rpms / sssd

Clone
Source Code
GIT

Blame SOURCES/0040-MC-Remove-check-if-record-is-in-the-mapped-address-s.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   cdf651568fcb78e20bc9412c18e71a719d3a93fe
  2.   SOURCES
  3.   0040-MC-Remove-check-if-record-is-in-the-mapped-address-s.patch
Blob History Raw
cdf651 
From 64085ac9dbc95bc7b227f24a9a8ec78952c68227 Mon Sep 17 00:00:00 2001
cdf651 
From: Sumit Bose <sbose@redhat.com>
cdf651 
Date: Wed, 11 Jul 2018 22:18:41 +0200
cdf651 
Subject: [PATCH] MC: Remove check if record is in the mapped address space
cdf651 
MIME-Version: 1.0
cdf651 
Content-Type: text/plain; charset=UTF-8
cdf651 
Content-Transfer-Encoding: 8bit
cdf651
cdf651 
There is a check in the memory cache code that checks if a record pointer
cdf651 
points to the mmapped region . But since some time ago, we return not
cdf651 
a pointer to the mmapped region itself, but a copy to avoid issues with
cdf651 
invalidating an entry while the same entry is being returned.
cdf651
cdf651 
In most cases, the check is correct, simply because of how memory is laid
cdf651 
out on Linux, but in some cases the check was failing and causing a high
cdf651 
load of SSSD.
cdf651
cdf651 
Signed-off-by: Jakub Hrozek <jhrozek@redhat.com>
cdf651
cdf651 
Resolves:
cdf651 
https://pagure.io/SSSD/sssd/issue/3776
cdf651
cdf651 
Reviewed-by: Michal Židek <mzidek@redhat.com>
cdf651 
(cherry picked from commit f1c2d4139b6107ee3e9bec0cbe5bf8c2ea8428b2)
cdf651
cdf651 
DOWNSTREAM:
cdf651 
Resolves: rhbz#1586127 - Spurious check in the sssd nss memcache can cause the memory cache to be skipped
cdf651 
---
cdf651 
 src/sss_client/nss_mc_group.c  | 4 +---
cdf651 
 src/sss_client/nss_mc_initgr.c | 5 +----
cdf651 
 src/sss_client/nss_mc_passwd.c | 4 +---
cdf651 
 3 files changed, 3 insertions(+), 10 deletions(-)
cdf651
cdf651 
diff --git a/src/sss_client/nss_mc_group.c b/src/sss_client/nss_mc_group.c
cdf651 
index 6a2336b6116f198adea94f9eda9d9632f9fc8268..3371e0ffc274cd55dad4e7cdb74456f9f4b92d8b 100644
cdf651 
--- a/src/sss_client/nss_mc_group.c
cdf651 
+++ b/src/sss_client/nss_mc_group.c
cdf651 
@@ -152,12 +152,10 @@ errno_t sss_nss_mc_getgrnam(const char *name, size_t name_len,
cdf651 
         /* Integrity check
cdf651 
          * - data->name cannot point outside strings
cdf651 
          * - all strings must be within copy of record
cdf651 
-         * - record must not end outside data table
cdf651 
          * - rec_name is a zero-terminated string */
cdf651 
         if (data->name < strs_offset
cdf651 
             || data->name >= strs_offset + data->strs_len
cdf651 
-            || data->strs_len > rec->len
cdf651 
-            || (uint8_t *) rec + rec->len > gr_mc_ctx.data_table + data_size) {
cdf651 
+            || data->strs_len > rec->len) {
cdf651 
             ret = ENOENT;
cdf651 
             goto done;
cdf651 
         }
cdf651 
diff --git a/src/sss_client/nss_mc_initgr.c b/src/sss_client/nss_mc_initgr.c
cdf651 
index 5a8c661c7e15a085e9662297f62a6a84e70b669e..331930cef357d17c74892f67d5743ebc6a818631 100644
cdf651 
--- a/src/sss_client/nss_mc_initgr.c
cdf651 
+++ b/src/sss_client/nss_mc_initgr.c
cdf651 
@@ -133,15 +133,12 @@ errno_t sss_nss_mc_initgroups_dyn(const char *name, size_t name_len,
cdf651 
         /* Integrity check
cdf651 
          * - data->name cannot point outside all strings or data
cdf651 
          * - all data must be within copy of record
cdf651 
-         * - size of record must be lower that data table size
cdf651 
          * - data->strs cannot point outside strings
cdf651 
          * - rec_name is a zero-terminated string */
cdf651 
         if (data->name < data_offset
cdf651 
             || data->name >= data_offset + data->data_len
cdf651 
             || data->strs_len > data->data_len
cdf651 
-            || data->data_len > rec->len
cdf651 
-            || (uint8_t *) rec + rec->len
cdf651 
-                                      > initgr_mc_ctx.data_table + data_size) {
cdf651 
+            || data->data_len > rec->len) {
cdf651 
             ret = ENOENT;
cdf651 
             goto done;
cdf651 
         }
cdf651 
diff --git a/src/sss_client/nss_mc_passwd.c b/src/sss_client/nss_mc_passwd.c
cdf651 
index 3c62481778788173227f8a241953e421316e248d..ac44b711d8614ac0daa841a7a9dd5894f1a1eb08 100644
cdf651 
--- a/src/sss_client/nss_mc_passwd.c
cdf651 
+++ b/src/sss_client/nss_mc_passwd.c
cdf651 
@@ -145,12 +145,10 @@ errno_t sss_nss_mc_getpwnam(const char *name, size_t name_len,
cdf651 
         /* Integrity check
cdf651 
          * - data->name cannot point outside strings
cdf651 
          * - all strings must be within copy of record
cdf651 
-         * - record must not end outside data table
cdf651 
          * - rec_name is a zero-terminated string */
cdf651 
         if (data->name < strs_offset
cdf651 
             || data->name >= strs_offset + data->strs_len
cdf651 
-            || data->strs_len > rec->len
cdf651 
-            || (uint8_t *) rec + rec->len > pw_mc_ctx.data_table + data_size) {
cdf651 
+            || data->strs_len > rec->len) {
cdf651 
             ret = ENOENT;
cdf651 
             goto done;
cdf651 
         }
cdf651 
--
cdf651 
2.14.4
cdf651

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation