glusterfs.git, branch v3.12.14 doc: Release notes for v3.12.4 2018-09-06T16:10:10+00:00 Jiffin Tony Thottan jthottan@redhat.com 2018-09-06T16:09:15+00:00 fe5b6bc8522b3539a97765b243ad37ef227c05b6 Change-Id: I836d5fc0981ee9a0348aca9b1bde4d46e1519607 BUG: 1625504 Signed-off-by: Jiffin Tony Thottan <jthottan@redhat.com> 
Change-Id: I836d5fc0981ee9a0348aca9b1bde4d46e1519607
BUG: 1625504
Signed-off-by: Jiffin Tony Thottan <jthottan@redhat.com>
rpc: handle EAGAIN when SSL_ERROR_SYSCALL is returned 2018-09-06T15:59:24+00:00 Milind Changire mchangir@redhat.com 2018-08-27T05:51:24+00:00 3ccad2fe9c637a1186d091f6d2395bf9a85b7ad5 Problem: A return value of ENODATA was forcibly returned in the case where SSL_get_error(r) returned SSL_ERROR_SYSCALL. Sometimes SSL_ERROR_SYSCALL is a transient error which is identified by setting errno to EAGAIN. EAGAIN is not a fatal error and indicates that the syscall needs to be retried. Solution: Bubble up the errno in case SSL_get_error(r) returns SSL_ERROR_SYSCALL and let the upper layers handle it appropriately. fixes: bz#1622405 Change-Id: I76eff278378930ee79abbf9fa267a7e77356eed6 BUG: 1622405 Signed-off-by: Milind Changire <mchangir@redhat.com> 
Problem:
A return value of ENODATA was forcibly returned in the case where
SSL_get_error(r) returned SSL_ERROR_SYSCALL. Sometimes SSL_ERROR_SYSCALL
is a transient error which is identified by setting errno to EAGAIN.
EAGAIN is not a fatal error and indicates that the syscall needs to be
retried.

Solution:
Bubble up the errno in case SSL_get_error(r) returns SSL_ERROR_SYSCALL
and let the upper layers handle it appropriately.

fixes: bz#1622405
Change-Id: I76eff278378930ee79abbf9fa267a7e77356eed6
BUG: 1622405
Signed-off-by: Milind Changire <mchangir@redhat.com>
protocol: don't use alloca 2018-09-06T15:55:43+00:00 Amar Tumballi amarts@redhat.com 2018-07-24T08:26:56+00:00 3898f8e35be7c59b753d120e3878af5ba59cdaaf current implementation of alloca can cause issues when strings larger than the allocated buffer is passed to the xdr. Hence it makes sense to allow XDR decode functions to deal with memory allocations, which we can free later. BUG: 1625654 Change-Id: I3a05553f5702de9575c244649ca0e5ac9abaac94 Signed-off-by: Amar Tumballi <amarts@redhat.com> 
current implementation of alloca can cause issues when strings larger
than the allocated buffer is passed to the xdr. Hence it makes sense
to allow XDR decode functions to deal with memory allocations, which
we can free later.

BUG: 1625654
Change-Id: I3a05553f5702de9575c244649ca0e5ac9abaac94
Signed-off-by: Amar Tumballi <amarts@redhat.com>
posix: disable open/read/write on special files 2018-09-06T15:55:03+00:00 Amar Tumballi amarts@redhat.com 2018-09-05T13:33:08+00:00 71b4465a5d7e3763c1e42d4be841a2479fe96ae1 In the file system, the responsibility w.r.to the block and char device files is related to only support for 'creating' them (using mknod(2)). Once the device files are created, the read/write syscalls for the specific devices are handled by the device driver registered for the specific major number, and depending on the minor number, it knows where to read from. Hence, we are at risk of reading contents from devices which are handled by the host kernel on server nodes. By disabling open/read/write on the device file, we would be safe with the bypass one can achieve from client side (using gfapi) BUG: 1625648 Change-Id: I48c776b0af1cbd2a5240862826d3d8918601e47f Signed-off-by: Amar Tumballi <amarts@redhat.com> 
In the file system, the responsibility w.r.to the block and char device
files is related to only support for 'creating' them (using mknod(2)).

Once the device files are created, the read/write syscalls for the specific
devices are handled by the device driver registered for the specific major
number, and depending on the minor number, it knows where to read from.
Hence, we are at risk of reading contents from devices which are handled
by the host kernel on server nodes.

By disabling open/read/write on the device file, we would be safe with
the bypass one can achieve from client side (using gfapi)

BUG: 1625648

Change-Id: I48c776b0af1cbd2a5240862826d3d8918601e47f
Signed-off-by: Amar Tumballi <amarts@redhat.com>
io-stats: dump io-stats info in /var/run/gluster 2018-09-06T15:54:50+00:00 Amar Tumballi amarts@redhat.com 2018-07-24T10:12:28+00:00 bcc1d689e8e131b6e23cbbe0b785dec8e23a108c It wouldn't make sense to allow iostats file to be written in *any* directory. While the formating makes sure we try to append io-stats-name for the file, so overwriting existing file is slim, but in any case it makes sense to restrict dumping to one directory. Below are the sample commands, and files created for the corresponding values: $ setfattr -n trusted.io-stats-dump -v file-for-dump $M0 In this case, the file would be in /var/run/gluster/file-for-dump $ setfattr -n trusted.io-stats-dump -v /dir1/dir2/file-for-dump $M0 In this case, then the dump file is in /var/run/gluster/dir1-dir2-file-for-dump Note that the value passed for this virtual xattr would be treated as a file, and even if the value has '/' in it, it would be changed to '-' for sanity. BUG: 1625660 Change-Id: Id9ae6a40a190b8937c51662e6e1c2a0f6c86a0e0 Signed-off-by: Amar Tumballi <amarts@redhat.com> 
It wouldn't make sense to allow iostats file to be written in
*any* directory. While the formating makes sure we try to append
io-stats-name for the file, so overwriting existing file is slim,
but in any case it makes sense to restrict dumping to one directory.

Below are the sample commands, and files created for the corresponding
values:

 $ setfattr -n trusted.io-stats-dump -v file-for-dump $M0

In this case, the file would be in /var/run/gluster/file-for-dump

 $ setfattr -n trusted.io-stats-dump -v /dir1/dir2/file-for-dump $M0

In this case, then the dump file is in /var/run/gluster/dir1-dir2-file-for-dump

Note that the value passed for this virtual xattr would be treated as a
file, and even if the value has '/' in it, it would be changed to '-'
for sanity.

BUG: 1625660

Change-Id: Id9ae6a40a190b8937c51662e6e1c2a0f6c86a0e0
Signed-off-by: Amar Tumballi <amarts@redhat.com>
server-protocol: don't allow '../' path in 'name' 2018-09-06T15:54:16+00:00 Amar Tumballi amarts@redhat.com 2018-08-09T07:30:01+00:00 8356b9f169f73cfdfaf6e96fcd0af618efc3a649 This will prevent any arbitrary file creation through glusterfs by modifying the client bits. Also check for the similar flaw inside posix too, so we prevent any changes in layers in-between. BUG: 1625664 Signed-off-by: Amar Tumballi <amarts@redhat.com> Change-Id: Id9fe0ef6e86459e8ed85ab947d977f058c5ae06e 
This will prevent any arbitrary file creation through glusterfs
by modifying the client bits.

Also check for the similar flaw inside posix too, so we prevent any
changes in layers in-between.

BUG: 1625664
Signed-off-by: Amar Tumballi <amarts@redhat.com>
Change-Id: Id9fe0ef6e86459e8ed85ab947d977f058c5ae06e
dict: handle negative key/value length while unserialize 2018-09-06T15:53:56+00:00 Amar Tumballi amarts@redhat.com 2018-07-24T07:55:12+00:00 e1461a27e98980dde85c1a506eef514d8cefda4b Change-Id: Ie56df0da46c242846a1ba51ccb9e011af118b119 BUG: 1625656 Signed-off-by: Amar Tumballi <amarts@redhat.com> 
Change-Id: Ie56df0da46c242846a1ba51ccb9e011af118b119
BUG: 1625656
Signed-off-by: Amar Tumballi <amarts@redhat.com>
posix: remove not supported get/set content 2018-09-05T17:10:42+00:00 Amar Tumballi amarts@redhat.com 2018-07-24T11:44:31+00:00 846ab3c294ff1926e28f367352314789aacc0459 getting and setting a file's content using extended attribute worked great as a GET/PUT alternative when an object storage is supported on top of Gluster. But it needs application changes, and also, it skips some caching layers. It is not used over years, and not supported any more. Remove the dead code. Fixes: bz#1625286 Change-Id: Ide3b3f1f644f6ca58558bbe45561f346f96b95b7 BUG: 1625286 Signed-off-by: Amar Tumballi <amarts@redhat.com> 
getting and setting a file's content using extended
attribute worked great as a GET/PUT alternative when
an object storage is supported on top of Gluster. But
it needs application changes, and also, it skips some
caching layers.

It is not used over years, and not supported any more.
Remove the dead code.

Fixes: bz#1625286

Change-Id: Ide3b3f1f644f6ca58558bbe45561f346f96b95b7
BUG: 1625286
Signed-off-by: Amar Tumballi <amarts@redhat.com>
Release notes for Gluster 3.12.13 2018-08-20T07:04:53+00:00 Jiffin Tony Thottan jthottan@redhat.com 2018-08-20T06:41:06+00:00 8727292061bb91fb50ee59cc247276d0259f0b20 Change-Id: If73fa6127f98b6ae08d8853736376d8077aba1ac BUG: 1619117 Signed-off-by: Jiffin Tony Thottan <jthottan@redhat.com> 
Change-Id: If73fa6127f98b6ae08d8853736376d8077aba1ac
BUG: 1619117
Signed-off-by: Jiffin Tony Thottan <jthottan@redhat.com>
Bash integration script should namespace variables 2018-08-17T18:29:26+00:00 Mark Mielke mark.mielke@gmail.com 2018-08-14T03:54:34+00:00 d8473a17435227f9bd5203ba9de9bd0b53629682 In the original submitted script, it looks like there was effort put into namespacing all global variables. However a few mistakes remained. GLUSTER_TOP_SUBOPTIONSx were defined, but TOP_SUBOPTIONSx were referenced. This was likely an unrecognized defect in the original code submission? These are now corrected to refer to GLUSTER_TOP_SUBOPTIONSx. FINAL_LIST, LIST, and TOP were leaked into all Bash shells and used by the command completion functions. The most problematic of these was TOP, which was declared with "-i" making it an integer. This cause other code which used TOP to define a path to fail like this: $ bash $ TOP=/abc bash: /abc: syntax error: operand expected (error token is "/abc") These are now qualified as GLUSTER_FINAL_LIST, GLUSTER_LIST, and GLUSTER_TOP to reduce impact on scripts that might choose to use these extremely common variable names. > Change-Id: Ic96eda8efd1f3238bbade6c6ddb69118e8d82158 > Signed-off-by: Mark Mielke <mark.mielke@gmail.com> (cherry picked from commit 89545e745e4075845c18078be67a31dea93a4e88) Change-Id: Ic96eda8efd1f3238bbade6c6ddb69118e8d82158 Fixes: bz#1618838 Signed-off-by: Mark Mielke <mark.mielke@gmail.com> 
In the original submitted script, it looks like there was effort
put into namespacing all global variables. However a few mistakes
remained.

GLUSTER_TOP_SUBOPTIONSx were defined, but TOP_SUBOPTIONSx were
referenced. This was likely an unrecognized defect in the
original code submission? These are now corrected to refer to
GLUSTER_TOP_SUBOPTIONSx.

FINAL_LIST, LIST, and TOP were leaked into all Bash shells and
used by the command completion functions. The most problematic
of these was TOP, which was declared with "-i" making it an
integer. This cause other code which used TOP to define a path
to fail like this:

    $ bash
    $ TOP=/abc
    bash: /abc: syntax error: operand expected (error token is "/abc")

These are now qualified as GLUSTER_FINAL_LIST, GLUSTER_LIST, and
GLUSTER_TOP to reduce impact on scripts that might choose to use
these extremely common variable names.

> Change-Id: Ic96eda8efd1f3238bbade6c6ddb69118e8d82158
> Signed-off-by: Mark Mielke <mark.mielke@gmail.com>

(cherry picked from commit 89545e745e4075845c18078be67a31dea93a4e88)

Change-Id: Ic96eda8efd1f3238bbade6c6ddb69118e8d82158
Fixes: bz#1618838
Signed-off-by: Mark Mielke <mark.mielke@gmail.com>