glusterfs.git/xlators/mgmt/glusterd/src, branch v4.1.6 glusterd-handshake: prevent a buffer overflow 2018-11-09T18:44:53+00:00 Amar Tumballi amarts@redhat.com 2018-11-01T01:38:29+00:00 6abe44670172f2031440b9c37923c07b712694e8 as key size in xdr can be anything, it can be bigger than the 'NAME_MAX' allowed in the structure, which can allow for service denial attacks. Fixes: CVE-2018-14653 Fixes: bz#1647670 Change-Id: I2dc5e99af27ddf44c12c94b07e51adb8674cce80 Signed-off-by: Amar Tumballi <amarts@redhat.com> 
as key size in xdr can be anything, it can be bigger than the
'NAME_MAX' allowed in the structure, which can allow for service denial
attacks.

Fixes: CVE-2018-14653

Fixes: bz#1647670
Change-Id: I2dc5e99af27ddf44c12c94b07e51adb8674cce80
Signed-off-by: Amar Tumballi <amarts@redhat.com>
glusterd: ensure volinfo->caps is set to correct value 2018-11-05T20:38:01+00:00 Sanju Rakonde srakonde@redhat.com 2018-10-03T18:28:37+00:00 224895148d95742c1f36b48bb79d8b9ef1ff0cd6 With the commit febf5ed4848, during the volume create op, we are setting volinfo->caps to 0, only if any of the bricks belong to the same node and brickinfo->vg[0] is null. Previously, we used to set volinfo->caps to 0, when either brick doesn't belong to the same node or brickinfo->vg[0] is null. With this patch, we set volinfo->caps to 0, when either brick doesn't belong to the same node or brickinfo->vg[0] is null. (as we do earlier without commit febf5ed4848). > BUG: bz#1635820 > Change-Id: I00a97415786b775fb088ac45566ad52b402f1a49 > Signed-off-by: Sanju Rakonde <srakonde@redhat.com> fixes: bz#1643052 Change-Id: I00a97415786b775fb088ac45566ad52b402f1a49 Signed-off-by: Sanju Rakonde <srakonde@redhat.com> 
With the commit febf5ed4848, during the volume create op,
we are setting volinfo->caps to 0, only if any of the bricks
belong to the same node and brickinfo->vg[0] is null.
Previously, we used to set volinfo->caps to 0, when
either brick doesn't belong to the same node or brickinfo->vg[0]
is null.

With this patch, we set volinfo->caps to 0, when either brick
doesn't belong to the same node or brickinfo->vg[0] is null.
(as we do earlier without commit febf5ed4848).

> BUG: bz#1635820
> Change-Id: I00a97415786b775fb088ac45566ad52b402f1a49
> Signed-off-by: Sanju Rakonde <srakonde@redhat.com>

fixes: bz#1643052
Change-Id: I00a97415786b775fb088ac45566ad52b402f1a49
Signed-off-by: Sanju Rakonde <srakonde@redhat.com>
glusterd: make sure that brickinfo->uuid is not null 2018-10-05T14:39:50+00:00 Sanju Rakonde srakonde@redhat.com 2018-09-25T18:06:48+00:00 db461ad61abdd56b1075324d03c71639e3460eb1 Problem: After an upgrade from the version where shared-brick-count option is not present to a version which introduced this option causes issue at the mount point i.e, size of the volume at mount point will be reduced by shared-brick-count value times. Cause: shared-brick-count is equal to the number of bricks that are sharing the file system. gd_set_shared_brick_count() calculates the shared-brick-count value based on uuid of the node and fsid of the brick. https://review.gluster.org/#/c/glusterfs/+/19484 handles setting of fsid properly during an upgrade path. This patch assumed that when the code path is reached, brickinfo->uuid is non-null. But brickinfo->uuid is null for all the bricks, as the uuid is null https://review.gluster.org/#/c/glusterfs/+/19484 couldn't reached the code path to set the fsid for bricks. So, we had fsid as 0 for all bricks, which resulted in gd_set_shared_brick_count() to calculate shared-brick-count in a wrong way. i.e, the logic written in gd_set_shared_brick_count() didn't work as expected since fsid is 0. Solution: Before control reaches the code path written by https://review.gluster.org/#/c/glusterfs/+/19484, adding a check for whether brickinfo->uuid is null and if brickinfo->uuid is having null value, calling glusterd_resolve_brick will set the brickinfo->uuid to a proper value. When we have proper uuid, fsid for the bricks will be set properly and shared-brick-count value will be caluculated correctly. Please take a look at the bug https://bugzilla.redhat.com/show_bug.cgi?id=1632889 for complete RCA Steps followed to test the fix: 1. Created a 2 node cluster, the cluster is running with binary which doesn't have shared-brick-count option 2. Created a 2x(2+1) volume and started it 3. Mouted the volume, checked size of volume using df 4. Upgrade to a version where shared-brick-count is introduced (upgraded the nodes one by one i.e, stop the glusterd, upgrade the node and start the glusterd). 5. after upgrading both the nodes, bumped up the cluster.op-version 6. At mount point, df shows the correct size for volume. > BUG: 1632889 > Change-Id: Ib9f078aafb15e899a01086eae113270657ea916b > Signed-off-by: Sanju Rakonde <srakonde@redhat.com> (cherry picked from commit f1e9b878ce2067db83a0baa5f384eda87287719d) fixes: bz#1633479 Change-Id: Ib9f078aafb15e899a01086eae113270657ea916b Signed-off-by: Sanju Rakonde <srakonde@redhat.com> 
Problem: After an upgrade from the version where shared-brick-count
option is not present to a version which introduced this option
causes issue at the mount point i.e, size of the volume at mount
point will be reduced by shared-brick-count value times.

Cause: shared-brick-count is equal to the number of bricks that
are sharing the file system. gd_set_shared_brick_count() calculates
the shared-brick-count value based on uuid of the node and fsid of
the brick. https://review.gluster.org/#/c/glusterfs/+/19484 handles
setting of fsid properly during an upgrade path. This patch assumed
that when the code path is reached, brickinfo->uuid is non-null.
But brickinfo->uuid is null for all the bricks, as the uuid is null
https://review.gluster.org/#/c/glusterfs/+/19484 couldn't reached the
code path to set the fsid for bricks. So, we had fsid as 0 for all
bricks, which resulted in gd_set_shared_brick_count() to calculate
shared-brick-count in a wrong way. i.e, the logic written in
gd_set_shared_brick_count() didn't work as expected since fsid is 0.

Solution: Before control reaches the code path written by
https://review.gluster.org/#/c/glusterfs/+/19484,
adding a check for whether brickinfo->uuid is null and
if brickinfo->uuid is having null value, calling
glusterd_resolve_brick will set the brickinfo->uuid to a
proper value. When we have proper uuid, fsid for the bricks
will be set properly and shared-brick-count value will be
caluculated correctly.

Please take a look at the bug https://bugzilla.redhat.com/show_bug.cgi?id=1632889
for complete RCA

Steps followed to test the fix:
1. Created a 2 node cluster, the cluster is running with binary
which doesn't have shared-brick-count option
2. Created a 2x(2+1) volume and started it
3. Mouted the volume, checked size of volume using df
4. Upgrade to a version where shared-brick-count is introduced
(upgraded the nodes one by one i.e, stop the glusterd, upgrade the node
and start the glusterd).
5. after upgrading both the nodes, bumped up the cluster.op-version
6. At mount point, df shows the correct size for volume.

> BUG: 1632889
> Change-Id: Ib9f078aafb15e899a01086eae113270657ea916b
> Signed-off-by: Sanju Rakonde <srakonde@redhat.com>
(cherry picked from commit f1e9b878ce2067db83a0baa5f384eda87287719d)

fixes: bz#1633479
Change-Id: Ib9f078aafb15e899a01086eae113270657ea916b
Signed-off-by: Sanju Rakonde <srakonde@redhat.com>
mgmt/glusterd: use proper path to the volfile 2018-10-04T18:31:58+00:00 Raghavendra Bhat raghavendra@redhat.com 2018-10-04T18:27:45+00:00 50ef643281fd1797d9087ff7275c366d67773534 Till now, glusterd was generating the volfile path for the snapshot volume's bricks like this. /snaps/<snap name>/<brick volfile> But in reality, the path to the brick volfile for a snapshot volume is /snaps/<snap name>/<snap volume name>/<brick volfile> The above workaround was used to distinguish between a mount command used to mount the snapshot volume, and a brick of the snapshot volume, so that based on what is actually happening, glusterd can return the proper volfile (client volfile for the former and the brick volfile for the latter). But, this was causing problems for snapshot restore when brick multiplexing is enabled. Because, with brick multiplexing, it tries to find the volfile and sends GETSPEC rpc call to glusterd using the 2nd style of path i.e. /snaps/<snap name>/<snap volume name>/<brick volfile> So, when the snapshot brick (which is multiplexed) sends a GETSPEC rpc request to glusterd for obtaining the brick volume file, glusterd was returning the client volume file of the snapshot volume instead of the brick volume file. Change-Id: I28b2dfa5d9b379fe943db92c2fdfea879a6a594e fixes: bz#1636218 Signed-off-by: Raghavendra Bhat <raghavendra@redhat.com> 
Till now, glusterd was generating the volfile path for the snapshot
volume's bricks like this.

/snaps/<snap name>/<brick volfile>

But in reality, the path to the brick volfile for a snapshot volume is

/snaps/<snap name>/<snap volume name>/<brick volfile>

The above workaround was used to distinguish between a mount command used
to mount the snapshot volume, and a brick of the snapshot volume, so that
based on what is actually happening, glusterd can return the proper volfile
(client volfile for the former and the brick volfile for the latter). But,
this was causing problems for snapshot restore when brick multiplexing is
enabled. Because, with brick multiplexing, it tries to find the volfile
and sends GETSPEC rpc call to glusterd using the 2nd style of path i.e.

/snaps/<snap name>/<snap volume name>/<brick volfile>

So, when the snapshot brick (which is multiplexed) sends a GETSPEC rpc
request to glusterd for obtaining the brick volume file, glusterd was
returning the client volume file of the snapshot volume instead of the
brick volume file.

Change-Id: I28b2dfa5d9b379fe943db92c2fdfea879a6a594e
fixes: bz#1636218
Signed-off-by: Raghavendra Bhat <raghavendra@redhat.com>
geo-rep: Fix issues related config set 2018-09-21T13:25:43+00:00 Kotresh HR khiremat@redhat.com 2018-09-14T07:42:26+00:00 e50a6ee2c913b5b4df53f0efca4de66c5262d1e1 1. '--ignore-mising-args' option for rsync is not being used even though the rsync version is greater than 3.1.0. Fixed the same. 2. '--existing' option for rsync is also not being used. Fixed the same. 3. geo-rep config fails to set rsync-options as the value contains '--'. Interestingly, python argsparse treats the value with '--' (e.g., --ignore-missing-args) as option. But when passed with something like --value=--ignore-missing-args, it succeeds. Fixed the same. Backport of: > Patch: https://review.gluster.org/21191 > Change-Id: Iaeb838acaff1c2920fee9c7f920c99edce13a0a1 > Signed-off-by: Kotresh HR <khiremat@redhat.com> > BUG: 1629561 Change-Id: Iaeb838acaff1c2920fee9c7f920c99edce13a0a1 Signed-off-by: Kotresh HR <khiremat@redhat.com> fixes: bz#1630140 
1. '--ignore-mising-args' option for rsync is not
   being used even though the rsync version is
   greater than 3.1.0. Fixed the same.

2. '--existing' option for rsync is also not being
   used. Fixed the same.

3. geo-rep config fails to set rsync-options as the
   value contains '--'. Interestingly, python argsparse
   treats the value with '--' (e.g., --ignore-missing-args)
   as option. But when passed with something like
   --value=--ignore-missing-args, it succeeds. Fixed the
   same.

Backport of:
 > Patch: https://review.gluster.org/21191
 > Change-Id: Iaeb838acaff1c2920fee9c7f920c99edce13a0a1
 > Signed-off-by: Kotresh HR <khiremat@redhat.com>
 > BUG: 1629561

Change-Id: Iaeb838acaff1c2920fee9c7f920c99edce13a0a1
Signed-off-by: Kotresh HR <khiremat@redhat.com>
fixes: bz#1630140
geo-rep : fix possible crash 2018-08-16T14:31:14+00:00 Sunny Kumar sunkumar@redhat.com 2018-07-17T10:26:35+00:00 e09e3549c293f0d7f448ebb70a4e9fcc671ea098 Problem : In 'glusterd_verify_slave' while tokenizing error message we call 'strtok_r' and store return value in 'tmp' which can be NULL. We are passing this 'tmp' as 1st argument to 'strcmp' which will lead to segmentation fault. Solution : before calling 'strcmp' we should NULL check 'tmp'. Backport of: > Change-Id: Ifd3864b904afe6cd09d9e5a4b55c6d0578e22b9d > BUG: 1602121 > Signed-off-by: Sunny Kumar <sunkumar@redhat.com> Change-Id: Ifd3864b904afe6cd09d9e5a4b55c6d0578e22b9d fixes: bz#1611115 Signed-off-by: Sunny Kumar <sunkumar@redhat.com> 
Problem : In 'glusterd_verify_slave' while tokenizing error message
          we call 'strtok_r' and store return value in 'tmp' which
          can be NULL. We are passing this 'tmp' as 1st argument to
          'strcmp' which will lead to segmentation fault.
Solution : before calling 'strcmp' we should NULL check 'tmp'.

Backport of:
 > Change-Id: Ifd3864b904afe6cd09d9e5a4b55c6d0578e22b9d
 > BUG: 1602121
 > Signed-off-by: Sunny Kumar <sunkumar@redhat.com>

Change-Id: Ifd3864b904afe6cd09d9e5a4b55c6d0578e22b9d
fixes: bz#1611115
Signed-off-by: Sunny Kumar <sunkumar@redhat.com>
glusterd: memory leak in geo-rep status 2018-08-16T04:20:32+00:00 Sanju Rakonde srakonde@redhat.com 2018-05-21T10:48:53+00:00 03aed04ac00e7985c7891a532d7c59a0a4c547ed Backport of: > BUG: 1580352 > Change-Id: I9648e73090f5a2edbac663a6fb49acdb702cdc49 > Signed-off-by: Sanju Rakonde <srakonde@redhat.com> fixes: bz#1611110 Change-Id: I9648e73090f5a2edbac663a6fb49acdb702cdc49 Signed-off-by: Sanju Rakonde <srakonde@redhat.com> 
Backport of:
 > BUG: 1580352
 > Change-Id: I9648e73090f5a2edbac663a6fb49acdb702cdc49
 > Signed-off-by: Sanju Rakonde <srakonde@redhat.com>

fixes: bz#1611110
Change-Id: I9648e73090f5a2edbac663a6fb49acdb702cdc49
Signed-off-by: Sanju Rakonde <srakonde@redhat.com>
glusterd/geo-rep: Fix glusterd crash 2018-08-15T18:40:31+00:00 Kotresh HR khiremat@redhat.com 2018-05-07T10:35:25+00:00 f33a61086da43af5a5de2ba99b4045a63cf5bd79 Using strdump instead of gf_strdup crashes during free if mempool is being used. gf_free checks the magic number in the header which will not be taken care if strdup is used. Backport of: > BUG: 1576392 > Change-Id: Iab36496554b838a036af9d863e3f5fd07fd9780e > Signed-off-by: Kotresh HR <khiremat@redhat.com> fixes: bz#1611106 Change-Id: Iab36496554b838a036af9d863e3f5fd07fd9780e Signed-off-by: Kotresh HR <khiremat@redhat.com> 
Using strdump instead of gf_strdup crashes
during free if mempool is being used.
gf_free checks the magic number in the
header which will not be taken care if
strdup is used.

Backport of:
 > BUG: 1576392
 > Change-Id: Iab36496554b838a036af9d863e3f5fd07fd9780e
 > Signed-off-by: Kotresh HR <khiremat@redhat.com>

fixes: bz#1611106
Change-Id: Iab36496554b838a036af9d863e3f5fd07fd9780e
Signed-off-by: Kotresh HR <khiremat@redhat.com>
glusterd: _is_prefix should handle 0-length paths 2018-07-24T10:28:55+00:00 Kaushal M kaushal@redhat.com 2018-07-10T15:26:08+00:00 9c69bdbe657d076aee71aa3d7722e7f2d61fdca2 If one of the paths given to _is_prefix is 0-length, then it is not a prefix of the other. Hence, _is_prefix should return false. Change-Id: I54aa577a64a58940ec91872d0d74dc19cff9106d fixes: bz#1599785 Signed-off-by: Kaushal M <kaushal@redhat.com> 
If one of the paths given to _is_prefix is 0-length, then it is not a
prefix of the other. Hence, _is_prefix should return false.

Change-Id: I54aa577a64a58940ec91872d0d74dc19cff9106d
fixes: bz#1599785
Signed-off-by: Kaushal M <kaushal@redhat.com>
glusterfs: access trusted peer group via remote-host command 2018-06-25T13:39:52+00:00 Mohit Agrawal moagrawa@redhat.com 2018-06-20T10:43:00+00:00 17f9843a9a355b3d72422dd979b1491233aede34 Problem: In SSL environment the user is able to access volume via remote-host command without adding node in a trusted pool Solution: Change the list of rpc program in glusterd.c at the time of initialization while SSL is enabled > Change-Id: I987e433b639e68ad17b77b6452df1e22dbe0f199 > cherry picked from commit 234d611160840899bcfd5ab1c17a6253673d38ed BUG: 1593525 fixes: bz#1593525 Change-Id: Ice4eda3d8104a4d5641de3cffd7249e46080d48f Signed-off-by: Mohit Agrawal <moagrawa@redhat.com> 
Problem: In SSL environment the user is able to access volume
         via remote-host command without adding node in a trusted pool

Solution: Change the list of rpc program in glusterd.c at the
          time of initialization while SSL is enabled

> Change-Id: I987e433b639e68ad17b77b6452df1e22dbe0f199
> cherry picked from commit 234d611160840899bcfd5ab1c17a6253673d38ed

BUG: 1593525
fixes: bz#1593525
Change-Id: Ice4eda3d8104a4d5641de3cffd7249e46080d48f
Signed-off-by: Mohit Agrawal <moagrawa@redhat.com>