glusterfs.git/xlators/storage/posix/src, branch v4.1.8 server: don't allow '/' in basename 2018-11-09T14:04:35+00:00 Amar Tumballi amarts@redhat.com 2018-11-08T05:32:32+00:00 f0b5816f775ee75d42946694f031e70616a98cd9 Server stack needs to have all the sort of validation, assuming clients can be compromized. It is possible for a compromized client to send basenames with paths with '/', and with that create files without permission on server. By sanitizing the basename, and not allowing anything other than actual directory as the parent for any entry creation, we can mitigate the effects of clients not able to exploit the server. Fixes: CVE-2018-14651 Fixes: bz#1647667 Change-Id: I5dc0da0da2713452ff2b65ac2ddbccf1a267dc20 Signed-off-by: Amar Tumballi <amarts@redhat.com> 
Server stack needs to have all the sort of validation, assuming
clients can be compromized. It is possible for a compromized
client to send basenames with paths with '/', and with that
create files without permission on server. By sanitizing the basename,
and not allowing anything other than actual directory as the parent
for any entry creation, we can mitigate the effects of clients
not able to exploit the server.

Fixes: CVE-2018-14651

Fixes: bz#1647667
Change-Id: I5dc0da0da2713452ff2b65ac2ddbccf1a267dc20
Signed-off-by: Amar Tumballi <amarts@redhat.com>
posix/ctime: Avoid log flood in posix_update_utime_in_mdata 2018-11-05T19:10:37+00:00 Kotresh HR khiremat@redhat.com 2018-10-31T05:13:18+00:00 f79c01b0ddd4770808eb1f9a384dba66cdd1dc37 posix_update_utime_in_mdata() unconditionally logs an error if consistent time attributes features is not enabled. This log does not add any value, prints an incorrect errno & floods the log file. Hence nuking this log message in this patch. fixes: bz#1644524 Change-Id: I01736d2ed48d14f12ccd8a808521f59145e42ccb Signed-off-by: Kotresh HR <khiremat@redhat.com> 
posix_update_utime_in_mdata() unconditionally logs an error
if consistent time attributes features is not enabled. This
log does not add any value, prints an incorrect errno &
floods the log file. Hence nuking this log message in this
patch.

fixes: bz#1644524
Change-Id: I01736d2ed48d14f12ccd8a808521f59145e42ccb
Signed-off-by: Kotresh HR <khiremat@redhat.com>
storage/posix: Avoid log flood in posix_set_parent_ctime() 2018-09-17T04:56:46+00:00 Vijay Bellur vbellur@redhat.com 2018-07-21T11:27:12+00:00 1dc54679178d03626ec06b9e58a4d24732c1de13 posix_set_parent_ctime() unconditionally logs an error if consistent time attributes is not enabled. This log does not add any value, prints an incorrect errno & floods the log file. Hence nuking this log message in this patch. Backport of : > Patch: https://review.gluster.org/20547/ > Change-Id: I82a78f2f8ce5ab518f8cdf6d9086a97049712f75 > BUG: 1607049 > Signed-off-by: Vijay Bellur <vbellur@redhat.com> (cherry picked from commit e0df887ba044ce92e9a2822be9261d0f712b02bd) Change-Id: I82a78f2f8ce5ab518f8cdf6d9086a97049712f75 fixes: bz#1629548 Signed-off-by: Vijay Bellur <vbellur@redhat.com> 
posix_set_parent_ctime() unconditionally logs an error if consistent
time attributes is not enabled. This log does not add any value, prints
an incorrect errno & floods the log file.

Hence nuking this log message in this patch.

Backport of :
> Patch: https://review.gluster.org/20547/
> Change-Id: I82a78f2f8ce5ab518f8cdf6d9086a97049712f75
> BUG: 1607049
> Signed-off-by: Vijay Bellur <vbellur@redhat.com>
(cherry picked from commit e0df887ba044ce92e9a2822be9261d0f712b02bd)


Change-Id: I82a78f2f8ce5ab518f8cdf6d9086a97049712f75
fixes: bz#1629548
Signed-off-by: Vijay Bellur <vbellur@redhat.com>
posix: disable open/read/write on special files 2018-09-06T15:03:55+00:00 Amar Tumballi amarts@redhat.com 2018-09-05T13:33:08+00:00 39db09af1de261ef3b80ce354e8b1b89a599fd40 In the file system, the responsibility w.r.to the block and char device files is related to only support for 'creating' them (using mknod(2)). Once the device files are created, the read/write syscalls for the specific devices are handled by the device driver registered for the specific major number, and depending on the minor number, it knows where to read from. Hence, we are at risk of reading contents from devices which are handled by the host kernel on server nodes. By disabling open/read/write on the device file, we would be safe with the bypass one can achieve from client side (using gfapi) Fixes: bz#1625096 Change-Id: I48c776b0af1cbd2a5240862826d3d8918601e47f Signed-off-by: Amar Tumballi <amarts@redhat.com> 
In the file system, the responsibility w.r.to the block and char device
files is related to only support for 'creating' them (using mknod(2)).

Once the device files are created, the read/write syscalls for the specific
devices are handled by the device driver registered for the specific major
number, and depending on the minor number, it knows where to read from.
Hence, we are at risk of reading contents from devices which are handled
by the host kernel on server nodes.

By disabling open/read/write on the device file, we would be safe with
the bypass one can achieve from client side (using gfapi)

Fixes: bz#1625096

Change-Id: I48c776b0af1cbd2a5240862826d3d8918601e47f
Signed-off-by: Amar Tumballi <amarts@redhat.com>
server-protocol: don't allow '../' path in 'name' 2018-09-06T15:00:58+00:00 Amar Tumballi amarts@redhat.com 2018-08-09T07:30:01+00:00 2af8e50a55085df7ede57184558029afc46fb8f9 This will prevent any arbitrary file creation through glusterfs by modifying the client bits. Also check for the similar flaw inside posix too, so we prevent any changes in layers in-between. Fixes: bz#1625095 Signed-off-by: Amar Tumballi <amarts@redhat.com> Change-Id: Id9fe0ef6e86459e8ed85ab947d977f058c5ae06e 
This will prevent any arbitrary file creation through glusterfs
by modifying the client bits.

Also check for the similar flaw inside posix too, so we prevent any
changes in layers in-between.

Fixes: bz#1625095

Signed-off-by: Amar Tumballi <amarts@redhat.com>
Change-Id: Id9fe0ef6e86459e8ed85ab947d977f058c5ae06e
posix: remove not supported get/set content 2018-09-06T14:43:27+00:00 Amar Tumballi amarts@redhat.com 2018-07-24T11:44:31+00:00 045a2493704cd3000260a52fc67d06582b2566ef getting and setting a file's content using extended attribute worked great as a GET/PUT alternative when an object storage is supported on top of Gluster. But it needs application changes, and also, it skips some caching layers. It is not used over years, and not supported any more. Removing the dead code. Fixes: bz#1625102 Change-Id: Ide3b3f1f644f6ca58558bbe45561f346f96b95b7 Signed-off-by: Amar Tumballi <amarts@redhat.com> 
getting and setting a file's content using extended
attribute worked great as a GET/PUT alternative when
an object storage is supported on top of Gluster. But
it needs application changes, and also, it skips some
caching layers.

It is not used over years, and not supported any more.
Removing the dead code.

Fixes: bz#1625102

Change-Id: Ide3b3f1f644f6ca58558bbe45561f346f96b95b7
Signed-off-by: Amar Tumballi <amarts@redhat.com>
storage/posix: Increment trusted.pgfid in posix_mknod 2018-08-29T03:41:38+00:00 N Balachandran nbalacha@redhat.com 2018-08-21T15:27:52+00:00 9c0e55e061dcba0fadd3a381c974f10bb7dc14fd The value of trusted.pgfid.xx was always set to 1 in posix_mknod. This is incorrect if posix_mknod calls posix_create_link_if_gfid_exists. Change-Id: Ibe87ca6f155846b9a7c7abbfb1eb8b6a99a5eb68 fixes: bz#1623317 Signed-off-by: N Balachandran <nbalacha@redhat.com> 
The value of trusted.pgfid.xx was always set to 1
in posix_mknod. This is incorrect if posix_mknod
calls posix_create_link_if_gfid_exists.

Change-Id: Ibe87ca6f155846b9a7c7abbfb1eb8b6a99a5eb68
fixes: bz#1623317
Signed-off-by: N Balachandran <nbalacha@redhat.com>
dht: Delete MDS internal xattr from dict in dht_getxattr_cbk 2018-08-16T14:31:37+00:00 Mohit Agrawal moagrawa@redhat.com 2018-05-30T09:39:29+00:00 b21b83af0baab3c651b6fd2e4657ca66080a7bcb Problem: At the time of fetching xattr to heal xattr by afr it is not able to fetch xattr because posix_getxattr has a check to ignore if xattr name is MDS Solution: To ignore same xattr update a check in dht_getxattr_cbk instead of having a check in posix_getxattr Backport of: > BUG: 1584098 > Change-Id: I86cd2b2ee08488cb6c12f407694219d57c5361dc > Signed-off-by: Mohit Agrawal <moagrawa@redhat.com> Change-Id: I86cd2b2ee08488cb6c12f407694219d57c5361dc fixes: bz#1611116 Signed-off-by: Mohit Agrawal <moagrawa@redhat.com> 
Problem: At the time of fetching xattr to heal xattr by afr
         it is not able to fetch xattr because posix_getxattr
         has a check to ignore if xattr name is MDS

Solution: To ignore same xattr update a check in dht_getxattr_cbk
          instead of having a check in posix_getxattr

Backport of:
 > BUG: 1584098
 > Change-Id: I86cd2b2ee08488cb6c12f407694219d57c5361dc
 > Signed-off-by: Mohit Agrawal <moagrawa@redhat.com>

Change-Id: I86cd2b2ee08488cb6c12f407694219d57c5361dc
fixes: bz#1611116
Signed-off-by: Mohit Agrawal <moagrawa@redhat.com>
storage/posix: Fix excessive logging in WRITE fop path 2018-08-10T05:39:27+00:00 Krutika Dhananjay kdhananj@redhat.com 2018-06-13T06:56:55+00:00 6087f73c04797867cf65092174542672b391b21a Backport of: https://review.gluster.org/#/c/glusterfs/+/20250 I was running some write-intensive tests on my volume, and in a matter of 2 hrs, the 50GB space in my root partition was exhausted. On inspecting further, figured that excessive logging in bricks was the cause - specifically in posix write when posix_check_internal_writes() does dict_get() without a NULL-check on xdata. Change-Id: I89de57a3a90ca5c375e5b9477801a9e5ff018bbf fixes: bz#1596686 Signed-off-by: Krutika Dhananjay <kdhananj@redhat.com> (cherry picked from commit 81701e4d92ae7b1d97e5bc955703719f2e9e773a) 
        Backport of: https://review.gluster.org/#/c/glusterfs/+/20250

I was running some write-intensive tests on my volume, and in a matter
of 2 hrs, the 50GB space in my root partition was exhausted. On inspecting
further, figured that excessive logging in bricks was the cause -
specifically in posix write when posix_check_internal_writes() does
dict_get() without a NULL-check on xdata.

Change-Id: I89de57a3a90ca5c375e5b9477801a9e5ff018bbf
fixes: bz#1596686
Signed-off-by: Krutika Dhananjay <kdhananj@redhat.com>
(cherry picked from commit 81701e4d92ae7b1d97e5bc955703719f2e9e773a)
afr: switch lk_owner only when pre-op succeeds 2018-07-23T23:42:15+00:00 Ravishankar N ravishankar@redhat.com 2018-07-17T15:05:42+00:00 a8156e843e651be7c18e9e24d08116f752227a35 Problem: In a disk full scenario, we take a failure path in afr_transaction_perform_fop() and go to unlock phase. But we change the lk-owner before that, causing unlock to fail. When mount issues another fop that takes locks on that file, it hangs. Fix: Change lk-owner only when we are about to perform the fop phase. Also fix the same issue for arbiters when afr_txn_arbitrate_fop() fails the fop. Also removed the DISK_SPACE_CHECK_AND_GOTO in posix_xattrop. Otherwise truncate to zero will fail pre-op phase with ENOSPC when the user is actually trying to freee up space. Change-Id: Ic4c8a596b4cdf4a7fc189bf00b561113cf114353 fixes: bz#1603056 Signed-off-by: Ravishankar N <ravishankar@redhat.com> (cherry picked from commit ec0d7d77de3e4bd485a4fa2e53c9137e25c71ce7) 
Problem:
In a disk full scenario, we take a failure path in afr_transaction_perform_fop()
and go to unlock phase. But we change the lk-owner before that, causing unlock
to fail. When mount issues another fop that takes locks on that file, it hangs.

Fix:
Change lk-owner only when we are about to perform the fop phase.
Also fix the same issue for arbiters when afr_txn_arbitrate_fop() fails the fop.

Also removed the DISK_SPACE_CHECK_AND_GOTO in posix_xattrop. Otherwise truncate
to zero will fail pre-op phase with ENOSPC when the user is actually trying to
freee up space.

Change-Id: Ic4c8a596b4cdf4a7fc189bf00b561113cf114353
fixes: bz#1603056
Signed-off-by: Ravishankar N <ravishankar@redhat.com>
(cherry picked from commit ec0d7d77de3e4bd485a4fa2e53c9137e25c71ce7)