Compare commits
No commits in common. 'c9' and 'i9c-beta' have entirely different histories.
@ -1 +1,3 @@
|
|||||||
SOURCES/pcp-6.2.0.src.tar.gz
|
SOURCES/pcp-6.2.2.src.tar.gz
|
||||||
|
SOURCES/redhat-issues-RHEL-40718-java-bytecode-update.patch
|
||||||
|
SOURCES/redhat-issues-RHEL-50693-hacluster-metrics-update.patch
|
||||||
|
@ -1 +1,3 @@
|
|||||||
617d0e505af5f253080effb6701e089fc02e7379 SOURCES/pcp-6.2.0.src.tar.gz
|
65095a4cddfad3ec6e119ea127050ea68ff8676d SOURCES/pcp-6.2.2.src.tar.gz
|
||||||
|
bf187559a4c2960a692c385b38cab9fd62c81b94 SOURCES/redhat-issues-RHEL-40718-java-bytecode-update.patch
|
||||||
|
e9a7873944492e28e2f9c5fd0c9bfac12ef7596e SOURCES/redhat-issues-RHEL-50693-hacluster-metrics-update.patch
|
||||||
|
@ -0,0 +1,372 @@
|
|||||||
|
commit 6cefac3c6560487abad80498240545e6835e503f
|
||||||
|
Author: lmchilton <lauren.chilton26@gmail.com>
|
||||||
|
Date: Wed Jun 19 10:19:04 2024 +0200
|
||||||
|
|
||||||
|
Updated pcp2openmetrics tool to fix issues: RHEL-39159, RHEL-39132, RHEL-32983, RHEL-39293.
|
||||||
|
Added command line option to exclude # PCP 5 comment line
|
||||||
|
Updated output to follow openmetrics format to include _total metric name ending
|
||||||
|
Omitted blank line after each metric output to adhere to prometheus openmetrics parser
|
||||||
|
Added # EOF line to end of text dump to adhere to prometheus openmetrics
|
||||||
|
parser
|
||||||
|
Updated relevent qa for pcp2openmetric changes (1131 & 1827)
|
||||||
|
Updated pcp2openmetrics man page and fixed style errors(2)
|
||||||
|
|
||||||
|
diff --git a/qa/1131 b/qa/1131
|
||||||
|
index 413da6fe3..aa1e554fe 100755
|
||||||
|
--- a/qa/1131
|
||||||
|
+++ b/qa/1131
|
||||||
|
@@ -62,9 +62,10 @@ pcp2json -a $A -H -I -Z UTC+0 -x "" | _archive_filter
|
||||||
|
echo "---"
|
||||||
|
pcp2json -a $A -H -I -z -X -b GB -P 2 -F $tmp.outfile ""
|
||||||
|
echo "---"
|
||||||
|
-pcp2openmetrics -s1 -H -z hinv.ncpu | _filter_pcp2openmetrics
|
||||||
|
+pcp2openmetrics -s1 -z hinv.ncpu | _filter_pcp2openmetrics
|
||||||
|
+echo "---"
|
||||||
|
+pcp2openmetrics -s2 -x hinv.ncpu | _filter_pcp2openmetrics
|
||||||
|
echo "---"
|
||||||
|
-
|
||||||
|
|
||||||
|
cat $tmp.outfile | _archive_filter
|
||||||
|
which json_verify > /dev/null 2>&1
|
||||||
|
diff --git a/qa/1131.out b/qa/1131.out
|
||||||
|
index 098d698a6..90cb9eaa2 100644
|
||||||
|
--- a/qa/1131.out
|
||||||
|
+++ b/qa/1131.out
|
||||||
|
@@ -2267,13 +2267,18 @@ QA output created by 1131
|
||||||
|
}
|
||||||
|
---
|
||||||
|
---
|
||||||
|
-
|
||||||
|
-
|
||||||
|
+# EOF
|
||||||
|
# HELP hinv_ncpu number of CPUs in the system
|
||||||
|
# PCP5 hinv_ncpu 60.0.32 u32 PM_INDOM_NULL discrete
|
||||||
|
# TYPE hinv_ncpu gauge
|
||||||
|
hinv_ncpu{domainname="DOMAINID",groupid="GROUPID",hostname="HOST",machineid="MACHINEID",userid="USERID",agent="linux"} NCPU
|
||||||
|
---
|
||||||
|
+# EOF
|
||||||
|
+# HELP hinv_ncpu number of CPUs in the system
|
||||||
|
+# TYPE hinv_ncpu gauge
|
||||||
|
+hinv_ncpu{domainname="DOMAINID",groupid="GROUPID",hostname="HOST",machineid="MACHINEID",userid="USERID",agent="linux"} NCPU
|
||||||
|
+hinv_ncpu{domainname="DOMAINID",groupid="GROUPID",hostname="HOST",machineid="MACHINEID",userid="USERID",agent="linux"} NCPU
|
||||||
|
+---
|
||||||
|
{
|
||||||
|
"@pcp": {
|
||||||
|
"@hosts": [
|
||||||
|
diff --git a/qa/1827 b/qa/1827
|
||||||
|
index 47ee66d54..ebeaad460 100755
|
||||||
|
--- a/qa/1827
|
||||||
|
+++ b/qa/1827
|
||||||
|
@@ -63,12 +63,20 @@ $PCP_PYTHON_PROG $here/src/pythonserver.py $port >$tmp.python.out 2>&1 &
|
||||||
|
pid=$!
|
||||||
|
sleep 2 # let server start up
|
||||||
|
|
||||||
|
+echo "---"
|
||||||
|
echo "pcp2openmetrics invocation" | tee -a $here/$seq.full
|
||||||
|
pcp2openmetrics -s1 -u http://localhost:$port hinv.ncpu >$tmp.openmetrics.out 2>$tmp.openmetrics.err
|
||||||
|
|
||||||
|
echo "pcp2openmetrics HTTP POST (sorted):"
|
||||||
|
_filter_pcp2openmetrics_http <$tmp.python.out
|
||||||
|
|
||||||
|
+cat /dev/null > $tmp.python.out
|
||||||
|
+
|
||||||
|
+echo "---"
|
||||||
|
+echo "testing -x option" | tee -a $here/$seq.full
|
||||||
|
+pcp2openmetrics -s1 -x -u http://localhost:$port hinv.ncpu >$tmp.openmetrics2.out 2>$tmp.openmetrics2.err
|
||||||
|
+_filter_pcp2openmetrics_http <$tmp.python.out
|
||||||
|
+
|
||||||
|
# terminate pythonserver.py now
|
||||||
|
pmsignal $pid >/dev/null 2>&1
|
||||||
|
|
||||||
|
diff --git a/qa/1827.out b/qa/1827.out
|
||||||
|
index e786d8607..191ebcfa8 100644
|
||||||
|
--- a/qa/1827.out
|
||||||
|
+++ b/qa/1827.out
|
||||||
|
@@ -1,4 +1,5 @@
|
||||||
|
QA output created by 1827
|
||||||
|
+---
|
||||||
|
pcp2openmetrics invocation
|
||||||
|
pcp2openmetrics HTTP POST (sorted):
|
||||||
|
|
||||||
|
@@ -21,3 +22,22 @@ INFO:root:Starting httpd...
|
||||||
|
Path: /
|
||||||
|
User-Agent: python-requests VERSION
|
||||||
|
hinv_ncpu{domainname="DOMAINID",groupid="GROUPID",hostname="HOST",machineid="MACHINEID",userid="USERID",agent="linux"} N (cpus)
|
||||||
|
+---
|
||||||
|
+testing -x option
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+# HELP hinv_ncpu number of CPUs in the system
|
||||||
|
+# TYPE hinv_ncpu gauge
|
||||||
|
+Accept: */*
|
||||||
|
+Body:
|
||||||
|
+Content-Length: SIZE
|
||||||
|
+Content-Type: application/openmetrics-text
|
||||||
|
+Headers:
|
||||||
|
+Host: localhost:PORT
|
||||||
|
+INFO:root:POST request,
|
||||||
|
+Path: /
|
||||||
|
+User-Agent: python-requests VERSION
|
||||||
|
+hinv_ncpu{domainname="DOMAINID",groupid="GROUPID",hostname="HOST",machineid="MACHINEID",userid="USERID",agent="linux"} N (cpus)
|
||||||
|
diff --git a/src/pcp2openmetrics/pcp2openmetrics.1 b/src/pcp2openmetrics/pcp2openmetrics.1
|
||||||
|
index 84e81e7af..41e4e2f9c 100644
|
||||||
|
--- a/src/pcp2openmetrics/pcp2openmetrics.1
|
||||||
|
+++ b/src/pcp2openmetrics/pcp2openmetrics.1
|
||||||
|
@@ -181,6 +181,13 @@ Maximum time (in seconds) when sending a HTTP POST.
|
||||||
|
Corresponding command line option is \fB\-o\fP.
|
||||||
|
Defaults to \fB2.5\fP seconds.
|
||||||
|
.RE
|
||||||
|
+.PP
|
||||||
|
+no-comment (boolean)
|
||||||
|
+.RS 4
|
||||||
|
+Omit # PCP5 comment line. Omits header for some metric
|
||||||
|
+data such as type, instance domain, and semantics.
|
||||||
|
+Corresponding command line option is \fB\-x\fP.
|
||||||
|
+Defaults to \fBno\fP.
|
||||||
|
.SH OPTIONS
|
||||||
|
The available command line options are:
|
||||||
|
.TP 5
|
||||||
|
@@ -343,9 +350,6 @@ on
|
||||||
|
.IR host ,
|
||||||
|
rather than from the default localhost.
|
||||||
|
.TP
|
||||||
|
-\fB\-H\fR, \fB\-\-no\-header\fR
|
||||||
|
-Do not print any headers.
|
||||||
|
-.TP
|
||||||
|
\fB\-i\fR \fIinstances\fR, \fB\-\-instances\fR=\fIinstances\fR
|
||||||
|
Retrieve and report only the specified metric
|
||||||
|
.IR instances .
|
||||||
|
@@ -605,8 +609,8 @@ and
|
||||||
|
\fB\-V\fR, \fB\-\-version\fR
|
||||||
|
Display version number and exit.
|
||||||
|
.TP
|
||||||
|
-\fB\-x\fR, \fB\-\-with\-extended\fR
|
||||||
|
-Write extended information.
|
||||||
|
+\fB\-x\fR, \fB\-no\-comment\fR
|
||||||
|
+Omit # PCP5 comment line
|
||||||
|
.TP
|
||||||
|
\fB\-X\fR, \fB\-\-with\-everything\fR
|
||||||
|
Write everything known about metrics, including PCP internal IDs.
|
||||||
|
diff --git a/src/pcp2openmetrics/pcp2openmetrics.py b/src/pcp2openmetrics/pcp2openmetrics.py
|
||||||
|
index 51b3326d7..d5a3346fe 100755
|
||||||
|
--- a/src/pcp2openmetrics/pcp2openmetrics.py
|
||||||
|
+++ b/src/pcp2openmetrics/pcp2openmetrics.py
|
||||||
|
@@ -50,24 +50,24 @@ class PCP2OPENMETRICS(object):
|
||||||
|
self.opts = self.options()
|
||||||
|
|
||||||
|
# Configuration directives
|
||||||
|
- self.keys = ('source', 'output', 'derived', 'header', 'globals',
|
||||||
|
- 'samples', 'interval', 'type', 'precision', 'daemonize',
|
||||||
|
+ self.keys = ('source', 'output', 'derived', 'globals',
|
||||||
|
+ 'samples', 'interval', 'precision', 'daemonize',
|
||||||
|
'timefmt', 'everything',
|
||||||
|
'count_scale', 'space_scale', 'time_scale', 'version',
|
||||||
|
'count_scale_force', 'space_scale_force', 'time_scale_force',
|
||||||
|
- 'type_prefer', 'precision_force', 'limit_filter', 'limit_filter_force',
|
||||||
|
+ 'precision_force', 'limit_filter', 'limit_filter_force',
|
||||||
|
'live_filter', 'rank', 'invert_filter', 'predicate', 'names_change',
|
||||||
|
'speclocal', 'instances', 'ignore_incompat', 'ignore_unknown',
|
||||||
|
'omit_flat', 'include_labels', 'url', 'http_user', 'http_pass',
|
||||||
|
- 'http_timeout')
|
||||||
|
+ 'http_timeout', 'no_comment')
|
||||||
|
|
||||||
|
# Ignored for pmrep(1) compatibility
|
||||||
|
self.keys_ignore = (
|
||||||
|
- 'timestamp', 'unitinfo', 'colxrow', 'separate_header', 'fixed_header',
|
||||||
|
+ 'timestamp','header', 'unitinfo', 'colxrow', 'separate_header', 'fixed_header',
|
||||||
|
'delay', 'width', 'delimiter', 'extcsv', 'width_force',
|
||||||
|
'extheader', 'repeat_header', 'interpol',
|
||||||
|
'dynamic_header', 'overall_rank', 'overall_rank_alt', 'sort_metric',
|
||||||
|
- 'instinfo', 'include_texts')
|
||||||
|
+ 'instinfo', 'include_texts', 'type', 'type_prefer')
|
||||||
|
|
||||||
|
# The order of preference for options (as present):
|
||||||
|
# 1 - command line options
|
||||||
|
@@ -79,13 +79,12 @@ class PCP2OPENMETRICS(object):
|
||||||
|
self.output = None # For pmrep conf file compat only
|
||||||
|
self.speclocal = None
|
||||||
|
self.derived = None
|
||||||
|
- self.header = 1
|
||||||
|
self.globals = 1
|
||||||
|
self.samples = None # forever
|
||||||
|
self.interval = pmapi.timeval(10) # 10 sec
|
||||||
|
self.opts.pmSetOptionInterval(str(10)) # 10 sec
|
||||||
|
self.delay = 0
|
||||||
|
- self.type = 0
|
||||||
|
+ self.type = 1
|
||||||
|
self.type_prefer = self.type
|
||||||
|
self.ignore_incompat = 0
|
||||||
|
self.ignore_unknown = 0
|
||||||
|
@@ -118,6 +117,8 @@ class PCP2OPENMETRICS(object):
|
||||||
|
self.http_user = None
|
||||||
|
self.http_pass = None
|
||||||
|
self.http_timeout = TIMEOUT
|
||||||
|
+ self.no_comment = False
|
||||||
|
+ self.header_flag = True
|
||||||
|
|
||||||
|
# Internal
|
||||||
|
self.runtime = -1
|
||||||
|
@@ -146,7 +147,7 @@ class PCP2OPENMETRICS(object):
|
||||||
|
opts = pmapi.pmOptions()
|
||||||
|
opts.pmSetOptionCallback(self.option)
|
||||||
|
opts.pmSetOverrideCallback(self.option_override)
|
||||||
|
- opts.pmSetShortOptions("a:h:LK:c:Ce:D:V?HGA:S:T:O:s:t:rRIi:jJ:4:58:9:nN:vmP:0:q:b:y:Q:B:Y:F:f:Z:zXo:p:U:u:")
|
||||||
|
+ opts.pmSetShortOptions("a:h:LK:c:Ce:D:V?GA:S:T:O:s:t:Ii:jJ:4:58:9:nN:vmP:0:q:b:y:Q:B:Y:F:f:Z:zXo:p:U:u:x")
|
||||||
|
opts.pmSetShortUsage("[option...] metricspec [...]")
|
||||||
|
|
||||||
|
opts.pmSetLongOptionHeader("General options")
|
||||||
|
@@ -166,7 +167,6 @@ class PCP2OPENMETRICS(object):
|
||||||
|
opts.pmSetLongOptionHelp() # -?/--help
|
||||||
|
|
||||||
|
opts.pmSetLongOptionHeader("Reporting options")
|
||||||
|
- opts.pmSetLongOption("no-header", 0, "H", "", "omit headers")
|
||||||
|
opts.pmSetLongOption("no-globals", 0, "G", "", "omit global metrics")
|
||||||
|
opts.pmSetLongOptionAlign() # -A/--align
|
||||||
|
opts.pmSetLongOptionStart() # -S/--start
|
||||||
|
@@ -176,8 +176,6 @@ class PCP2OPENMETRICS(object):
|
||||||
|
opts.pmSetLongOptionInterval() # -t/--interval
|
||||||
|
opts.pmSetLongOptionTimeZone() # -Z/--timezone
|
||||||
|
opts.pmSetLongOptionHostZone() # -z/--hostzone
|
||||||
|
- opts.pmSetLongOption("raw", 0, "r", "", "output raw counter values (no rate conversion)")
|
||||||
|
- opts.pmSetLongOption("raw-prefer", 0, "R", "", "prefer output raw counter values (no rate conversion)")
|
||||||
|
opts.pmSetLongOption("ignore-incompat", 0, "I", "", "ignore incompatible instances (default: abort)")
|
||||||
|
opts.pmSetLongOption("ignore-unknown", 0, "5", "", "ignore unknown metrics (default: abort)")
|
||||||
|
opts.pmSetLongOption("names-change", 1, "4", "ACTION", "update/ignore/abort on PMNS change (default: ignore)")
|
||||||
|
@@ -201,6 +199,7 @@ class PCP2OPENMETRICS(object):
|
||||||
|
opts.pmSetLongOption("time-scale-force", 1, "Y", "SCALE", "forced time unit")
|
||||||
|
|
||||||
|
opts.pmSetLongOption("with-everything", 0, "X", "", "write everything, incl. internal IDs")
|
||||||
|
+ opts.pmSetLongOption("no-comment", 0, "x", "", "omit comment lines")
|
||||||
|
|
||||||
|
opts.pmSetLongOption("url", 1, "u", "URL", "URL of endpoint to receive HTTP POST")
|
||||||
|
opts.pmSetLongOption("http-timeout", 1, "o", "SECONDS", "timeout when sending HTTP POST")
|
||||||
|
@@ -238,14 +237,8 @@ class PCP2OPENMETRICS(object):
|
||||||
|
self.derived = ";" + optarg
|
||||||
|
else:
|
||||||
|
self.derived = self.derived + ";" + optarg
|
||||||
|
- elif opt == 'H':
|
||||||
|
- self.header = 0
|
||||||
|
elif opt == 'G':
|
||||||
|
self.globals = 0
|
||||||
|
- elif opt == 'r':
|
||||||
|
- self.type = 1
|
||||||
|
- elif opt == 'R':
|
||||||
|
- self.type_prefer = 1
|
||||||
|
elif opt == 'I':
|
||||||
|
self.ignore_incompat = 1
|
||||||
|
elif opt == '5':
|
||||||
|
@@ -298,6 +291,8 @@ class PCP2OPENMETRICS(object):
|
||||||
|
self.time_scale_force = optarg
|
||||||
|
elif opt == 'X':
|
||||||
|
self.everything = 1
|
||||||
|
+ elif opt == 'x':
|
||||||
|
+ self.no_comment = True
|
||||||
|
elif opt == 'u':
|
||||||
|
self.url = optarg
|
||||||
|
elif opt == 'o':
|
||||||
|
@@ -319,6 +314,7 @@ class PCP2OPENMETRICS(object):
|
||||||
|
|
||||||
|
if pmapi.c_api.pmSetContextOptions(self.context.ctx, self.opts.mode, self.opts.delta):
|
||||||
|
raise pmapi.pmUsageErr()
|
||||||
|
+ self.context.pmNewZone("UTC")
|
||||||
|
|
||||||
|
def validate_config(self):
|
||||||
|
""" Validate configuration options """
|
||||||
|
@@ -346,11 +342,6 @@ class PCP2OPENMETRICS(object):
|
||||||
|
# Common preparations
|
||||||
|
self.context.prepare_execute(self.opts, False, self.interpol, self.interval)
|
||||||
|
|
||||||
|
- # Headers
|
||||||
|
- if self.header == 1:
|
||||||
|
- self.header = 0
|
||||||
|
- self.write_header()
|
||||||
|
-
|
||||||
|
# Just checking
|
||||||
|
if self.check == 1:
|
||||||
|
return
|
||||||
|
@@ -394,29 +385,12 @@ class PCP2OPENMETRICS(object):
|
||||||
|
|
||||||
|
self.write_openmetrics(tstamp)
|
||||||
|
|
||||||
|
- def write_header(self):
|
||||||
|
- """ Write info header """
|
||||||
|
- output = self.outfile if self.outfile else "stdout"
|
||||||
|
- if self.context.type == PM_CONTEXT_ARCHIVE:
|
||||||
|
- sys.stdout.write('"# Writing %d archived metrics to %s..." }\n{ "//": "(Ctrl-C to stop)" }\n' % (len(self.metrics), output))
|
||||||
|
- return
|
||||||
|
-
|
||||||
|
- sys.stdout.write('# "Waiting for %d metrics to be written to %s' % (len(self.metrics), output))
|
||||||
|
- if self.runtime != -1:
|
||||||
|
- sys.stdout.write('\n # "%s samples(s) with %.1f sec interval ~ %d sec runtime." }\n' % (self.samples, float(self.interval), self.runtime))
|
||||||
|
- elif self.samples:
|
||||||
|
- duration = (self.samples - 1) * float(self.interval)
|
||||||
|
- sys.stdout.write('\n # "%s samples(s) with %.1f sec interval ~ %d sec runtime." }\n' % (self.samples, float(self.interval), duration))
|
||||||
|
- else:
|
||||||
|
- sys.stdout.write('...\n# "(Ctrl-C to stop)" }\n')
|
||||||
|
-
|
||||||
|
def write_openmetrics(self, timestamp):
|
||||||
|
""" Write results in openmetrics format """
|
||||||
|
if timestamp is None:
|
||||||
|
# Silent goodbye, close in finalize()
|
||||||
|
return
|
||||||
|
|
||||||
|
- self.context.pmNewZone("UTC")
|
||||||
|
ts = self.context.datetime_to_secs(self.pmfg_ts(), PM_TIME_SEC)
|
||||||
|
|
||||||
|
if self.prev_ts is None:
|
||||||
|
@@ -500,11 +474,12 @@ class PCP2OPENMETRICS(object):
|
||||||
|
help_dict = {}
|
||||||
|
help_dict[metric] = context.pmLookupText(pmid[0])
|
||||||
|
|
||||||
|
- if self.context.type == PM_CONTEXT_ARCHIVE:
|
||||||
|
- body += "\nMetric %s details (last fetch: %d)\n:" % (metric, ts)
|
||||||
|
- body += '# PCP5 %s %s %s %s %s %s\n' % (openmetrics_name(metric), pmIDStr, get_type_string(desc), pmIndomStr, semantics, units)
|
||||||
|
- body += '# HELP %s %s\n' % (openmetrics_name(metric), help_dict[metric])
|
||||||
|
- body += '# TYPE %s %s\n' % (openmetrics_name(metric), openmetrics_type(desc))
|
||||||
|
+ if self.header_flag is True:
|
||||||
|
+ if self.no_comment is False:
|
||||||
|
+ body += '# PCP5 %s %s %s %s %s %s\n' % (openmetrics_name(metric), pmIDStr, get_type_string(desc), pmIndomStr, semantics, units)
|
||||||
|
+ body += '# TYPE %s %s\n' % (openmetrics_name(metric), openmetrics_type(desc))
|
||||||
|
+ body += '# HELP %s %s\n' % (openmetrics_name(metric), help_dict[metric])
|
||||||
|
+ self.header_flag = False
|
||||||
|
|
||||||
|
for inst, name, value in results[metric]:
|
||||||
|
if isinstance(value, float):
|
||||||
|
@@ -515,10 +490,16 @@ class PCP2OPENMETRICS(object):
|
||||||
|
value = format(value, fmt)
|
||||||
|
else:
|
||||||
|
str(value)
|
||||||
|
+
|
||||||
|
+ if openmetrics_type(desc) == "counter":
|
||||||
|
+ openmetrics_name_end = openmetrics_name(metric) + "_total"
|
||||||
|
+ else:
|
||||||
|
+ openmetrics_name_end = openmetrics_name(metric)
|
||||||
|
+
|
||||||
|
if self.context.type == PM_CONTEXT_ARCHIVE:
|
||||||
|
- body += '%s%s %s %s\n' % (openmetrics_name(metric), openmetrics_labels(inst, name, desc, labels), value, ts)
|
||||||
|
+ body += '%s%s %s %s\n' % (openmetrics_name_end, openmetrics_labels(inst, name, desc, labels), value, ts)
|
||||||
|
else:
|
||||||
|
- body += '%s%s %s\n' % (openmetrics_name(metric), openmetrics_labels(inst, name, desc, labels), value)
|
||||||
|
+ body += '%s%s %s\n' % (openmetrics_name_end, openmetrics_labels(inst, name, desc, labels), value)
|
||||||
|
|
||||||
|
if self.url:
|
||||||
|
auth = None
|
||||||
|
@@ -537,13 +518,13 @@ class PCP2OPENMETRICS(object):
|
||||||
|
elif self.outfile:
|
||||||
|
self.writer.write(body)
|
||||||
|
else:
|
||||||
|
- print(body)
|
||||||
|
+ sys.stdout.write(body)
|
||||||
|
|
||||||
|
def finalize(self):
|
||||||
|
""" Finalize and clean up """
|
||||||
|
if self.writer:
|
||||||
|
try:
|
||||||
|
- self.writer.write("\n")
|
||||||
|
+ self.writer.write("# EOF\n")
|
||||||
|
self.writer.flush()
|
||||||
|
except IOError as write_error:
|
||||||
|
if write_error.errno != errno.EPIPE:
|
@ -0,0 +1,12 @@
|
|||||||
|
diff -Naurp pcp-6.2.2.orig/tmpfiles.init.setup.in pcp-6.2.2/tmpfiles.init.setup.in
|
||||||
|
--- pcp-6.2.2.orig/tmpfiles.init.setup.in 2024-05-07 10:37:04.000000000 +1000
|
||||||
|
+++ pcp-6.2.2/tmpfiles.init.setup.in 2024-05-16 09:18:49.200282601 +1000
|
||||||
|
@@ -3,7 +3,7 @@
|
||||||
|
# Type Path Mode User Group Age Argument
|
||||||
|
D PCP_RUN_DIR 0775 PCP_USER PCP_GROUP - -
|
||||||
|
d PCP_LOG_DIR 0775 PCP_USER PCP_GROUP - -
|
||||||
|
-d PCP_LOG_DIR/pmcd 0775 root root - -
|
||||||
|
+d PCP_LOG_DIR/pmcd 0755 root root - -
|
||||||
|
d PCP_LOG_DIR/pmfind 0775 PCP_USER PCP_GROUP - -
|
||||||
|
d PCP_LOG_DIR/pmie 0775 PCP_USER PCP_GROUP - -
|
||||||
|
d PCP_LOG_DIR/pmlogger 0775 PCP_USER PCP_GROUP - -
|
@ -1,27 +0,0 @@
|
|||||||
commit 3bde240a2acc85e63e2f7813330713dd9b59386e
|
|
||||||
Author: Nathan Scott <nathans@redhat.com>
|
|
||||||
Date: Wed Mar 27 14:51:28 2024 +1100
|
|
||||||
|
|
||||||
pmproxy: disable Redis protocol proxying by default
|
|
||||||
|
|
||||||
If a redis-server has been locked down in terms of connections,
|
|
||||||
we want to prevent pmproxy from being allowed to send arbitrary
|
|
||||||
RESP commands to it.
|
|
||||||
|
|
||||||
This protocol proxying doesn't affect PCP functionality at all,
|
|
||||||
its more of a developer/sysadmin convenience when Redis used in
|
|
||||||
cluster mode (relatively uncommon compared to localhost mode).
|
|
||||||
|
|
||||||
diff --git a/src/pmproxy/pmproxy.conf b/src/pmproxy/pmproxy.conf
|
|
||||||
index e54891792e..4cbc1c96af 100644
|
|
||||||
--- a/src/pmproxy/pmproxy.conf
|
|
||||||
+++ b/src/pmproxy/pmproxy.conf
|
|
||||||
@@ -29,7 +29,7 @@ pcp.enabled = true
|
|
||||||
http.enabled = true
|
|
||||||
|
|
||||||
# support Redis protocol proxying
|
|
||||||
-redis.enabled = true
|
|
||||||
+redis.enabled = false
|
|
||||||
|
|
||||||
# support SSL/TLS protocol wrapping
|
|
||||||
secure.enabled = true
|
|
@ -1,320 +0,0 @@
|
|||||||
diff -Naurp pcp-5.3.7.orig/qa/src/test_pcp_sockets.python pcp-5.3.7/qa/src/test_pcp_sockets.python
|
|
||||||
--- pcp-5.3.7.orig/qa/src/test_pcp_sockets.python 1970-01-01 10:00:00.000000000 +1000
|
|
||||||
+++ pcp-5.3.7/qa/src/test_pcp_sockets.python 2024-09-09 13:47:06.848083320 +1000
|
|
||||||
@@ -0,0 +1,23 @@
|
|
||||||
+import socket
|
|
||||||
+import cpmapi as api
|
|
||||||
+from pcp import pmapi
|
|
||||||
+
|
|
||||||
+address = 'localhost'
|
|
||||||
+port = 44321
|
|
||||||
+
|
|
||||||
+c = []
|
|
||||||
+for i in range(0, 1234):
|
|
||||||
+ print('context', i)
|
|
||||||
+ ctx = pmapi.pmContext(api.PM_CONTEXT_HOST, "local:")
|
|
||||||
+ print('created', i)
|
|
||||||
+ c.append(ctx)
|
|
||||||
+
|
|
||||||
+s = []
|
|
||||||
+for i in range(0, 1234):
|
|
||||||
+ sock = socket.socket()
|
|
||||||
+ print('socket', i)
|
|
||||||
+ sock.connect((address, port))
|
|
||||||
+ print('connect', i)
|
|
||||||
+ sock.send(b"abba\r") # -- gives a too-large PDU
|
|
||||||
+ print('send', i)
|
|
||||||
+ # s.append(sock) # -- exercise pduread: timeout
|
|
||||||
diff -Naurp pcp-5.3.7.orig/src/libpcp/src/pdu.c pcp-5.3.7/src/libpcp/src/pdu.c
|
|
||||||
--- pcp-5.3.7.orig/src/libpcp/src/pdu.c 2022-04-05 09:05:43.000000000 +1000
|
|
||||||
+++ pcp-5.3.7/src/libpcp/src/pdu.c 2024-09-09 13:47:06.869083364 +1000
|
|
||||||
@@ -186,10 +186,7 @@ pduread(int fd, char *buf, int len, int
|
|
||||||
* Need all parts of the PDU to be received by dead_hand
|
|
||||||
* This enforces a low overall timeout for the whole PDU
|
|
||||||
* (as opposed to just a timeout for individual calls to
|
|
||||||
- * recv). A more invasive alternative (better) approach
|
|
||||||
- * would see all I/O performed in the main event loop,
|
|
||||||
- * and I/O routines transformed to continuation-passing
|
|
||||||
- * style.
|
|
||||||
+ * recv).
|
|
||||||
*/
|
|
||||||
gettimeofday(&dead_hand, NULL);
|
|
||||||
dead_hand.tv_sec += wait.tv_sec;
|
|
||||||
@@ -499,9 +496,10 @@ PM_FAULT_RETURN(PM_ERR_TIMEOUT);
|
|
||||||
if (len == -1) {
|
|
||||||
if (! __pmSocketClosed()) {
|
|
||||||
char errmsg[PM_MAXERRMSGLEN];
|
|
||||||
- pmNotifyErr(LOG_ERR, "%s: fd=%d hdr read: len=%d: %s",
|
|
||||||
- "__pmGetPDU", fd, len,
|
|
||||||
- pmErrStr_r(-oserror(), errmsg, sizeof(errmsg)));
|
|
||||||
+ if (pmDebugOptions.pdu)
|
|
||||||
+ pmNotifyErr(LOG_ERR, "%s: fd=%d hdr read: len=%d: %s",
|
|
||||||
+ "__pmGetPDU", fd, len,
|
|
||||||
+ pmErrStr_r(-oserror(), errmsg, sizeof(errmsg)));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else if (len >= (int)sizeof(php->len)) {
|
|
||||||
@@ -520,15 +518,17 @@ PM_FAULT_RETURN(PM_ERR_TIMEOUT);
|
|
||||||
}
|
|
||||||
else if (len < 0) {
|
|
||||||
char errmsg[PM_MAXERRMSGLEN];
|
|
||||||
- pmNotifyErr(LOG_ERR, "%s: fd=%d hdr read: len=%d: %s",
|
|
||||||
- "__pmGetPDU", fd, len,
|
|
||||||
- pmErrStr_r(len, errmsg, sizeof(errmsg)));
|
|
||||||
+ if (pmDebugOptions.pdu)
|
|
||||||
+ pmNotifyErr(LOG_ERR, "%s: fd=%d hdr read: len=%d: %s",
|
|
||||||
+ "__pmGetPDU", fd, len,
|
|
||||||
+ pmErrStr_r(len, errmsg, sizeof(errmsg)));
|
|
||||||
__pmUnpinPDUBuf(pdubuf);
|
|
||||||
return PM_ERR_IPC;
|
|
||||||
}
|
|
||||||
else if (len > 0) {
|
|
||||||
- pmNotifyErr(LOG_ERR, "%s: fd=%d hdr read: bad len=%d",
|
|
||||||
- "__pmGetPDU", fd, len);
|
|
||||||
+ if (pmDebugOptions.pdu)
|
|
||||||
+ pmNotifyErr(LOG_ERR, "%s: fd=%d hdr read: bad len=%d",
|
|
||||||
+ "__pmGetPDU", fd, len);
|
|
||||||
__pmUnpinPDUBuf(pdubuf);
|
|
||||||
return PM_ERR_IPC;
|
|
||||||
}
|
|
||||||
@@ -547,8 +547,9 @@ check_read_len:
|
|
||||||
* PDU length indicates insufficient bytes for a PDU header
|
|
||||||
* ... looks like DOS attack like PV 935490
|
|
||||||
*/
|
|
||||||
- pmNotifyErr(LOG_ERR, "%s: fd=%d illegal PDU len=%d in hdr",
|
|
||||||
- "__pmGetPDU", fd, php->len);
|
|
||||||
+ if (pmDebugOptions.pdu)
|
|
||||||
+ pmNotifyErr(LOG_ERR, "%s: fd=%d illegal PDU len=%d in hdr",
|
|
||||||
+ "__pmGetPDU", fd, php->len);
|
|
||||||
__pmUnpinPDUBuf(pdubuf);
|
|
||||||
return PM_ERR_IPC;
|
|
||||||
}
|
|
||||||
@@ -559,16 +560,18 @@ check_read_len:
|
|
||||||
* (note, pmcd and pmdas have to be able to _send_ large PDUs,
|
|
||||||
* e.g. for a pmResult or instance domain enquiry)
|
|
||||||
*/
|
|
||||||
- if (len < (int)(sizeof(php->len) + sizeof(php->type)))
|
|
||||||
- /* PDU too short to provide a valid type */
|
|
||||||
- pmNotifyErr(LOG_ERR, "%s: fd=%d bad PDU len=%d in hdr "
|
|
||||||
- "exceeds maximum client PDU size (%d)",
|
|
||||||
- "__pmGetPDU", fd, php->len, ceiling);
|
|
||||||
- else
|
|
||||||
- pmNotifyErr(LOG_ERR, "%s: fd=%d type=0x%x bad PDU len=%d in hdr "
|
|
||||||
- "exceeds maximum client PDU size (%d)",
|
|
||||||
- "__pmGetPDU", fd, (unsigned)ntohl(php->type),
|
|
||||||
- php->len, ceiling);
|
|
||||||
+ if (pmDebugOptions.pdu) {
|
|
||||||
+ if (len < (int)(sizeof(php->len) + sizeof(php->type)))
|
|
||||||
+ /* PDU too short to provide a valid type */
|
|
||||||
+ pmNotifyErr(LOG_ERR, "%s: fd=%d bad PDU len=%d in hdr"
|
|
||||||
+ " exceeds maximum client PDU size (%d)",
|
|
||||||
+ "__pmGetPDU", fd, php->len, ceiling);
|
|
||||||
+ else
|
|
||||||
+ pmNotifyErr(LOG_ERR, "%s: fd=%d type=0x%x bad PDU len=%d in hdr"
|
|
||||||
+ " exceeds maximum client PDU size (%d)",
|
|
||||||
+ "__pmGetPDU", fd, (unsigned)ntohl(php->type),
|
|
||||||
+ php->len, ceiling);
|
|
||||||
+ }
|
|
||||||
__pmUnpinPDUBuf(pdubuf);
|
|
||||||
return PM_ERR_TOOBIG;
|
|
||||||
}
|
|
||||||
@@ -608,6 +611,10 @@ check_read_len:
|
|
||||||
__pmUnpinPDUBuf(pdubuf);
|
|
||||||
return PM_ERR_TIMEOUT;
|
|
||||||
}
|
|
||||||
+ else if (!pmDebugOptions.pdu) {
|
|
||||||
+ __pmUnpinPDUBuf(pdubuf);
|
|
||||||
+ return PM_ERR_IPC;
|
|
||||||
+ }
|
|
||||||
else if (len < 0) {
|
|
||||||
char errmsg[PM_MAXERRMSGLEN];
|
|
||||||
pmNotifyErr(LOG_ERR, "%s: fd=%d data read: len=%d: %s",
|
|
||||||
@@ -641,7 +648,8 @@ check_read_len:
|
|
||||||
* PDU type is bad ... could be a possible mem leak attack like
|
|
||||||
* https://bugzilla.redhat.com/show_bug.cgi?id=841319
|
|
||||||
*/
|
|
||||||
- pmNotifyErr(LOG_ERR, "%s: fd=%d illegal PDU type=%d in hdr",
|
|
||||||
+ if (pmDebugOptions.pdu)
|
|
||||||
+ pmNotifyErr(LOG_ERR, "%s: fd=%d illegal PDU type=%d in hdr",
|
|
||||||
"__pmGetPDU", fd, php->type);
|
|
||||||
__pmUnpinPDUBuf(pdubuf);
|
|
||||||
return PM_ERR_IPC;
|
|
||||||
diff -Naurp pcp-5.3.7.orig/src/libpcp_web/src/load.h pcp-5.3.7/src/libpcp_web/src/load.h
|
|
||||||
--- pcp-5.3.7.orig/src/libpcp_web/src/load.h 2021-02-17 15:27:41.000000000 +1100
|
|
||||||
+++ pcp-5.3.7/src/libpcp_web/src/load.h 2024-09-09 13:45:56.531933622 +1000
|
|
||||||
@@ -42,8 +42,9 @@ typedef struct context {
|
|
||||||
unsigned int setup : 1; /* context established */
|
|
||||||
unsigned int cached : 1; /* context/source in cache */
|
|
||||||
unsigned int garbage : 1; /* context pending removal */
|
|
||||||
+ unsigned int inactive: 1; /* context removal deferred */
|
|
||||||
unsigned int updated : 1; /* context labels are updated */
|
|
||||||
- unsigned int padding : 4; /* zero-filled struct padding */
|
|
||||||
+ unsigned int padding : 3; /* zero-filled struct padding */
|
|
||||||
unsigned int refcount : 16; /* currently-referenced counter */
|
|
||||||
unsigned int timeout; /* context timeout in milliseconds */
|
|
||||||
uv_timer_t timer;
|
|
||||||
diff -Naurp pcp-5.3.7.orig/src/libpcp_web/src/webgroup.c pcp-5.3.7/src/libpcp_web/src/webgroup.c
|
|
||||||
--- pcp-5.3.7.orig/src/libpcp_web/src/webgroup.c 2024-09-09 13:44:34.166748200 +1000
|
|
||||||
+++ pcp-5.3.7/src/libpcp_web/src/webgroup.c 2024-09-09 13:45:56.531933622 +1000
|
|
||||||
@@ -134,9 +134,18 @@ webgroup_timeout_context(uv_timer_t *arg
|
|
||||||
* is returned to zero by the caller, or background cleanup
|
|
||||||
* finds this context and cleans it.
|
|
||||||
*/
|
|
||||||
- if (cp->refcount == 0 && cp->garbage == 0) {
|
|
||||||
- cp->garbage = 1;
|
|
||||||
- uv_timer_stop(&cp->timer);
|
|
||||||
+ if (cp->refcount == 0) {
|
|
||||||
+ if (cp->garbage == 0) {
|
|
||||||
+ cp->garbage = 1;
|
|
||||||
+ uv_timer_stop(&cp->timer);
|
|
||||||
+ }
|
|
||||||
+ } else {
|
|
||||||
+ /*
|
|
||||||
+ * Context timed out but still referenced, must wait
|
|
||||||
+ * until the caller releases its reference (shortly)
|
|
||||||
+ * before beginning garbage collection process.
|
|
||||||
+ */
|
|
||||||
+ cp->inactive = 1;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -298,20 +307,28 @@ webgroup_garbage_collect(struct webgroup
|
|
||||||
dictIterator *iterator;
|
|
||||||
dictEntry *entry;
|
|
||||||
context_t *cp;
|
|
||||||
- unsigned int count = 0, drops = 0;
|
|
||||||
+ unsigned int count = 0, drops = 0, garbageset = 0, inactiveset = 0;
|
|
||||||
|
|
||||||
if (pmDebugOptions.http || pmDebugOptions.libweb)
|
|
||||||
- fprintf(stderr, "%s: started\n", "webgroup_garbage_collect");
|
|
||||||
+ fprintf(stderr, "%s: started for groups %p\n",
|
|
||||||
+ "webgroup_garbage_collect", groups);
|
|
||||||
|
|
||||||
/* do context GC if we get the lock (else don't block here) */
|
|
||||||
if (uv_mutex_trylock(&groups->mutex) == 0) {
|
|
||||||
iterator = dictGetSafeIterator(groups->contexts);
|
|
||||||
for (entry = dictNext(iterator); entry;) {
|
|
||||||
cp = (context_t *)dictGetVal(entry);
|
|
||||||
+ if (cp->privdata != groups)
|
|
||||||
+ continue;
|
|
||||||
entry = dictNext(iterator);
|
|
||||||
- if (cp->garbage && cp->privdata == groups) {
|
|
||||||
+ if (cp->garbage)
|
|
||||||
+ garbageset++;
|
|
||||||
+ if (cp->inactive && cp->refcount == 0)
|
|
||||||
+ inactiveset++;
|
|
||||||
+ if (cp->garbage || (cp->inactive && cp->refcount == 0)) {
|
|
||||||
if (pmDebugOptions.http || pmDebugOptions.libweb)
|
|
||||||
- fprintf(stderr, "GC context %u (%p)\n", cp->randomid, cp);
|
|
||||||
+ fprintf(stderr, "GC dropping context %u (%p)\n",
|
|
||||||
+ cp->randomid, cp);
|
|
||||||
uv_mutex_unlock(&groups->mutex);
|
|
||||||
webgroup_drop_context(cp, groups);
|
|
||||||
uv_mutex_lock(&groups->mutex);
|
|
||||||
@@ -324,7 +341,8 @@ webgroup_garbage_collect(struct webgroup
|
|
||||||
/* if dropping the last remaining context, do cleanup */
|
|
||||||
if (groups->active && drops == count) {
|
|
||||||
if (pmDebugOptions.http || pmDebugOptions.libweb)
|
|
||||||
- fprintf(stderr, "%s: freezing\n", "webgroup_garbage_collect");
|
|
||||||
+ fprintf(stderr, "%s: freezing groups %p\n",
|
|
||||||
+ "webgroup_garbage_collect", groups);
|
|
||||||
webgroup_timers_stop(groups);
|
|
||||||
}
|
|
||||||
uv_mutex_unlock(&groups->mutex);
|
|
||||||
@@ -334,8 +352,10 @@ webgroup_garbage_collect(struct webgroup
|
|
||||||
mmv_set(groups->map, groups->metrics[WEBGROUP_GC_COUNT], &count);
|
|
||||||
|
|
||||||
if (pmDebugOptions.http || pmDebugOptions.libweb)
|
|
||||||
- fprintf(stderr, "%s: finished [%u drops from %u entries]\n",
|
|
||||||
- "webgroup_garbage_collect", drops, count);
|
|
||||||
+ fprintf(stderr, "%s: finished [%u drops from %u entries,"
|
|
||||||
+ " %u garbageset, %u inactiveset]\n",
|
|
||||||
+ "webgroup_garbage_collect", drops, count,
|
|
||||||
+ garbageset, inactiveset);
|
|
||||||
}
|
|
||||||
|
|
||||||
static void
|
|
||||||
@@ -354,7 +374,7 @@ webgroup_use_context(struct context *cp,
|
|
||||||
int sts;
|
|
||||||
struct webgroups *gp = (struct webgroups *)cp->privdata;
|
|
||||||
|
|
||||||
- if (cp->garbage == 0) {
|
|
||||||
+ if (cp->garbage == 0 && cp->inactive == 0) {
|
|
||||||
if (cp->setup == 0) {
|
|
||||||
if ((sts = pmReconnectContext(cp->context)) < 0) {
|
|
||||||
infofmt(*message, "cannot reconnect context: %s",
|
|
||||||
@@ -424,7 +444,7 @@ webgroup_lookup_context(pmWebGroupSettin
|
|
||||||
*status = -ENOTCONN;
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
- if (cp->garbage == 0) {
|
|
||||||
+ if (cp->garbage == 0 && cp->inactive == 0) {
|
|
||||||
access.username = cp->username;
|
|
||||||
access.password = cp->password;
|
|
||||||
access.realm = cp->realm;
|
|
||||||
diff -Naurp pcp-5.3.7.orig/src/pmcd/src/client.c pcp-5.3.7/src/pmcd/src/client.c
|
|
||||||
--- pcp-5.3.7.orig/src/pmcd/src/client.c 2018-01-15 15:49:13.000000000 +1100
|
|
||||||
+++ pcp-5.3.7/src/pmcd/src/client.c 2024-09-09 13:47:06.870083366 +1000
|
|
||||||
@@ -74,7 +74,8 @@ NotifyEndContext(int ctx)
|
|
||||||
ClientInfo *
|
|
||||||
AcceptNewClient(int reqfd)
|
|
||||||
{
|
|
||||||
- static unsigned int seq = 0;
|
|
||||||
+ static unsigned int seq, saved, count;
|
|
||||||
+ static struct timeval then;
|
|
||||||
int i, fd;
|
|
||||||
__pmSockLen addrlen;
|
|
||||||
struct timeval now;
|
|
||||||
@@ -83,21 +84,30 @@ AcceptNewClient(int reqfd)
|
|
||||||
addrlen = __pmSockAddrSize();
|
|
||||||
fd = __pmAccept(reqfd, client[i].addr, &addrlen);
|
|
||||||
if (fd == -1) {
|
|
||||||
- if (neterror() == EPERM) {
|
|
||||||
- pmNotifyErr(LOG_NOTICE, "AcceptNewClient(%d): "
|
|
||||||
- "Permission Denied\n", reqfd);
|
|
||||||
- }
|
|
||||||
- else if (neterror() == ECONNABORTED) {
|
|
||||||
+ if (neterror() == ECONNABORTED) {
|
|
||||||
/* quietly ignore this one ... */
|
|
||||||
;
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
- /*
|
|
||||||
- * unexpected ... ignore the client (we used to kill off pmcd
|
|
||||||
- * but that seems way too extreme)
|
|
||||||
+ /* Permission denied or an unexpected error (e.g. EMFILE)
|
|
||||||
+ * - rate limit the logging and make this client go away.
|
|
||||||
*/
|
|
||||||
- pmNotifyErr(LOG_ERR, "AcceptNewClient(%d): Unexpected error from __pmAccept: %d: %s\n",
|
|
||||||
- reqfd, neterror(), netstrerror());
|
|
||||||
+ pmtimevalNow(&now);
|
|
||||||
+ if (neterror() != saved || now.tv_sec > then.tv_sec + 60) {
|
|
||||||
+ if (neterror() == EPERM)
|
|
||||||
+ pmNotifyErr(LOG_NOTICE, "AcceptNewClient(%d): "
|
|
||||||
+ "Permission Denied (%d suppressed)\n",
|
|
||||||
+ reqfd, count);
|
|
||||||
+ else
|
|
||||||
+ pmNotifyErr(LOG_ERR, "AcceptNewClient(%d): "
|
|
||||||
+ "Accept error (%d suppressed): %d: %s\n",
|
|
||||||
+ reqfd, count, neterror(), netstrerror());
|
|
||||||
+ saved = neterror();
|
|
||||||
+ count = 0;
|
|
||||||
+ } else {
|
|
||||||
+ count++;
|
|
||||||
+ }
|
|
||||||
+ then = now;
|
|
||||||
}
|
|
||||||
client[i].fd = -1;
|
|
||||||
DeleteClient(&client[i]);
|
|
||||||
diff -Naurp pcp-5.3.7.orig/src/pmcd/src/pmcd.c pcp-5.3.7/src/pmcd/src/pmcd.c
|
|
||||||
--- pcp-5.3.7.orig/src/pmcd/src/pmcd.c 2021-10-13 10:48:23.000000000 +1100
|
|
||||||
+++ pcp-5.3.7/src/pmcd/src/pmcd.c 2024-09-09 13:47:06.871083368 +1000
|
|
||||||
@@ -685,7 +685,7 @@ HandleReadyAgents(__pmFdSet *readyFds)
|
|
||||||
}
|
|
||||||
|
|
||||||
static void
|
|
||||||
-CheckNewClient(__pmFdSet * fdset, int rfd, int family)
|
|
||||||
+CheckNewClient(__pmFdSet *fdset, int rfd, int family)
|
|
||||||
{
|
|
||||||
int s, sts, accepted = 1;
|
|
||||||
__uint32_t challenge;
|
|
File diff suppressed because it is too large
Load Diff
@ -1,418 +0,0 @@
|
|||||||
diff -Naurp pcp-6.2.0.orig/qa/1518 pcp-6.2.0/qa/1518
|
|
||||||
--- pcp-6.2.0.orig/qa/1518 1970-01-01 10:00:00.000000000 +1000
|
|
||||||
+++ pcp-6.2.0/qa/1518 2024-09-17 10:11:45.805874610 +1000
|
|
||||||
@@ -0,0 +1,75 @@
|
|
||||||
+#!/bin/sh
|
|
||||||
+# PCP QA Test No. 1518
|
|
||||||
+# SUSE Issue A)
|
|
||||||
+# __pmDecodeValueSet() Miscalculates Available Buffer Space
|
|
||||||
+# Leading to a Possible Heap Corruption
|
|
||||||
+#
|
|
||||||
+# Copyright (c) 2024 Ken McDonell. All Rights Reserved.
|
|
||||||
+# Copyright (c) 2024 Matthias Gerstner. All Rights Reserved.
|
|
||||||
+#
|
|
||||||
+
|
|
||||||
+if [ $# -eq 0 ]
|
|
||||||
+then
|
|
||||||
+ seq=`basename $0`
|
|
||||||
+ echo "QA output created by $seq"
|
|
||||||
+else
|
|
||||||
+ # use $seq from caller, unless not set
|
|
||||||
+ [ -n "$seq" ] || seq=`basename $0`
|
|
||||||
+ echo "QA output created by `basename $0` $*"
|
|
||||||
+fi
|
|
||||||
+
|
|
||||||
+# get standard environment, filters and checks
|
|
||||||
+. ./common.product
|
|
||||||
+. ./common.filter
|
|
||||||
+. ./common.check
|
|
||||||
+
|
|
||||||
+$sudo rm -rf $tmp $tmp.* $seq.full
|
|
||||||
+
|
|
||||||
+which nc >/dev/null 2>&1 || _notrun "no nc executable installed"
|
|
||||||
+_check_valgrind
|
|
||||||
+
|
|
||||||
+_cleanup()
|
|
||||||
+{
|
|
||||||
+ cat pmcd.log >>$here/$seq.full
|
|
||||||
+ cd $here
|
|
||||||
+ $sudo rm -rf $tmp $tmp.*
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+status=0 # success is the default!
|
|
||||||
+trap "_cleanup; exit \$status" 0 1 2 3 15
|
|
||||||
+
|
|
||||||
+_filter()
|
|
||||||
+{
|
|
||||||
+ sed \
|
|
||||||
+ -e '/^Command: /d' \
|
|
||||||
+ # end
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+mkdir $tmp || exit 1
|
|
||||||
+cd $tmp
|
|
||||||
+grep sampledso $PCP_PMCDCONF_PATH >pmcd.conf
|
|
||||||
+cat pmcd.conf >>$here/$seq.full
|
|
||||||
+port=`_find_free_port`
|
|
||||||
+echo "port=$port" >>$here/$seq.full
|
|
||||||
+
|
|
||||||
+# real QA test starts here
|
|
||||||
+valgrind $PCP_BINADM_DIR/pmcd -f -Dpdu -c ./pmcd.conf -s ./pmcd.socket -p $port >out 2>err &
|
|
||||||
+valgrind_pid=$!
|
|
||||||
+sleep 2
|
|
||||||
+pmcd_pid=`$PCP_PS_PROG $PCP_PS_ALL_FLAGS | grep '[p]mcd -f -Dpdu' | $PCP_AWK_PROG '{ print $2 }'`
|
|
||||||
+echo "pmcd_pid=$pmcd_pid" >>$here/$seq.full
|
|
||||||
+nc -N -U ./pmcd.socket <$here/binary/decode-value-set-out-of-bound-write 2>&1 \
|
|
||||||
+| od -c >>$here/$seq.full
|
|
||||||
+sleep 2
|
|
||||||
+kill -TERM $pmcd_pid
|
|
||||||
+wait
|
|
||||||
+
|
|
||||||
+echo "expect error to be logged ..."
|
|
||||||
+grep __pmDecodeValueSet pmcd.log
|
|
||||||
+
|
|
||||||
+echo
|
|
||||||
+echo "and no valgrind badness ..."
|
|
||||||
+cat out err | _filter_valgrind | _filter
|
|
||||||
+
|
|
||||||
+# success, all done
|
|
||||||
+exit
|
|
||||||
diff -Naurp pcp-6.2.0.orig/qa/1518.out pcp-6.2.0/qa/1518.out
|
|
||||||
--- pcp-6.2.0.orig/qa/1518.out 1970-01-01 10:00:00.000000000 +1000
|
|
||||||
+++ pcp-6.2.0/qa/1518.out 2024-09-17 10:11:45.806874611 +1000
|
|
||||||
@@ -0,0 +1,11 @@
|
|
||||||
+QA output created by 1518
|
|
||||||
+expect error to be logged ...
|
|
||||||
+__pmDecodeValueSet: PM_ERR_IPC: pmid[0] value[0] vindex=1020 (max=255)
|
|
||||||
+
|
|
||||||
+and no valgrind badness ...
|
|
||||||
+Memcheck, a memory error detector
|
|
||||||
+LEAK SUMMARY:
|
|
||||||
+definitely lost: 0 bytes in 0 blocks
|
|
||||||
+indirectly lost: 0 bytes in 0 blocks
|
|
||||||
+Rerun with --leak-check=full to see details of leaked memory
|
|
||||||
+ERROR SUMMARY: 0 errors from 0 contexts ...
|
|
||||||
diff -Naurp pcp-6.2.0.orig/qa/group pcp-6.2.0/qa/group
|
|
||||||
--- pcp-6.2.0.orig/qa/group 2024-02-11 23:48:09.000000000 +1100
|
|
||||||
+++ pcp-6.2.0/qa/group 2024-09-17 10:11:45.815874621 +1000
|
|
||||||
@@ -1951,6 +1951,7 @@ x11
|
|
||||||
1503 pcp pidstat ps python local
|
|
||||||
1511 pmcd local pmda.sample
|
|
||||||
1515 pmda.denki local valgrind
|
|
||||||
+1518 pmcd libpcp local
|
|
||||||
1530 pmda.zfs local valgrind
|
|
||||||
1531 pmda.zfs local valgrind
|
|
||||||
1532 pmda.zfs local
|
|
||||||
diff -Naurp pcp-6.2.0.orig/src/libpcp/src/endian.c pcp-6.2.0/src/libpcp/src/endian.c
|
|
||||||
--- pcp-6.2.0.orig/src/libpcp/src/endian.c 2023-11-16 17:51:39.000000000 +1100
|
|
||||||
+++ pcp-6.2.0/src/libpcp/src/endian.c 2024-09-17 10:11:45.820874627 +1000
|
|
||||||
@@ -275,13 +275,17 @@ ntohEventArray(pmValueBlock * const vb,
|
|
||||||
}
|
|
||||||
|
|
||||||
void
|
|
||||||
-__ntohpmValueBlock(pmValueBlock * const vb)
|
|
||||||
+__ntohpmValueBlock_hdr(pmValueBlock * const vb)
|
|
||||||
{
|
|
||||||
unsigned int *ip = (unsigned int *)vb;
|
|
||||||
|
|
||||||
/* Swab the first word, which contain vtype and vlen */
|
|
||||||
*ip = ntohl(*ip);
|
|
||||||
+}
|
|
||||||
|
|
||||||
+void
|
|
||||||
+__ntohpmValueBlock_buf(pmValueBlock * const vb)
|
|
||||||
+{
|
|
||||||
switch (vb->vtype) {
|
|
||||||
case PM_TYPE_U64:
|
|
||||||
case PM_TYPE_64:
|
|
||||||
@@ -305,6 +309,13 @@ __ntohpmValueBlock(pmValueBlock * const
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+void
|
|
||||||
+__ntohpmValueBlock(pmValueBlock * const vb)
|
|
||||||
+{
|
|
||||||
+ __ntohpmValueBlock_hdr(vb);
|
|
||||||
+ __ntohpmValueBlock_buf(vb);
|
|
||||||
+}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifndef __htonpmPDUInfo
|
|
||||||
diff -Naurp pcp-6.2.0.orig/src/libpcp/src/internal.h pcp-6.2.0/src/libpcp/src/internal.h
|
|
||||||
--- pcp-6.2.0.orig/src/libpcp/src/internal.h 2023-11-16 17:51:39.000000000 +1100
|
|
||||||
+++ pcp-6.2.0/src/libpcp/src/internal.h 2024-09-17 10:11:45.823874630 +1000
|
|
||||||
@@ -60,6 +60,8 @@ extern int __pmGetDate(struct timespec *
|
|
||||||
#define __ntohpmLabel(a) /* noop */
|
|
||||||
#define __htonpmValueBlock(a) /* noop */
|
|
||||||
#define __ntohpmValueBlock(a) /* noop */
|
|
||||||
+#define __ntohpmValueBlock_hdr(a) /* noop */
|
|
||||||
+#define __ntohpmValueBlock_buf(a) /* noop */
|
|
||||||
#define __htonf(a) /* noop */
|
|
||||||
#define __ntohf(a) /* noop */
|
|
||||||
#define __htond(a) /* noop */
|
|
||||||
@@ -90,6 +92,8 @@ extern void __htonpmLabel(pmLabel * cons
|
|
||||||
extern void __ntohpmLabel(pmLabel * const) _PCP_HIDDEN;
|
|
||||||
extern void __htonpmValueBlock(pmValueBlock * const) _PCP_HIDDEN;
|
|
||||||
extern void __ntohpmValueBlock(pmValueBlock * const) _PCP_HIDDEN;
|
|
||||||
+extern void __ntohpmValueBlock_hdr(pmValueBlock * const) _PCP_HIDDEN;
|
|
||||||
+extern void __ntohpmValueBlock_buf(pmValueBlock * const) _PCP_HIDDEN;
|
|
||||||
extern void __htonf(char *) _PCP_HIDDEN; /* float */
|
|
||||||
#define __ntohf(v) __htonf(v)
|
|
||||||
#define __htond(v) __htonll(v) /* double */
|
|
||||||
diff -Naurp pcp-6.2.0.orig/src/libpcp/src/p_result.c pcp-6.2.0/src/libpcp/src/p_result.c
|
|
||||||
--- pcp-6.2.0.orig/src/libpcp/src/p_result.c 2023-11-16 17:51:39.000000000 +1100
|
|
||||||
+++ pcp-6.2.0/src/libpcp/src/p_result.c 2024-09-17 10:18:17.264314112 +1000
|
|
||||||
@@ -323,6 +323,135 @@ __pmSendHighResResult(int fd, int from,
|
|
||||||
return __pmSendHighResResult_ctx(NULL, fd, from, result);
|
|
||||||
}
|
|
||||||
|
|
||||||
+/* Check that a network encoded event array is within a given buffer size */
|
|
||||||
+int
|
|
||||||
+__pmEventArrayCheck(pmValueBlock * const vb, int highres, int pmid, int value, size_t check)
|
|
||||||
+{
|
|
||||||
+ char *base;
|
|
||||||
+ int r; /* records */
|
|
||||||
+ int p; /* parameters in a record ... */
|
|
||||||
+ int nrecords;
|
|
||||||
+ int nparams;
|
|
||||||
+
|
|
||||||
+ if (highres) {
|
|
||||||
+ pmHighResEventArray *hreap = (pmHighResEventArray *)vb;
|
|
||||||
+ base = (char *)&hreap->ea_record[0];
|
|
||||||
+ if (base > (char *)vb + check) {
|
|
||||||
+ if (pmDebugOptions.pdu)
|
|
||||||
+ fprintf(stderr, "__pmEventArrayCheck #1: PM_ERR_IPC: pmid[%d] value[%d] highres event records past end of PDU buffer\n",
|
|
||||||
+ pmid, value);
|
|
||||||
+ return PM_ERR_IPC;
|
|
||||||
+ }
|
|
||||||
+ nrecords = ntohl(hreap->ea_nrecords);
|
|
||||||
+ }
|
|
||||||
+ else {
|
|
||||||
+ pmEventArray *eap = (pmEventArray *)vb;
|
|
||||||
+ base = (char *)&eap->ea_record[0];
|
|
||||||
+ if (base > (char *)vb + check) {
|
|
||||||
+ if (pmDebugOptions.pdu)
|
|
||||||
+ fprintf(stderr, "__pmEventArrayCheck #2: PM_ERR_IPC: pmid[%d] value[%d] event records past end of PDU buffer\n",
|
|
||||||
+ pmid, value);
|
|
||||||
+ return PM_ERR_IPC;
|
|
||||||
+ }
|
|
||||||
+ nrecords = ntohl(eap->ea_nrecords);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ /* walk packed event record array */
|
|
||||||
+ for (r = 0; r < nrecords; r++) {
|
|
||||||
+ unsigned int flags, type;
|
|
||||||
+ size_t size, remaining;
|
|
||||||
+
|
|
||||||
+ remaining = check - (base - (char *)vb);
|
|
||||||
+ if (highres) {
|
|
||||||
+ pmHighResEventRecord *hrerp = (pmHighResEventRecord *)base;
|
|
||||||
+ size = sizeof(hrerp->er_timestamp) + sizeof(hrerp->er_flags) +
|
|
||||||
+ sizeof(hrerp->er_nparams);
|
|
||||||
+ if (size > remaining) {
|
|
||||||
+ if (pmDebugOptions.pdu)
|
|
||||||
+ fprintf(stderr, "__pmEventArrayCheck #3: PM_ERR_IPC: pmid[%d] value[%d] record[%d] highres event record past end of PDU buffer\n",
|
|
||||||
+ pmid, value, r);
|
|
||||||
+ return PM_ERR_IPC;
|
|
||||||
+ }
|
|
||||||
+ nparams = ntohl(hrerp->er_nparams);
|
|
||||||
+ flags = ntohl(hrerp->er_flags);
|
|
||||||
+ }
|
|
||||||
+ else {
|
|
||||||
+ pmEventRecord *erp = (pmEventRecord *)base;
|
|
||||||
+ size = sizeof(erp->er_timestamp) + sizeof(erp->er_flags) +
|
|
||||||
+ sizeof(erp->er_nparams);
|
|
||||||
+ if (size > remaining) {
|
|
||||||
+ if (pmDebugOptions.pdu)
|
|
||||||
+ fprintf(stderr, "__pmEventArrayCheck #4: PM_ERR_IPC: pmid[%d] value[%d] record[%d] event record past end of PDU buffer\n",
|
|
||||||
+ pmid, value, r);
|
|
||||||
+ return PM_ERR_IPC;
|
|
||||||
+ }
|
|
||||||
+ nparams = ntohl(erp->er_nparams);
|
|
||||||
+ flags = ntohl(erp->er_flags);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (flags & PM_EVENT_FLAG_MISSED)
|
|
||||||
+ nparams = 0;
|
|
||||||
+
|
|
||||||
+ base += size;
|
|
||||||
+ remaining = check - (base - (char *)vb);
|
|
||||||
+
|
|
||||||
+ for (p = 0; p < nparams; p++) {
|
|
||||||
+ __uint32_t *tp; /* points to int holding vtype/vlen */
|
|
||||||
+ pmEventParameter *epp = (pmEventParameter *)base;
|
|
||||||
+
|
|
||||||
+ if (sizeof(pmEventParameter) > remaining) {
|
|
||||||
+ if (pmDebugOptions.pdu)
|
|
||||||
+ fprintf(stderr, "__pmEventArrayCheck #5: PM_ERR_IPC: pmid[%d] value[%d] record[%d] param[%d] event record past end of PDU buffer\n",
|
|
||||||
+ pmid, value, r, p);
|
|
||||||
+ return PM_ERR_IPC;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ tp = (__uint32_t *)&epp->ep_pmid;
|
|
||||||
+ tp++; /* now points to ep_type/ep_len */
|
|
||||||
+ *tp = ntohl(*tp);
|
|
||||||
+ type = epp->ep_type;
|
|
||||||
+ size = epp->ep_len;
|
|
||||||
+ *tp = htonl(*tp); /* leave the buffer how we found it */
|
|
||||||
+
|
|
||||||
+ if (sizeof(pmID) + size > remaining) {
|
|
||||||
+ if (pmDebugOptions.pdu)
|
|
||||||
+ fprintf(stderr, "__pmEventArrayCheck #6: PM_ERR_IPC: pmid[%d] value[%d] record[%d] param[%d] event record past end of PDU buffer\n",
|
|
||||||
+ pmid, value, r, p);
|
|
||||||
+ return PM_ERR_IPC;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ base += sizeof(pmID) + PM_PDU_SIZE_BYTES(size);
|
|
||||||
+
|
|
||||||
+ /*
|
|
||||||
+ * final check for the types below, ep_len should be 4 or
|
|
||||||
+ * 8, but a malformed PDU could have smaller ep_len values
|
|
||||||
+ * and then unpacking these types risk going past the end
|
|
||||||
+ * of the PDU buffer
|
|
||||||
+ */
|
|
||||||
+ size = 0;
|
|
||||||
+ switch (type) {
|
|
||||||
+ case PM_TYPE_32:
|
|
||||||
+ case PM_TYPE_U32:
|
|
||||||
+ case PM_TYPE_FLOAT:
|
|
||||||
+ size = 4; /* 32-bit types */
|
|
||||||
+ break;
|
|
||||||
+ case PM_TYPE_64:
|
|
||||||
+ case PM_TYPE_U64:
|
|
||||||
+ case PM_TYPE_DOUBLE:
|
|
||||||
+ size = 8; /* 64-bit types */
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+ if (size > 0 && sizeof(pmID) + size > remaining) {
|
|
||||||
+ if (pmDebugOptions.pdu)
|
|
||||||
+ fprintf(stderr, "__pmEventArrayCheck #7: PM_ERR_IPC: pmid[%d] value[%d] record[%d] param[%d] event record past end of PDU buffer\n",
|
|
||||||
+ pmid, value, r, p);
|
|
||||||
+ return PM_ERR_IPC;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ return 0;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
#if defined(HAVE_64BIT_PTR)
|
|
||||||
int
|
|
||||||
__pmDecodeValueSet(__pmPDU *pdubuf, int pdulen, __pmPDU *data, char *pduend,
|
|
||||||
@@ -336,7 +465,7 @@ __pmDecodeValueSet(__pmPDU *pdubuf, int
|
|
||||||
int i, j;
|
|
||||||
/*
|
|
||||||
* Note: all sizes are in units of bytes ... beware that 'data' is in
|
|
||||||
- * units of __pmPDU
|
|
||||||
+ * units of __pmPDU (four bytes)
|
|
||||||
*/
|
|
||||||
int vsize; /* size of vlist_t's in PDU buffer */
|
|
||||||
int nvsize; /* size of pmValue's after decode */
|
|
||||||
@@ -414,11 +543,10 @@ __pmDecodeValueSet(__pmPDU *pdubuf, int
|
|
||||||
return PM_ERR_IPC;
|
|
||||||
}
|
|
||||||
vindex = ntohl(pduvp->value.lval);
|
|
||||||
- if (vindex < 0 || vindex > pdulen) {
|
|
||||||
+ if (vindex < 0 || (char *)&pdubuf[vindex] >= pduend) {
|
|
||||||
if (pmDebugOptions.pdu && pmDebugOptions.desperate)
|
|
||||||
- fprintf(stderr, "%s: Bad: pmid[%d] value[%d] "
|
|
||||||
- "vindex=%d\n",
|
|
||||||
- "__pmDecodeValueSet", i, j, vindex);
|
|
||||||
+ fprintf(stderr, "__pmDecodeValueSet: PM_ERR_IPC: pmid[%d] value[%d] vindex=%d (max=%ld)\n",
|
|
||||||
+ i, j, vindex, (long)((pduend-(char *)pdubuf) / sizeof(pdubuf[0])-1));
|
|
||||||
return PM_ERR_IPC;
|
|
||||||
}
|
|
||||||
pduvbp = (pmValueBlock *)&pdubuf[vindex];
|
|
||||||
@@ -427,29 +555,31 @@ __pmDecodeValueSet(__pmPDU *pdubuf, int
|
|
||||||
check = (size_t)(pduend - (char *)pduvbp);
|
|
||||||
if (sizeof(unsigned int) > check) {
|
|
||||||
if (pmDebugOptions.pdu && pmDebugOptions.desperate)
|
|
||||||
- fprintf(stderr, "%s: Bad: pmid[%d] value[%d] "
|
|
||||||
- "second pduvp past end of "
|
|
||||||
- "PDU buffer\n",
|
|
||||||
- "__pmDecodeValueSet", i, j);
|
|
||||||
+ fprintf(stderr, "__pmDecodeValueSet: PM_ERR_IPC: pmid[%d] value[%d] second pduvp past end of PDU buffer\n",
|
|
||||||
+ i, j);
|
|
||||||
return PM_ERR_IPC;
|
|
||||||
}
|
|
||||||
-
|
|
||||||
- __ntohpmValueBlock(pduvbp);
|
|
||||||
+ __ntohpmValueBlock_hdr(pduvbp);
|
|
||||||
if (pduvbp->vlen < PM_VAL_HDR_SIZE ||
|
|
||||||
pduvbp->vlen > pdulen) {
|
|
||||||
- if (pmDebugOptions.pdu && pmDebugOptions.desperate)
|
|
||||||
- fprintf(stderr, "%s: Bad: pmid[%d] value[%d] "
|
|
||||||
- "vlen=%d\n", "__pmDecodeValueSet",
|
|
||||||
- i, j, pduvbp->vlen);
|
|
||||||
+ if (pmDebugOptions.pdu)
|
|
||||||
+ fprintf(stderr, "__pmDecodeValueSet: PM_ERR_IPC: pmid[%d] value[%d] vlen=%d\n",
|
|
||||||
+ i, j, pduvbp->vlen);
|
|
||||||
return PM_ERR_IPC;
|
|
||||||
}
|
|
||||||
- if (pduvbp->vlen > (size_t)(pduend - (char *)pduvbp)) {
|
|
||||||
- if (pmDebugOptions.pdu && pmDebugOptions.desperate)
|
|
||||||
- fprintf(stderr, "%s: Bad: pmid[%d] value[%d] "
|
|
||||||
- "pduvp past end of PDU buffer\n",
|
|
||||||
- "__pmDecodeValueSet", i, j);
|
|
||||||
+ if (pduvbp->vlen > check) {
|
|
||||||
+ if (pmDebugOptions.pdu)
|
|
||||||
+ fprintf(stderr, "__pmDecodeValueSet: PM_ERR_IPC: pmid[%d] value[%d] pduvp past end of PDU buffer\n",
|
|
||||||
+ i, j);
|
|
||||||
return PM_ERR_IPC;
|
|
||||||
}
|
|
||||||
+ if (pduvbp->vtype == PM_TYPE_HIGHRES_EVENT ||
|
|
||||||
+ pduvbp->vtype == PM_TYPE_EVENT) {
|
|
||||||
+ vindex = (pduvbp->vtype == PM_TYPE_HIGHRES_EVENT);
|
|
||||||
+ if (__pmEventArrayCheck(pduvbp, vindex, i, j, check) < 0)
|
|
||||||
+ return PM_ERR_IPC;
|
|
||||||
+ }
|
|
||||||
+ __ntohpmValueBlock_buf(pduvbp);
|
|
||||||
vbsize += PM_PDU_SIZE_BYTES(pduvbp->vlen);
|
|
||||||
if (pmDebugOptions.pdu && pmDebugOptions.desperate) {
|
|
||||||
fprintf(stderr, " len: %d type: %d",
|
|
||||||
@@ -682,11 +812,10 @@ __pmDecodeValueSet(__pmPDU *pdubuf, int
|
|
||||||
} else {
|
|
||||||
/* salvage pmValueBlocks from end of PDU */
|
|
||||||
vindex = ntohl(pduvp->value.lval);
|
|
||||||
- if (vindex < 0 || vindex > pdulen) {
|
|
||||||
+ if (vindex < 0 || (char *)&pdubuf[vindex] >= pduend) {
|
|
||||||
if (pmDebugOptions.pdu && pmDebugOptions.desperate)
|
|
||||||
- fprintf(stderr, "%s: Bad: pmid[%d] value[%d] "
|
|
||||||
- "vindex=%d\n",
|
|
||||||
- "__pmDecodeValueSet", i, j, vindex);
|
|
||||||
+ fprintf(stderr, "__pmDecodeValueSet: PM_ERR_IPC: pmid[%d] value[%d] vindex=%d (max=%ld)\n",
|
|
||||||
+ i, j, vindex, (long)((pduend-(char *)pdubuf) / sizeof(pdubuf[0])-1));
|
|
||||||
return PM_ERR_IPC;
|
|
||||||
}
|
|
||||||
pduvbp = (pmValueBlock *)&pdubuf[vindex];
|
|
||||||
@@ -701,7 +830,7 @@ __pmDecodeValueSet(__pmPDU *pdubuf, int
|
|
||||||
"__pmDecodeValueSet", i, j);
|
|
||||||
return PM_ERR_IPC;
|
|
||||||
}
|
|
||||||
- __ntohpmValueBlock(pduvbp);
|
|
||||||
+ __ntohpmValueBlock_hdr(pduvbp);
|
|
||||||
if (pduvbp->vlen < PM_VAL_HDR_SIZE ||
|
|
||||||
pduvbp->vlen > pdulen) {
|
|
||||||
if (pmDebugOptions.pdu && pmDebugOptions.desperate)
|
|
||||||
@@ -710,13 +839,20 @@ __pmDecodeValueSet(__pmPDU *pdubuf, int
|
|
||||||
i, j, pduvbp->vlen);
|
|
||||||
return PM_ERR_IPC;
|
|
||||||
}
|
|
||||||
- if (pduvbp->vlen > (size_t)(pduend - (char *)pduvbp)) {
|
|
||||||
+ if (pduvbp->vlen > check) {
|
|
||||||
if (pmDebugOptions.pdu && pmDebugOptions.desperate)
|
|
||||||
fprintf(stderr, "%s: Bad: pmid[%d] value[%d] "
|
|
||||||
"pduvp past end of PDU buffer\n",
|
|
||||||
"__pmDecodeValueSet", i, j);
|
|
||||||
return PM_ERR_IPC;
|
|
||||||
}
|
|
||||||
+ if (pduvbp->vtype == PM_TYPE_HIGHRES_EVENT ||
|
|
||||||
+ pduvbp->vtype == PM_TYPE_EVENT) {
|
|
||||||
+ vindex = (pduvbp->vtype == PM_TYPE_HIGHRES_EVENT);
|
|
||||||
+ if (__pmEventArrayCheck(pduvbp, vindex, i, j, check) < 0)
|
|
||||||
+ return PM_ERR_IPC;
|
|
||||||
+ }
|
|
||||||
+ __ntohpmValueBlock_buf(pduvbp);
|
|
||||||
pduvp->value.pval = pduvbp;
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,99 +0,0 @@
|
|||||||
diff -Naurp pcp-5.3.7.orig/qa/640 pcp-5.3.7/qa/640
|
|
||||||
--- pcp-5.3.7.orig/qa/640 2017-08-17 10:54:57.000000000 +1000
|
|
||||||
+++ pcp-5.3.7/qa/640 2024-09-09 13:41:12.440235947 +1000
|
|
||||||
@@ -6,6 +6,10 @@
|
|
||||||
# years; so we now simply check the right permissions are in place
|
|
||||||
# and move right along...
|
|
||||||
#
|
|
||||||
+# Aug 2024 update
|
|
||||||
+# SuSE Issue G identifies another possible exploit, so try that
|
|
||||||
+# as well.
|
|
||||||
+#
|
|
||||||
# Copyright (c) 1995-2002 Silicon Graphics, Inc. All Rights Reserved.
|
|
||||||
#
|
|
||||||
|
|
||||||
@@ -17,13 +21,54 @@ echo "QA output created by $seq"
|
|
||||||
. ./common.filter
|
|
||||||
. ./common.check
|
|
||||||
|
|
||||||
-status=0 # success is the default!
|
|
||||||
-trap "$sudo rm -f $tmp.*; exit \$status" 0 1 2 3 15
|
|
||||||
+rm -f $seq.full
|
|
||||||
+ls -li $PCP_LOG_DIR/NOTICES $tmp/badness >>$seq.full 2>&1
|
|
||||||
+
|
|
||||||
+_cleanup()
|
|
||||||
+{
|
|
||||||
+ if [ -f $PCP_LOG_DIR/NOTICES.$seq ]
|
|
||||||
+ then
|
|
||||||
+ $sudo rm -f $PCP_LOG_DIR/NOTICES
|
|
||||||
+ $sudo mv $PCP_LOG_DIR/NOTICES.$seq $PCP_LOG_DIR/NOTICES
|
|
||||||
+ fi
|
|
||||||
+ ls -li $PCP_LOG_DIR/NOTICES $tmp/badness >>$seq.full 2>&1
|
|
||||||
+ $sudo rm -rf $tmp $tmp.*
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+status=1 # failure is the default!
|
|
||||||
+trap "_cleanup; exit \$status" 0 1 2 3 15
|
|
||||||
+
|
|
||||||
+_filter()
|
|
||||||
+{
|
|
||||||
+ sed \
|
|
||||||
+ -e "s@$PCP_LOG_DIR@PCP_LOG_DIR@g" \
|
|
||||||
+ -e '/^pmpost:/s/\[.*]/[DATE]/' \
|
|
||||||
+ # end
|
|
||||||
+}
|
|
||||||
|
|
||||||
# real QA test starts here
|
|
||||||
pmpost=$PCP_BINADM_DIR/pmpost
|
|
||||||
-echo "Using pmpost binary: $pmpost" > $seq.full
|
|
||||||
+echo "Using pmpost binary: $pmpost" >>$seq.full
|
|
||||||
test -u "$pmpost" && echo "FAIL: pmpost has setuid bit set"
|
|
||||||
test -g "$pmpost" && echo "FAIL: pmpost has setgid bit set"
|
|
||||||
+
|
|
||||||
+$sudo mkdir $tmp || exit
|
|
||||||
+$sudo chmod 700 $tmp || exit
|
|
||||||
+$sudo -u $PCP_USER mv $PCP_LOG_DIR/NOTICES $PCP_LOG_DIR/NOTICES.$seq
|
|
||||||
+
|
|
||||||
+$sudo -u $PCP_USER ln -s $tmp/badness $PCP_LOG_DIR/NOTICES >>$seq.full
|
|
||||||
+$pmpost ordinary user 2>&1 | _filter
|
|
||||||
+$sudo ls -li $PCP_LOG_DIR/NOTICES $tmp/badness >>$seq.full 2>&1
|
|
||||||
+$sudo -u pcp $pmpost pcp user 2>&1 | _filter
|
|
||||||
+$sudo ls -li $PCP_LOG_DIR/NOTICES $tmp/badness >>$seq.full 2>&1
|
|
||||||
+$sudo $pmpost root user 2>&1 | _filter
|
|
||||||
+$sudo ls -li $PCP_LOG_DIR/NOTICES $tmp/badness >>$seq.full 2>&1
|
|
||||||
+if $sudo test -f $tmp/badness
|
|
||||||
+then
|
|
||||||
+ $sudo cat $tmp/badness
|
|
||||||
+fi
|
|
||||||
+
|
|
||||||
echo "Test complete"
|
|
||||||
+
|
|
||||||
+status=0
|
|
||||||
exit
|
|
||||||
diff -Naurp pcp-5.3.7.orig/qa/640.out pcp-5.3.7/qa/640.out
|
|
||||||
--- pcp-5.3.7.orig/qa/640.out 2017-08-17 10:54:57.000000000 +1000
|
|
||||||
+++ pcp-5.3.7/qa/640.out 2024-09-09 13:41:12.440235947 +1000
|
|
||||||
@@ -1,2 +1,5 @@
|
|
||||||
QA output created by 640
|
|
||||||
+pmpost: unposted message: [DATE] ordinary user
|
|
||||||
+pmpost: unposted message: [DATE] pcp user
|
|
||||||
+pmpost: unposted message: [DATE] root user
|
|
||||||
Test complete
|
|
||||||
diff -Naurp pcp-5.3.7.orig/src/pmpost/pmpost.c pcp-5.3.7/src/pmpost/pmpost.c
|
|
||||||
--- pcp-5.3.7.orig/src/pmpost/pmpost.c 2021-02-17 15:27:41.000000000 +1100
|
|
||||||
+++ pcp-5.3.7/src/pmpost/pmpost.c 2024-09-09 13:41:12.440235947 +1000
|
|
||||||
@@ -141,8 +141,12 @@ main(int argc, char **argv)
|
|
||||||
goto oops;
|
|
||||||
}
|
|
||||||
|
|
||||||
- if ((fd = open(notices, O_WRONLY|O_APPEND, 0)) < 0) {
|
|
||||||
- if ((fd = open(notices, O_WRONLY|O_CREAT|O_APPEND, 0664)) < 0) {
|
|
||||||
+ if ((fd = open(notices, O_WRONLY|O_APPEND|O_NOFOLLOW, 0)) < 0) {
|
|
||||||
+ if (oserror() == ELOOP) {
|
|
||||||
+ /* last component is symlink => attack? ... bail! */
|
|
||||||
+ goto oops;
|
|
||||||
+ }
|
|
||||||
+ if ((fd = open(notices, O_WRONLY|O_CREAT|O_APPEND|O_NOFOLLOW, 0664)) < 0) {
|
|
||||||
fprintf(stderr, "pmpost: cannot open or create file \"%s\": %s\n",
|
|
||||||
notices, osstrerror());
|
|
||||||
goto oops;
|
|
@ -0,0 +1,186 @@
|
|||||||
|
diff -Naurp pcp-6.2.2.orig/configure pcp-6.2.2/configure
|
||||||
|
--- pcp-6.2.2.orig/configure 2024-05-08 09:18:25.000000000 +1000
|
||||||
|
+++ pcp-6.2.2/configure 2024-06-10 13:07:44.487533040 +1000
|
||||||
|
@@ -4885,12 +4885,12 @@ then :
|
||||||
|
PCFLAGS="$PCFLAGS -Wno-array-bounds"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking sizeof time_t" >&5
|
||||||
|
-printf %s "checking sizeof time_t... " >&6; }
|
||||||
|
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking sizeof off_t" >&5
|
||||||
|
+printf %s "checking sizeof off_t... " >&6; }
|
||||||
|
cat <<End-of-File >conftest.c
|
||||||
|
#include <stdio.h>
|
||||||
|
-#include <sys/time.h>
|
||||||
|
-int main() { printf("%d", (int)sizeof(time_t)); return 0; }
|
||||||
|
+#include <sys/types.h>
|
||||||
|
+int main() { printf("%d", (int)sizeof(off_t)); return 0; }
|
||||||
|
End-of-File
|
||||||
|
(eval $ac_compile) 2>&5
|
||||||
|
(eval $ac_link) 2>&5
|
||||||
|
@@ -4900,25 +4900,7 @@ rm -rf conftest conftest.*
|
||||||
|
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ans" >&5
|
||||||
|
printf "%s\n" "$ans" >&6; }
|
||||||
|
if test "$ans" = 4; then
|
||||||
|
- PCFLAGS="$PCFLAGS -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64"
|
||||||
|
-else
|
||||||
|
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking sizeof off_t" >&5
|
||||||
|
-printf %s "checking sizeof off_t... " >&6; }
|
||||||
|
- cat <<End-of-File >conftest.c
|
||||||
|
-#include <stdio.h>
|
||||||
|
-#include <sys/types.h>
|
||||||
|
-int main() { printf("%d", (int)sizeof(off_t)); return 0; }
|
||||||
|
-End-of-File
|
||||||
|
- (eval $ac_compile) 2>&5
|
||||||
|
- (eval $ac_link) 2>&5
|
||||||
|
- ans=`./conftest`
|
||||||
|
- echo "./conftest -> \"$ans\"" >&5
|
||||||
|
- rm -rf conftest conftest.*
|
||||||
|
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ans" >&5
|
||||||
|
-printf "%s\n" "$ans" >&6; }
|
||||||
|
- if test "$ans" = 4; then
|
||||||
|
- PCFLAGS="$PCFLAGS -D_FILE_OFFSET_BITS=64"
|
||||||
|
- fi
|
||||||
|
+ PCFLAGS="$PCFLAGS -D_FILE_OFFSET_BITS=64"
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
diff -Naurp pcp-6.2.2.orig/configure.ac pcp-6.2.2/configure.ac
|
||||||
|
--- pcp-6.2.2.orig/configure.ac 2024-05-08 09:18:25.000000000 +1000
|
||||||
|
+++ pcp-6.2.2/configure.ac 2024-06-10 13:07:42.552530243 +1000
|
||||||
|
@@ -438,13 +438,12 @@ if ! echo "$CFLAGS" | grep -- -Wno-array
|
||||||
|
then
|
||||||
|
AS_IF([test "x$cc_is_gcc" = xyes ],[PCFLAGS="$PCFLAGS -Wno-array-bounds"])
|
||||||
|
fi
|
||||||
|
-dnl we also need to worry about time_t ... we need it to be 64-bits for Y2038;
|
||||||
|
-dnl _FILE_OFFSET_BITS and _TIME_BITS must be set together for the 32-bit case.
|
||||||
|
-AC_MSG_CHECKING([sizeof time_t])
|
||||||
|
+dnl and we need to worry about off_t ... we need it to be 64-bits for V3 archives
|
||||||
|
+AC_MSG_CHECKING([sizeof off_t])
|
||||||
|
cat <<End-of-File >conftest.c
|
||||||
|
#include <stdio.h>
|
||||||
|
-#include <sys/time.h>
|
||||||
|
-int main() { printf("%d", (int)sizeof(time_t)); return 0; }
|
||||||
|
+#include <sys/types.h>
|
||||||
|
+int main() { printf("%d", (int)sizeof(off_t)); return 0; }
|
||||||
|
End-of-File
|
||||||
|
(eval $ac_compile) 2>&5
|
||||||
|
(eval $ac_link) 2>&5
|
||||||
|
@@ -453,25 +452,7 @@ echo "./conftest -> \"$ans\"" >&5
|
||||||
|
rm -rf conftest conftest.*
|
||||||
|
AC_MSG_RESULT($ans)
|
||||||
|
if test "$ans" = 4; then
|
||||||
|
- PCFLAGS="$PCFLAGS -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64"
|
||||||
|
-else
|
||||||
|
- dnl we may need to check off_t ... we need it to be 64-bits for V3 archives
|
||||||
|
- dnl this check is optional only because it may be set already (just prior).
|
||||||
|
- AC_MSG_CHECKING([sizeof off_t])
|
||||||
|
- cat <<End-of-File >conftest.c
|
||||||
|
-#include <stdio.h>
|
||||||
|
-#include <sys/types.h>
|
||||||
|
-int main() { printf("%d", (int)sizeof(off_t)); return 0; }
|
||||||
|
-End-of-File
|
||||||
|
- (eval $ac_compile) 2>&5
|
||||||
|
- (eval $ac_link) 2>&5
|
||||||
|
- ans=`./conftest`
|
||||||
|
- echo "./conftest -> \"$ans\"" >&5
|
||||||
|
- rm -rf conftest conftest.*
|
||||||
|
- AC_MSG_RESULT($ans)
|
||||||
|
- if test "$ans" = 4; then
|
||||||
|
- PCFLAGS="$PCFLAGS -D_FILE_OFFSET_BITS=64"
|
||||||
|
- fi
|
||||||
|
+ PCFLAGS="$PCFLAGS -D_FILE_OFFSET_BITS=64"
|
||||||
|
fi
|
||||||
|
AC_SUBST(PCFLAGS)
|
||||||
|
AC_SUBST(PLDFLAGS)
|
||||||
|
diff -Naurp pcp-6.2.2.orig/src/perl/LogImport/Makefile.PL pcp-6.2.2/src/perl/LogImport/Makefile.PL
|
||||||
|
--- pcp-6.2.2.orig/src/perl/LogImport/Makefile.PL 2024-05-08 09:18:25.000000000 +1000
|
||||||
|
+++ pcp-6.2.2/src/perl/LogImport/Makefile.PL 2024-06-10 13:07:42.553530244 +1000
|
||||||
|
@@ -37,7 +37,7 @@ WriteMakefile(
|
||||||
|
OPTIMIZE => '-g',
|
||||||
|
XSPROTOARG => '-noprototypes',
|
||||||
|
OBJECT => 'LogImport.o',
|
||||||
|
- DEFINE => '-DPERLIO_NOT_STDIO=0 -DPCP_VERSION -D_TIME_BITS=64 -D_FILE_OFFSET_BITS=64',
|
||||||
|
+ DEFINE => '-DPERLIO_NOT_STDIO=0 -DPCP_VERSION',
|
||||||
|
LDFROM => $ldfrom,
|
||||||
|
LDDLFLAGS => $lddlflags,
|
||||||
|
CCCDLFLAGS => $cccdlflags,
|
||||||
|
diff -Naurp pcp-6.2.2.orig/src/perl/MMV/Makefile.PL pcp-6.2.2/src/perl/MMV/Makefile.PL
|
||||||
|
--- pcp-6.2.2.orig/src/perl/MMV/Makefile.PL 2024-05-08 09:18:25.000000000 +1000
|
||||||
|
+++ pcp-6.2.2/src/perl/MMV/Makefile.PL 2024-06-10 13:07:42.553530244 +1000
|
||||||
|
@@ -37,7 +37,7 @@ WriteMakefile(
|
||||||
|
OPTIMIZE => '-g',
|
||||||
|
XSPROTOARG => '-noprototypes',
|
||||||
|
OBJECT => 'MMV.o',
|
||||||
|
- DEFINE => '-DPERLIO_NOT_STDIO=0 -DPCP_VERSION -D_TIME_BITS=64 -D_FILE_OFFSET_BITS=64',
|
||||||
|
+ DEFINE => '-DPERLIO_NOT_STDIO=0 -DPCP_VERSION',
|
||||||
|
LDFROM => $ldfrom,
|
||||||
|
LDDLFLAGS => $lddlflags,
|
||||||
|
CCCDLFLAGS => $cccdlflags,
|
||||||
|
diff -Naurp pcp-6.2.2.orig/src/perl/PMDA/Makefile.PL pcp-6.2.2/src/perl/PMDA/Makefile.PL
|
||||||
|
--- pcp-6.2.2.orig/src/perl/PMDA/Makefile.PL 2024-05-08 09:18:25.000000000 +1000
|
||||||
|
+++ pcp-6.2.2/src/perl/PMDA/Makefile.PL 2024-06-10 13:07:42.553530244 +1000
|
||||||
|
@@ -54,7 +54,7 @@ WriteMakefile(
|
||||||
|
OPTIMIZE => '-g',
|
||||||
|
XSPROTOARG => '-noprototypes',
|
||||||
|
OBJECT => 'local.o PMDA.o',
|
||||||
|
- DEFINE => '-DPERLIO_NOT_STDIO=0 -DPCP_VERSION -D_TIME_BITS=64 -D_FILE_OFFSET_BITS=64',
|
||||||
|
+ DEFINE => '-DPERLIO_NOT_STDIO=0 -DPCP_VERSION',
|
||||||
|
LDFROM => $ldfrom,
|
||||||
|
LDDLFLAGS => $lddlflags,
|
||||||
|
CCCDLFLAGS => $cccdlflags,
|
||||||
|
diff -Naurp pcp-6.2.2.orig/src/python/pmapi.c pcp-6.2.2/src/python/pmapi.c
|
||||||
|
--- pcp-6.2.2.orig/src/python/pmapi.c 2024-05-08 09:18:25.000000000 +1000
|
||||||
|
+++ pcp-6.2.2/src/python/pmapi.c 2024-06-10 13:07:42.554530246 +1000
|
||||||
|
@@ -24,8 +24,6 @@
|
||||||
|
** **
|
||||||
|
\**************************************************************************/
|
||||||
|
#define PY_SSIZE_T_CLEAN
|
||||||
|
-#define _FILE_OFFSET_BITS 64
|
||||||
|
-#define _TIME_BITS 64
|
||||||
|
#include <Python.h>
|
||||||
|
#define PMAPI_VERSION 3
|
||||||
|
#include <pcp/pmapi.h>
|
||||||
|
diff -Naurp pcp-6.2.2.orig/src/python/pmda.c pcp-6.2.2/src/python/pmda.c
|
||||||
|
--- pcp-6.2.2.orig/src/python/pmda.c 2024-05-08 09:18:25.000000000 +1000
|
||||||
|
+++ pcp-6.2.2/src/python/pmda.c 2024-06-10 13:07:42.554530246 +1000
|
||||||
|
@@ -1,5 +1,5 @@
|
||||||
|
/*
|
||||||
|
- * Copyright (C) 2013-2015,2017-2021,2024 Red Hat.
|
||||||
|
+ * Copyright (C) 2013-2015,2017-2021 Red Hat.
|
||||||
|
*
|
||||||
|
* This file is part of the "pcp" module, the python interfaces for the
|
||||||
|
* Performance Co-Pilot toolkit.
|
||||||
|
@@ -21,8 +21,6 @@
|
||||||
|
* python PMDAs via the pmda.py module, using ctypes.
|
||||||
|
*/
|
||||||
|
#define PY_SSIZE_T_CLEAN
|
||||||
|
-#define _FILE_OFFSET_BITS 64
|
||||||
|
-#define _TIME_BITS 64
|
||||||
|
#include <Python.h>
|
||||||
|
#include <pcp/pmapi.h>
|
||||||
|
#include <pcp/pmda.h>
|
||||||
|
diff -Naurp pcp-6.2.2.orig/src/python/pmgui.c pcp-6.2.2/src/python/pmgui.c
|
||||||
|
--- pcp-6.2.2.orig/src/python/pmgui.c 2024-05-08 09:18:25.000000000 +1000
|
||||||
|
+++ pcp-6.2.2/src/python/pmgui.c 2024-06-10 13:07:42.554530246 +1000
|
||||||
|
@@ -23,8 +23,6 @@
|
||||||
|
** **
|
||||||
|
\**************************************************************************/
|
||||||
|
#define PY_SSIZE_T_CLEAN
|
||||||
|
-#define _FILE_OFFSET_BITS 64
|
||||||
|
-#define _TIME_BITS 64
|
||||||
|
#include <Python.h>
|
||||||
|
#include <pcp/pmafm.h>
|
||||||
|
#include <pcp/pmtime.h>
|
||||||
|
diff -Naurp pcp-6.2.2.orig/src/python/pmi.c pcp-6.2.2/src/python/pmi.c
|
||||||
|
--- pcp-6.2.2.orig/src/python/pmi.c 2024-05-08 09:18:25.000000000 +1000
|
||||||
|
+++ pcp-6.2.2/src/python/pmi.c 2024-06-10 13:07:42.554530246 +1000
|
||||||
|
@@ -23,8 +23,6 @@
|
||||||
|
** **
|
||||||
|
\**************************************************************************/
|
||||||
|
#define PY_SSIZE_T_CLEAN
|
||||||
|
-#define _FILE_OFFSET_BITS 64
|
||||||
|
-#define _TIME_BITS 64
|
||||||
|
#include <Python.h>
|
||||||
|
#include <pcp/pmapi.h>
|
||||||
|
#include <pcp/import.h>
|
Loading…
Reference in new issue