mds/Server: replace ceph_assert for uid/gid with log prints#54121
Closed
mds/Server: replace ceph_assert for uid/gid with log prints#54121
Conversation
Having ceph_assert calls is unsafe in the Server::prepare_new_inode
when assertion depends on a data which is a client-provided.
A malicious client can easily crash MDS by purpose.
Let's replace two ceph_assert calls for owner_{u,g}id's with
log prints.
See also:
ceph#54108
Fixes: commit 46cb244 ("ceph_fs.h: add separate owner_{u,g}id fields")
Fixes: https://tracker.ceph.com/issues/62217
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Contributor
Author
|
jenkins test make check |
Contributor
Author
Contributor
Author
|
jenkins test make check |
Contributor
Author
|
jenkins test make check arm64 |
14 tasks
batrick
requested changes
Oct 23, 2023
| if (_inode->gid == (unsigned)-1 || _inode->uid == (unsigned)-1) { | ||
| dout(0) << "WARNING: client specified uid " << _inode->uid << " gid " << _inode->gid << " for ino " << _inode->ino << dendl; | ||
| mds->clog->error() << mdr->client_request->get_source() | ||
| << " specified uid " << _inode->uid << " gid " << _inode->gid << " for ino " << _inode->ino; |
Member
There was a problem hiding this comment.
This could generate incredible amount of spam. Is this really an error or can we replace it with a reasonable default?
Contributor
Author
Contributor
Author
|
See also #54149 |
Contributor
|
@mihalicyn Do we need this change now since that actual crash is not fixed? |
Contributor
Author
|
Hi, Venky! Hm, we have fixed the actual crash everywhere, so I guess we can drop this change. As you say. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Having ceph_assert calls is unsafe in the Server::prepare_new_inode when assertion depends on a data which is a client-provided. A malicious client can easily crash MDS by purpose.
Let's replace two ceph_assert calls for owner_{u,g}id's with log prints.
See also:
#54108
Fixes: commit 46cb244 ("ceph_fs.h: add separate owner_{u,g}id fields")
Fixes: https://tracker.ceph.com/issues/62217
Contribution Guidelines
To sign and title your commits, please refer to Submitting Patches to Ceph.
If you are submitting a fix for a stable branch (e.g. "pacific"), please refer to Submitting Patches to Ceph - Backports for the proper workflow.
Checklist
Show available Jenkins commands
jenkins retest this pleasejenkins test classic perfjenkins test crimson perfjenkins test signedjenkins test make checkjenkins test make check arm64jenkins test submodulesjenkins test dashboardjenkins test dashboard cephadmjenkins test apijenkins test docsjenkins render docsjenkins test ceph-volume alljenkins test ceph-volume toxjenkins test windows