glusterfs.git/rpc/rpc-transport/socket/src, branch v3.6.6 rpc-transport: socket_poller fixes for proper working of mgmt encryption 2015-07-17T07:18:41+00:00 Kaushal M kaushal@redhat.com 2015-07-13T10:46:00+00:00 6263e73688ba2be49fd55f4c6a2d12609ce45f91 Backport of 8c39f14 from master socket_poller, the polling function used by ssl own_thread, had two issues which lead to GlusterD crashes when using management encryption Issue 1 ------- socket_poller calls functions which require THIS to be set. But, THIS was being set conditionally. Because of this, functions could sometimes be called without THIS being set. For example, rpc_transport_notify could be called for an accepted client socket without THIS being set, as THIS was only set it the transport wasn't yet connected. This would cause the process to crash when THIS was accessed by the called functions. To fix this, THIS is being set at the start of socket_poller unconditionally. Issue 2 ------- DISCONNECT notify was being sent on the listener transport instead of the client transport. The DISCONNECT event was converted to a LISTENER_DEAD event in rpcsvc_handle_disconnect, as it could not find the listener socket of the listener socket. GlusterD was notified of a LISTENER_DEAD event instead of a DISCONNECT and failed to remove the client transport from its xprt_list. The transport would subsequently be freed, leaving the xprt_list with a corrupted/invalid entry. Later, when GlusterD would iterate over the xprt_list to send notifications, it would crash when the invalid entry was accessed. To fix this, DISCONNECT notification in socket_poller is sent on the client socket, as it is done in the epoll handler. Change-Id: I0370b7c6d7eb13de10ebf08d91a4a39dc7d64c7a BUG: 1243700 Signed-off-by: Kaushal M <kaushal@redhat.com> Reviewed-on: http://review.gluster.org/11690 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Raghavendra G <rgowdapp@redhat.com> Reviewed-by: Raghavendra Bhat <raghavendra@redhat.com> 
  Backport of 8c39f14 from master

socket_poller, the polling function used by ssl own_thread, had two
issues which lead to GlusterD crashes when using management encryption

Issue 1
-------
socket_poller calls functions which require THIS to be set. But, THIS
was being set conditionally. Because of this, functions could sometimes
be called without THIS being set. For example, rpc_transport_notify
could be called for an accepted client socket without THIS being set, as
THIS was only set it the transport wasn't yet connected. This would
cause the process to crash when THIS was accessed by the called
functions.

To fix this, THIS is being set at the start of socket_poller
unconditionally.

Issue 2
-------
DISCONNECT notify was being sent on the listener transport instead of
the client transport. The DISCONNECT event was converted to a
LISTENER_DEAD event in rpcsvc_handle_disconnect, as it could not find
the listener socket of the listener socket. GlusterD was notified of a
LISTENER_DEAD event instead of a DISCONNECT and failed to remove the
client transport from its xprt_list. The transport would subsequently
be freed, leaving the xprt_list with a corrupted/invalid entry. Later,
when GlusterD would iterate over the xprt_list to send notifications, it
would crash when the invalid entry was accessed.

To fix this, DISCONNECT notification in socket_poller is sent on the
client socket, as it is done in the epoll handler.

Change-Id: I0370b7c6d7eb13de10ebf08d91a4a39dc7d64c7a
BUG: 1243700
Signed-off-by: Kaushal M <kaushal@redhat.com>
Reviewed-on: http://review.gluster.org/11690
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Raghavendra G <rgowdapp@redhat.com>
Reviewed-by: Raghavendra Bhat <raghavendra@redhat.com>
socket: fix multithreading-related build problems on RHEL5 2015-05-27T11:39:34+00:00 Jeff Darcy jdarcy@redhat.com 2015-05-26T15:08:23+00:00 1661ac3cfabdbdc39c18adb18e55ac6b85e3d05d Change-Id: I3e145137c3ef738c4459c8d3098d6094ccfb008a BUG: 1225072 Signed-off-by: Jeff Darcy <jdarcy@redhat.com> Reviewed-on: http://review.gluster.org/10921 Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com> Reviewed-by: Niels de Vos <ndevos@redhat.com> Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Raghavendra Bhat <raghavendra@redhat.com> 
Change-Id: I3e145137c3ef738c4459c8d3098d6094ccfb008a
BUG: 1225072
Signed-off-by: Jeff Darcy <jdarcy@redhat.com>
Reviewed-on: http://review.gluster.org/10921
Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com>
Reviewed-by: Niels de Vos <ndevos@redhat.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Raghavendra Bhat <raghavendra@redhat.com>
socket: use OpenSSL multi-threading interfaces 2015-05-19T13:04:44+00:00 Jeff Darcy jdarcy@redhat.com 2015-03-31T18:34:22+00:00 94fdc9ac821238fc5452613436a10e4928decc77 OpenSSL isn't thread-safe unless you register these locking and thread ID functions. Most often the crashes would occur around X509_verify_cert, even though it's insane that the certificate parsing functions wouldn't be thread-safe. The bug for this was filed over two years ago, but it didn't seem like a high priority because the bug didn't bite anyone until it caused a spurious regression-test failure. Ironically, that was on a test for a *different* spurious regression-test failure, which I guess is just deserts for leaving this on the to-do list so long. This is a backport of 8830e90fa1b131057e4ee1742cb83d78102714c0 > Change-Id: I2a6c0e9b361abf54efa10ffbbbe071404f82b0d9 > BUG: 906763 > Signed-off-by: Jeff Darcy <jdarcy@redhat.com> > Reviewed-on: http://review.gluster.org/10075 > Tested-by: Gluster Build System <jenkins@build.gluster.com> > Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com> > Reviewed-by: Vijay Bellur <vbellur@redhat.com> Change-Id: I66de5f2830936ccc8d447fed6d1a83ebe7e93460 BUG: 1218167 Signed-off-by: Jeff Darcy <jdarcy@redhat.com> Reviewed-on: http://review.gluster.org/10591 Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com> Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Raghavendra Bhat <raghavendra@redhat.com> 
OpenSSL isn't thread-safe unless you register these locking and thread
ID functions.  Most often the crashes would occur around
X509_verify_cert, even though it's insane that the certificate parsing
functions wouldn't be thread-safe.  The bug for this was filed over
two years ago, but it didn't seem like a high priority because the bug
didn't bite anyone until it caused a spurious regression-test failure.
Ironically, that was on a test for a *different* spurious
regression-test failure, which I guess is just deserts for leaving
this on the to-do list so long.

This is a backport of 8830e90fa1b131057e4ee1742cb83d78102714c0
>   Change-Id: I2a6c0e9b361abf54efa10ffbbbe071404f82b0d9
>   BUG: 906763
>   Signed-off-by: Jeff Darcy <jdarcy@redhat.com>
>   Reviewed-on: http://review.gluster.org/10075
>   Tested-by: Gluster Build System <jenkins@build.gluster.com>
>   Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com>
>   Reviewed-by: Vijay Bellur <vbellur@redhat.com>

Change-Id: I66de5f2830936ccc8d447fed6d1a83ebe7e93460
BUG: 1218167
Signed-off-by: Jeff Darcy <jdarcy@redhat.com>
Reviewed-on: http://review.gluster.org/10591
Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Raghavendra Bhat <raghavendra@redhat.com>
socket: fix segfaults when TLS management connections fail 2015-04-21T12:27:14+00:00 Jeff Darcy jdarcy@redhat.com 2014-11-06T03:37:48+00:00 415f575279d30feccb7436b85121a3a5489fdcf7 Backport of 0b9a6a6 from master. BUG: 1212684 Change-Id: Iec5410b937af150621b757924836cec638b5eb55 Signed-off-by: Jeff Darcy <jdarcy@redhat.com> Signed-off-by: Kaushal M <kaushal@redhat.com> Reviewed-on: http://review.gluster.org/10280 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Raghavendra Bhat <raghavendra@redhat.com> 
Backport of 0b9a6a6 from master.

BUG: 1212684
Change-Id: Iec5410b937af150621b757924836cec638b5eb55
Signed-off-by: Jeff Darcy <jdarcy@redhat.com>
Signed-off-by: Kaushal M <kaushal@redhat.com>
Reviewed-on: http://review.gluster.org/10280
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Raghavendra Bhat <raghavendra@redhat.com>
socket: disallow CBC cipher modes 2014-10-29T11:37:55+00:00 Jeff Darcy jdarcy@redhat.com 2014-10-21T20:54:48+00:00 ab017cabfb547f423fd0d9702865edcb91b58c53 This is related to CVE-2014-3566 a.k.a. POODLE. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566 POODLE is specific to CBC cipher modes in SSLv3. Because there is no way to prevent SSLv3 fallback on a system with an unpatched version of OpenSSL, users of such systems can only be protected by disallowing CBC modes. The default cipher-mode specification in our code has been changed accordingly. Users can still set their own cipher modes if they wish. To support them, the ssl-authz.t test script provides an example of how to combine the CBC exclusion with other criteria in a script. Change-Id: Ib1fa547082fbb7de9df94ffd182b1800d6e354e5 BUG: 1157659 Signed-off-by: Jeff Darcy <jdarcy@redhat.com> Reviewed-on: http://review.gluster.org/8962 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com> Reviewed-by: Vijay Bellur <vbellur@redhat.com> Reviewed-on: http://review.gluster.org/8987 Reviewed-by: Niels de Vos <ndevos@redhat.com> Tested-by: Niels de Vos <ndevos@redhat.com> 
This is related to CVE-2014-3566 a.k.a. POODLE.

	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566

POODLE is specific to CBC cipher modes in SSLv3.  Because there is no
way to prevent SSLv3 fallback on a system with an unpatched version of
OpenSSL, users of such systems can only be protected by disallowing CBC
modes.  The default cipher-mode specification in our code has been
changed accordingly.  Users can still set their own cipher modes if they
wish.  To support them, the ssl-authz.t test script provides an example
of how to combine the CBC exclusion with other criteria in a script.

Change-Id: Ib1fa547082fbb7de9df94ffd182b1800d6e354e5
BUG: 1157659
Signed-off-by: Jeff Darcy <jdarcy@redhat.com>
Reviewed-on: http://review.gluster.org/8962
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
Reviewed-on: http://review.gluster.org/8987
Reviewed-by: Niels de Vos <ndevos@redhat.com>
Tested-by: Niels de Vos <ndevos@redhat.com>
Use sane OS-dependent defaults for SSL configuration 2014-09-26T12:24:20+00:00 Emmanuel Dreyfus manu@netbsd.org 2014-09-26T00:13:57+00:00 61353a428903047d800b572637ab1df6f2b04a42 Current code assumes /etc/ssl exists, which may not be the case. Attempt to guess sane default for a few OS. Backport of I0f3168f79b8f4275636581041740dfcaf25f3edd BUG: 1138897 Change-Id: I972c26236cbf070f15c3846add059bd33d60216d Signed-off-by: Emmanuel Dreyfus <manu@netbsd.org> Reviewed-on: http://review.gluster.org/8861 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Vijay Bellur <vbellur@redhat.com> 
Current code assumes /etc/ssl exists, which may not be the case.
Attempt to guess sane default for a few OS.

Backport of I0f3168f79b8f4275636581041740dfcaf25f3edd

BUG: 1138897
Change-Id: I972c26236cbf070f15c3846add059bd33d60216d
Signed-off-by: Emmanuel Dreyfus <manu@netbsd.org>
Reviewed-on: http://review.gluster.org/8861
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
socket: Fixed parsing RPC records containing multi fragments 2014-09-25T12:01:18+00:00 Gu Feng flygoast@126.com 2014-09-09T10:00:22+00:00 b7d2482d85d57b4eaf2110060f62f17769895da7 In __socket_proto_state_machine(), when parsing RPC records containing multi fragments, just change the state of parsing process, had not processed the memory to coalesce the multi fragments. Change-Id: I5583e578603bd7290814a5d26885b31759c73115 BUG: 1146200 Signed-off-by: Gu Feng <flygoast@126.com> Reviewed-on: http://review.gluster.org/8662 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Niels de Vos <ndevos@redhat.com> Reviewed-by: Raghavendra G <rgowdapp@redhat.com> Tested-by: Raghavendra G <rgowdapp@redhat.com> Reviewed-on: http://review.gluster.org/8838 
In __socket_proto_state_machine(), when parsing RPC records containing
multi fragments, just change the state of parsing process, had not
processed the memory to coalesce the multi fragments.

Change-Id: I5583e578603bd7290814a5d26885b31759c73115
BUG: 1146200
Signed-off-by: Gu Feng <flygoast@126.com>
Reviewed-on: http://review.gluster.org/8662
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Niels de Vos <ndevos@redhat.com>
Reviewed-by: Raghavendra G <rgowdapp@redhat.com>
Tested-by: Raghavendra G <rgowdapp@redhat.com>
Reviewed-on: http://review.gluster.org/8838
Fix glustershd detection on volume restart 2014-09-08T06:19:08+00:00 Emmanuel Dreyfus manu@netbsd.org 2014-09-06T01:08:20+00:00 467446c6837debff2caacfdb889adc69e9c702ae On NetBSD and FreeBSD, doing a 'gluster volume start $volume force' causes NFS server, quotad, snapd and glustershd to be undetected by glusterd once the volume has restarted. 'gluster volume status' shows the three processes as 'N' in the online column, while they have been launched successfully. This happens because glusterd attempts to connect to its child processes just between the child does a unlink() on the socket in __socket_server_bind() and the time it calls bind() and listen(). Different scheduling policy may explain why the problem does not happen on Linux, but it may pop up some day since we make no guaranteed assumptions here. This patchet works this around by introducing a boolean transport.socket.ignore-enoent option, set by nfs and glustershd, which prevents ENOENT to be fatal and cause glusterd to retry and suceed later. Behavior of other clients is unaffected. This is a backport of Ifdc4d45b2513743ed42ee235a5c61a086321644c BUG: 1138897 Change-Id: I04472f045249c99a9492218ceebfab847474db2d Signed-off-by: Emmanuel Dreyfus <manu@netbsd.org> Reviewed-on: http://review.gluster.org/8630 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Vijay Bellur <vbellur@redhat.com> 
On NetBSD and FreeBSD, doing a 'gluster volume start $volume force' causes
NFS server, quotad, snapd and glustershd to be undetected by glusterd once the
volume has restarted. 'gluster volume status' shows the three processes
as 'N' in the online column, while they have been launched successfully.

This happens because glusterd attempts to connect to its child processes
just between the child does a unlink() on the socket in
__socket_server_bind() and the time it calls bind() and listen().
Different scheduling policy may explain why the problem does not happen
on Linux, but it may pop up some day since we make no guaranteed
assumptions here.

This patchet works this around by introducing a boolean
transport.socket.ignore-enoent option, set by nfs and glustershd,
which prevents ENOENT to be fatal and cause glusterd to retry and
suceed later. Behavior of other clients is unaffected.

This is a backport of  Ifdc4d45b2513743ed42ee235a5c61a086321644c

BUG: 1138897
Change-Id: I04472f045249c99a9492218ceebfab847474db2d
Signed-off-by: Emmanuel Dreyfus <manu@netbsd.org>
Reviewed-on: http://review.gluster.org/8630
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
socket/glusterd/client: enable SSL for management 2014-07-10T14:37:12+00:00 Jeff Darcy jdarcy@redhat.com 2014-07-03T14:01:20+00:00 b42688786f25420de671ea06030edf4371058433 The feature is controlled by presence of the following file: /var/lib/glusterd/secure-access See the comment near the definition of SECURE_ACCESS_FILE in glusterfs.h for the rationale. With this enabled, the following rules apply to connections: UNIX-domain sockets never have SSL. Management-port sockets (both connecting and accepting, in daemons and CLI) have SSL based on presence of the file. Other IP sockets have SSL based on the existing client.ssl and server.ssl volume options. Transport multi-threading is explicitly turned off in glusterd (it would otherwise be turned on when SSL is) due to multi-threading issues. Tests have been elided to avoid risk of leaving a file which will cause all subsequent tests to run with management SSL still enabled. IMPLEMENTATION NOTE The implementation is a bit messy, and consists of two stages. First we decide whether to set the relevant fields in our context structure, based on presence of the sentinel file OR a command-line override. Later we decide whether a particular connection should actually use SSL, based on the context flags plus what kind of connection we're making[1] and what kind of daemon we're in[2]. [1] inbound, outbound to glusterd port, other outbound [2] glusterd, glusterfsd, other TESTING NOTE Instead of just running one special test for this feature, the ideal would be to run all tests with management SSL enabled. However, it would be inappropriate or premature to set up an optional feature in the patch itself. Therefore, the method of choice is to submit a separate patch on top, which modifies "cleanup" in include.rc to recreate the secure-access file and associated SSL certificate/key files before each test. Change-Id: I0e04d6d08163893e24ec8c031748c5c447d7f780 BUG: 1114604 Signed-off-by: Jeff Darcy <jdarcy@redhat.com> Reviewed-on: http://review.gluster.org/8094 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Vijay Bellur <vbellur@redhat.com> 
The feature is controlled by presence of the following file:

	/var/lib/glusterd/secure-access

See the comment near the definition of SECURE_ACCESS_FILE in glusterfs.h
for the rationale.  With this enabled, the following rules apply to
connections:

	UNIX-domain sockets never have SSL.

	Management-port sockets (both connecting and accepting, in
	daemons and CLI) have SSL based on presence of the file.

	Other IP sockets have SSL based on the existing client.ssl and
	server.ssl volume options.

Transport multi-threading is explicitly turned off in glusterd (it would
otherwise be turned on when SSL is) due to multi-threading issues.
Tests have been elided to avoid risk of leaving a file which will cause
all subsequent tests to run with management SSL still enabled.

IMPLEMENTATION NOTE
The implementation is a bit messy, and consists of two stages.  First we
decide whether to set the relevant fields in our context structure, based
on presence of the sentinel file OR a command-line override.  Later we
decide whether a particular connection should actually use SSL, based on the
context flags plus what kind of connection we're making[1] and what kind of
daemon we're in[2].

[1] inbound, outbound to glusterd port, other outbound
[2] glusterd, glusterfsd, other

TESTING NOTE
Instead of just running one special test for this feature, the ideal
would be to run all tests with management SSL enabled.  However, it
would be inappropriate or premature to set up an optional feature in the
patch itself.  Therefore, the method of choice is to submit a separate
patch on top, which modifies "cleanup" in include.rc to recreate the
secure-access file and associated SSL certificate/key files before each
test.

Change-Id: I0e04d6d08163893e24ec8c031748c5c447d7f780
BUG: 1114604
Signed-off-by: Jeff Darcy <jdarcy@redhat.com>
Reviewed-on: http://review.gluster.org/8094
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
socket: add certificate-depth and cipher-list options for SSL 2014-07-04T11:18:00+00:00 Jeff Darcy jdarcy@redhat.com 2014-07-03T13:27:13+00:00 83c09b75a8fbc3a46fc0e76f805e061e949678f1 Change-Id: I82757f8461807301a4a4f28c4f5bf7f0ee315113 BUG: 1114604 Signed-off-by: Jeff Darcy <jdarcy@redhat.com> Reviewed-on: http://review.gluster.org/8040 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Rajesh Joseph <rjoseph@redhat.com> Reviewed-by: Vijay Bellur <vbellur@redhat.com> 
Change-Id: I82757f8461807301a4a4f28c4f5bf7f0ee315113
BUG: 1114604
Signed-off-by: Jeff Darcy <jdarcy@redhat.com>
Reviewed-on: http://review.gluster.org/8040
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Rajesh Joseph <rjoseph@redhat.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>