From 05be6d826b5b35869f3bf423ff72dee2f8fbab58 Mon Sep 17 00:00:00 2001 From: volcanodragon Date: Thu, 8 Jun 2023 23:31:40 +0800 Subject: [PATCH] sync some patches (cherry picked from commit cf91b31c57c65d1249d9db8e34d7404f5f08e45c) --- ...-instead-of-free-to-destroy-fuse_req.patch | 30 +++++++++++ 0005-Fix-use-after-free-warning.patch | 51 +++++++++++++++++++ 0006-Disable-leak-suppression-773.patch | 28 ++++++++++ fuse3.spec | 8 ++- 4 files changed, 116 insertions(+), 1 deletion(-) create mode 100644 0004-Use-destroy_req-instead-of-free-to-destroy-fuse_req.patch create mode 100644 0005-Fix-use-after-free-warning.patch create mode 100644 0006-Disable-leak-suppression-773.patch diff --git a/0004-Use-destroy_req-instead-of-free-to-destroy-fuse_req.patch b/0004-Use-destroy_req-instead-of-free-to-destroy-fuse_req.patch new file mode 100644 index 0000000..e635498 --- /dev/null +++ b/0004-Use-destroy_req-instead-of-free-to-destroy-fuse_req.patch @@ -0,0 +1,30 @@ +From 9e1601add411511c94527f6f7f6f071729b0c52c Mon Sep 17 00:00:00 2001 +From: Frank Dinoff +Date: Tue, 26 Jul 2022 15:49:01 -0400 +Subject: [PATCH] Use destroy_req instead of free to destroy fuse_req + +If we get the interrupt before the fuse op, the fuse_req is deleted without +decrementing the refcount on the cloned file descriptor. This leads to a +leak of the cloned /dev/fuse file descriptor. +--- + lib/fuse_lowlevel.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/lib/fuse_lowlevel.c b/lib/fuse_lowlevel.c +index e5de2a5..e82cd9e 100644 +--- a/lib/fuse_lowlevel.c ++++ b/lib/fuse_lowlevel.c +@@ -1762,7 +1762,9 @@ static struct fuse_req *check_interrupt(struct fuse_session *se, + if (curr->u.i.unique == req->unique) { + req->interrupted = 1; + list_del_req(curr); +- free(curr); ++ fuse_chan_put(curr->ch); ++ curr->ch = NULL; ++ destroy_req(curr); + return NULL; + } + } +-- +2.33.0 + diff --git a/0005-Fix-use-after-free-warning.patch b/0005-Fix-use-after-free-warning.patch new file mode 100644 index 0000000..654c031 --- /dev/null +++ b/0005-Fix-use-after-free-warning.patch @@ -0,0 +1,51 @@ +From f2144c6c3a0d4eda5f8384b56cdeb5193a3c06ef Mon Sep 17 00:00:00 2001 +From: Matthias Goergens +Date: Tue, 28 Mar 2023 13:35:56 +0800 +Subject: [PATCH] Fix use-after-free warning +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +When building, I get the following warning: + +```bash +$ ninja +[18/71] Compiling C object lib/libfuse3.so.3.14.1.p/modules_iconv.c.o +../lib/modules/iconv.c: In function ‘iconv_convpath’: +../lib/modules/iconv.c:85:38: warning: pointer ‘newpath’ may be used after ‘realloc’ [-Wuse-after-free] + 85 | p = tmp + (p - newpath); + | ~~~^~~~~~~~~~ +../lib/modules/iconv.c:80:31: note: call to ‘realloc’ here + 80 | tmp = realloc(newpath, newpathlen + 1); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +[71/71] Linking target example/passthrough_hp +``` + +It's a false positive, I thinks. But it's also easy to silence this +warning with a small refactor. +--- + lib/modules/iconv.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/lib/modules/iconv.c b/lib/modules/iconv.c +index 3d18a36..a0bf72b 100644 +--- a/lib/modules/iconv.c ++++ b/lib/modules/iconv.c +@@ -77,12 +77,13 @@ static int iconv_convpath(struct iconv *ic, const char *path, char **newpathp, + + inc = (pathlen + 1) * 4; + newpathlen += inc; ++ int dp = p - newpath; + tmp = realloc(newpath, newpathlen + 1); + err = -ENOMEM; + if (!tmp) + goto err; + +- p = tmp + (p - newpath); ++ p = tmp + dp; + plen += inc; + newpath = tmp; + } +-- +2.33.0 + diff --git a/0006-Disable-leak-suppression-773.patch b/0006-Disable-leak-suppression-773.patch new file mode 100644 index 0000000..0b4ca96 --- /dev/null +++ b/0006-Disable-leak-suppression-773.patch @@ -0,0 +1,28 @@ +From 34d9d2abf1da37961d4f0a2ad55dcf11ed46a33e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Matthias=20G=C3=B6rgens?= +Date: Wed, 12 Apr 2023 15:40:18 +0800 +Subject: [PATCH] Disable leak suppression (#773) + +--- + test/lsan_suppress.txt | 10 ---------- + 1 file changed, 10 deletions(-) + +diff --git a/test/lsan_suppress.txt b/test/lsan_suppress.txt +index e054e7c..44703fc 100644 +--- a/test/lsan_suppress.txt ++++ b/test/lsan_suppress.txt +@@ -1,11 +1 @@ + # Suppression file for address sanitizer. +- +-# There are some leaks in command line option parsing. They should be +-# fixed at some point, but are harmless since the consume just a small, +-# constant amount of memory and do not grow. +-leak:fuse_opt_parse +- +- +-# Leaks in fusermount3 are harmless as well (it's a short-lived +-# process) - but patches are welcome! +-leak:fusermount.c +-- +2.33.0 + diff --git a/fuse3.spec b/fuse3.spec index 949a580..d181bda 100644 --- a/fuse3.spec +++ b/fuse3.spec @@ -2,7 +2,7 @@ Name: fuse3 Version: %{fuse3ver} -Release: 5 +Release: 6 Summary: User space File System of fuse3 License: GPL+ and LGPLv2+ URL: http://fuse.sf.net @@ -12,6 +12,9 @@ Source1: fuse.conf Patch1: 0001-fix-chown-and-mknod-failed.patch Patch2: 0002-revert-fuse_daemonize-chdir-to-even-if-not-run.patch Patch3: 0003-Fix-fd-leak-with-clone_fd.patch +Patch4: 0004-Use-destroy_req-instead-of-free-to-destroy-fuse_req.patch +Patch5: 0005-Fix-use-after-free-warning.patch +Patch6: 0006-Disable-leak-suppression-773.patch BuildRequires: libselinux-devel, pkgconfig, systemd-udev, meson, fdupes BuildRequires: autoconf, automake, libtool, gettext-devel, ninja-build @@ -102,6 +105,9 @@ install -p -m 0644 %{SOURCE1} %{buildroot}%{_sysconfdir} %{_mandir}/man8/* %changelog +* Thu Jun 8 2023 volcanodragon -3.10.5-6 +- Sync fome patches + * Wed Dec 7 2022 Zhiqiang Liu -3.10.5-5 - fix fd leak with clone_fd -- Gitee