1 files changed, 116 insertions, 0 deletions

diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-statd-fix-a-segfault-caused-by-improper-usage-of-RPC.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-statd-fix-a-segfault-caused-by-improper-usage-of-RPC.patch
new file mode 100644
index 0000000000..3d469ac70f
--- /dev/null
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-statd-fix-a-segfault-caused-by-improper-usage-of-RPC.patch
@@ -0,0 +1,116 @@
+Upstream-Status: Backport
+
+From 2fc23d7978e50394599bfd0a881d6081293432b2 Mon Sep 17 00:00:00 2001
+From: Shan Hai <shan.hai@windriver.com>
+Date: Mon, 2 Nov 2015 08:03:24 -0500
+Subject: [PATCH] statd: fix a segfault caused by improper usage of RPC
+ interface
+
+There is a hack which uses the bottom-level RPC improperly as below
+in the current statd implementation: insert a socket in the
+svc_fdset without a corresponding transport handle
+and passes the socket to the svc_getreqset subroutine,
+this usage causes a segfault of statd on a huge amount of sm-notifications.
+
+Fix the issue by separating the non-RPC-server socket from RPC
+dispatcher.
+
+Signed-off-by: Shan Hai <shan.hai@windriver.com>
+Signed-off-by: Steve Dickson <steved@redhat.com>
+(cherry picked from commit 7f62e37fcd25f09949a547b93c35d9e324211102)
+---
+ utils/statd/rmtcall.c | 1 -
+ utils/statd/statd.c   | 5 +++--
+ utils/statd/statd.h   | 2 +-
+ utils/statd/svc_run.c | 8 ++++++--
+ 4 files changed, 10 insertions(+), 6 deletions(-)
+
+diff --git a/utils/statd/rmtcall.c b/utils/statd/rmtcall.c
+index 45c84f9..c4f6364 100644
+--- a/utils/statd/rmtcall.c
++++ b/utils/statd/rmtcall.c
+@@ -113,7 +113,6 @@ statd_get_socket(void)
+ 	if (sockfd < 0)
+ 		return -1;
+ 
+-	FD_SET(sockfd, &SVC_FDSET);
+ 	return sockfd;
+ }
+ 
+diff --git a/utils/statd/statd.c b/utils/statd/statd.c
+index 2b7a167..e5b4c98 100644
+--- a/utils/statd/statd.c
++++ b/utils/statd/statd.c
+@@ -247,6 +247,7 @@ int main (int argc, char **argv)
+ 	int port = 0, out_port = 0;
+ 	int nlm_udp = 0, nlm_tcp = 0;
+ 	struct rlimit rlim;
++	int notify_sockfd;
+ 
+ 	/* Default: daemon mode, no other options */
+ 	run_mode = 0;
+@@ -437,7 +438,7 @@ int main (int argc, char **argv)
+ 		}
+ 
+ 	/* Make sure we have a privilege port for calling into the kernel */
+-	if (statd_get_socket() < 0)
++	if ((notify_sockfd = statd_get_socket()) < 0)
+ 		exit(1);
+ 
+ 	/* If sm-notify didn't take all the state files, load
+@@ -484,7 +485,7 @@ int main (int argc, char **argv)
+ 		 * Handle incoming requests:  SM_NOTIFY socket requests, as
+ 		 * well as callbacks from lockd.
+ 		 */
+-		my_svc_run();	/* I rolled my own, Olaf made it better... */
++		my_svc_run(notify_sockfd);	/* I rolled my own, Olaf made it better... */
+ 
+ 		/* Only get here when simulating a crash so we should probably
+ 		 * start sm-notify running again.  As we have already dropped
+diff --git a/utils/statd/statd.h b/utils/statd/statd.h
+index a1d8035..231ac7e 100644
+--- a/utils/statd/statd.h
++++ b/utils/statd/statd.h
+@@ -28,7 +28,7 @@ extern _Bool	statd_present_address(const struct sockaddr *sap, char *buf,
+ __attribute__((__malloc__))
+ extern char *	statd_canonical_name(const char *hostname);
+ 
+-extern void	my_svc_run(void);
++extern void	my_svc_run(int);
+ extern void	notify_hosts(void);
+ extern void	shuffle_dirs(void);
+ extern int	statd_get_socket(void);
+diff --git a/utils/statd/svc_run.c b/utils/statd/svc_run.c
+index d98ecee..28c1ad6 100644
+--- a/utils/statd/svc_run.c
++++ b/utils/statd/svc_run.c
+@@ -78,7 +78,7 @@ my_svc_exit(void)
+  * The heart of the server.  A crib from libc for the most part...
+  */
+ void
+-my_svc_run(void)
++my_svc_run(int sockfd)
+ {
+ 	FD_SET_TYPE	readfds;
+ 	int             selret;
+@@ -96,6 +96,8 @@ my_svc_run(void)
+ 		}
+ 
+ 		readfds = SVC_FDSET;
++		/* Set notify sockfd for waiting for reply */
++		FD_SET(sockfd, &readfds);
+ 		if (notify) {
+ 			struct timeval	tv;
+ 
+@@ -125,8 +127,10 @@ my_svc_run(void)
+ 
+ 		default:
+ 			selret -= process_reply(&readfds);
+-			if (selret)
++			if (selret) {
++				FD_CLR(sockfd, &readfds);
+ 				svc_getreqset(&readfds);
++			}
+ 		}
+ 	}
+ }