summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSusant Palai <spalai@redhat.com>2018-11-02 09:23:42 +0530
committerShyamsundar Ranganathan <srangana@redhat.com>2018-11-09 14:02:19 +0000
commitc87a458998717e951094744a56247a8ec6c48b4b (patch)
tree8704f53f9b28eed9f8cbc1e63231b41afa056199
parentd0b3b63519dac97ad2c4bc24821565e9aea02ba2 (diff)
lock: Do not allow meta-lock count to be more than one
In the current scheme of glusterfs where lock migration is experimental, (ideally) the rebalance process which is migrating the file should request for a metalock. Hence, the metalock count should not be more than one for an inode. In future, if there is a need for meta-lock from other clients, this patch can be reverted. Since pl_metalk is called as part of setxattr operation, any client process(non-rebalance) residing outside trusted network can exhaust memory of the server node by issuing setxattr repetitively on the metalock key. The current patch makes sure that more than one metalock cannot be granted on an inode. Fixes CVE-2018-14660 updates: bz#1647962 Change-Id: Ie1e697766388718804a9551bc58351808fe71069 Signed-off-by: Susant Palai <spalai@redhat.com>
-rw-r--r--xlators/features/locks/src/posix.c35
1 files changed, 34 insertions, 1 deletions
diff --git a/xlators/features/locks/src/posix.c b/xlators/features/locks/src/posix.c
index 6b4392ec21d..28c879822ba 100644
--- a/xlators/features/locks/src/posix.c
+++ b/xlators/features/locks/src/posix.c
@@ -2913,6 +2913,39 @@ pl_metalk(call_frame_t *frame, xlator_t *this, inode_t *inode)
goto out;
}
+ /* Non rebalance process trying to do metalock */
+ if (frame->root->pid != GF_CLIENT_PID_DEFRAG) {
+ ret = -1;
+ goto out;
+ }
+
+ /* Note: In the current scheme of glusterfs where lock migration is
+ * experimental, (ideally) the rebalance process which is migrating
+ * the file should request for a metalock. Hence, the metalock count
+ * should not be more than one for an inode. In future, if there is a
+ * need for meta-lock from other clients, the following block can be
+ * removed.
+ *
+ * Since pl_metalk is called as part of setxattr operation, any client
+ * process(non-rebalance) residing outside trusted network can exhaust
+ * memory of the server node by issuing setxattr repetitively on the
+ * metalock key. The following code makes sure that more than
+ * one metalock cannot be granted on an inode*/
+ pthread_mutex_lock(&pl_inode->mutex);
+ {
+ if (pl_metalock_is_active(pl_inode)) {
+ gf_msg(this->name, GF_LOG_WARNING, EINVAL, 0,
+ "More than one meta-lock can not be granted on"
+ "the inode");
+ ret = -1;
+ }
+ }
+ pthread_mutex_lock(&pl_inode->mutex);
+
+ if (ret == -1) {
+ goto out;
+ }
+
if (frame->root->client) {
ctx = pl_ctx_get(frame->root->client, this);
if (!ctx) {
@@ -3086,7 +3119,7 @@ pl_setxattr(call_frame_t *frame, xlator_t *this, loc_t *loc, dict_t *dict,
int flags, dict_t *xdata)
{
int op_ret = 0;
- int op_errno = 0;
+ int op_errno = EINVAL;
dict_t *xdata_rsp = NULL;
PL_LOCAL_GET_REQUESTS(frame, this, xdata, NULL, loc, NULL);