glusterfs.git, branch v5.1 GlusterFS is a distributed file-system capable of scaling to several petabytes. It aggregates various storage bricks over Infiniband RDMA or TCP/IP interconnect into one large parallel network file system. doc: Release notes for 5.1 release of GlusterFS 2018-11-14T16:03:54+00:00 ShyamsundarR srangana@redhat.com 2018-11-14T16:03:08+00:00 c12ded9ebf41c1f3bacda98a20b165a413740b2e Change-Id: I526bf9bfd889dd7aea19f71059042cd9a993e1d0 Signed-off-by: ShyamsundarR <srangana@redhat.com> Fixes: bz#1640685 
Change-Id: I526bf9bfd889dd7aea19f71059042cd9a993e1d0
Signed-off-by: ShyamsundarR <srangana@redhat.com>
Fixes: bz#1640685
cluster/ec: Change log level to DEBUG for lookup combine 2018-11-14T15:36:52+00:00 Ashish Pandey aspandey@redhat.com 2018-10-17T09:48:34+00:00 26a40f8b5c7f46b0390fd7b15a6bd5a77d0176cd As lookup is not a locked fop, we can not trust the data received in this to be same. Changing the log level to DEBUG in case lookup finds any difference. (cherry picked from commit 9be6bf3d90e3783b3ba559c93d41b933f8d53f03) Change-Id: I39499c44688a2455c7c6c69a798762d045d21b39 updates: bz#1644622 Signed-off-by: Ashish Pandey <aspandey@redhat.com> 
As lookup is not a locked fop, we can not trust the
data received in this to be same.

Changing the log level to DEBUG in case lookup finds any
difference.

(cherry picked from commit 9be6bf3d90e3783b3ba559c93d41b933f8d53f03)

Change-Id: I39499c44688a2455c7c6c69a798762d045d21b39
updates: bz#1644622
Signed-off-by: Ashish Pandey <aspandey@redhat.com>
gfapi: fix bad dict setting of lease-id 2018-11-12T13:36:32+00:00 Kinglong Mee kinglongmee@gmail.com 2018-11-12T09:07:21+00:00 636ff6e2171d6288fe3f47cbcb971bb1e40458be lease_id is a 16 bits opaque data, copying it by gf_strdup is wrong. Invalid read of size 2 at 0x483FA2F: memmove (vg_replace_strmem.c:1270) by 0xE2EF6FB: ??? (in /usr/lib64/libtirpc.so.3.0.0) by 0xE2EE047: xdr_opaque (in /usr/lib64/libtirpc.so.3.0.0) by 0x107A97DC: xdr_gfx_value (glusterfs4-xdr.c:207) by 0x107A98C0: xdr_gfx_dict_pair (glusterfs4-xdr.c:321) by 0xE2EF35E: xdr_array (in /usr/lib64/libtirpc.so.3.0.0) by 0x107A9A89: xdr_gfx_dict (glusterfs4-xdr.c:335) by 0x107AA97B: xdr_gfx_write_req (glusterfs4-xdr.c:897) by 0x107A181E: xdr_serialize_generic (xdr-generic.c:25) by 0x231044A2: client_submit_request (client.c:205) by 0x2314D3C1: client4_0_writev (client-rpc-fops_v2.c:3863) by 0x230FD5FA: client_writev (client.c:956) Address 0xad659e18 is 72 bytes inside a block of size 73 alloc'd at 0x483880B: malloc (vg_replace_malloc.c:299) by 0x106BA7EC: __gf_malloc (mem-pool.c:136) by 0x1064521E: gf_strndup (mem-pool.h:166) by 0x1064521E: gf_strdup (mem-pool.h:183) by 0x1064521E: get_fop_attr_thrd_key (glfs.c:627) by 0x1064D8E9: glfs_pwritev@@GFAPI_3.4.0 (glfs-fops.c:1154) by 0x10610C0C: glusterfs_write2 (handle.c:2092) by 0x54D30C: mdcache_write2 (mdcache_file.c:647) by 0x48A3FC: nfs4_write (nfs4_op_write.c:459) by 0x48A44D: nfs4_op_write (nfs4_op_write.c:487) by 0x4634F5: nfs4_Compound (nfs4_Compound.c:947) by 0x460155: nfs_rpc_process_request (nfs_worker_thread.c:1329) by 0x4608A3: nfs_rpc_valid_NFS (nfs_worker_thread.c:1539) by 0x488F12F: svc_vc_decode (svc_vc.c:825) Backport of: > Patch: https://review.gluster.org/21586/ > BUG: bz#1647651 > Change-Id: Ib9fff55c897bc43c15036a869888e763df133757 > Signed-off-by: Kinglong Mee <mijinlong@open-fs.com> (cherry picked from commit 6d4cd8ce6c0d88d331ffed97c51d3061a3900561) Updates bz#1648923 Change-Id: Ib9fff55c897bc43c15036a869888e763df133757 Signed-off-by: Kinglong Mee <mijinlong@open-fs.com> 
lease_id is a 16 bits opaque data, copying it by gf_strdup is wrong.

Invalid read of size 2
   at 0x483FA2F: memmove (vg_replace_strmem.c:1270)
   by 0xE2EF6FB: ??? (in /usr/lib64/libtirpc.so.3.0.0)
   by 0xE2EE047: xdr_opaque (in /usr/lib64/libtirpc.so.3.0.0)
   by 0x107A97DC: xdr_gfx_value (glusterfs4-xdr.c:207)
   by 0x107A98C0: xdr_gfx_dict_pair (glusterfs4-xdr.c:321)
   by 0xE2EF35E: xdr_array (in /usr/lib64/libtirpc.so.3.0.0)
   by 0x107A9A89: xdr_gfx_dict (glusterfs4-xdr.c:335)
   by 0x107AA97B: xdr_gfx_write_req (glusterfs4-xdr.c:897)
   by 0x107A181E: xdr_serialize_generic (xdr-generic.c:25)
   by 0x231044A2: client_submit_request (client.c:205)
   by 0x2314D3C1: client4_0_writev (client-rpc-fops_v2.c:3863)
   by 0x230FD5FA: client_writev (client.c:956)
 Address 0xad659e18 is 72 bytes inside a block of size 73 alloc'd
   at 0x483880B: malloc (vg_replace_malloc.c:299)
   by 0x106BA7EC: __gf_malloc (mem-pool.c:136)
   by 0x1064521E: gf_strndup (mem-pool.h:166)
   by 0x1064521E: gf_strdup (mem-pool.h:183)
   by 0x1064521E: get_fop_attr_thrd_key (glfs.c:627)
   by 0x1064D8E9: glfs_pwritev@@GFAPI_3.4.0 (glfs-fops.c:1154)
   by 0x10610C0C: glusterfs_write2 (handle.c:2092)
   by 0x54D30C: mdcache_write2 (mdcache_file.c:647)
   by 0x48A3FC: nfs4_write (nfs4_op_write.c:459)
   by 0x48A44D: nfs4_op_write (nfs4_op_write.c:487)
   by 0x4634F5: nfs4_Compound (nfs4_Compound.c:947)
   by 0x460155: nfs_rpc_process_request (nfs_worker_thread.c:1329)
   by 0x4608A3: nfs_rpc_valid_NFS (nfs_worker_thread.c:1539)
   by 0x488F12F: svc_vc_decode (svc_vc.c:825)

Backport of:

 > Patch: https://review.gluster.org/21586/
 > BUG: bz#1647651
 > Change-Id: Ib9fff55c897bc43c15036a869888e763df133757
 > Signed-off-by: Kinglong Mee <mijinlong@open-fs.com>
(cherry picked from commit 6d4cd8ce6c0d88d331ffed97c51d3061a3900561)

Updates bz#1648923
Change-Id: Ib9fff55c897bc43c15036a869888e763df133757
Signed-off-by: Kinglong Mee <mijinlong@open-fs.com>
geo-rep: Add more intelligence to automatic error handling 2018-11-09T18:46:54+00:00 Kotresh HR khiremat@redhat.com 2018-10-26T07:45:46+00:00 dbfdd52f50ab76a7e6c5a92856a88f8db0a5c351 Geo-rep's automatic error handling does gfid conflict resolution. But if there are ENOENT errors because the parent is not synced to slave, it doesn' handle them. This patch adds the intelligence to create missing parent directories on slave. It can create the missing directories upto the depth of 10. Backport of: > Patch: https://review.gluster.org/21498/ > fixes: bz#1643402 > Change-Id: Ic97ed1fa5899c087e404d559e04f7963ed7bb54c > Signed-off-by: Kotresh HR <khiremat@redhat.com> (cherry picked from commit 19775e0445411cca9ddd9d294fd54d0b6fbe6a03) fixes: bz#1646896 Change-Id: Ic97ed1fa5899c087e404d559e04f7963ed7bb54c Signed-off-by: Kotresh HR <khiremat@redhat.com> 
Geo-rep's automatic error handling does gfid conflict
resolution. But if there are ENOENT errors because the
parent is not synced to slave, it doesn' handle them.
This patch adds the intelligence to create missing
parent directories on slave. It can create the missing
directories upto the depth of 10.

Backport of:

 > Patch: https://review.gluster.org/21498/
 > fixes: bz#1643402
 > Change-Id: Ic97ed1fa5899c087e404d559e04f7963ed7bb54c
 > Signed-off-by: Kotresh HR <khiremat@redhat.com>
(cherry picked from commit 19775e0445411cca9ddd9d294fd54d0b6fbe6a03)

fixes: bz#1646896
Change-Id: Ic97ed1fa5899c087e404d559e04f7963ed7bb54c
Signed-off-by: Kotresh HR <khiremat@redhat.com>
glusterd: ensure volinfo->caps is set to correct value. 2018-11-09T18:46:34+00:00 Sanju Rakonde srakonde@redhat.com 2018-10-03T18:28:37+00:00 3782c90a617dfefc9bc8a92d0facb3927659dede With the commit febf5ed4848, during the volume create op, we are setting volinfo->caps to 0, only if any of the bricks belong to the same node and brickinfo->vg[0] is null. Previously, we used to set volinfo->caps to 0, when either brick doesn't belong to the same node or brickinfo->vg[0] is null. With this patch, we set volinfo->caps to 0, when either brick doesn't belong to the same node or brickinfo->vg[0] is null. (as we do earlier without commit febf5ed4848). > BUG: bz#1635820 > Change-Id: I00a97415786b775fb088ac45566ad52b402f1a49 > Signed-off-by: Sanju Rakonde <srakonde@redhat.com> (cherry picked from commit aae1c402b74fd02ed2f6473b896f108d82aef8e3) fixes: bz#1647968 Change-Id: I00a97415786b775fb088ac45566ad52b402f1a49 Signed-off-by: Sanju Rakonde <srakonde@redhat.com> 
With the commit febf5ed4848, during the volume create op,
we are setting volinfo->caps to 0, only if any of the bricks
belong to the same node and brickinfo->vg[0] is null.
Previously, we used to set volinfo->caps to 0, when
either brick doesn't belong to the same node or brickinfo->vg[0]
is null.

With this patch, we set volinfo->caps to 0, when either brick
doesn't belong to the same node or brickinfo->vg[0] is null.
(as we do earlier without commit febf5ed4848).

> BUG: bz#1635820
> Change-Id: I00a97415786b775fb088ac45566ad52b402f1a49
> Signed-off-by: Sanju Rakonde <srakonde@redhat.com>
(cherry picked from commit aae1c402b74fd02ed2f6473b896f108d82aef8e3)

fixes: bz#1647968
Change-Id: I00a97415786b775fb088ac45566ad52b402f1a49
Signed-off-by: Sanju Rakonde <srakonde@redhat.com>
all: fix the format string exceptions 2018-11-09T14:03:02+00:00 Amar Tumballi amarts@redhat.com 2018-11-06T17:17:41+00:00 83304fedb464fe3f97db662ce3e07bd948b7b7d9 Currently, there are possibilities in few places, where a user-controlled (like filename, program parameter etc) string can be passed as 'fmt' for printf(), which can lead to segfault, if the user's string contains '%s', '%d' in it. While fixing it, makes sense to make the explicit check for such issues across the codebase, by making the format call properly. Fixes: CVE-2018-14661 Fixes: bz#1647666 Change-Id: Ib547293f2d9eb618594cbff0df3b9c800e88bde4 Signed-off-by: Amar Tumballi <amarts@redhat.com> 
Currently, there are possibilities in few places, where a user-controlled
(like filename, program parameter etc) string can be passed as 'fmt' for
printf(), which can lead to segfault, if the user's string contains '%s',
'%d' in it.

While fixing it, makes sense to make the explicit check for such issues
across the codebase, by making the format call properly.

Fixes: CVE-2018-14661

Fixes: bz#1647666
Change-Id: Ib547293f2d9eb618594cbff0df3b9c800e88bde4
Signed-off-by: Amar Tumballi <amarts@redhat.com>
features/locks:Use pthread_mutex_unlock() instead of pthread_mutex_lock() 2018-11-09T14:02:19+00:00 Vijay Bellur vbellur@redhat.com 2018-11-06T18:12:10+00:00 7136414bcc0426270f1df8720018af1b53fd228a Fixes CID 1396581 Change-Id: Ic04091b5783a75d8e1e605a9c1c28b77fea048d3 updates: bz#1647962 Signed-off-by: Vijay Bellur <vbellur@redhat.com> Signed-off-by: Susant Palai <spalai@redhat.com> 
Fixes CID 1396581

Change-Id: Ic04091b5783a75d8e1e605a9c1c28b77fea048d3
updates: bz#1647962
Signed-off-by: Vijay Bellur <vbellur@redhat.com>
Signed-off-by: Susant Palai <spalai@redhat.com>
lock: Do not allow meta-lock count to be more than one 2018-11-09T14:02:19+00:00 Susant Palai spalai@redhat.com 2018-11-02T03:53:42+00:00 c87a458998717e951094744a56247a8ec6c48b4b In the current scheme of glusterfs where lock migration is experimental, (ideally) the rebalance process which is migrating the file should request for a metalock. Hence, the metalock count should not be more than one for an inode. In future, if there is a need for meta-lock from other clients, this patch can be reverted. Since pl_metalk is called as part of setxattr operation, any client process(non-rebalance) residing outside trusted network can exhaust memory of the server node by issuing setxattr repetitively on the metalock key. The current patch makes sure that more than one metalock cannot be granted on an inode. Fixes CVE-2018-14660 updates: bz#1647962 Change-Id: Ie1e697766388718804a9551bc58351808fe71069 Signed-off-by: Susant Palai <spalai@redhat.com> 
In the current scheme of glusterfs where lock migration is
experimental, (ideally) the rebalance process which is migrating
the file should request for a metalock. Hence, the metalock count
should not be more than one for an inode. In future, if there is a
need for meta-lock from other clients, this patch can be reverted.

Since pl_metalk is called as part of setxattr operation, any client
process(non-rebalance) residing outside trusted network can exhaust
memory of the server node by issuing setxattr repetitively on the
metalock key. The current patch makes sure that more than
one metalock cannot be granted on an inode.

Fixes CVE-2018-14660

updates: bz#1647962
Change-Id: Ie1e697766388718804a9551bc58351808fe71069
Signed-off-by: Susant Palai <spalai@redhat.com>
server: don't allow '/' in basename 2018-11-08T19:06:17+00:00 Amar Tumballi amarts@redhat.com 2018-11-01T01:32:11+00:00 d0b3b63519dac97ad2c4bc24821565e9aea02ba2 Server stack needs to have all the sort of validation, assuming clients can be compromized. It is possible for a compromized client to send basenames with paths with '/', and with that create files without permission on server. By sanitizing the basename, and not allowing anything other than actual directory as the parent for any entry creation, we can mitigate the effects of clients not able to exploit the server. Fixes: CVE-2018-14651 Fixes: bz#1647663 Change-Id: I5dc0da0da2713452ff2b65ac2ddbccf1a267dc20 Signed-off-by: Amar Tumballi <amarts@redhat.com> 
Server stack needs to have all the sort of validation, assuming
clients can be compromized. It is possible for a compromized
client to send basenames with paths with '/', and with that
create files without permission on server. By sanitizing the basename,
and not allowing anything other than actual directory as the parent
for any entry creation, we can mitigate the effects of clients
not able to exploit the server.

Fixes: CVE-2018-14651

Fixes: bz#1647663
Change-Id: I5dc0da0da2713452ff2b65ac2ddbccf1a267dc20
Signed-off-by: Amar Tumballi <amarts@redhat.com>
cluster/afr : Check for UP bricks before starting heal 2018-11-08T19:05:46+00:00 Ashish Pandey aspandey@redhat.com 2018-10-18T11:45:58+00:00 d1b0de23c1fdc44a4ef661a8bb03c27228045634 Problem: Currently for replica volume, even if only one brick is UP SHD will keep crawling index entries even if it can not heal anything. In thin-arbiter volume which is also a replica 2 volume, this causes inode lock contention which in turn sends upcall to all the clients to release notify locks, even if it can not do anything for healing. This will slow down the client performance and kills the purpose of keeping in memory information about bad brick. Solution: Before starting heal or even crawling, check if sufficient number of children are UP and available to check and heal entries. (cherry picked from commit f73b4476b15f9d6d3dc3c8e20c9742aacd857f9f) Change-Id: I011c9da3b37cae275f791affd56b8f1c1ac9255d updates: bz#1644645 Signed-off-by: Ashish Pandey <aspandey@redhat.com> 
Problem:
Currently for replica volume, even if only one brick is UP
SHD will keep crawling index entries even if it can not
heal anything.

In thin-arbiter volume which is also a replica 2 volume,
this causes inode lock contention which in turn sends
upcall to all the clients to release notify locks, even
if it can not do anything for healing.

This will slow down the client performance and kills the
purpose of keeping in memory information about bad brick.

Solution: Before starting heal or even crawling, check if
sufficient number of children are UP and available to check
and heal entries.

(cherry picked from commit f73b4476b15f9d6d3dc3c8e20c9742aacd857f9f)

Change-Id: I011c9da3b37cae275f791affd56b8f1c1ac9255d
updates: bz#1644645
Signed-off-by: Ashish Pandey <aspandey@redhat.com>