From d731b1222e17e0081e5e4e1fc9603b67ba0b72e3 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 16:30:36 +0200 Subject: Adding debian version 2.38.1-5. Signed-off-by: Daniel Baumann --- ..._path_cpuparse-fix-parsing-of-empty-sysfs.patch | 52 ++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 debian/patches/upstream/0001-lib-path-ul_path_cpuparse-fix-parsing-of-empty-sysfs.patch (limited to 'debian/patches/upstream/0001-lib-path-ul_path_cpuparse-fix-parsing-of-empty-sysfs.patch') diff --git a/debian/patches/upstream/0001-lib-path-ul_path_cpuparse-fix-parsing-of-empty-sysfs.patch b/debian/patches/upstream/0001-lib-path-ul_path_cpuparse-fix-parsing-of-empty-sysfs.patch new file mode 100644 index 0000000..743a306 --- /dev/null +++ b/debian/patches/upstream/0001-lib-path-ul_path_cpuparse-fix-parsing-of-empty-sysfs.patch @@ -0,0 +1,52 @@ +From: =?utf-8?q?Petr_=C5=A0tetiar?= +Date: Thu, 22 Sep 2022 11:49:13 +0200 +Subject: [PATCH 01/24] lib/path: ul_path_cpuparse: fix parsing of empty sysfs + files +MIME-Version: 1.0 +Content-Type: text/plain; charset="utf-8" +Content-Transfer-Encoding: 8bit + +Kernel 5.15 returns empty content for topology/thread_siblings on +aarch64 platform, which in conjunction of uninitialized `buf` memory +buffer results in the garbage: + + (gdb) p buf + $14 = " @\377\367\177\000\000\000\275\000\347j\032\236" + +This garbage is then being later consumed by underlying helper functions +like for example cpumask_parse() and this leads to the following crash +later: + + in __libc_free (p=0x7ff7f67c00) at src/malloc/mallocng/free.c:105 + in free (p=) at src/malloc/free.c:5 + in add_cpuset_to_array (setsize=, set=, items=, ary=) at ../sys-utils/lscpu-topology.c:29 + in cputype_read_topology (cxt=cxt@entry=0x7ff7fffe70, ct=0x4298a0) at ../sys-utils/lscpu-topology.c:153 + in lscpu_read_topology (cxt=cxt@entry=0x7ff7fffe70) at ../sys-utils/lscpu-topology.c:629 + in main (argc=1, argv=0x7ffffffdb8) at ../sys-utils/lscpu.c:1341 + +It looks like the problem is that current logic expects fgets() to set +errno on failure, but fgets() is not documented to do so and and neither +glibc nor musl set errno. So if errno was set to 0 before fgets() call, +the failure from fgets() is ignored and then invalid buffer is being +parsed. + +Fixes: #1810 +Suggested-by: Thomas Weißschuh +Signed-off-by: Petr Štetiar +--- + lib/path.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/path.c b/lib/path.c +index 42b4ead..8da6c06 100644 +--- a/lib/path.c ++++ b/lib/path.c +@@ -1028,7 +1028,7 @@ static int ul_path_cpuparse(struct path_cxt *pc, cpu_set_t **set, int maxcpus, i + if (!f) + return -errno; + +- rc = fgets(buf, len, f) == NULL ? -errno : 0; ++ rc = fgets(buf, len, f) == NULL ? -EIO : 0; + fclose(f); + + if (rc) -- cgit v1.2.3