From c210216b0b96e451de23f3f25a0024d950c8f52f Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Fri, 18 Nov 2016 10:28:13 +0100 Subject: [PATCH] sheepdog broken out of the box Coroutine stack size of 1M is not enough for the corosync backend, and placing objects in /tmp is a vulnerability. While at it, do not double-fork the daemon. --- coroutine-stack-size.patch | 15 +++++++++++++++ sheepdog.service | 3 +-- sheepdog.spec | 2 ++ 3 files changed, 18 insertions(+), 2 deletions(-) create mode 100644 coroutine-stack-size.patch diff --git a/coroutine-stack-size.patch b/coroutine-stack-size.patch new file mode 100644 index 0000000..11e2c74 --- /dev/null +++ b/coroutine-stack-size.patch @@ -0,0 +1,15 @@ +cpg_dispatch requires 0x101568 bytes of stack. + +diff --git a/lib/coroutine.c b/lib/coroutine.c +index 5b2ed79..1e1060c 100644 +--- a/lib/coroutine.c ++++ b/lib/coroutine.c +@@ -52,7 +52,7 @@ enum co_action { + #define POOL_MAX_SIZE 64 + #endif + +-#define STACK_MAX_SIZE (1 << 20) /* 1 MB */ ++#define STACK_MAX_SIZE (2 << 20) /* 1 MB */ + + struct coroutine { + coroutine_entry_func_t *entry; diff --git a/sheepdog.service b/sheepdog.service index c8fd01e..04d7bb5 100644 --- a/sheepdog.service +++ b/sheepdog.service @@ -3,8 +3,7 @@ Description=Sheepdog QEMU/KVM Block Storage After=syslog.target [Service] -ExecStart=/usr/sbin/sheep -Type=forking +ExecStart=/usr/sbin/sheep -f /var/lib/sheepdog [Install] WantedBy=multi-user.target diff --git a/sheepdog.spec b/sheepdog.spec index b6073ec..5f9549a 100644 --- a/sheepdog.spec +++ b/sheepdog.spec @@ -9,6 +9,7 @@ Source0: collie-sheepdog-v0.3.0-0-gbb41896.tar.gz #get source from github here https://github.com/collie/sheepdog/tarball/v0.3.0 Source1: sheepdog.service Patch0: update_cpg_to_cs_defines.patch +Patch1: coroutine-stack-size.patch # Runtime bits Requires: corosync @@ -40,6 +41,7 @@ a distributed object storage system for KVM. %prep %setup -qn collie-sheepdog-bb41896 %patch0 -p1 +%patch1 -p1 %build ./autogen.sh