cleanup rework of trustme leftovers #520
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
While destroying a container, a use-after-free occurred, since
the used observer callback in cmld.c frees the container and
therefore also the compartment before all other registered observers
where called.
Similarly to the container reload, we now use the observer finish
callback to do a delayed free after all compartments observer
callbacks have been run.
This fixes asan error:
=================================================================
==203==ERROR: AddressSanitizer: heap-use-after-free on address \
0x511000000838 at pc 0x557253082656 bp 0x7ffe4cfee190 sp 0x7ffe4cfee180
READ of size 8 at 0x511000000838 thread T0
#0 0x557253082655 in compartment_notify_observers daemon/compartment.c:1681
gyroidos#1 0x557253088149 in compartment_sigchld_handle_helpers daemon/compartment.c:705
gyroidos#2 0x5572530886c9 in compartment_sigchld_cb daemon/compartment.c:787
gyroidos#3 0x55725312e759 in event_signal_handler common/event.c:780
gyroidos#4 0x55725312e759 in event_loop common/event.c:851
gyroidos#5 0x5572530666ac in main daemon/main.c:146
gyroidos#6 0x7ff708bd5863 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
gyroidos#7 0x7ff708bd590a in __libc_start_main_impl ../csu/libc-start.c:389
gyroidos#8 0x5572530689d4 in _start (/usr/sbin/cmld+0x13e9d4)
Signed-off-by: Michael Weiß <[email protected]>
Move event_remove_inoftify of watching dev dir from stop to cleanup hook.
This avoids following use-after-free:
=================================================================
==202==ERROR: AddressSanitizer: heap-use-after-free on address \
0x504000001fec at pc 0x5577ecae15da bp 0x7ffec417cda0 sp 0x7ffec417cd90
READ of size 4 at 0x504000001fec thread T0
#0 0x5577ecae15d9 in event_remove_inotify common/event.c:658
gyroidos#1 0x5577ecad2ba6 in c_automount_stop daemon/c_automount.c:251
gyroidos#2 0x5577eca4442e in compartment_stop daemon/compartment.c:1573
gyroidos#3 0x5577eca1d1b5 in cmld_container_stop daemon/cmld.c:1695
gyroidos#4 0x5577eca49771 in control_handle_message daemon/control.c:1170
gyroidos#5 0x5577eca50fb9 in control_cb_recv_message_local daemon/control.c:1679
gyroidos#6 0x5577ecaddc3d in event_epoll common/event.c:437
gyroidos#7 0x5577ecae2e13 in event_loop common/event.c:854
gyroidos#8 0x5577eca1a6ac in main daemon/main.c:146
gyroidos#9 0x7f2cab14f863 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
gyroidos#10 0x7f2cab14f90a in __libc_start_main_impl ../csu/libc-start.c:389
gyroidos#11 0x5577eca1c9d4 in _start (/usr/sbin/cmld+0x13e9d4)
Signed-off-by: Michael Weiß <[email protected]>
Current rework of gyroidos reositries replaced all legacy variable nameing thus we have to take this into account here, too. We replace the build variable TRUSTME_SCHSM by SCHSM. Signed-off-by: Michael Weiß <[email protected]>
Removed all code blocks in 'ifdef ANDROID' blocks. Signed-off-by: Michael Weiß <[email protected]>
Renamed the corresponding string which is used for logging update messages to print GyroidOS instead of Trustme. Signed-off-by: Michael Weiß <[email protected]>
Instead of TrustmeService reference the generic service in comments and log messages. Signed-off-by: Michael Weiß <[email protected]>
This TRUSTME_DEBUG flag is only used to prevent reboot on cmld exit in debug builds. So just call it NO_REBOOT_ON_EXIT to make things clear. Signed-off-by: Michael Weiß <[email protected]>
quitschbo
changed the title
We generate a test PKI for unittests. Thus also use 'unittest' as commonName for those certificates to identify that these are used in unittests. Signed-off-by: Michael Weiß <[email protected]>
k0ch4lo
approved these changes
Jan 31, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Current rework of gyroidos reositries replaced all legacy variable nameing thus we have to take this into account here, too. We replace the build variable TRUSTME_SCHSM by SCHSM.