packages/A-Tune
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

define-fix-privilege-escalation and fix-collection-train-file-overwriting-through-soft-links

Browse Source 
(cherry picked from commit 9e0deae491cd6343fccdca005c8c51a2e1f4955f)
This commit is contained in:
zhoupengcheng 2023-11-08 14:14:42 +08:00 committed by openeuler-sync-bot
parent 8b685f0742
commit 97fc86d00c
8 changed files with 10440 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
0001-define-fix-privilege-escalation.patch Normal file
View File

@ -0,0 +1,58 @@
From 09c719964b362fa358c705a7b7e24bb02a1259bb Mon Sep 17 00:00:00 2001
From: zhoupengcheng <zhoupengcheng11@huawei.com>
Date: Wed, 8 Nov 2023 12:32:43 +0800
Subject: [PATCH] 0001-define-fix-privilege-escalation.patch
---
modules/client/profile/profile_define.go | 16 +++++++++++++++-
1 file changed, 15 insertions(+), 1 deletion(-)
diff --git a/modules/client/profile/profile_define.go b/modules/client/profile/profile_define.go
index 87b3781..24e31d3 100644
--- a/modules/client/profile/profile_define.go
+++ b/modules/client/profile/profile_define.go
@@ -19,6 +19,7 @@ import (
SVC "gitee.com/openeuler/A-Tune/common/service"
"gitee.com/openeuler/A-Tune/common/utils"
"fmt"
+ "regexp"
"io/ioutil"
"github.com/go-ini/ini"
@@ -88,11 +89,22 @@ func profileDefined(ctx *cli.Context) error {
if err := profileDefineCheck(ctx); err != nil {
return err
}
+
+
+ detectRule := `[./].*`
+ detectPathchar := regexp.MustCompile(detectRule)
+
serviceType := ctx.Args().Get(0)
+ if detectPathchar.MatchString(serviceType) {
+ return fmt.Errorf("serviceType:%s cannot contain special path characters '/' or '.' ", serviceType)
+ }
if !utils.IsInputStringValid(serviceType) {
return fmt.Errorf("input:%s is invalid", serviceType)
}
applicationName := ctx.Args().Get(1)
+ if detectPathchar.MatchString(applicationName) {
+ return fmt.Errorf("applicationName:%s cannot contain special path characters '/' or '.' ", applicationName)
+ }
if !utils.IsInputStringValid(applicationName) {
return fmt.Errorf("input:%s is invalid", applicationName)
}
@@ -100,7 +112,9 @@ func profileDefined(ctx *cli.Context) error {
if !utils.IsInputStringValid(scenarioName) {
return fmt.Errorf("input:%s is invalid", scenarioName)
}
-
+ if detectPathchar.MatchString(scenarioName) {
+ return fmt.Errorf("scenarioName:%s cannot contain special path characters '/' or '.' ", scenarioName)
+ }
data, err := ioutil.ReadFile(ctx.Args().Get(3))
if err != nil {
return err
--
2.33.0

50
0002-define-fix-privilege-escalation.patch Normal file
View File

@ -0,0 +1,50 @@
From 8c411e610d702daf9e7505c1500163c481f7ed69 Mon Sep 17 00:00:00 2001
From: zhoupengcheng <zhoupengcheng11@huawei.com>
Date: Wed, 1 Nov 2023 17:45:05 +0800
Subject: [PATCH] 0002-define-fix-privilege-escalation.patch
---
modules/server/profile/profile.go | 26 +++++++++++++++++++++++++-
1 file changed, 25 insertions(+), 1 deletion(-)
diff --git a/modules/server/profile/profile.go b/modules/server/profile/profile.go
index 5cdaa9a..cbf48b9 100644
--- a/modules/server/profile/profile.go
+++ b/modules/server/profile/profile.go
@@ -1277,8 +1277,32 @@ func (s *ProfileServer) Define(ctx context.Context, message *PB.DefineMessage) (
applicationName := message.GetApplicationName()
scenarioName := message.GetScenarioName()
content := string(message.GetContent())
- profileName := serviceType + "-" + applicationName + "-" + scenarioName
+ detectRule := `[./].*`
+ detectPathchar := regexp.MustCompile(detectRule)
+
+ if detectPathchar.MatchString(serviceType) {
+ return &PB.Ack{}, fmt.Errorf("serviceType:%s cannot contain special path characters '/' or '.' ", serviceType)
+ }
+ if !utils.IsInputStringValid(serviceType) {
+ return &PB.Ack{}, fmt.Errorf("input:%s is invalid", serviceType)
+ }
+
+ if detectPathchar.MatchString(applicationName) {
+ return &PB.Ack{}, fmt.Errorf("applicationName:%s cannot contain special path characters '/' or '.' ", applicationName)
+ }
+ if !utils.IsInputStringValid(applicationName) {
+ return &PB.Ack{}, fmt.Errorf("input:%s is invalid", applicationName)
+ }
+
+ if detectPathchar.MatchString(scenarioName) {
+ return &PB.Ack{}, fmt.Errorf("scenarioName:%s cannot contain special path characters '/' or '.' ", scenarioName)
+ }
+ if !utils.IsInputStringValid(scenarioName) {
+ return &PB.Ack{}, fmt.Errorf("input:%s is invalid", scenarioName)
+ }
+
+ profileName := serviceType + "-" + applicationName + "-" + scenarioName
workloadTypeExist, err := sqlstore.ExistWorkloadType(profileName)
if err != nil {
return &PB.Ack{}, err
--
2.33.0

26
0004-atune-add-service-restart-mode.patch Normal file
View File

@ -0,0 +1,26 @@
From 6aae35d592388924f5ab92db90912a1b7962d665 Mon Sep 17 00:00:00 2001
From: gaoruoshu <gaoruoshu@huawei.com>
Date: Wed, 16 Aug 2023 10:26:19 +0800
Subject: [PATCH] [atune]add service restart mode
---
misc/atuned.service | 3 +++
1 file changed, 3 insertions(+)
diff --git a/misc/atuned.service b/misc/atuned.service
index bc5de9b..58fb022 100644
--- a/misc/atuned.service
+++ b/misc/atuned.service
@@ -7,6 +7,9 @@ Requires=polkit.service
Type=notify
ExecStart=/usr/bin/atuned
SuccessExitStatus=100
+Restart=on-failure
+RestartSec=3s
+TimeoutSec=1m
[Install]
WantedBy=multi-user.target
--
2.27.0

64
0005-atune-update-Makefile-and-logs.patch Normal file
View File

@ -0,0 +1,64 @@
From f1fa941597af1b27278b430c1f7172fc5820d0ac Mon Sep 17 00:00:00 2001
From: gaoruoshu <gaoruoshu@huawei.com>
Date: Wed, 16 Aug 2023 12:39:37 +0800
Subject: [PATCH] [atune]update Makefile and logs
---
Makefile | 10 ++++------
common/profile/profile.go | 2 +-
2 files changed, 5 insertions(+), 7 deletions(-)
diff --git a/Makefile b/Makefile
index bcac447..5c76b4e 100755
--- a/Makefile
+++ b/Makefile
@@ -46,14 +46,13 @@ clean:
rm -rf $(PKGPATH)/*
cleanall: clean
- rm -rf $(DESTDIR)/etc/atuned/
+ rm -rf $(DESTDIR)/etc/atune*
rm -rf $(DESTDIR)$(PREFIX)/lib/atuned/
rm -rf $(DESTDIR)$(PREFIX)/share/atuned/
rm -rf $(DESTDIR)$(PREFIX)/$(LIBEXEC)/atuned/
rm -rf $(DESTDIR)/var/lib/atuned/
rm -rf $(DESTDIR)/var/run/atuned/
- rm -rf $(DESTDIR)/var/atuned/
- rm -rf $(DESTDIR)/var/atune_data/
+ rm -rf $(DESTDIR)/var/atune*
db:
sqlite3 database/atuned.db ".read database/init.sql"
@@ -72,14 +71,13 @@ libinstall:
@echo "BEGIN INSTALL A-Tune..."
mkdir -p $(BINDIR)
mkdir -p $(SYSTEMDDIR)
- rm -rf $(DESTDIR)/etc/atuned/
+ rm -rf $(DESTDIR)/etc/atune*
rm -rf $(DESTDIR)$(PREFIX)/lib/atuned/
rm -rf $(DESTDIR)$(PREFIX)/share/atuned/
rm -rf $(DESTDIR)$(PREFIX)/$(LIBEXEC)/atuned/
rm -rf $(DESTDIR)/var/lib/atuned/
rm -rf $(DESTDIR)/var/run/atuned/
- rm -rf $(DESTDIR)/var/atuned/
- rm -rf $(DESTDIR)/var/atune_data/
+ rm -rf $(DESTDIR)/var/atune*
mkdir -p $(DESTDIR)/etc/atuned/tuning
mkdir -p $(DESTDIR)/etc/atuned/rules
mkdir -p $(DESTDIR)/etc/atuned/training
diff --git a/common/profile/profile.go b/common/profile/profile.go
index 264fdd8..43a4e77 100644
--- a/common/profile/profile.go
+++ b/common/profile/profile.go
@@ -294,7 +294,7 @@ func (p *Profile) ItemSort() error {
} else {
itemQuery, err := sqlstore.GetPropertyItem(key.Name())
if err != nil {
- log.Errorf("key %s is not exist in tuned_item", key.Name())
+ log.Infof("key %s is not exist in tuned_item", key.Name())
itemName = "OTHERS"
} else {
itemName = itemQuery
--
2.27.0

10094
A-Tune-Add-sw64-architecture.patch Normal file
View File

File diff suppressed because it is too large Load Diff

4
A-Tune.yaml Normal file
View File

@ -0,0 +1,4 @@
version_control: gitee
src_repo: openEuler/A-Tune
tag_prefix: ^v
seperator: .

124
atune.spec
View File

@ -3,7 +3,7 @@
Summary: AI auto tuning system
Name: atune
Version: 1.0.0
Release: 8
Release: 14
License: Mulan PSL v2
URL: https://gitee.com/openeuler/A-Tune
Source: https://gitee.com/openeuler/A-Tune/repository/archive/v%{version}.tar.gz
@ -12,18 +12,24 @@ Patch9000: check-whether-the-certificate-file-exists.patch
Patch9001: add-FAQ-and-self-signature-certificate-manufacturing.patch
Patch9002: fix-start-failed-of-atuned-service.patch
Patch9003: change-Makefile-A-Tune-version-to-1.0.0.patch
Patch9004: 0001-bugfix-transfer-can-only-save-file-to-specified-dir.patch
Patch9005: 0002-bugfix-training-model-can-only-save-file-to-specifie.patch
Patch9006: 0003-bugfix-collection-res-can-only-save-file-to-specifie.patch
Patch9007: The-primary-node-changes-the-parameter-to-be-optimized-to-the-value-of-the-parameter-with-the-suffix-0.patch
Patch9004: A-Tune-Add-sw64-architecture.patch
Patch9005: 0001-bugfix-transfer-can-only-save-file-to-specified-dir.patch
Patch9006: 0002-bugfix-training-model-can-only-save-file-to-specifie.patch
Patch9007: 0003-bugfix-collection-res-can-only-save-file-to-specifie.patch
Patch9008: 0004-atune-add-service-restart-mode.patch
Patch9009: 0005-atune-update-Makefile-and-logs.patch
Patch9010: 0001-define-fix-privilege-escalation.patch
Patch9011: 0002-define-fix-privilege-escalation.patch
Patch9012: fix-collection-train-file-overwriting-through-soft-links.patch
BuildRequires: rpm-build golang-bin procps-ng
BuildRequires: sqlite >= 3.24.0 openssl
BuildRequires: python3-scikit-optimize python3-pandas python3-xgboost
BuildRequires: python3-pyyaml
BuildRequires: systemd
Requires: systemd
Requires: atune-client = %{version}-%{release}
Requires: atune-db = %{version}-%{release}
Requires: atune-client
Requires: atune-db
Requires: python3-dict2xml
Requires: python3-flask-restful
Requires: python3-pandas
@ -64,13 +70,20 @@ Requires: python3-xgboost
Requires: python3-flask-restful
Requires: python3-pandas
Requires: python3-lhsmdu
Conflicts: atune < 0.3-0.3
Conflicts: atune < 0.3-0.9
%description engine
atune engine tool for manage atuned AI tuning system.
%prep
%autosetup -n A-Tune-v%{version} -p1
%ifarch sw_64
sed -i 's/-buildmode=plugin//g' Makefile
%endif
%ifarch loongarch64
# Replace atune's own sys with the sys provided by golang
cp -af %{_prefix}/lib/golang/src/cmd/vendor/golang.org/x/sys vendor/golang.org/x/
%endif
%build
%make_build
@ -80,6 +93,24 @@ atune engine tool for manage atuned AI tuning system.
%check
%post
%systemd_post atuned.service
%preun
%systemd_preun atuned.service
%postun
%systemd_postun_with_restart atuned.service
%post engine
%systemd_post atune-engine.service
%preun engine
%systemd_preun atune-engine.service
%postun engine
%systemd_postun_with_restart atune-engine.service
%files
%license License/LICENSE
%defattr(0640,root,root,0750)
@ -141,27 +172,36 @@ atune engine tool for manage atuned AI tuning system.
%exclude /etc/atuned/engine_certs/*
%exclude /etc/atuned/rest_certs
%post
%systemd_post atuned.service
%preun
%systemd_preun atuned.service
%postun
%systemd_postun_with_restart atuned.service
%changelog
* Sat Oct 28 2023 zhoupengcheng <zhoupengcheng11@huawei.com> - 1.0.0-8
- bugfix for tuning --restore (https://gitee.com/openeuler/A-Tune/issues/I6AY86)
* Wed Nov 8 2023 zhoupengcheng <zhoupengcheng11@huawei.com> - 1.0.0-14
- fix-collection-train-file-overwriting-through-soft-links
* Thu Aug 10 2023 gaoruoshu <gaoruoshu@huawei.com> - 1.0.0-7
* Wed Nov 8 2023 zhoupengcheng <zhoupengcheng11@huawei.com> - 1.0.0-13
- define-fix-privilege-escalation
* Wed Aug 16 2023 gaoruoshu <gaoruoshu@huawei.com> - 1.0.0-12
- atune update Makefile and logs
* Wed Aug 16 2023 gaoruoshu <gaoruoshu@huawei.com> - 1.0.0-11
- atune add service restart mode
* Fri Aug 11 2023 panchenbo <panchenbo@kylinsec.com.cn> - 1.0.0-10
- update sw_64 support patch
* Fri Aug 11 2023 panchenbo <panchenbo@kylinsec.com.cn> - 1.0.0-9
- add support for loongarch64
* Thu Aug 10 2023 gaoruoshu <gaoruoshu@huawei.com> - 1.0.0-8
- bugfix set collection/transfer/train dir to specific dir
* Thu Aug 11 2022 gaoruoshu <gaoruoshu@huawei.com> - 1.0.0-6
- add whitespace to version
* Fri Apr 21 2023 yuxiangyang <yuxiangyang4@xfusion.com> - 1.0.0-7
- fix atune-engine process remaining after remove atune-engine.rpm
* Tue Aug 09 2022 gaoruoshu <gaoruoshu@huawei.com> - 1.0.0-5
- specifies the version number
* Fri Mar 3 2023 wuzx<wuzx1226@qq.com> - 1.0.0-6
- Add sw64 architecture
* Sat Jan 28 2023 panxiaohe <pan_xiaohe@hoperun.com> - 1.0.0-5
- fix build failure that unitdir cannot be identified
* Fri Mar 04 2022 Bin Hu <hubin73@huawei.com> - 1.0.0-4
- change Makefile A-Tune version to 1.0.0
@ -172,28 +212,37 @@ atune engine tool for manage atuned AI tuning system.
* Tue Feb 15 2022 gaoruoshu <gaoruoshu@huawei.com> - 1.0.0-2
- enable certificate authentication by default and modify file permissions
* Thu Nov 25 2021 hanxinke <hanxinke@huawei.com> - 1.0.0-1
* Fri Feb 18 2022 hanxinke <hanxinke@huawei.com> - 1.0.0-1
- upgrade to v1.0.0
* Sat May 29 2021 gaoruoshu<gaoruoshu@huawei.com> - 0.3-0.7
* Wed Sep 29 2021 gaoruoshu <gaoruoshu@huawei.com> - 0.3-1.0
- atune-adm check error before atune-adm profile
* Mon Aug 30 2021 gaoruoshu <gaoruoshu@huawei.com> - 0.3-0.9
- add successExitStatus 100 to atuned.service
* Tue Mar 16 2021 hehuazhen<hehuazhen@huawei.com> - 0.3-0.6
- support for go 1.15
* Tue Dec 29 2020 gaoruoshu<gaoruoshu@huawei.com> - 0.3-0.5
- update test case
* Sat Dec 26 2020 zhuguodong<zhuguodong8@huawei.com> - 0.3-0.4
* Sat Mar 20 2021 BruceGW <gyl93216@163.com> - 0.3-0.8
- add go compile flag
* Tue Dec 22 2020 gaoruoshu<gaoruoshu@huawei.com> - 0.3-0.3
- update file descriptions and readme files
* Mon Jan 11 2021 gaoruoshu <gaoruoshu@huawei.com> - 0.3-0.7
- update file description and test case
* Sat Nov 28 2020 hanxinke<hanxinke@huawei.com> - 0.3-0.2
* Wed Dec 30 2020 HW_TaoChen <boby.chen@huawei.com> - 0.3-0.6
- support for go 1.15
* Sat Nov 28 2020 hanxinke<hanxinke@huawei.com> - 0.3-0.5
- The engine package conflicts with atune < 0.3-0.1.
* Mon Nov 9 2020 hanxinke<hanxinke@huawei.com> - 0.3-0.1
* Mon Nov 9 2020 hanxinke<hanxinke@huawei.com> - 0.3-0.4
- fix wrong license
* Wed Sep 9 2020 Zhipeng Xie<xiezhipeng1@huawei.com> - 0.3-0.3
- only require prefetch_tuning on aarch64
* Mon Sep 7 2020 Zhipeng Xie<xiezhipeng1@huawei.com> - 0.3-0.2
- fix wrong requires
* Fri Sep 4 2020 Zhipeng Xie<xiezhipeng1@huawei.com> - 0.3-0.1
- upgrade to v0.3
* Thu Mar 19 2020 openEuler Buildteam <buildteam@openeuler.org> - 0.2-0.1
@ -201,3 +250,4 @@ atune engine tool for manage atuned AI tuning system.
* Tue Nov 12 2019 openEuler Buildteam <buildteam@openeuler.org> - 0.1-0.1
- Package init

57
fix-collection-train-file-overwriting-through-soft-links.patch Normal file
View File

@ -0,0 +1,57 @@
From c5e491e5dffab4dda814f2e1ba11c21714cac0c6 Mon Sep 17 00:00:00 2001
From: zhoupengcheng <zhoupengcheng11@huawei.com>
Date: Wed, 1 Nov 2023 11:14:37 +0800
Subject: [PATCH] fix-collection-train-file-overwriting-through-soft-links.patch
---
analysis/atuned/collector.py | 10 +++++++++-
analysis/engine/train.py | 4 +++-
2 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/analysis/atuned/collector.py b/analysis/atuned/collector.py
index 4749284..9a264dd 100755
--- a/analysis/atuned/collector.py
+++ b/analysis/atuned/collector.py
@@ -39,6 +39,15 @@ class Collector(Resource):
args = COLLECTOR_POST_PARSER.parse_args()
current_app.logger.info(args)
n_pipe = get_npipe(args.get("pipe"))
+
+ path = args.get("file")
+ path = os.path.abspath(path)
+ if not path.startswith("/var/atune_data/collection/"):
+ return "Files outside the /var/atune_data/collection/ directory cannot be modified.", 400
+
+ if os.path.exists(path):
+ return "File already exists!", 400
+
monitors = []
mpis = []
field_name = []
@@ -91,7 +100,6 @@ class Collector(Resource):
if n_pipe is not None:
n_pipe.close()
- path = args.get("file")
save_file(path, data, field_name)
result = {}
result["path"] = path
diff --git a/analysis/engine/train.py b/analysis/engine/train.py
index 7608660..462b16c 100644
--- a/analysis/engine/train.py
+++ b/analysis/engine/train.py
@@ -49,8 +49,10 @@ class Training(Resource):
return "Illegal model name provide: {}".format(err), 400
characterization = WorkloadCharacterization(model_path)
+ output_path = TRAINING_MODEL_PATH + model_name
+ if os.path.exists(output_path):
+ return "File already exists!", 400
try:
- output_path = TRAINING_MODEL_PATH + model_name
characterization.retrain(data_path, output_path)
except Exception as err:
LOGGER.error(err)
--
2.33.0