Backport virtiofsd changes to fix crashes on F36+

Resolves: rhbz#2070066
This commit is contained in:
Neal Gompa 2022-04-01 18:17:11 -04:00
parent 148536a5a4
commit fdc9ebb862
3 changed files with 111 additions and 1 deletions

View File

@ -0,0 +1,58 @@
From 7b223e38603de3a75602e14914d26f9d4baf52eb Mon Sep 17 00:00:00 2001
From: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Date: Wed, 9 Feb 2022 12:14:56 +0100
Subject: [PATCH 1/2] tools/virtiofsd: Add rseq syscall to the seccomp
allowlist
The virtiofsd currently crashes when used with glibc 2.35.
That is due to the rseq system call being added to every thread
creation [1][2].
[1]: https://www.efficios.com/blog/2019/02/08/linux-restartable-sequences/
[2]: https://sourceware.org/pipermail/libc-alpha/2022-February/136040.html
This happens not at daemon start, but when a guest connects
/usr/lib/qemu/virtiofsd -f --socket-path=/tmp/testvfsd -o sandbox=chroot \
-o source=/var/guests/j-virtiofs --socket-group=kvm
virtio_session_mount: Waiting for vhost-user socket connection...
# start ok, now guest will connect
virtio_session_mount: Received vhost-user socket connection
virtio_loop: Entry
fv_queue_set_started: qidx=0 started=1
fv_queue_set_started: qidx=1 started=1
Bad system call (core dumped)
We have to put rseq on the seccomp allowlist to avoid that the daemon
is crashing in this case.
Reported-by: Michael Hudson-Doyle <michael.hudson@canonical.com>
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-id: 20220209111456.3328420-1-christian.ehrhardt@canonical.com
[Moved rseq to its alphabetically ordered position in the seccomp
allowlist.
--Stefan]
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
tools/virtiofsd/passthrough_seccomp.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/tools/virtiofsd/passthrough_seccomp.c b/tools/virtiofsd/passthrough_seccomp.c
index a3ce9f898d..2bc0127b69 100644
--- a/tools/virtiofsd/passthrough_seccomp.c
+++ b/tools/virtiofsd/passthrough_seccomp.c
@@ -91,6 +91,9 @@ static const int syscall_allowlist[] = {
SCMP_SYS(renameat2),
SCMP_SYS(removexattr),
SCMP_SYS(restart_syscall),
+#ifdef __NR_rseq
+ SCMP_SYS(rseq), /* required since glibc 2.35 */
+#endif
SCMP_SYS(rt_sigaction),
SCMP_SYS(rt_sigprocmask),
SCMP_SYS(rt_sigreturn),
--
2.35.1

View File

@ -0,0 +1,41 @@
From 41af4459ac47e107093c3f54b6875d54723aa613 Mon Sep 17 00:00:00 2001
From: Sebastian Hasler <sebastian.hasler@stuvus.uni-stuttgart.de>
Date: Thu, 13 Jan 2022 16:32:49 +0100
Subject: [PATCH 2/2] virtiofsd: Do not support blocking flock
With the current implementation, blocking flock can lead to
deadlock. Thus, it's better to return EOPNOTSUPP if a user attempts
to perform a blocking flock request.
Signed-off-by: Sebastian Hasler <sebastian.hasler@stuvus.uni-stuttgart.de>
Message-Id: <20220113153249.710216-1-sebastian.hasler@stuvus.uni-stuttgart.de>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Vivek Goyal <vgoyal@redhat.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
---
tools/virtiofsd/passthrough_ll.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
index b3d0674f6d..3e56d1cd95 100644
--- a/tools/virtiofsd/passthrough_ll.c
+++ b/tools/virtiofsd/passthrough_ll.c
@@ -2467,6 +2467,15 @@ static void lo_flock(fuse_req_t req, fuse_ino_t ino, struct fuse_file_info *fi,
int res;
(void)ino;
+ if (!(op & LOCK_NB)) {
+ /*
+ * Blocking flock can deadlock as there is only one thread
+ * serving the queue.
+ */
+ fuse_reply_err(req, EOPNOTSUPP);
+ return;
+ }
+
res = flock(lo_fi_fd(req, fi), op);
fuse_reply_err(req, res == -1 ? errno : 0);
--
2.35.1

View File

@ -301,11 +301,13 @@ Obsoletes: %{name}-system-unicore32-core <= %{epoch}:%{version}-%{release}
%global rcstr -%{rcver}
%endif
# To prevent rpmdev-bumpspec breakage
%global baserelease 7
Summary: QEMU is a FAST! processor emulator
Name: qemu
Version: 6.2.0
Release: 6%{?rcrel}%{?dist}
Release: %{baserelease}%{?rcrel}%{?dist}
Epoch: 2
License: GPLv2 and BSD and MIT and CC-BY
URL: http://www.qemu.org/
@ -329,6 +331,11 @@ Patch0001: 0001-sgx-stub-fix.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2046202
Patch0002: 0001-virtiofsd-Drop-membership-of-all-supplementary-groups.patch
# Fix various crashes with virtiofsd on F36+
# https://bugzilla.redhat.com/2070066
Patch0003: 0001-tools-virtiofsd-Add-rseq-syscall-to-the-seccomp-allo.patch
Patch0004: 0002-virtiofsd-Do-not-support-blocking-flock.patch
BuildRequires: meson >= %{meson_version}
BuildRequires: zlib-devel
BuildRequires: glib2-devel
@ -2294,6 +2301,10 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \
%changelog
* Fri Apr 01 2022 Neal Gompa <ngompa@fedoraproject.org> - 2:6.2.0-7
- Backport virtiofsd changes to fix crashes on F36+
Resolves: rhbz#2070066
* Fri Apr 01 2022 Richard W.M. Jones <rjones@redhat.com> - 2:6.2.0-6
- Bump and rebuild for SONAME change in libmpathpersist (RHBZ#2069778)