| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, there are possibilities in few places, where a user-controlled
(like filename, program parameter etc) string can be passed as 'fmt' for
printf(), which can lead to segfault, if the user's string contains '%s',
'%d' in it.
While fixing it, makes sense to make the explicit check for such issues
across the codebase, by making the format call properly.
Fixes: CVE-2018-14661
Fixes: bz#1644763
Change-Id: Ib547293f2d9eb618594cbff0df3b9c800e88bde4
Signed-off-by: Amar Tumballi <amarts@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
'getspec' operation is not used between 'client' and 'server' ever since
we have off-loaded volfile management to glusterd, ie, at least 7 years.
No reason to keep the dead code! The removed option had no meaning,
as glusterd didn't provide a way to set (or unset) this option. So,
no regression should be observed from any of the existing glusterfs
deployment, supported or unsupported.
Updates: CVE-2018-14653
Updates: bz#1644756
Change-Id: I4a2e0f673c5bcd4644976a61dbd2d37003a428eb
Signed-off-by: Amar Tumballi <amarts@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Server stack needs to have all the sort of validation, assuming
clients can be compromized. It is possible for a compromized
client to send basenames with paths with '/', and with that
create files without permission on server. By sanitizing the basename,
and not allowing anything other than actual directory as the parent
for any entry creation, we can mitigate the effects of clients
not able to exploit the server.
Fixes: CVE-2018-14651
Fixes: bz#1644755
Change-Id: I5dc0da0da2713452ff2b65ac2ddbccf1a267dc20
Signed-off-by: Amar Tumballi <amarts@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
By allowing clients taking dump in a file on brick process, we are
allowing compromised clients to create io-stats dumps on server,
which can exhaust all the available inodes.
Fixes: CVE-2018-14659
Fixes: bz#1644757
Change-Id: I32bfde9d4fe646d819a45e627805b928cae2e1ca
Signed-off-by: Amar Tumballi <amarts@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This patch fixes CID : 1174824 : RESOURCE_LEAK
updates: bz#789278
Change-Id: I2a4f8b508995de112fa16e1094e44ecd4b625312
Signed-off-by: Sunny Kumar <sunkumar@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Problem:
A compromised client can set arbitrary values for the GF_XATTROP_ENTRY_IN_KEY
and GF_XATTROP_ENTRY_OUT_KEY during xattrop fop. These values are
consumed by index as a filename to be created/deleted according to the key.
Thus it is possible to create/delete random files even outside the gluster
volume boundary.
Fix:
Index expects the filename to be a basename, i.e. it must not contain any
pathname components like "/" or "../". Enforce this.
Fixes: CVE-2018-14654
Fixes: bz#1644760
Change-Id: I35f2a39257b5917d17283d0a4f575b92f783f143
Signed-off-by: Ravishankar N <ravishankar@redhat.com>
|
| |
|
|
|
|
| |
Change-Id: Ib8bdf210a896423abcd7413dd4896d424ac0f561
fixes: bz#1626610
Signed-off-by: Raghavendra Bhat <raghavendra@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
The frame is freed when linkfile exist in dht_rmdir_is_subvol_empty(),
the following message use the freed local.
Change-Id: I41191e8bd477f031a2444d5f15e578dc4f086e6b
Updates: bz#1640489
Signed-off-by: Kinglong Mee <mijinlong@open-fs.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Addresses CIDs : 1124769, 1124852, 1124864, 1134024, 1229876, 1382382
Also addressed a spurious failure in
tests/bugs/glusterd/df-results-post-replace-brick-operations.t to ensure
post replace brick operation and before triggering 'df' from mount,
client has connection to the newly replaced bricks.
Change-Id: Ie5d7e02f89400a661491d7fc2a120d6f6a83a1cc
Updates: bz#789278
Signed-off-by: Atin Mukherjee <amukherj@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes CID:
1. 1389762 : Explicit null dereferenced
2. 1390462 : Argument cannot be negative
3. 1124552 : Explicit null dereferenced
4. 1356522 : Argument cannot be negative
updates: bz#789278
Change-Id: I1262f3b4b61a6e65bb34884f46df9a24b8dd03f1
Signed-off-by: Sunny Kumar <sunkumar@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This patch fixes CID 1224305, 1202395, 1202394, 1174824, 1174825, 1174826
and 1202397.
All issues are of RESOURCE_LEAK type.
Change-Id: Ie9944d5bdd0bd2788afdb1b6bb329aa3c44b90d0
updates: bz#789278
Signed-off-by: Sunny Kumar <sunkumar@redhat.com>
|
| |
|
|
|
|
| |
Change-Id: I53a583ec14bce65e8914bc496123dee3abe61f6c
Updates: bz#1634220
Signed-off-by: Kinglong Mee <mijinlong@open-fs.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Based on the proposal to remove few features as they are not
actively maintained [1], removing tier translator from the
build. Also make sure there are no regression tests involving
tiering feature are present.
[1] https://lists.gluster.org/pipermail/gluster-users/2018-July/034400.html
Change-Id: I2c177f711f9b54b7b24e1a13525ff3132bd9a9c5
updates: bz#1642807
Signed-off-by: Amar Tumballi <amarts@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
While performing the replace-brick operation, we should set
fsid value to the new brick.
fixes: bz#1637196
Change-Id: I9e9a4962fc0c2f5dff43e4ac11767814a0c0beaf
Signed-off-by: Sanju Rakonde <srakonde@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This patch fixes the unchecked return value, coverity issue.
CID: 1391412
Change-Id: If85f4afdf8c6d37602c62fbf4d7c730e18be81e7
updates: bz#789278
Signed-off-by: Varsha Rao <varao@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
posix_update_utime_in_mdata() unconditionally logs an error if
consistent time attributes features is not enabled. This log
does not add any value, prints an incorrect errno & floods
the log file. Hence nuking this log message in this patch.
fixes: bz#1644129
Change-Id: I9a1f9e7ada3366d2830f18d81f16a1461040092e
Signed-off-by: Kotresh HR <khiremat@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
as key size in xdr can be anything, it can be bigger than the
'NAME_MAX' allowed in the structure, which can allow for service denial
attacks.
Fixes: CVE-2018-14653
Fixes: bz#1644756
Change-Id: I2dc5e99af27ddf44c12c94b07e51adb8674cce80
Signed-off-by: Amar Tumballi <amarts@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There was a problem in commit 7f81067 that caused infinite loop when
full heal was triggered.
The previous commit was made to prevent self-heal to go idle after a
replace brick operation. One of the changes consisted on setting a
flag to force an immediate scan of the dirty directory if a heal on
a directory succeeded (assuming it could have generated newer entries).
However that change was causing an issue with a full self-heal, since
every time an already healed directory was checked and it returned
suceessfully, it was also setting the flag, forcing self-heal to start
over again.
This patch fixes this issue by only setting the flag if the heal is not
full. It's assumed that a full self-heal will already traverse all
entries automatically, so there's no need to force a new scan later.
Change-Id: Id12dbfc04e622b18183e796cc6cc87ccc30a6d55
fixes: bz#1636631
Signed-off-by: Xavi Hernandez <xhernandez@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Dereferencing NUll pointers this,local and stbuf.
1.Replaced this->name with "dht".
2.Removed GF_VALIDATE_OR_GOTO.
3.Removed the check for "stbuf" and "this".
Updates: bz#1622665
Change-Id: Id2fb2270d5ec37b76fa2aae1f1c8dca72dcc728a
Signed-off-by: Harpreet Lalwani <hlalwani@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
As lookup is not a locked fop, we can not trust the
data received in this to be same.
Changing the log level to DEBUG in case lookup finds any
difference.
Change-Id: I39499c44688a2455c7c6c69a798762d045d21b39
updates: bz#1640066
BUG: 1640066
Signed-off-by: Ashish Pandey <aspandey@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Based on the proposal to remove few features as they are not
actively maintained [1], removing stripe translator from the
build. Also make sure there are no regression tests involving
stripe translator.
[1] https://lists.gluster.org/pipermail/gluster-users/2018-July/034400.html
Note that this patch aims at removing the translator from build, and
a followup patch is needed to remove the code from repository.
Updates: bz#1364707
Change-Id: I235b305338f138e29e9f30cba65bc0dadbebbbd5
Signed-off-by: Amar Tumballi <amarts@redhat.com>
|
| |
|
|
|
|
|
|
| |
Added a description for auth.ssl-allow
Change-Id: I50cd7c738007c3d7a1b333dae62dbb5e46a7ee67
fixes: bz#1643349
Signed-off-by: Harpreet Kaur Lalwani <hlalwani@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This will allow proper printing of exact 'fop' type to be logged in
string, not number, during backtraces.
Considering this was not done on brick processes, we have no easy
way to glance and understand which fops were pending.
What gets changed:
After a crash, most of the core-dumps logged were of the form:
```
pending frames:
frame : type(0) op(18)
frame : type(0) op(18)
frame : type(0) op(28)
```
would change to
```
pending frames:
frame : type(1) op(SETXATTR)
frame : type(1) op(SETXATTR)
frame : type(1) op(READDIR)
```
updates: bz#1639599
Change-Id: I0e3d2a8dee9cfde7ed0112a948f5213f546efb80
Signed-off-by: Amar Tumballi <amarts@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Added a check for "top"
Updates: bz#1622665
Change-Id: I354fdc7150b2f1eb452702ddb653e2d6ed609c10
Signed-off-by: Harpreet Lalwani <hlalwani@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
For lease operation, we allocate and store child nodes
data in lease structure. Use the same in afr_lease_cbk()
while checking for the quorum.
Change-Id: If1fdd5a0798888afd39ad3df57d96487baf9d1e6
updates: #350
Signed-off-by: Soumya Koduri <skoduri@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
2 domain locking + xattrop for write-txn failures:
--------------------------------------------------
- A post-op wound on TA takes AFR_TA_DOM_NOTIFY range lock and
AFR_TA_DOM_MODIFY full lock, does xattrop on TA and releases
AFR_TA_DOM_MODIFY lock and stores in-memory which brick is bad.
- All further write txn failures are handled based on this in-memory
value without querying the TA.
- When shd heals the files, it does so by requesting full lock on
AFR_TA_DOM_NOTIFY domain. Client uses this as a cue (via upcall),
releases AFR_TA_DOM_NOTIFY range lock and invalidates its in-memory
notion of which brick is bad. The next write txn failure is wound on TA
to again update the in-memory state.
- Any incomplete write txns before the AFR_TA_DOM_NOTIFY upcall release
request is got is completed before the lock is released.
- Any write txns got after the release request are maintained in a ta_waitq.
- After the release is complete, the ta_waitq elements are spliced to a
separate queue which is then processed one by one.
- For fops that come in parallel when the in-memory bad brick is still
unknown, only one is wound to TA on wire. The other ones are maintained
in a ta_onwireq which is then processed after we get the response from
TA.
Change-Id: I32c7b61a61776663601ab0040e2f0767eca1fd64
updates: bz#1579788
Signed-off-by: Ravishankar N <ravishankar@redhat.com>
Signed-off-by: Ashish Pandey <aspandey@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With the commit febf5ed4848, during the volume create op,
we are setting volinfo->caps to 0, only if any of the bricks
belong to the same node and brickinfo->vg[0] is null.
Previously, we used to set volinfo->caps to 0, when
either brick doesn't belong to the same node or brickinfo->vg[0]
is null.
With this patch, we set volinfo->caps to 0, when either brick
doesn't belong to the same node or brickinfo->vg[0] is null.
(as we do earlier without commit febf5ed4848).
fixes: bz#1635820
Change-Id: I00a97415786b775fb088ac45566ad52b402f1a49
Signed-off-by: Sanju Rakonde <srakonde@redhat.com>
|
| |
|
|
|
|
|
|
| |
This patch fixes CID: 1356526 and 1382369 : Argument cannot be negative
Change-Id: I1aab5be2d217479db9f67a26b62854a0b38c1747
updates: bz#789278
Signed-off-by: Sunny Kumar <sunkumar@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Removed VALIDATE_OR_GOTO check on "this"
Updates: bz#1622665
Change-Id: Ie0d74525901ebf9daa1a5e788a035db6dc5d8c06
Signed-off-by: Sheetal Pamecha <sheetal.pamecha08@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes CID:
1394664 : CHECKED_RETURN
1356534 : Macro compares unsigned to 0 (NO_EFFECT)
1356532 : Macro compares unsigned to 0 (NO_EFFECT)
updates: bz#789278
Change-Id: I04d64fd8c007627611710dc56109b76eeb59333a
Signed-off-by: Sunny Kumar <sunkumar@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Change check condition from
"[[:space:]+]${mount_point}[[:space:]+]fuse" to
"[[:space:]+]${mount_point}[[:space:]+]fuse.glusterfs". Fix false
postive check result for mount points of other FUSEes, such as "fuse.sshfs".
Change-Id: I13898b50a651a8f5ecc3a94d01b3b5de37ec4cbc
fixes: bz#1640026
Signed-off-by: Han Han <hhan@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Glusterfs leases expects lease_id to be set and sent
for each fop to determine conflict resolution with the
existing lease.
Incase if not set (most likely if there is an older
client in a mixed cluster), it makes sense to consider
it as conflicitng fop and recall the lease.
Also fixed the return status check for __remove_lease(),
wherein non-negative value is considered as success case.
Change-Id: I5bcfba4f7c71a5af7cdedeb03436d0b818e85783
updates: #350
Signed-off-by: Soumya Koduri <skoduri@redhat.com>
|
| |
|
|
|
|
|
|
| |
The patch fixes CID: 1325520
Change-Id: Ic7d3fac6adabe96d1d44f13b57d6dc67da0476d1
updates: bz#789278
Signed-off-by: Arjun <arjsharm@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Problem: In brick_mux environment, while a user has enabled brick-log-level
for anyone volume, it automatically enables for other volumes
also those are attached with same brick.
Solution: A log-level option is automatically enabled for other volumes
because log-level saved in glusterfsd_ctx and ctx is common for
volumes those are attached with same brick. To resolve it
set log level for all children xlator's at the time of the graph
reconfigure at io-stat xlator.
Change-Id: Id9a6efa05d286e0bea2d47f49292d084e7bb2fcf
fixes: bz#1640495
Signed-off-by: Mohit Agrawal <moagrawal@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
dict_get_str_boolean expects a integer, so we need
to set all the boolean variables as integers to
avoid log messages like below:
[2018-09-10 03:55:19.236387] I [dict.c:2838:dict_get_str_boolean] (-->/usr/local/lib/libgfrpc.so.0(rpc_clnt_reconnect+0xc2) [0x7ff7a83d0452] -->/usr/local/lib/glusterfs/4.2dev/rpc-transport/socket.so(+0x65b0) [0x7ff7a06cf5b0] -->/usr/local/lib/libglusterfs.so.0(dict_get_str_boolean+0xcf) [0x7ff7a85fc58f] ) 0-dict: key transport.socket.ignore-enoent, integer type asked, has string type [Invalid argument]
This patch addresses all such instances in glusterd.
Change-Id: I7e1979fcf381363943f4d09b94c3901c403727da
updates: bz#1193929
Signed-off-by: Sanju Rakonde <srakonde@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Problem:
Currently for replica volume, even if only one brick is UP
SHD will keep crawling index entries even if it can not
heal anything.
In thin-arbiter volume which is also a replica 2 volume,
this causes inode lock contention which in turn sends
upcall to all the clients to release notify locks, even
if it can not do anything for healing.
This will slow down the client performance and kills the
purpose of keeping in memory information about bad brick.
Solution: Before starting heal or even crawling, check if
sufficient number of children are UP and available to check
and heal entries.
Change-Id: I011c9da3b37cae275f791affd56b8f1c1ac9255d
updates: bz#1640581
Signed-off-by: Ashish Pandey <aspandey@redhat.com>
|
| |
|
|
|
|
| |
Change-Id: I5f0667a47ddd24cb00949c875c19f3d1dbd8d603
fixes: bz#1605077
Signed-off-by: Sanju Rakonde <srakonde@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Ganesha always operate file by filehandle, and translates to
glusterfs's stat/fstat many time.
Change-Id: Idd0dc33c31131331ac948754c8b7f898777c31d3
Updates: bz#1634220
Signed-off-by: Kinglong Mee <mijinlong@open-fs.com>
|
| |
|
|
|
|
| |
Change-Id: I0730a037f96c4386c72ecf2f61c71ec17ffbc1b0
Updates: bz#1634220
Signed-off-by: Kinglong Mee <mijinlong@open-fs.com>
|
| |
|
|
|
|
| |
Change-Id: I52f8e13e68528ba9679537ffdddf58ec08f9fd0c
Updates: bz#1634220
Signed-off-by: Kinglong Mee <mijinlong@open-fs.com>
|
| |
|
|
|
|
|
|
| |
Fixes: 124759 1288787
Change-Id: Ib8999242fc3ea5f4ea80246659899d2d4f06c506
updates: bz#789278
Signed-off-by: Bhumika Goyal <bgoyal@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This patches fixes the following coverity issues:
CID: 1396101, 1396102 - Dereference null return value.
Change-Id: I7ec783a61c06a1378863e974ff6e0baae418aec2
updates: bz#789278
Signed-off-by: Varsha Rao <varao@redhat.com>
|
| |
|
|
|
|
|
|
| |
This patch fixes CID 1124651
Change-Id: I6f33954f08cfdd7cb4236f9a81ec7980f81d19e7
updates: bz#789278
Signed-off-by: Arjun <arjsharm@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch is continuation of commit
fb4b914ce84bc83a5f418719c5ba7c25689a9251. This patch extends that
logic to all inode based operations and not just open(dir).
<snip>
mount/fuse: never fail open(dir) with ENOENT
open(dir) being an operation on inode should never fail with
ENOENT. If gfid is not present, the appropriate error is ESTALE. This
will enable kernel to retry open after a revalidate lookup.
</snip>
Change-Id: I6313f520827e9af725485631cb6a9d9718243bc4
Signed-off-by: Raghavendra G <rgowdapp@redhat.com>
Fixes: bz#1627620
|
| |
|
|
|
|
|
|
|
| |
Removing VALIDATE_OR_GOTO check on "this"
Updates: bz#1622665
Change-Id: Ic7cffbb697da814f835d0ad46e25256da6afb406
Signed-off-by: Sheetal Pamecha <sheetal.pamecha08@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
PROBLEM:
tests/bugs/shard/bug-1251824.t fails occasionally with EIO due to gfid
mismatch across replicas on the same shard when dd is executed.
CAUSE:
Turns out this is due to a race between posix_mknod() and posix_lookup().
posix mknod does 3 operations, among other things:
1. creation of the entry itself under its parent directory
2. setting the gfid xattr on the file, and
3. creating the gfid link under .glusterfs.
Consider a case where the thread doing posix_mknod() (initiated by shard)
has executed steps 1 and 2 and is on its way to executing 3. And a
parallel LOOKUP from another thread on noting that loc->inode->gfid is NULL,
tries to perform gfid_heal where it attempts to create the gfid link
under .glusterfs and succeeds. As a result, posix_gfid_set() through
MKNOD (step 3) fails with EEXIST.
In the older code, MKNOD under such conditions was NOT being treated
as a failure. But commit e37ee6d changes this behavior by failing MKNOD,
causing the entry creation to be undone in posix_mknod() (it's another
matter that the stale gfid handle gets left behind if lookup has gone
ahead and gfid-healed it).
All of this happens on only one replica while on the other MKNOD succeeds.
Now if a parallel write causes shard translator to send another MKNOD
of the same shard (shortly after AFR releases entrylk from the first
MKNOD), the file is created on the other replica too, although with a
new gfid (since "gfid-req" that is passed now is a new UUID. This leads
to a gfid-mismatch across the replicas.
FIX:
The solution is to not fail MKNOD (or any other entry fop for that matter
that does posix_gfid_set()) if the .glusterfs link creation fails with EEXIST.
Change-Id: I84a5e54d214b6c47ed85671a880bb1c767a29f4d
fixes: bz#1638453
Signed-off-by: Krutika Dhananjay <kdhananj@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
This patch fixes CID:
1396179: Read from pointer after free
1396178: Use after free
Change-Id: I47a2e4aa257e0c4dbdf2e1fd2e0748902764463f
fixes: bz#789278
Signed-off-by: Mohit Agrawal <moagrawal@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This patch fixes CID: 1396177: NULL dereference.
updates: bz#789278
Change-Id: Ic5d302a5e32d375acf8adc412763ab94e6dabc3d
Signed-off-by: Sunny Kumar <sunkumar@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As dict_unserialize does not null terminate the value,
using snprintf adds garbage characters to the buffer
used to create the filename.
The code also used this->name in the filename which
will be the same for all bricks for a volume. The
files were thus overwritten if a node contained
multiple bricks for a volume. The code now uses
the conf->unique instead if available.
Change-Id: I2c72534b32634b87961d3b3f7d53c5f2ca2c068c
fixes: bz#1640165
Signed-off-by: N Balachandran <nbalacha@redhat.com>
|
| |
|
|
|
|
| |
Change-Id: I37ac6186b3631979d2503d1b185a61b8094dbd0d
Updates: bz#1634220
Signed-off-by: Kinglong Mee <mijinlong@open-fs.com>
|
