pthread_rwlock_unlock(&map->module_lock); ++ if (status) ++ fatal(status); ++} ++ ++void map_module_lock_cleanup(void *arg) ++{ ++ struct map_source *map = (struct map_source *) arg; ++ ++ map_module_unlock(map); ++} ++ + int master_add_autofs_point(struct master_mapent *entry, unsigned logopt, + unsigned nobind, unsigned ghost, int submount) + { +@@ -155,6 +183,7 @@ master_add_map_source(struct master_mape + struct map_source *source; + char *ntype, *nformat; + const char **tmpargv; ++ int status; + + source = malloc(sizeof(struct map_source)); + if (!source) +@@ -241,6 +270,10 @@ master_add_map_source(struct master_mape + + master_source_unlock(entry); + ++ status = pthread_rwlock_init(&source->module_lock, NULL); ++ if (status) ++ fatal(status); ++ + return source; + } + +@@ -330,6 +363,8 @@ master_get_map_source(struct master_mape + + static void __master_free_map_source(struct map_source *source, unsigned int free_cache) + { ++ int status; ++ + /* instance map sources are not ref counted */ + if (source->ref && --source->ref) + return; +@@ -365,6 +400,10 @@ static void __master_free_map_source(str + } + } + ++ status = pthread_rwlock_destroy(&source->module_lock); ++ if (status) ++ fatal(status); ++ + free(source); + + return; +@@ -496,6 +535,10 @@ master_add_source_instance(struct map_so + if (status) + fatal(status); + ++ status = pthread_rwlock_init(&new->module_lock, NULL); ++ if (status) ++ fatal(status); ++ + return new; + } + +--- autofs-5.1.4.orig/include/master.h ++++ autofs-5.1.4/include/master.h +@@ -35,6 +35,7 @@ struct map_source { + unsigned int stale; + unsigned int recurse; + unsigned int depth; ++ pthread_rwlock_t module_lock; + struct lookup_mod *lookup; + int argc; + const char **argv; +@@ -126,5 +127,9 @@ int __master_list_empty(struct master *) + int master_list_empty(struct master *); + int master_done(struct master *); + int master_kill(struct master *); ++void map_module_writelock(struct map_source *map); ++void map_module_readlock(struct map_source *map); ++void map_module_unlock(struct map_source *map); ++void map_module_lock_cleanup(void *arg); + + #endif +--- autofs-5.1.4.orig/modules/parse_amd.c ++++ autofs-5.1.4/modules/parse_amd.c +@@ -1358,14 +1358,6 @@ static int do_host_mount(struct autofs_p + argc = 1; + } + +- parse_instance_mutex_lock(); +- status = open_lookup("hosts", MODPREFIX, NULL, argc, pargv, &lookup); +- if (status != NSS_STATUS_SUCCESS) { +- debug(ap->logopt, "open lookup module hosts failed"); +- parse_instance_mutex_unlock(); +- goto out; +- } +- + instance = master_find_source_instance(source, + "hosts", "sun", argc, pargv); + if (!instance) { +@@ -1374,13 +1366,22 @@ static int do_host_mount(struct autofs_p + if (!instance) { + error(ap->logopt, MODPREFIX + "failed to create source instance for hosts map"); +- parse_instance_mutex_unlock(); + close_lookup(lookup); + goto out; + } + } +- instance->lookup = lookup; +- parse_instance_mutex_unlock(); ++ ++ map_module_writelock(instance); ++ if (!instance->lookup) { ++ status = open_lookup("hosts", MODPREFIX, NULL, argc, pargv, &lookup); ++ if (status != NSS_STATUS_SUCCESS) { ++ map_module_unlock(instance); ++ debug(ap->logopt, "open lookup module hosts failed"); ++ goto out; ++ } ++ instance->lookup = lookup; ++ } ++ map_module_unlock(instance); + + cache_writelock(source->mc); + me = cache_lookup_distinct(source->mc, name); +@@ -1391,8 +1392,11 @@ static int do_host_mount(struct autofs_p + master_source_current_wait(ap->entry); + ap->entry->current = source; + ++ map_module_readlock(instance); ++ lookup = instance->lookup; + ret = lookup->lookup_mount(ap, entry->rhost, + strlen(entry->rhost), lookup->context); ++ map_module_unlock(instance); + + if (!strcmp(name, entry->rhost)) + goto out; diff --git a/SPECS/autofs.spec b/SPECS/autofs.spec index 647ee97..0021f54 100644 --- a/SPECS/autofs.spec +++ b/SPECS/autofs.spec @@ -8,7 +8,7 @@ Summary: A tool for automatically mounting and unmounting filesystems Name: autofs Version: 5.1.4 -Release: 84%{?dist} +Release: 91%{?dist} Epoch: 1 License: GPLv2+ Group: System Environment/Daemons @@ -268,6 +268,15 @@ Patch240: autofs-5.1.8-fix-handling-of-incorrect-return-from-umount_ent.patch Patch241: autofs-5.1.8-dont-use-initgroups-at-spawn.patch Patch242: autofs-5.1.8-fix-invalid-tsv-access.patch +Patch243: autofs-5.1.8-fix-parse-module-instance-mutex-naming.patch +Patch244: autofs-5.1.8-serialise-lookup-module-open-and-reinit.patch +Patch245: autofs-5.1.8-coverity-fix-for-invalid-access.patch +Patch246: autofs-5.1.8-fix-hosts-map-deadlock-on-restart.patch +Patch247: autofs-5.1.8-fix-deadlock-with-hosts-map-reload.patch +Patch248: autofs-5.1.8-fix-memory-leak-in-update_hosts_mounts.patch +Patch249: autofs-5.1.7-fix-concat_options-error-handling.patch +Patch250: autofs-5.1.8-fix-minus-only-option-handling-in-concat_options.patch +Patch251: autofs-5.1.8-fix-incorrect-path-for-is_mounted-in-try_remount.patch %if %{with_systemd} BuildRequires: systemd-units @@ -577,6 +586,15 @@ echo %{version}-%{release} > .version %patch240 -p1 %patch241 -p1 %patch242 -p1 +%patch243 -p1 +%patch244 -p1 +%patch245 -p1 +%patch246 -p1 +%patch247 -p1 +%patch248 -p1 +%patch249 -p1 +%patch250 -p1 +%patch251 -p1 %build LDFLAGS=-Wl,-z,now @@ -672,6 +690,51 @@ fi %dir /etc/auto.master.d %changelog +* Mon Dec 05 2022 Ian Kent - 5.1.4-91 +- bz2148872 - autofs: errors in autofs-5.1.4-83.el8.x86_64 when restarting + autofs with busy directories + - fix incorrect path for is_mounted() in try_remount(). +- Resolves: rhbz#2148872 + +* Mon Dec 05 2022 Ian Kent - 5.1.4-90 +- bz2149206 - RHEL9: automount does not handle null option string after + "-" anymore + - fix changelog entry. +- Related: rhbz#2149206 + +* Mon Dec 05 2022 Ian Kent - 5.1.4-89 +- bz2149206 - RHEL9: automount does not handle null option string after + "-" anymore + - fix concat_options() error handling. + - fix minus only option handling in concat_options(). +- Resolves: rhbz#2149206 + +* Tue Nov 29 2022 Ian Kent - 5.1.4-88 +- bz2139504 - segfault due to lookup_mod->context address being freed + and reused while multiple threads were using it + - fix memory leak in update_hosts_mounts(). +- Related: rhbz#2139504 + +* Sun Nov 27 2022 Ian Kent - 5.1.4-87 +- bz2139504 - segfault due to lookup_mod->context address being freed + and reused while multiple threads were using it + - fix hosts map deadlock on restart. + - fix deadlock with hosts map reload. +- Related: rhbz#2139504 + +* Wed Nov 23 2022 Ian Kent - 5.1.4-86 +- bz2139504 - segfault due to lookup_mod->context address being freed + and reused while multiple threads were using it + - coverity fix for invalid access. +- Related: rhbz#2139504 + +* Wed Nov 09 2022 Ian Kent - 5.1.4-85 +- bz2139504 - segfault due to lookup_mod->context address being freed + and reused while multiple threads were using it + - fix parse module instance mutex naming. + - serialise lookup module open and reinit. +- Resolves: rhbz#2139504 + * Tue Oct 04 2022 Ian Kent - 5.1.4-84 - bz2130034 - automount -m crashes with Segmentation fault (core dumped) - fix invalid tsv access.