| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
| |
Updates bz#1193929
Change-Id: I1b312dabffac7e101df8ce15557527fd28a2c61f
Signed-off-by: Pranith Kumar K <pkarampu@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
commit ed83a4ee7b73e6b04694d1ac11ed25d2983ac943 changed locking
order and forgot to unlock in a negative path (when index was -1).
Coverity caught it (thanks!) as CID 1396581: Program hangs (LOCK)
Note: I'm unlocking before logging the failure. I think it's the right
order - logging can take a while (especially if your disk is slow).
Compile-tested only!
updates: bz#1193929
Signed-off-by: Yaniv Kaul <ykaul@redhat.com>
Change-Id: I82ac241edf1d511bf6807cf9c46c538ab9f4acc4
|
| |
|
|
|
|
|
|
|
| |
Merged the patch which introduced this testcase after the
'remove stripe' patch got merged, and hence the confusion.
Updates: bz#1193929
Change-Id: Ia08552debb111292caf14e51ea6a27334fe5c788
Signed-off-by: Amar Tumballi <amarts@redhat.com>
|
| |
|
|
|
|
| |
Change-Id: I020ab08dba48f13cf7b8908e96280f1e92e9b9db
Updates: bz#1634220
Signed-off-by: Kinglong Mee <mijinlong@open-fs.com>
|
| |
|
|
|
|
| |
Change-Id: I8e3ad961164815683776850e3a5fd4f510003690
Updates: bz#1634220
Signed-off-by: Kinglong Mee <mijinlong@open-fs.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Some operations like read/write only update iatt and ia_time,
without any operion request xattrs from glusterfsd,
the xa_time is timeout before ia_time always.
This patch updates xa_time when update ia_ttime.
Change-Id: I77e3984f38c1c4dbebfde9729b8117fbacde9674
Updates: bz#1634220
Signed-off-by: Kinglong Mee <mijinlong@open-fs.com>
|
| |
|
|
|
|
|
|
|
| |
Fops of creating file does not request cached xattrs,
the xattr in reply is not cached xattrs.
Change-Id: Iab2db686e92466e72cfee8ac494e851d797c10b3
Updates: bz#1634220
Signed-off-by: Kinglong Mee <mijinlong@open-fs.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Note: The problem is seen when we disable bd xlator.
Problem: When we create a volume, volume info file is having
caps value as 15 in nodes which hosts bricks for that volume.
Remainig nodes in cluster are not having caps field. When
glusterd is restarted, peers are going into rejected state,
because of this mismacth in configuration files.
Cause: In glusterd_op_create_volume(), we initialise caps
value as 15 in the beginning. Later, we check whether brick
belongs to the same node or not. If brick doesn't belong to
the same node, caps value will be set to 0. If brick belongs
to the same node, we will change the caps value inside
Solution: If brick doesn't belongs to the same node,caps is
set to 0 and if brick belongs to same brick caps value is
changed inside #ifdef HAVE_BD_XLATOR block. So, to have the
consistency across the cluster, we need to initialise caps
value inside #ifdef HAVE_BD_XLATOR block, only when brick
belongs to the same node.
fixes: bz#1645986
Change-Id: I2648f420b21d6e69e7c38b0f4736d41e0f15a7f5
Signed-off-by: Sanju Rakonde <srakonde@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Keeping this in glusterfs Repo for glusterfs specific improvements.
There would be a link to this page, and some more similar pages from
docs.gluster.org
updates: bz#1193929
Change-Id: Ie98670cc32e62951f1b1880b1ae39f5cc2b45329
Signed-off-by: Amar Tumballi <amarts@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the current scheme of glusterfs where lock migration is
experimental, (ideally) the rebalance process which is migrating
the file should request for a metalock. Hence, the metalock count
should not be more than one for an inode. In future, if there is a
need for meta-lock from other clients, this patch can be reverted.
Since pl_metalk is called as part of setxattr operation, any client
process(non-rebalance) residing outside trusted network can exhaust
memory of the server node by issuing setxattr repetitively on the
metalock key. The current patch makes sure that more than
one metalock cannot be granted on an inode.
Fixes CVE-2018-14660
updates: bz#1644758
Change-Id: Ie1e697766388718804a9551bc58351808fe71069
Signed-off-by: Susant Palai <spalai@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We add dummy interrupt handling for the FLUSH
fuse message. It can be enabled by the
"--fuse-flush-handle-interrupt" hidden command line
option, or "-ofuse-flush-handle-interrupt=yes"
mount option.
It serves no other than diagnostic & demonstational
purposes -- to exercise the interrupt handling framework
a bit and to give an usage example.
Documentation is also provided that showcases interrupt
handling via FLUSH.
Change-Id: I522f1e798501d06b74ac3592a5f73c1ab0590c60
updates: #465
Signed-off-by: Csaba Henk <csaba@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- add sub-framework to send timed responses to kernel
- add interrupt handler queue
- implement INTERRUPT
fuse_interrupt looks up handlers for interrupted messages
in the queue. If found, it invokes the handler function.
Else responds with EAGAIN with a delay.
See spec at
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/filesystems/fuse.txt?h=v4.17#n148
and explanation in comments.
Change-Id: I1a79d3679b31f36e14b4ac8f60b7f2c1ea2badfb
updates: #465
Signed-off-by: Csaba Henk <csaba@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't 'calculate' again where it can be passed.
If possible, do not perform under lock.
Also remove some NULL checks, assuming they were done by the callers.
Left a remark for each such change.
Compile-tested only!
updates: bz#1193929
Signed-off-by: Yaniv Kaul <ykaul@redhat.com>
Change-Id: Ia5c2851506da3388cb2d4445334c58881e2c4416
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When creating a new pool, take the pool lock once and create
all arenas, instead of taking and releasing for each arena.
Compile-tested only!
updates: bz#1193929
Signed-off-by: Yaniv Kaul <ykaul@redhat.com>
Change-Id: I7daa39de960e47e66a32ecab724cf3a61ccdc01b
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Small code refactoring to remove some if statements
in several functions. No functional changes expected.
Compile-tested only!
updates: bz#1193929
Signed-off-by: Yaniv Kaul <ykaul@redhat.com>
Change-Id: If9f8d5d53c9688fb994b6d690aea66f65fa01c55
|
| |
|
|
|
|
|
|
|
|
|
| |
As glusterfs logging uses different directory than /var/log
(ie, /var/log/glusterfs), there is a chance it may not be
present when starting glusterfs. Create parent dir if it
doesn't exist.
Updates: bz#1193929
Change-Id: I8d6f7e5a608ba53258b14617f5d103d1e98b95c1
Signed-off-by: Amar Tumballi <amarts@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While syncing metadata, 'os.chmod', 'os.chown',
'os.utime' should be used without de-reference.
But python supports only 'os.chown' without
de-reference. That's mostly because Linux
doesn't support 'chmod' on symlink file itself
but it does support 'chown'.
So while syncing metadata ops, if it's symlink
we should only sync 'chown' and not do 'chmod'
and 'utime'. It will lead to tracebacks with
errors like EROFS, EPERM, ACCESS, ENOENT.
All the three errors (EPERM, ACCESS, ENOENT)
were handled except EROFS. But the way it was
handled was not fool proof. The operation is
tried and failure was handled based on the errors.
All the errors with symlink file for 'chown',
'utime' had to be passed to safe errors list of
'errno_wrap'. This patch handles it better by
avoiding 'chmod' and 'utime' if it's symlink
file.
fixes: bz#1646104
Change-Id: Ic354206455cdc7ab2a87d741d81f4efe1f19d77d
Signed-off-by: Kotresh HR <khiremat@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, there are possibilities in few places, where a user-controlled
(like filename, program parameter etc) string can be passed as 'fmt' for
printf(), which can lead to segfault, if the user's string contains '%s',
'%d' in it.
While fixing it, makes sense to make the explicit check for such issues
across the codebase, by making the format call properly.
Fixes: CVE-2018-14661
Fixes: bz#1644763
Change-Id: Ib547293f2d9eb618594cbff0df3b9c800e88bde4
Signed-off-by: Amar Tumballi <amarts@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
'getspec' operation is not used between 'client' and 'server' ever since
we have off-loaded volfile management to glusterd, ie, at least 7 years.
No reason to keep the dead code! The removed option had no meaning,
as glusterd didn't provide a way to set (or unset) this option. So,
no regression should be observed from any of the existing glusterfs
deployment, supported or unsupported.
Updates: CVE-2018-14653
Updates: bz#1644756
Change-Id: I4a2e0f673c5bcd4644976a61dbd2d37003a428eb
Signed-off-by: Amar Tumballi <amarts@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Server stack needs to have all the sort of validation, assuming
clients can be compromized. It is possible for a compromized
client to send basenames with paths with '/', and with that
create files without permission on server. By sanitizing the basename,
and not allowing anything other than actual directory as the parent
for any entry creation, we can mitigate the effects of clients
not able to exploit the server.
Fixes: CVE-2018-14651
Fixes: bz#1644755
Change-Id: I5dc0da0da2713452ff2b65ac2ddbccf1a267dc20
Signed-off-by: Amar Tumballi <amarts@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
By allowing clients taking dump in a file on brick process, we are
allowing compromised clients to create io-stats dumps on server,
which can exhaust all the available inodes.
Fixes: CVE-2018-14659
Fixes: bz#1644757
Change-Id: I32bfde9d4fe646d819a45e627805b928cae2e1ca
Signed-off-by: Amar Tumballi <amarts@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This patch fixes CID : 1174824 : RESOURCE_LEAK
updates: bz#789278
Change-Id: I2a4f8b508995de112fa16e1094e44ecd4b625312
Signed-off-by: Sunny Kumar <sunkumar@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Problem:
A compromised client can set arbitrary values for the GF_XATTROP_ENTRY_IN_KEY
and GF_XATTROP_ENTRY_OUT_KEY during xattrop fop. These values are
consumed by index as a filename to be created/deleted according to the key.
Thus it is possible to create/delete random files even outside the gluster
volume boundary.
Fix:
Index expects the filename to be a basename, i.e. it must not contain any
pathname components like "/" or "../". Enforce this.
Fixes: CVE-2018-14654
Fixes: bz#1644760
Change-Id: I35f2a39257b5917d17283d0a4f575b92f783f143
Signed-off-by: Ravishankar N <ravishankar@redhat.com>
|
| |
|
|
|
|
| |
Change-Id: Ib8bdf210a896423abcd7413dd4896d424ac0f561
fixes: bz#1626610
Signed-off-by: Raghavendra Bhat <raghavendra@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
The frame is freed when linkfile exist in dht_rmdir_is_subvol_empty(),
the following message use the freed local.
Change-Id: I41191e8bd477f031a2444d5f15e578dc4f086e6b
Updates: bz#1640489
Signed-off-by: Kinglong Mee <mijinlong@open-fs.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Addresses CIDs : 1124769, 1124852, 1124864, 1134024, 1229876, 1382382
Also addressed a spurious failure in
tests/bugs/glusterd/df-results-post-replace-brick-operations.t to ensure
post replace brick operation and before triggering 'df' from mount,
client has connection to the newly replaced bricks.
Change-Id: Ie5d7e02f89400a661491d7fc2a120d6f6a83a1cc
Updates: bz#789278
Signed-off-by: Atin Mukherjee <amukherj@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes CID:
1. 1389762 : Explicit null dereferenced
2. 1390462 : Argument cannot be negative
3. 1124552 : Explicit null dereferenced
4. 1356522 : Argument cannot be negative
updates: bz#789278
Change-Id: I1262f3b4b61a6e65bb34884f46df9a24b8dd03f1
Signed-off-by: Sunny Kumar <sunkumar@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This patch fixes CID 1224305, 1202395, 1202394, 1174824, 1174825, 1174826
and 1202397.
All issues are of RESOURCE_LEAK type.
Change-Id: Ie9944d5bdd0bd2788afdb1b6bb329aa3c44b90d0
updates: bz#789278
Signed-off-by: Sunny Kumar <sunkumar@redhat.com>
|
| |
|
|
|
|
| |
Change-Id: I53a583ec14bce65e8914bc496123dee3abe61f6c
Updates: bz#1634220
Signed-off-by: Kinglong Mee <mijinlong@open-fs.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As an example, and also as an enhancement, added 'log-level'
as a default option to every translator (glusterfs already
support infrastructure to handle xl->loglevel).
Corresponding infrastructure to add per xlator log-level
is not present in glusterd volume-set. Plan is to get it
sorted out in later patches or in GD2.
* Why this is needed? - Mainly because we need to only add
different log-level to some xlator to debug few things in a
production system, while not changing overall log-level. This
helps in better debug-ability.
Updates: bz#1193929
Change-Id: Ia4098ce39197cd423345b3d31fe8315481681ab8
Signed-off-by: Amar Tumballi <amarts@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Based on the proposal to remove few features as they are not
actively maintained [1], removing tier translator from the
build. Also make sure there are no regression tests involving
tiering feature are present.
[1] https://lists.gluster.org/pipermail/gluster-users/2018-July/034400.html
Change-Id: I2c177f711f9b54b7b24e1a13525ff3132bd9a9c5
updates: bz#1642807
Signed-off-by: Amar Tumballi <amarts@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
While performing the replace-brick operation, we should set
fsid value to the new brick.
fixes: bz#1637196
Change-Id: I9e9a4962fc0c2f5dff43e4ac11767814a0c0beaf
Signed-off-by: Sanju Rakonde <srakonde@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This patch fixes the unchecked return value, coverity issue.
CID: 1391412
Change-Id: If85f4afdf8c6d37602c62fbf4d7c730e18be81e7
updates: bz#789278
Signed-off-by: Varsha Rao <varao@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
posix_update_utime_in_mdata() unconditionally logs an error if
consistent time attributes features is not enabled. This log
does not add any value, prints an incorrect errno & floods
the log file. Hence nuking this log message in this patch.
fixes: bz#1644129
Change-Id: I9a1f9e7ada3366d2830f18d81f16a1461040092e
Signed-off-by: Kotresh HR <khiremat@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
as key size in xdr can be anything, it can be bigger than the
'NAME_MAX' allowed in the structure, which can allow for service denial
attacks.
Fixes: CVE-2018-14653
Fixes: bz#1644756
Change-Id: I2dc5e99af27ddf44c12c94b07e51adb8674cce80
Signed-off-by: Amar Tumballi <amarts@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
total_allocs of certain type of variables can be 4billion in a
single day depending on load. So, 32 bits for that is not enough.
Also, size_t is good variable size for one allocation, but the
sum of allocations, should be 64bits to make sure we don't
overflow the variable.
Updates: bz#1639599
Change-Id: If3b19687f94425e913a0201ae5d73661eda51f06
Signed-off-by: Amar Tumballi <amarts@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There was a problem in commit 7f81067 that caused infinite loop when
full heal was triggered.
The previous commit was made to prevent self-heal to go idle after a
replace brick operation. One of the changes consisted on setting a
flag to force an immediate scan of the dirty directory if a heal on
a directory succeeded (assuming it could have generated newer entries).
However that change was causing an issue with a full self-heal, since
every time an already healed directory was checked and it returned
suceessfully, it was also setting the flag, forcing self-heal to start
over again.
This patch fixes this issue by only setting the flag if the heal is not
full. It's assumed that a full self-heal will already traverse all
entries automatically, so there's no need to force a new scan later.
Change-Id: Id12dbfc04e622b18183e796cc6cc87ccc30a6d55
fixes: bz#1636631
Signed-off-by: Xavi Hernandez <xhernandez@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Dereferencing NUll pointers this,local and stbuf.
1.Replaced this->name with "dht".
2.Removed GF_VALIDATE_OR_GOTO.
3.Removed the check for "stbuf" and "this".
Updates: bz#1622665
Change-Id: Id2fb2270d5ec37b76fa2aae1f1c8dca72dcc728a
Signed-off-by: Harpreet Lalwani <hlalwani@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
As lookup is not a locked fop, we can not trust the
data received in this to be same.
Changing the log level to DEBUG in case lookup finds any
difference.
Change-Id: I39499c44688a2455c7c6c69a798762d045d21b39
updates: bz#1640066
BUG: 1640066
Signed-off-by: Ashish Pandey <aspandey@redhat.com>
|
| |
|
|
|
|
| |
Fixes: bz#1637934
Change-Id: I5f95beab62bd2bdde3bbee94c308b0ad03e94379
Signed-off-by: Atin Mukherjee <amukherj@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Based on the proposal to remove few features as they are not
actively maintained [1], removing stripe translator from the
build. Also make sure there are no regression tests involving
stripe translator.
[1] https://lists.gluster.org/pipermail/gluster-users/2018-July/034400.html
Note that this patch aims at removing the translator from build, and
a followup patch is needed to remove the code from repository.
Updates: bz#1364707
Change-Id: I235b305338f138e29e9f30cba65bc0dadbebbbd5
Signed-off-by: Amar Tumballi <amarts@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Geo-rep's automatic error handling does gfid conflict
resolution. But if there are ENOENT errors because the
parent is not synced to slave, it doesn' handle them.
This patch adds the intelligence to create missing
parent directories on slave. It can create the missing
directories upto the depth of 10.
fixes: bz#1643402
Change-Id: Ic97ed1fa5899c087e404d559e04f7963ed7bb54c
Signed-off-by: Kotresh HR <khiremat@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
When 'gluster-mountbroker status' was issued, it
crashes in a corner case with 'str object has not
attribute get'. Fixed the same.
fixes: bz#1643929
Signed-off-by: Kotresh HR <khiremat@redhat.com>
Change-Id: Iaf1a937ed0136b3b2058230c75fa89a215d8a5eb
|
| |
|
|
|
|
|
|
|
| |
1. scheduler - Popen
2. syncdutils - corner case on failure
fixes: bz#1643932
Change-Id: I65af97a244a8790e976acedc2728db6ebbf2ae10
Signed-off-by: Kotresh HR <khiremat@redhat.com>
|
| |
|
|
|
|
|
| |
fixes: bz#1644164
Change-Id: I0ac5aff565b3a30d5ff25ec5a3f20e0bda424a5d
Signed-off-by: Mohit Agrawal <moagrawal@redhat.com>
|
| |
|
|
|
|
|
|
| |
Make Popen py2 and py3 compatiable
fixes: bz#1643935
Change-Id: Ife34cb38024dcdc0420436e7d76fd208223f9d86
Signed-off-by: Kotresh HR <khiremat@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Problem: ctx and res can be NULL.
Solution: introduced a VALIDATE_OR_GOTO statement, hence removed
the null check for ctx; added a check for res.
Updates: bz#1622665
Change-Id: Ifee4c73e260530ab44c0a34c5ff5568f38f92c94
Signed-off-by: Shwetha Acharya <sacharya@redhat.com>
|
| |
|
|
|
|
|
|
| |
Added a description for auth.ssl-allow
Change-Id: I50cd7c738007c3d7a1b333dae62dbb5e46a7ee67
fixes: bz#1643349
Signed-off-by: Harpreet Kaur Lalwani <hlalwani@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
lvm2(-devel) 2.03.00 no longer has liblvm2app.so. (I expect a
similar change in fedora-30 before too much longer, but for
now fedora-30 still has lvm2 and lvm2-devel 2.02.181
rpcgen has been removed from glibc-common and unbundled rpcgen
is now required.
And I guess nobody has ever built rpms with '--without bd' or we
would have discovered the attempted inclusion of .../storage/bd.so
in the rpm when it hadn't actually been built.
Change-Id: I71e26c3d06af5d329ae89cc249a4ad88664ddf53
updates: bz#1193929
Signed-off-by: Kaleb S. KEITHLEY <kkeithle@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This will allow proper printing of exact 'fop' type to be logged in
string, not number, during backtraces.
Considering this was not done on brick processes, we have no easy
way to glance and understand which fops were pending.
What gets changed:
After a crash, most of the core-dumps logged were of the form:
```
pending frames:
frame : type(0) op(18)
frame : type(0) op(18)
frame : type(0) op(28)
```
would change to
```
pending frames:
frame : type(1) op(SETXATTR)
frame : type(1) op(SETXATTR)
frame : type(1) op(READDIR)
```
updates: bz#1639599
Change-Id: I0e3d2a8dee9cfde7ed0112a948f5213f546efb80
Signed-off-by: Amar Tumballi <amarts@redhat.com>
|
