Skip to content

Commit

Permalink
Use mutex to protect access to librpm (#40525) (#40592)
Browse files Browse the repository at this point in the history 
More Librpm shenanigans. Turns out that it's possible for a user to run two instances of a metricset at once, which I didn't even know was possible or supported. However, librpm has some not-great threadsafety in it, and it's also possible for a shutdown operation to call dlclose while another thread is in the middle of accessing the SO. This adds a global mutex so we can't have multiple threads stepping on each other during RPM operations.

I tested this a bit, and I couldn't get it to crash while running multiple instances of the package metricset, but at this point librpm is so easy to break I would consider it more "best effort" than anything else.

(cherry picked from commit 46fd21c)

Co-authored-by: Alex K. <8418476+fearful-symmetry@users.noreply.github.com>
  • Loading branch information
@mergify @fearful-symmetry
mergify[bot] and fearful-symmetry authored Aug 22, 2024
1 parent 4022e36 commit 9d353b4
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 2 deletions.
2 changes: 1 addition & 1 deletion CHANGELOG.next.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,9 +79,9 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff]

*Auditbeat*

- Fix segfaults that may happen if user runs multiple instances of the package metricset {pull}40525[40525]
- Fix incorrect definition of struct utmp for arm64 {pull}40541[40541]


*Filebeat*

- [Gcs Input] - Added missing locks for safe concurrency {pull}34914[34914]
Expand Down
7 changes: 6 additions & 1 deletion x-pack/auditbeat/module/system/package/rpm_linux.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import (
"fmt"
"runtime"
"strings"
"sync"
"time"
"unsafe"

Expand Down Expand Up @@ -168,9 +169,12 @@ const (
)

var openedLibrpm *librpm
var librpmLock sync.Mutex

// closeDataset performs cleanup when the dataset is closed.
func closeDataset() error {
librpmLock.Lock()
defer librpmLock.Unlock()
if openedLibrpm != nil {
err := openedLibrpm.close()
openedLibrpm = nil
Expand Down Expand Up @@ -325,6 +329,8 @@ func openLibrpm() (*librpm, error) {
}

func listRPMPackages() ([]*Package, error) {
librpmLock.Lock()
defer librpmLock.Unlock()
// In newer versions, librpm is using the thread-local variable
// `disableInterruptSafety` in rpmio/rpmsq.c to disable signal
// traps. To make sure our settings remain in effect throughout
Expand Down Expand Up @@ -376,7 +382,6 @@ func listRPMPackages() ([]*Package, error) {

packages = append(packages, pkg)
}

return packages, nil
}

Expand Down

0 comments on commit 9d353b4

Please sign in to comment.