glusterfs.git/xlators, branch v4.1.4 posix: disable open/read/write on special files 2018-09-06T15:03:55+00:00 Amar Tumballi amarts@redhat.com 2018-09-05T13:33:08+00:00 39db09af1de261ef3b80ce354e8b1b89a599fd40 In the file system, the responsibility w.r.to the block and char device files is related to only support for 'creating' them (using mknod(2)). Once the device files are created, the read/write syscalls for the specific devices are handled by the device driver registered for the specific major number, and depending on the minor number, it knows where to read from. Hence, we are at risk of reading contents from devices which are handled by the host kernel on server nodes. By disabling open/read/write on the device file, we would be safe with the bypass one can achieve from client side (using gfapi) Fixes: bz#1625096 Change-Id: I48c776b0af1cbd2a5240862826d3d8918601e47f Signed-off-by: Amar Tumballi <amarts@redhat.com> 
In the file system, the responsibility w.r.to the block and char device
files is related to only support for 'creating' them (using mknod(2)).

Once the device files are created, the read/write syscalls for the specific
devices are handled by the device driver registered for the specific major
number, and depending on the minor number, it knows where to read from.
Hence, we are at risk of reading contents from devices which are handled
by the host kernel on server nodes.

By disabling open/read/write on the device file, we would be safe with
the bypass one can achieve from client side (using gfapi)

Fixes: bz#1625096

Change-Id: I48c776b0af1cbd2a5240862826d3d8918601e47f
Signed-off-by: Amar Tumballi <amarts@redhat.com>
protocol: don't use alloca 2018-09-06T15:02:15+00:00 Amar Tumballi amarts@redhat.com 2018-07-24T08:26:56+00:00 3c66ee967cf7377595c714693e6e9a70861cf822 current implementation of alloca can cause issues when strings larger than the allocated buffer is passed to the xdr. Hence it makes sense to allow XDR decode functions to deal with memory allocations, which we can free later. Fixes: bz#1625097 Change-Id: I3a05553f5702de9575c244649ca0e5ac9abaac94 Signed-off-by: Amar Tumballi <amarts@redhat.com> 
current implementation of alloca can cause issues when strings larger
than the allocated buffer is passed to the xdr. Hence it makes sense
to allow XDR decode functions to deal with memory allocations, which
we can free later.

Fixes: bz#1625097

Change-Id: I3a05553f5702de9575c244649ca0e5ac9abaac94
Signed-off-by: Amar Tumballi <amarts@redhat.com>
io-stats: dump io-stats info in /var/run/gluster 2018-09-06T15:01:36+00:00 Amar Tumballi amarts@redhat.com 2018-07-24T10:12:28+00:00 1f46f2ada2d3365aa9252068fd970ae14bcc6d28 It wouldn't make sense to allow iostats file to be written in *any* directory. While the formating makes sure we try to append io-stats-name for the file, so overwriting existing file is slim, but in any case it makes sense to restrict dumping to one directory. Below are the sample commands, and files created for the corresponding values: $ setfattr -n trusted.io-stats-dump -v file-for-dump $M0 In this case, the file would be in /var/run/gluster/file-for-dump $ setfattr -n trusted.io-stats-dump -v /dir1/dir2/file-for-dump $M0 In this case, then the dump file is in /var/run/gluster/dir1-dir2-file-for-dump Note that the value passed for this virtual xattr would be treated as a file, and even if the value has '/' in it, it would be changed to '-' for sanity. Fixes: bz#1625106 Change-Id: Id9ae6a40a190b8937c51662e6e1c2a0f6c86a0e0 Signed-off-by: Amar Tumballi <amarts@redhat.com> 
It wouldn't make sense to allow iostats file to be written in
*any* directory. While the formating makes sure we try to append
io-stats-name for the file, so overwriting existing file is slim,
but in any case it makes sense to restrict dumping to one directory.

Below are the sample commands, and files created for the corresponding
values:

 $ setfattr -n trusted.io-stats-dump -v file-for-dump $M0

In this case, the file would be in /var/run/gluster/file-for-dump

 $ setfattr -n trusted.io-stats-dump -v /dir1/dir2/file-for-dump $M0

In this case, then the dump file is in /var/run/gluster/dir1-dir2-file-for-dump

Note that the value passed for this virtual xattr would be treated as a
file, and even if the value has '/' in it, it would be changed to '-'
for sanity.

Fixes: bz#1625106

Change-Id: Id9ae6a40a190b8937c51662e6e1c2a0f6c86a0e0
Signed-off-by: Amar Tumballi <amarts@redhat.com>
server-protocol: don't allow '../' path in 'name' 2018-09-06T15:00:58+00:00 Amar Tumballi amarts@redhat.com 2018-08-09T07:30:01+00:00 2af8e50a55085df7ede57184558029afc46fb8f9 This will prevent any arbitrary file creation through glusterfs by modifying the client bits. Also check for the similar flaw inside posix too, so we prevent any changes in layers in-between. Fixes: bz#1625095 Signed-off-by: Amar Tumballi <amarts@redhat.com> Change-Id: Id9fe0ef6e86459e8ed85ab947d977f058c5ae06e 
This will prevent any arbitrary file creation through glusterfs
by modifying the client bits.

Also check for the similar flaw inside posix too, so we prevent any
changes in layers in-between.

Fixes: bz#1625095

Signed-off-by: Amar Tumballi <amarts@redhat.com>
Change-Id: Id9fe0ef6e86459e8ed85ab947d977f058c5ae06e
posix: remove not supported get/set content 2018-09-06T14:43:27+00:00 Amar Tumballi amarts@redhat.com 2018-07-24T11:44:31+00:00 045a2493704cd3000260a52fc67d06582b2566ef getting and setting a file's content using extended attribute worked great as a GET/PUT alternative when an object storage is supported on top of Gluster. But it needs application changes, and also, it skips some caching layers. It is not used over years, and not supported any more. Removing the dead code. Fixes: bz#1625102 Change-Id: Ide3b3f1f644f6ca58558bbe45561f346f96b95b7 Signed-off-by: Amar Tumballi <amarts@redhat.com> 
getting and setting a file's content using extended
attribute worked great as a GET/PUT alternative when
an object storage is supported on top of Gluster. But
it needs application changes, and also, it skips some
caching layers.

It is not used over years, and not supported any more.
Removing the dead code.

Fixes: bz#1625102

Change-Id: Ide3b3f1f644f6ca58558bbe45561f346f96b95b7
Signed-off-by: Amar Tumballi <amarts@redhat.com>
storage/posix: Increment trusted.pgfid in posix_mknod 2018-08-29T03:41:38+00:00 N Balachandran nbalacha@redhat.com 2018-08-21T15:27:52+00:00 9c0e55e061dcba0fadd3a381c974f10bb7dc14fd The value of trusted.pgfid.xx was always set to 1 in posix_mknod. This is incorrect if posix_mknod calls posix_create_link_if_gfid_exists. Change-Id: Ibe87ca6f155846b9a7c7abbfb1eb8b6a99a5eb68 fixes: bz#1623317 Signed-off-by: N Balachandran <nbalacha@redhat.com> 
The value of trusted.pgfid.xx was always set to 1
in posix_mknod. This is incorrect if posix_mknod
calls posix_create_link_if_gfid_exists.

Change-Id: Ibe87ca6f155846b9a7c7abbfb1eb8b6a99a5eb68
fixes: bz#1623317
Signed-off-by: N Balachandran <nbalacha@redhat.com>
dht: Delete MDS internal xattr from dict in dht_getxattr_cbk 2018-08-16T14:31:37+00:00 Mohit Agrawal moagrawa@redhat.com 2018-05-30T09:39:29+00:00 b21b83af0baab3c651b6fd2e4657ca66080a7bcb Problem: At the time of fetching xattr to heal xattr by afr it is not able to fetch xattr because posix_getxattr has a check to ignore if xattr name is MDS Solution: To ignore same xattr update a check in dht_getxattr_cbk instead of having a check in posix_getxattr Backport of: > BUG: 1584098 > Change-Id: I86cd2b2ee08488cb6c12f407694219d57c5361dc > Signed-off-by: Mohit Agrawal <moagrawa@redhat.com> Change-Id: I86cd2b2ee08488cb6c12f407694219d57c5361dc fixes: bz#1611116 Signed-off-by: Mohit Agrawal <moagrawa@redhat.com> 
Problem: At the time of fetching xattr to heal xattr by afr
         it is not able to fetch xattr because posix_getxattr
         has a check to ignore if xattr name is MDS

Solution: To ignore same xattr update a check in dht_getxattr_cbk
          instead of having a check in posix_getxattr

Backport of:
 > BUG: 1584098
 > Change-Id: I86cd2b2ee08488cb6c12f407694219d57c5361dc
 > Signed-off-by: Mohit Agrawal <moagrawa@redhat.com>

Change-Id: I86cd2b2ee08488cb6c12f407694219d57c5361dc
fixes: bz#1611116
Signed-off-by: Mohit Agrawal <moagrawa@redhat.com>
geo-rep : fix possible crash 2018-08-16T14:31:14+00:00 Sunny Kumar sunkumar@redhat.com 2018-07-17T10:26:35+00:00 e09e3549c293f0d7f448ebb70a4e9fcc671ea098 Problem : In 'glusterd_verify_slave' while tokenizing error message we call 'strtok_r' and store return value in 'tmp' which can be NULL. We are passing this 'tmp' as 1st argument to 'strcmp' which will lead to segmentation fault. Solution : before calling 'strcmp' we should NULL check 'tmp'. Backport of: > Change-Id: Ifd3864b904afe6cd09d9e5a4b55c6d0578e22b9d > BUG: 1602121 > Signed-off-by: Sunny Kumar <sunkumar@redhat.com> Change-Id: Ifd3864b904afe6cd09d9e5a4b55c6d0578e22b9d fixes: bz#1611115 Signed-off-by: Sunny Kumar <sunkumar@redhat.com> 
Problem : In 'glusterd_verify_slave' while tokenizing error message
          we call 'strtok_r' and store return value in 'tmp' which
          can be NULL. We are passing this 'tmp' as 1st argument to
          'strcmp' which will lead to segmentation fault.
Solution : before calling 'strcmp' we should NULL check 'tmp'.

Backport of:
 > Change-Id: Ifd3864b904afe6cd09d9e5a4b55c6d0578e22b9d
 > BUG: 1602121
 > Signed-off-by: Sunny Kumar <sunkumar@redhat.com>

Change-Id: Ifd3864b904afe6cd09d9e5a4b55c6d0578e22b9d
fixes: bz#1611115
Signed-off-by: Sunny Kumar <sunkumar@redhat.com>
glusterd: memory leak in geo-rep status 2018-08-16T04:20:32+00:00 Sanju Rakonde srakonde@redhat.com 2018-05-21T10:48:53+00:00 03aed04ac00e7985c7891a532d7c59a0a4c547ed Backport of: > BUG: 1580352 > Change-Id: I9648e73090f5a2edbac663a6fb49acdb702cdc49 > Signed-off-by: Sanju Rakonde <srakonde@redhat.com> fixes: bz#1611110 Change-Id: I9648e73090f5a2edbac663a6fb49acdb702cdc49 Signed-off-by: Sanju Rakonde <srakonde@redhat.com> 
Backport of:
 > BUG: 1580352
 > Change-Id: I9648e73090f5a2edbac663a6fb49acdb702cdc49
 > Signed-off-by: Sanju Rakonde <srakonde@redhat.com>

fixes: bz#1611110
Change-Id: I9648e73090f5a2edbac663a6fb49acdb702cdc49
Signed-off-by: Sanju Rakonde <srakonde@redhat.com>
glusterd/geo-rep: Fix glusterd crash 2018-08-15T18:40:31+00:00 Kotresh HR khiremat@redhat.com 2018-05-07T10:35:25+00:00 f33a61086da43af5a5de2ba99b4045a63cf5bd79 Using strdump instead of gf_strdup crashes during free if mempool is being used. gf_free checks the magic number in the header which will not be taken care if strdup is used. Backport of: > BUG: 1576392 > Change-Id: Iab36496554b838a036af9d863e3f5fd07fd9780e > Signed-off-by: Kotresh HR <khiremat@redhat.com> fixes: bz#1611106 Change-Id: Iab36496554b838a036af9d863e3f5fd07fd9780e Signed-off-by: Kotresh HR <khiremat@redhat.com> 
Using strdump instead of gf_strdup crashes
during free if mempool is being used.
gf_free checks the magic number in the
header which will not be taken care if
strdup is used.

Backport of:
 > BUG: 1576392
 > Change-Id: Iab36496554b838a036af9d863e3f5fd07fd9780e
 > Signed-off-by: Kotresh HR <khiremat@redhat.com>

fixes: bz#1611106
Change-Id: Iab36496554b838a036af9d863e3f5fd07fd9780e
Signed-off-by: Kotresh HR <khiremat@redhat.com>