From a5f8f84fdca700b32402e2a7b0f3a1ae72a64efd Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Wed, 3 Apr 2019 15:32:38 +0200 Subject: Fix a crash if running under memory pressure (rh #1688752). From Fedora --- ...ready-running-threads-if-a-thread-creatio.patch | 42 ++++++++++++++++++++++ argon2.spec | 13 ++++--- 2 files changed, 50 insertions(+), 5 deletions(-) create mode 100644 argon2-Wait-for-already-running-threads-if-a-thread-creatio.patch diff --git a/argon2-Wait-for-already-running-threads-if-a-thread-creatio.patch b/argon2-Wait-for-already-running-threads-if-a-thread-creatio.patch new file mode 100644 index 0000000..b872e92 --- /dev/null +++ b/argon2-Wait-for-already-running-threads-if-a-thread-creatio.patch @@ -0,0 +1,42 @@ +From cfa4385e728116989ad88b4be7c23b4868422778 Mon Sep 17 00:00:00 2001 +From: Milan Broz +Date: Mon, 11 Mar 2019 21:21:57 +0100 +Subject: [PATCH] Wait for already running threads if a thread creation + failed. + +On memory-constrained systems (like cgroups limited processes) +thread creation often fails. + +The code needs to wait for already running threads on error path; +otherwise these threads can access deallocated memory +(and cause a segfault or another crash). +--- + src/core.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/core.c b/src/core.c +index 8361175..65f0537 100644 +--- a/src/core.c ++++ b/src/core.c +@@ -284,7 +284,7 @@ int fill_memory_blocks(argon2_instance_t + + for (r = 0; r < instance->passes; ++r) { + for (s = 0; s < ARGON2_SYNC_POINTS; ++s) { +- uint32_t l; ++ uint32_t l, ll; + + /* 2. Calling threads */ + for (l = 0; l < instance->lanes; ++l) { +@@ -309,6 +309,9 @@ int fill_memory_blocks(argon2_instance_t + sizeof(argon2_position_t)); + if (argon2_thread_create(&thread[l], &fill_segment_thr, + (void *)&thr_data[l])) { ++ /* Wait for already running threads */ ++ for (ll = 0; ll < l; ++ll) ++ argon2_thread_join(thread[ll]); + rc = ARGON2_THREAD_FAIL; + goto fail; + } +-- +2.20.1 + diff --git a/argon2.spec b/argon2.spec index 20a0413..adae23e 100644 --- a/argon2.spec +++ b/argon2.spec @@ -1,6 +1,6 @@ # remirepo/fedora spec file for argon2 # -# Copyright (c) 2017-2018 Remi Collet +# Copyright (c) 2017-2019 Remi Collet # License: CC-BY-SA # http://creativecommons.org/licenses/by-sa/4.0/ # @@ -18,14 +18,15 @@ Name: argon2 Version: %{upstream_version}%{?upstream_prever:~%{upstream_prever}} -Release: 5%{?dist} -Group: Applications/System +Release: 7%{?dist} Summary: The password-hashing tools License: Public Domain or ASL 2.0 URL: https://github.com/%{gh_owner}/%{gh_project} Source0: https://github.com/%{gh_owner}/%{gh_project}/archive/%{gh_commit}/%{gh_project}-%{upstream_version}%{?upstream_prever}-%{gh_short}.tar.gz +Patch0: argon2-Wait-for-already-running-threads-if-a-thread-creatio.patch +BuildRequires: gcc Requires: %{libname}%{?_isa} = %{version}-%{release} @@ -54,7 +55,6 @@ Argon2 has three variants: Argon2i, Argon2d, and Argon2id. %package -n %{libname} -Group: System Environment/Libraries Summary: The password-hashing library %description -n %{libname} @@ -64,7 +64,6 @@ for credential storage, key derivation, or other applications. %package -n %{libname}-devel -Group: Development/Libraries Summary: Development files for %{libname} Requires: %{libname}%{?_isa} = %{version}-%{release} @@ -75,6 +74,7 @@ developing applications that use %{libname}. %prep %setup -qn %{gh_project}-%{gh_commit} +%patch0 -p1 if ! grep -q 'soname,%{libname}.so.%{soname}' Makefile; then : soname have changed @@ -141,6 +141,9 @@ make test %changelog +* Wed Apr 3 2019 Remi Collet - 20161029-7 +- Fix a crash if running under memory pressure (rh #1688752). + * Thu Feb 15 2018 Remi Collet - 20161029-5 - honours all build flags #1558128 -- cgit