From 502ba0e86dc7cce80bb19de7828c71c8da965503 Mon Sep 17 00:00:00 2001
From: Rodny Molina <rodnymolina@hotmail.com>
Date: Fri, 27 Jul 2018 17:46:33 -0700
Subject: [PATCH] Fix for bash's memory-leak (#1879)

* Fix for bash's memory-leak

Memory leak is observed during the execution of scripts that make use of bash-arrays. In scenarios where the offending script is executed on a regular basis (e.g. fancontrol), the leaking process may end up consuming most of the system resources.

In this PR i'm replacing bash in all the contexts where it executes (both host and dockers). The official patch for this issue is here: https://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-040

* Fixing minor issue during code-merge

Signed-off-by: Rodny Molina <rmolina@linkedin.com>
---
 files/build_templates/sonic_debian_extension.j2 |  5 +++++
 rules/bash.mk                                   | 17 +++++++++++++++++
 rules/docker-base.mk                            |  1 +
 slave.mk                                        |  1 +
 sonic-slave/Dockerfile                          |  4 +++-
 src/bash/Makefile                               | 16 ++++++++++++++++
 6 files changed, 43 insertions(+), 1 deletion(-)
 create mode 100644 rules/bash.mk
 create mode 100644 src/bash/Makefile

diff --git a/files/build_templates/sonic_debian_extension.j2 b/files/build_templates/sonic_debian_extension.j2
index 4898bdb294..b9c469d3ed 100644
--- a/files/build_templates/sonic_debian_extension.j2
+++ b/files/build_templates/sonic_debian_extension.j2
@@ -93,6 +93,11 @@ sudo rm -rf $FILESYSTEM_ROOT/$PLATFORM_COMMON_PY2_WHEEL_NAME
 sudo dpkg --root=$FILESYSTEM_ROOT -i target/debs/python-sonic-utilities_*.deb || \
     sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f
 
+# Install customized bash version to patch memory-leak issue. This instruction shall be removed
+# once the migration to Debian-9 (Stretch) is completed.
+sudo dpkg --root=$FILESYSTEM_ROOT -i target/debs/bash_*.deb || \
+    sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f
+
 # SONiC utilities installs bash-completion as a dependency. However, it is disabled by default
 # in bash.bashrc, so we copy a version of the file with it enabled here.
 sudo cp -f $IMAGE_CONFIGS/bash/bash.bashrc $FILESYSTEM_ROOT/etc/
diff --git a/rules/bash.mk b/rules/bash.mk
new file mode 100644
index 0000000000..e31b237ae1
--- /dev/null
+++ b/rules/bash.mk
@@ -0,0 +1,17 @@
+# bash package
+#
+# Created to patch memory-leak issue in the bash-package included in Debian-8 (Jessie)
+# release. This rule file, and the associated building-infra created to solve this
+# bug (src/bash/), should be eliminated once the migration to Debian-9 (Stretch) is
+# completed.
+
+# Bash major release-number corresponding to Debian-8 (Jessie)
+BASH_VERSION_MAJOR = 4.3
+# Bash complete release-number. This image contains all 4.3 fixes  up to patch '42'.
+BASH_VERSION_FULL = $(BASH_VERSION_MAJOR)-14
+
+export BASH_VERSION_MAJOR BASH_VERSION_FULL
+
+BASH = bash_$(BASH_VERSION_FULL)_amd64.deb
+$(BASH)_SRC_PATH = $(SRC_PATH)/bash
+SONIC_MAKE_DEBS += $(BASH)
diff --git a/rules/docker-base.mk b/rules/docker-base.mk
index 4a419008e9..a6b0cba476 100644
--- a/rules/docker-base.mk
+++ b/rules/docker-base.mk
@@ -4,6 +4,7 @@ DOCKER_BASE = docker-base.gz
 $(DOCKER_BASE)_PATH = $(DOCKERS_PATH)/docker-base
 $(DOCKER_BASE)_DEPENDS += $(SUPERVISOR)
 $(DOCKER_BASE)_DEPENDS += $(LIBWRAP)
+$(DOCKER_BASE)_DEPENDS += $(BASH)
 
 ifeq ($(SONIC_CONFIG_DEBUG),y)
 GDB = gdb
diff --git a/slave.mk b/slave.mk
index 7430f3a80d..2beb127b0c 100644
--- a/slave.mk
+++ b/slave.mk
@@ -428,6 +428,7 @@ $(addprefix $(TARGET_PATH)/, $(SONIC_INSTALLERS)) : $(TARGET_PATH)/% : \
                 $(IXGBE_DRIVER) \
                 $(SONIC_DEVICE_DATA) \
                 $(SONIC_UTILS) \
+                $(BASH) \
                 $(LIBWRAP) \
                 $(LIBPAM_TACPLUS) \
                 $(LIBNSS_TACPLUS)) \
diff --git a/sonic-slave/Dockerfile b/sonic-slave/Dockerfile
index 213daf1a8e..cb4529e67a 100644
--- a/sonic-slave/Dockerfile
+++ b/sonic-slave/Dockerfile
@@ -213,7 +213,9 @@ RUN apt-get update && apt-get install -y \
         linuxdoc-tools \
         lynx \
         texlive-latex-extra \
-        texlive-latex-recommended
+        texlive-latex-recommended \
+# For bash
+        texi2html
 
 # For linux build
 RUN apt-get -y build-dep linux
diff --git a/src/bash/Makefile b/src/bash/Makefile
new file mode 100644
index 0000000000..2e9f093aed
--- /dev/null
+++ b/src/bash/Makefile
@@ -0,0 +1,16 @@
+SHELL = /bin/bash
+.ONESHELL:
+.SHELLFLAGS += -e
+
+MAIN_TARGET = bash_$(BASH_VERSION_FULL)_amd64.deb
+
+$(addprefix $(DEST)/, $(MAIN_TARGET)): $(DEST)/% :
+	rm -rf bash-$(BASH_VERSION_MAJOR)
+
+	dget -u https://launchpad.net/debian/+archive/primary/+sourcefiles/bash/$(BASH_VERSION_FULL)/bash_$(BASH_VERSION_FULL).dsc
+
+	pushd bash-$(BASH_VERSION_MAJOR)
+	DEB_BUILD_OPTIONS=nocheck dpkg-buildpackage -us -uc -b -j$(SONIC_CONFIG_MAKE_JOBS)
+	popd
+
+	mv $* $(DEST)/