This is the mail archive of the
mailing list for the glibc project.
Re: [PATCH] [BZ 17542] sunrpc: conditional jump depends on uninitialised value in svc_getreq_common
- From: "Carlos O'Donell" <carlos at redhat dot com>
- To: Siddhesh Poyarekar <siddhesh at redhat dot com>, Andreas Schwab <schwab at suse dot de>
- Cc: Brad Hubbard <bhubbard at redhat dot com>, OndÅej BÃlka <neleai at seznam dot cz>, libc-alpha at sourceware dot org
- Date: Thu, 05 Mar 2015 15:05:20 -0500
- Subject: Re: [PATCH] [BZ 17542] sunrpc: conditional jump depends on uninitialised value in svc_getreq_common
- Authentication-results: sourceware.org; auth=none
- References: <54597868 dot 3060408 at redhat dot com> <mvmr3xif28d dot fsf at hawking dot suse dot de> <20141105091434 dot GJ17703 at spoyarek dot pnq dot redhat dot com> <20141209223328 dot GA4523 at domone> <54877C34 dot 8040007 at redhat dot com> <20141210073828 dot GZ19849 at spoyarek dot pnq dot redhat dot com> <mvm8uifx64t dot fsf at hawking dot suse dot de> <20141210083645 dot GA19849 at spoyarek dot pnq dot redhat dot com> <20150302091258 dot GB9714 at spoyarek dot pnq dot redhat dot com> <mvmbnkbwxvo dot fsf at hawking dot suse dot de> <20150302093453 dot GD9714 at spoyarek dot pnq dot redhat dot com>
On 03/02/2015 04:34 AM, Siddhesh Poyarekar wrote:
> On Mon, Mar 02, 2015 at 10:29:31AM +0100, Andreas Schwab wrote:
>> Siddhesh Poyarekar <firstname.lastname@example.org> writes:
>>> Andreas, is this OK or are you still not convinced about adding this
>>> patch in?
>> How about fixing the real bug?
> Carlos has posted a fix for nfs-utils. The intent of including
> this patch is not to work around that specific bug, but to make the
> code robust against such bugs in future.
>  http://article.gmane.org/gmane.linux.nfs/69437
This should be committed to glibc.
This is now committed to nfs-utils. I'd say we should make SunRPC
robust also, just as a matter of fact. We still have old applications
using the compatibility symbols that can benefit from having unregistered
fds be ignored.
Author: Carlos O'Donell <email@example.com>
Date: Thu Feb 26 14:13:26 2015 -0500
rpc.statd: Avoid passing unregistered socket to svc_getreqset
rpc.statd may crash if it receives both a notification reply and a
client connection at the same time. It crashes because it adds
sockfd to SVC_FDSET and that violates the API contract.
The SVC_FDSET is to be considered read-only and must not be modified
by user code. The daemon modifies it for expediency to avoid
having to maintain two distinct fd lists and select on each one.
It is a practical choice that makes sense.
Thus, if a notification reply arrives by itself everything works,
or if a client connection arrives by itself everything works. Both
must arrive at the same time for sockfd to be set in SVC_FDSET
and to be processed by svc_getreqset because more than one of
readfds is ready.
It is the processing by svc_getreqset that will crash when it finds an
unregistered fd in the list that doesn't correlate to any of the
internal book keeping done by the library. At present the glibc
SunRPC library will crash, but TIRPC does not (it is robust against
invalid API usage in this case). However, future RPC libraries
may be implemented differently, and the questionable API usage
should be fixed.
The simplest fix is for process_reply to *clear* sockfd from the
ready-to-read fds, since it was never registered with xprt_register.
This works because the code always calls process_reply before handing
the fd set to the RPC layer for processing.
Compile-tested on x86_64 against master.
Signed-off-by: Carlos O'Donell <firstname.lastname@example.org>
Signed-off-by: Steve Dickson <email@example.com>