From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <f.gruenbichler@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id 8CF3A8478F
 for <pve-devel@lists.proxmox.com>; Tue, 14 Dec 2021 11:19:19 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id 7F20D224B7
 for <pve-devel@lists.proxmox.com>; Tue, 14 Dec 2021 11:19:19 +0100 (CET)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
 [94.136.29.106])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS id 7F9A5224AB
 for <pve-devel@lists.proxmox.com>; Tue, 14 Dec 2021 11:19:18 +0100 (CET)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
 by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 47AFE4515E
 for <pve-devel@lists.proxmox.com>; Tue, 14 Dec 2021 11:19:18 +0100 (CET)
From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com>
To: pve-devel@lists.proxmox.com
Date: Tue, 14 Dec 2021 11:19:11 +0100
Message-Id: <20211214101912.3509825-1-f.gruenbichler@proxmox.com>
X-Mailer: git-send-email 2.30.2
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.125 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 KAM_LOTSOFHASH           0.25 Emails with lots of hash-like gibberish
 KAM_SHORT               0.001 Use of a URL Shortener for very short URL
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
 URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See
 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more
 information. [gnu.org]
Subject: [pve-devel] [PATCH cluster 1/2] clusterlog: segfault reproducer
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Tue, 14 Dec 2021 10:19:19 -0000

see next commit for details.

get_state mimics the code path triggered in the wild, the other two are
affected just the same.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---

Notes:
    doesn't need to be committed, just to have an easy way to check affected parts
    and the fix..

 data/src/Makefile   |   3 ++
 data/src/logtest2.c | 103 ++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 106 insertions(+)
 create mode 100644 data/src/logtest2.c

diff --git a/data/src/Makefile b/data/src/Makefile
index 3d39201..1f39f67 100644
--- a/data/src/Makefile
+++ b/data/src/Makefile
@@ -35,6 +35,9 @@ create_pmxcfs_db: create_pmxcfs_db.o libpmxcfs.a
 logtest: logtest.o libpmxcfs.a
 	$(CC) $(CFLAGS) -o $@ $^ $(LDFLAGS)
 
+logtest2: logtest2.o libpmxcfs.a
+	$(CC) $(CFLAGS) -o $@ $^ $(LDFLAGS)
+
 check_memdb: check_memdb.o libpmxcfs.a
 	$(CC) $(CFLAGS) -o $@ $^ $(LDFLAGS) $(shell pkg-config --libs check)
 
diff --git a/data/src/logtest2.c b/data/src/logtest2.c
new file mode 100644
index 0000000..5f8f8f8
--- /dev/null
+++ b/data/src/logtest2.c
@@ -0,0 +1,103 @@
+/*
+  Copyright (C) 2010 - 2020 Proxmox Server Solutions GmbH
+
+  This program is free software: you can redistribute it and/or modify
+  it under the terms of the GNU Affero General Public License as published by
+  the Free Software Foundation, either version 3 of the License, or
+  (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU Affero General Public License for more details.
+
+  You should have received a copy of the GNU Affero General Public License
+  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+  Author: Dietmar Maurer <dietmar@proxmox.com>
+
+*/
+
+#define _XOPEN_SOURCE /* glibc2 needs this */
+#include <time.h> /* for strptime */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <glib.h>
+#include <sys/types.h>
+#include <sys/syslog.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <unistd.h>
+#include <string.h>
+#include <ctype.h>
+
+#include "cfs-utils.h"
+#include "logger.h"
+
+struct clog_base {
+	uint32_t size;
+	uint32_t cpos;
+	char data[];
+};
+
+struct clusterlog {
+	GHashTable *dedup;
+	GMutex mutex;
+	clog_base_t *base;
+};
+
+cfs_t cfs = {
+        .debug = 0,
+	.nodename = "testnode",
+};
+
+void get_state(clusterlog_t *cl) {
+    unsigned int res_len;
+    clusterlog_get_state(cl, &res_len);
+}
+
+
+void insert(clusterlog_t *cl) {
+	uint32_t pid = getpid();
+	clog_entry_t *entry = (clog_entry_t *)alloca(CLOG_MAX_ENTRY_SIZE);
+	clog_pack(entry, cfs.nodename, "root", "cluster", pid, time(NULL), LOG_INFO, "short");
+	clusterlog_insert(cl, entry);
+}
+
+void insert2(clusterlog_t *cl) {
+	uint32_t pid = getpid();
+	clog_entry_t *entry = (clog_entry_t *)alloca(CLOG_MAX_ENTRY_SIZE);
+	clog_pack(entry, cfs.nodename, "root", "cluster", pid, time(NULL), LOG_INFO, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
+	clusterlog_insert(cl, entry);
+}
+
+int
+main(void)
+{
+	uint32_t pid = getpid();
+
+	clusterlog_t *cl3 = clusterlog_new();
+
+	clog_entry_t *entry = (clog_entry_t *)alloca(CLOG_MAX_ENTRY_SIZE);
+	clog_pack(entry, cfs.nodename, "root", "cluster", pid, time(NULL), LOG_INFO, "starting cluster log");
+	clusterlog_insert(cl3, entry);
+
+	for (int i = 0; i < 184; i++) {
+	       insert2(cl3);
+	}
+
+	for (int i = 0; i < 1629; i++) {
+	       insert(cl3);
+	}
+
+	GString *outbuf = g_string_new(NULL);
+
+	// all of these segfault if they don't handle wrap-arounds pointing to already overwritten entries
+	clusterlog_dump(cl3, outbuf, NULL, 8192);
+	clog_dump(cl3->base);
+	get_state(cl3);
+
+	clusterlog_destroy(cl3);
+}
-- 
2.30.2