[SCM] Samba Shared Repository - branch master updated

Andreas Schneider asn at samba.org
Thu Jun 13 08:42:02 UTC 2024


The branch, master has been updated
       via  8ae180e1678 third_party: Update socket_wrapper to version 1.4.3
       via  f88e60644e7 third_party: Update uid_wrapper to version 1.3.1
       via  54fed589cca gitlab-ci: Set git safe.directory for devel repo
       via  f3af6e86080 bootstrap: Fix building CentOS 8 Stream container images
       via  d00e9482a50 bootstrap: Set git safe.directory
       via  84fb5cc8451 bootstrap: Fix runner tags
      from  aecbfe52183 python/samba/tests/krb5: Add tests for password expiry with krb5 ENC-TS

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 8ae180e1678fc8565b8074d4886f7d3676a0f950
Author: Andreas Schneider <asn at samba.org>
Date:   Thu Jun 13 07:47:26 2024 +0200

    third_party: Update socket_wrapper to version 1.4.3
    
    This fixes issues with bind compiled with jemalloc.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15660
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>
    
    Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
    Autobuild-Date(master): Thu Jun 13 08:41:39 UTC 2024 on atb-devel-224

commit f88e60644e76c6310088934439f9c0da0f63905f
Author: Andreas Schneider <asn at samba.org>
Date:   Thu Jun 13 07:41:41 2024 +0200

    third_party: Update uid_wrapper to version 1.3.1
    
    This fixes issues with bind compiled with jemalloc.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15660
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

commit 54fed589cca245c716492bcc78b574c30378b19c
Author: Andreas Schneider <asn at samba.org>
Date:   Fri Jun 7 16:20:10 2024 +0200

    gitlab-ci: Set git safe.directory for devel repo
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15660
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

commit f3af6e860800d0f837cdf6c2d16d1cd12feb08df
Author: Andreas Schneider <asn at samba.org>
Date:   Mon Jun 10 15:28:30 2024 +0200

    bootstrap: Fix building CentOS 8 Stream container images
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15660
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

commit d00e9482a50b5a756f4847cde977c40c80e179c5
Author: Andreas Schneider <asn at samba.org>
Date:   Thu Jun 6 16:10:14 2024 +0200

    bootstrap: Set git safe.directory
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15660
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

commit 84fb5cc8451c0af354850f39ae6debf388849ebb
Author: Andreas Schneider <asn at samba.org>
Date:   Thu Jun 6 14:41:02 2024 +0200

    bootstrap: Fix runner tags
    
    See https://docs.gitlab.com/ee/ci/runners/hosted_runners/linux.html
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15660
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 .gitlab-ci-main.yml                             |  3 +-
 bootstrap/.gitlab-ci.yml                        |  6 +--
 bootstrap/config.py                             |  3 ++
 bootstrap/generated-dists/centos8s/bootstrap.sh |  3 ++
 bootstrap/sha1sum.txt                           |  2 +-
 buildtools/wafsamba/samba_third_party.py        |  4 +-
 third_party/socket_wrapper/socket_wrapper.c     | 45 ++++++++++++++++++-
 third_party/socket_wrapper/wscript              |  3 +-
 third_party/uid_wrapper/uid_wrapper.c           | 58 ++++++++++++++++++++++++-
 third_party/uid_wrapper/wscript                 |  4 +-
 10 files changed, 118 insertions(+), 13 deletions(-)


Changeset truncated at 500 lines:

diff --git a/.gitlab-ci-main.yml b/.gitlab-ci-main.yml
index 1e4bdf82e74..c56c84c89d4 100644
--- a/.gitlab-ci-main.yml
+++ b/.gitlab-ci-main.yml
@@ -47,7 +47,7 @@ variables:
   # Set this to the contents of bootstrap/sha1sum.txt
   # which is generated by bootstrap/template.py --render
   #
-  SAMBA_CI_CONTAINER_TAG: 9a406973474a7903fe7fd6215226660911ed73c0
+  SAMBA_CI_CONTAINER_TAG: b078783e082ead539940faaa644567bf4ed67f67
   #
   # We use the ubuntu2204 image as default as
   # it matches what we have on atb-devel-224
@@ -147,6 +147,7 @@ include:
     - ccache -s
       # We are already running .gitlab-ci directives from this repo, remove additional checks that break our CI
     - git config --global --add safe.directory `pwd`
+    - git config --global --add safe.directory /builds/samba-team/devel/samba/.git
   after_script:
     - mount
     - df -h
diff --git a/bootstrap/.gitlab-ci.yml b/bootstrap/.gitlab-ci.yml
index ba82cdc1251..77b4e4fe290 100644
--- a/bootstrap/.gitlab-ci.yml
+++ b/bootstrap/.gitlab-ci.yml
@@ -6,9 +6,7 @@
     # We need to make sure we only use gitlab.com
     # runners and not our own runners, as our current runners
     # don't allow 'docker build ...' to run.
-    - docker
-    - gce
-    - shared
+    - saas-linux-small-amd64
   variables:
     SAMBA_CI_IS_BROKEN_IMAGE: "no"
     SAMBA_CI_TEST_JOB: "samba-o3"
@@ -47,7 +45,7 @@
     diff -u bootstrap/sha1sum.txt /tmp/sha1sum-template.txt
     # run smoke test with samba-o3 or samba-fuzz
     podman run --volume $(pwd):/src:ro ${ci_image_name} \
-        /bin/bash -c "git clone /src samba && cd samba && export PKG_CONFIG_PATH=/usr/lib64/compat-gnutls34/pkgconfig:/usr/lib64/compat-nettle32/pkgconfig && script/autobuild.py ${SAMBA_CI_TEST_JOB} --verbose --nocleanup --keeplogs --tail --testbase /tmp/samba-testbase"
+        /bin/bash -c "git config --global --add safe.directory /src/.git && git clone /src samba && cd samba && export PKG_CONFIG_PATH=/usr/lib64/compat-gnutls34/pkgconfig:/usr/lib64/compat-nettle32/pkgconfig && script/autobuild.py ${SAMBA_CI_TEST_JOB} --verbose --nocleanup --keeplogs --tail --testbase /tmp/samba-testbase"
     podman tag ${ci_image_name} ${ci_image_path}:${SAMBA_CI_CONTAINER_TAG}
     podman tag ${ci_image_name} ${ci_image_path}:${timestamp_tag}
     # We build all images, but only upload is it's not marked as broken
diff --git a/bootstrap/config.py b/bootstrap/config.py
index 11d8314aefc..a5a7366c7fa 100644
--- a/bootstrap/config.py
+++ b/bootstrap/config.py
@@ -241,6 +241,9 @@ CENTOS8S_YUM_BOOTSTRAP = r"""
 {GENERATED_MARKER}
 set -xueo pipefail
 
+sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*
+sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*
+
 yum update -y
 yum install -y dnf-plugins-core
 yum install -y epel-release
diff --git a/bootstrap/generated-dists/centos8s/bootstrap.sh b/bootstrap/generated-dists/centos8s/bootstrap.sh
index 4b2c62c66d9..9e0aabbac28 100755
--- a/bootstrap/generated-dists/centos8s/bootstrap.sh
+++ b/bootstrap/generated-dists/centos8s/bootstrap.sh
@@ -7,6 +7,9 @@
 
 set -xueo pipefail
 
+sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*
+sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*
+
 yum update -y
 yum install -y dnf-plugins-core
 yum install -y epel-release
diff --git a/bootstrap/sha1sum.txt b/bootstrap/sha1sum.txt
index 61ecaf0ccf6..1bb5e922d9b 100644
--- a/bootstrap/sha1sum.txt
+++ b/bootstrap/sha1sum.txt
@@ -1 +1 @@
-9a406973474a7903fe7fd6215226660911ed73c0
+b078783e082ead539940faaa644567bf4ed67f67
diff --git a/buildtools/wafsamba/samba_third_party.py b/buildtools/wafsamba/samba_third_party.py
index 52898486fd9..a42bb2ddc90 100644
--- a/buildtools/wafsamba/samba_third_party.py
+++ b/buildtools/wafsamba/samba_third_party.py
@@ -24,7 +24,7 @@ Build.BuildContext.CHECK_CMOCKA = CHECK_CMOCKA
 
 @conf
 def CHECK_SOCKET_WRAPPER(conf):
-    return conf.CHECK_BUNDLED_SYSTEM_PKG('socket_wrapper', minversion='1.4.2')
+    return conf.CHECK_BUNDLED_SYSTEM_PKG('socket_wrapper', minversion='1.4.3')
 Build.BuildContext.CHECK_SOCKET_WRAPPER = CHECK_SOCKET_WRAPPER
 
 @conf
@@ -39,7 +39,7 @@ Build.BuildContext.CHECK_RESOLV_WRAPPER = CHECK_RESOLV_WRAPPER
 
 @conf
 def CHECK_UID_WRAPPER(conf):
-    return conf.CHECK_BUNDLED_SYSTEM_PKG('uid_wrapper', minversion='1.3.0')
+    return conf.CHECK_BUNDLED_SYSTEM_PKG('uid_wrapper', minversion='1.3.1')
 Build.BuildContext.CHECK_UID_WRAPPER = CHECK_UID_WRAPPER
 
 @conf
diff --git a/third_party/socket_wrapper/socket_wrapper.c b/third_party/socket_wrapper/socket_wrapper.c
index c759d350fb1..37799c82419 100644
--- a/third_party/socket_wrapper/socket_wrapper.c
+++ b/third_party/socket_wrapper/socket_wrapper.c
@@ -1388,6 +1388,9 @@ static ssize_t libc_writev(int fd, const struct iovec *iov, int iovcnt)
 	return swrap.libc.symbols._libc_writev.f(fd, iov, iovcnt);
 }
 
+/* JEMALLOC: This tells socket_wrapper if it should handle syscall() */
+static bool swrap_handle_syscall;
+
 #ifdef HAVE_SYSCALL
 DO_NOT_SANITIZE_ADDRESS_ATTRIBUTE
 static long int libc_vsyscall(long int sysno, va_list va)
@@ -1396,7 +1399,27 @@ static long int libc_vsyscall(long int sysno, va_list va)
 	long int rc;
 	int i;
 
-	swrap_bind_symbol_all();
+	/*
+	 * JEMALLOC:
+	 *
+	 * This is a workaround to prevent a deadlock in jemalloc calling
+	 * malloc_init() twice. The first allocation call will trigger a
+	 * malloc_init() of jemalloc. The functions calls syscall(SYS_open, ...)
+	 * so it goes to socket or uid wrapper. In this code path we need to
+	 * avoid any allocation calls. This will prevent the deadlock.
+	 *
+	 * We also need to avoid dlopen() as that would trigger the recursion
+	 * into malloc_init(), so we use dlsym(RTLD_NEXT), until we reached
+	 * swrap_constructor() or any real socket call at that time
+	 * swrap_bind_symbol_all() will replace the function pointer again after
+	 * dlopen of libc.
+	 */
+	if (swrap_handle_syscall) {
+		swrap_bind_symbol_all();
+	} else if (swrap.libc.symbols._libc_syscall.obj == NULL) {
+		swrap.libc.symbols._libc_syscall.obj = dlsym(RTLD_NEXT,
+							     "syscall");
+	}
 
 	for (i = 0; i < 8; i++) {
 		args[i] = va_arg(va, long int);
@@ -1517,6 +1540,8 @@ static void __swrap_bind_symbol_all_once(void)
 	swrap_bind_symbol_rtld_default_optional(uid_wrapper_syscall_valid);
 	swrap_bind_symbol_rtld_default_optional(uid_wrapper_syscall_va);
 #endif
+
+	swrap_handle_syscall = true;
 }
 
 static void swrap_bind_symbol_all(void)
@@ -8744,6 +8769,21 @@ long int syscall(long int sysno, ...)
 
 	va_start(va, sysno);
 
+	/*
+	 * JEMALLOC:
+	 *
+	 * This is a workaround to prevent a deadlock in jemalloc calling
+	 * malloc_init() twice. The first allocation call will trigger a
+	 * malloc_init() of jemalloc. The functions calls syscall(SYS_open, ...)
+	 * so it goes to socket or uid wrapper. In this code path we need to
+	 * avoid any allocation calls. This will prevent the deadlock.
+	 */
+	if (!swrap_handle_syscall) {
+		rc = libc_vsyscall(sysno, va);
+		va_end(va);
+		return rc;
+	}
+
 	/*
 	 * We should only handle the syscall numbers
 	 * we care about...
@@ -8860,6 +8900,9 @@ void swrap_constructor(void)
 	pthread_atfork(&swrap_thread_prepare,
 		       &swrap_thread_parent,
 		       &swrap_thread_child);
+
+	/* Let socket_wrapper handle syscall() */
+	swrap_handle_syscall = true;
 }
 
 /****************************
diff --git a/third_party/socket_wrapper/wscript b/third_party/socket_wrapper/wscript
index 9d2210d9c35..cdd34938ba3 100644
--- a/third_party/socket_wrapper/wscript
+++ b/third_party/socket_wrapper/wscript
@@ -2,7 +2,7 @@
 
 import os
 
-VERSION = "1.4.2"
+VERSION = "1.4.3"
 
 
 def configure(conf):
@@ -10,6 +10,7 @@ def configure(conf):
         conf.DEFINE('USING_SYSTEM_SOCKET_WRAPPER', 1)
         libsocket_wrapper_so_path = 'libsocket_wrapper.so'
     else:
+        conf.CHECK_HEADERS('gnu/lib-names.h')
 
         if conf.CONFIG_SET("HAVE___THREAD"):
             conf.DEFINE("HAVE_GCC_THREAD_LOCAL_STORAGE", 1)
diff --git a/third_party/uid_wrapper/uid_wrapper.c b/third_party/uid_wrapper/uid_wrapper.c
index 5b6a82b8fef..ca578e61f2e 100644
--- a/third_party/uid_wrapper/uid_wrapper.c
+++ b/third_party/uid_wrapper/uid_wrapper.c
@@ -38,6 +38,10 @@
 
 #include <pthread.h>
 
+#ifdef HAVE_GNU_LIB_NAMES_H
+#include <gnu/lib-names.h>
+#endif
+
 #ifdef HAVE_GCC_THREAD_LOCAL_STORAGE
 # define UWRAP_THREAD __thread
 #else
@@ -558,6 +562,13 @@ static void *uwrap_load_lib_handle(enum uwrap_lib lib)
 	switch (lib) {
 	case UWRAP_LIBC:
 		handle = uwrap.libc.handle;
+#ifdef LIBC_SO
+		if (handle == NULL) {
+			handle = dlopen(LIBC_SO, flags);
+
+			uwrap.libc.handle = handle;
+		}
+#endif
 		if (handle == NULL) {
 			for (i = 10; i >= 0; i--) {
 				char soname[256] = {0};
@@ -656,6 +667,9 @@ static void *_uwrap_bind_symbol(enum uwrap_lib lib, const char *fn_name)
 			dlsym(RTLD_DEFAULT, #sym_name);                        \
 	}
 
+/* JEMALLOC: This tells uid_wrapper if it should handle syscall() */
+static bool uwrap_handle_syscall;
+
 /* DO NOT call this function during library initialization! */
 static void __uwrap_bind_symbol_all_once(void)
 {
@@ -699,6 +713,8 @@ static void __uwrap_bind_symbol_all_once(void)
 #endif
 	uwrap_bind_symbol_libpthread(pthread_create);
 	uwrap_bind_symbol_libpthread(pthread_exit);
+
+	uwrap_handle_syscall = true;
 }
 
 static void uwrap_bind_symbol_all(void)
@@ -863,7 +879,27 @@ static long int libc_vsyscall(long int sysno, va_list va)
 	long int rc;
 	int i;
 
-	uwrap_bind_symbol_all();
+	/*
+	 * JEMALLOC:
+	 *
+	 * This is a workaround to prevent a deadlock in jemalloc calling
+	 * malloc_init() twice. The first allocation call will trigger a
+	 * malloc_init() of jemalloc. The functions calls syscall(SYS_open, ...)
+	 * so it goes to socket or uid wrapper. In this code path we need to
+	 * avoid any allocation calls. This will prevent the deadlock.
+	 *
+	 * We also need to avoid dlopen() as that would trigger the recursion
+	 * into malloc_init(), so we use dlsym(RTLD_NEXT), until we reached
+	 * swrap_constructor() or any real socket call at that time
+	 * swrap_bind_symbol_all() will replace the function pointer again after
+	 * dlopen of libc.
+	 */
+	if (uwrap_handle_syscall) {
+		uwrap_bind_symbol_all();
+	} else if (uwrap.libc.symbols._libc_syscall.obj == NULL) {
+		uwrap.libc.symbols._libc_syscall.obj = dlsym(RTLD_NEXT,
+							     "syscall");
+	}
 
 	for (i = 0; i < 8; i++) {
 		args[i] = va_arg(va, long int);
@@ -1375,7 +1411,7 @@ static void uwrap_init_env(struct uwrap_thread *id)
 			exit(-1);
 		}
 
-		UWRAP_LOG(UWRAP_LOG_DEBUG, "Initalize groups with %s", env);
+		UWRAP_LOG(UWRAP_LOG_DEBUG, "Initialize groups with %s", env);
 		id->ngroups = ngroups;
 	}
 }
@@ -2708,6 +2744,21 @@ long int syscall (long int sysno, ...)
 
 	va_start(va, sysno);
 
+	/*
+	 * JEMALLOC:
+	 *
+	 * This is a workaround to prevent a deadlock in jemalloc calling
+	 * malloc_init() twice. The first allocation call will trigger a
+	 * malloc_init() of jemalloc. The functions calls syscall(SYS_open, ...)
+	 * so it goes to socket or uid wrapper. In this code path we need to
+	 * avoid any allocation calls. This will prevent the deadlock.
+	 */
+	if (!uwrap_handle_syscall) {
+		rc = libc_vsyscall(sysno, va);
+		va_end(va);
+		return rc;
+	}
+
 	/*
 	 * We need to check for uwrap related syscall numbers before calling
 	 * uid_wrapper_enabled() otherwise we'd deadlock during the freebsd libc
@@ -2821,6 +2872,9 @@ void uwrap_constructor(void)
 	 * for main process.
 	 */
 	uwrap_init();
+
+	/* Let socket_wrapper handle syscall() */
+	uwrap_handle_syscall = true;
 }
 
 /****************************
diff --git a/third_party/uid_wrapper/wscript b/third_party/uid_wrapper/wscript
index 7b65d930640..5af76903fb9 100644
--- a/third_party/uid_wrapper/wscript
+++ b/third_party/uid_wrapper/wscript
@@ -3,13 +3,15 @@
 from waflib import Options
 import os, sys
 
-VERSION="1.3.0"
+VERSION="1.3.1"
 
 def configure(conf):
     if conf.CHECK_UID_WRAPPER():
         conf.DEFINE('USING_SYSTEM_UID_WRAPPER', 1)
         libuid_wrapper_so_path = 'libuid_wrapper.so'
     else:
+        conf.CHECK_HEADERS('gnu/lib-names.h')
+
         # check HAVE_GCC_ATOMIC_BUILTINS
         conf.CHECK_CODE('''
             #include <stdbool.h>


-- 
Samba Shared Repository



More information about the samba-cvs mailing list