From c035be688c1fe912c19e75f31eb9337c6b40c242 Mon Sep 17 00:00:00 2001 From: Renuka Manavalan <47282725+renukamanavalan@users.noreply.github.com> Date: Fri, 9 Aug 2019 10:29:16 -0700 Subject: [PATCH] Fix snmpd crash (#3312) * Enable debug image build for kvm image. * Fix a bug in cleaning up requests referring the netsmp_session being closed to avoid a crash, during netsnmp_session close/abort due to timeout. RCA: The netsnmp_agent_session requests use netsmp_subtree objects that matches the associated variable name. The netsnmp_subtrees created through a netsnmp_session are tied to that session. When a subagent connection is closed/dropped due to timeout, all associated netsnmp_subtree objects are fred. Hence during a netsnmp_session close, all the delegated netsnmp_agent_sessions are scanned for requets that could be using netsnmp_subtree objects associated with this netsnmp_sesssion or its subsession. For each of the found request, they are explicitly marked to fail and a call is made to complete them. But due to the bug in scanning, it leaves behind requests and hence later when the requests get processed, they refer the *now* freed netsnmp_subtree. As often these requests gets completed pretty soon, they escape crashing. But if it so happens that the freed memory happened to complete a memory unit, hence returned to kernel or it got reallocated & changed enough to crash, the snmpd crashes. * Revert the changes * Revert --- ...e-all-requests-that-use-this-session.patch | 26 +++++++++++++++++++ src/snmpd/patch-5.7.3+dfsg/series | 1 + 2 files changed, 27 insertions(+) create mode 100644 src/snmpd/patch-5.7.3+dfsg/0006-Release-all-requests-that-use-this-session.patch diff --git a/src/snmpd/patch-5.7.3+dfsg/0006-Release-all-requests-that-use-this-session.patch b/src/snmpd/patch-5.7.3+dfsg/0006-Release-all-requests-that-use-this-session.patch new file mode 100644 index 0000000000..66a18eb172 --- /dev/null +++ b/src/snmpd/patch-5.7.3+dfsg/0006-Release-all-requests-that-use-this-session.patch @@ -0,0 +1,26 @@ +From 84846206c7ee230bd7b6274af98513952c4a7a7f Mon Sep 17 00:00:00 2001 +From: Renuka Manavalan +Date: Wed, 7 Aug 2019 21:48:33 +0000 +Subject: [PATCH] Release all requests that use this session. + +--- + agent/snmp_agent.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/agent/snmp_agent.c b/agent/snmp_agent.c +index b96d650..ee3b0da 100644 +--- a/agent/snmp_agent.c ++++ b/agent/snmp_agent.c +@@ -1542,7 +1542,8 @@ netsnmp_remove_delegated_requests_for_session(netsnmp_session *sess) + * check each request + */ + netsnmp_request_info *request; +- for(request = asp->requests; request; request = request->next) { ++ int i; ++ for(i = 0, request = asp->requests; i < asp->vbcount; ++i, ++request) { + /* + * check session + */ +-- +2.17.1 + diff --git a/src/snmpd/patch-5.7.3+dfsg/series b/src/snmpd/patch-5.7.3+dfsg/series index e3764c3aac..04ee079ffe 100644 --- a/src/snmpd/patch-5.7.3+dfsg/series +++ b/src/snmpd/patch-5.7.3+dfsg/series @@ -3,3 +3,4 @@ 0003-CHANGES-BUG-2743-snmpd-crashes-when-receiving-a-GetN.patch 0004-Disable-SNMPv1.patch 0005-Port-OpenSSL-1.1.0-with-support-for-1.0.2.patch +0006-Release-all-requests-that-use-this-session.patch