linux-stable.git/net/ceph, branch v4.9.3 Linux kernel stable tree libceph: verify authorize reply on connect 2017-01-09T07:32:24+00:00 Ilya Dryomov idryomov@gmail.com 2016-12-02T15:35:09+00:00 fc6cb9c303e289e0772cd9db593db9acd15cd678 commit 5c056fdc5b474329037f2aa18401bd73033e0ce0 upstream. After sending an authorizer (ceph_x_authorize_a + ceph_x_authorize_b), the client gets back a ceph_x_authorize_reply, which it is supposed to verify to ensure the authenticity and protect against replay attacks. The code for doing this is there (ceph_x_verify_authorizer_reply(), ceph_auth_verify_authorizer_reply() + plumbing), but it is never invoked by the the messenger. AFAICT this goes back to 2009, when ceph authentication protocols support was added to the kernel client in 4e7a5dcd1bba ("ceph: negotiate authentication protocol; implement AUTH_NONE protocol"). The second param of ceph_connection_operations::verify_authorizer_reply is unused all the way down. Pass 0 to facilitate backporting, and kill it in the next commit. Signed-off-by: Ilya Dryomov <idryomov@gmail.com> Reviewed-by: Sage Weil <sage@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
commit 5c056fdc5b474329037f2aa18401bd73033e0ce0 upstream.

After sending an authorizer (ceph_x_authorize_a + ceph_x_authorize_b),
the client gets back a ceph_x_authorize_reply, which it is supposed to
verify to ensure the authenticity and protect against replay attacks.
The code for doing this is there (ceph_x_verify_authorizer_reply(),
ceph_auth_verify_authorizer_reply() + plumbing), but it is never
invoked by the the messenger.

AFAICT this goes back to 2009, when ceph authentication protocols
support was added to the kernel client in 4e7a5dcd1bba ("ceph:
negotiate authentication protocol; implement AUTH_NONE protocol").

The second param of ceph_connection_operations::verify_authorizer_reply
is unused all the way down.  Pass 0 to facilitate backporting, and kill
it in the next commit.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Sage Weil <sage@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
libceph: initialize last_linger_id with a large integer 2016-11-10T19:13:08+00:00 Ilya Dryomov idryomov@gmail.com 2016-11-08T14:15:24+00:00 264048afab27d7c27eedf5394714e0b396d787f7 osdc->last_linger_id is a counter for lreq->linger_id, which is used for watch cookies. Starting with a large integer should ease the task of telling apart kernel and userspace clients. Signed-off-by: Ilya Dryomov <idryomov@gmail.com> 
osdc->last_linger_id is a counter for lreq->linger_id, which is used
for watch cookies.  Starting with a large integer should ease the task
of telling apart kernel and userspace clients.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
libceph: fix legacy layout decode with pool 0 2016-11-10T19:13:08+00:00 Yan, Zheng zyan@redhat.com 2016-11-09T08:42:48+00:00 3890dce1d3a8b9fe3bc36de99496792e468cd079 If your data pool was pool 0, ceph_file_layout_from_legacy() transform that to -1 unconditionally, which broke upgrades. We only want do that for a fully zeroed ceph_file_layout, so that it still maps to a file_layout_t. If any fields are set, though, we trust the fl_pgpool to be a valid pool. Fixes: 7627151ea30bc ("libceph: define new ceph_file_layout structure") Link: http://tracker.ceph.com/issues/17825 Signed-off-by: Yan, Zheng <zyan@redhat.com> Signed-off-by: Ilya Dryomov <idryomov@gmail.com> 
If your data pool was pool 0, ceph_file_layout_from_legacy()
transform that to -1 unconditionally, which broke upgrades.
We only want do that for a fully zeroed ceph_file_layout,
so that it still maps to a file_layout_t.  If any fields
are set, though, we trust the fl_pgpool to be a valid pool.

Fixes: 7627151ea30bc ("libceph: define new ceph_file_layout structure")
Link: http://tracker.ceph.com/issues/17825
Signed-off-by: Yan, Zheng <zyan@redhat.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
mm: replace get_user_pages_unlocked() write/force parameters with gup_flags 2016-10-18T21:13:37+00:00 Lorenzo Stoakes lstoakes@gmail.com 2016-10-13T00:20:13+00:00 c164154f66f0c9b02673f07aa4f044f1d9c70274 This removes the 'write' and 'force' use from get_user_pages_unlocked() and replaces them with 'gup_flags' to make the use of FOLL_FORCE explicit in callers as use of this flag can result in surprising behaviour (and hence bugs) within the mm subsystem. Signed-off-by: Lorenzo Stoakes <lstoakes@gmail.com> Reviewed-by: Jan Kara <jack@suse.cz> Acked-by: Michal Hocko <mhocko@suse.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
This removes the 'write' and 'force' use from get_user_pages_unlocked()
and replaces them with 'gup_flags' to make the use of FOLL_FORCE
explicit in callers as use of this flag can result in surprising
behaviour (and hence bugs) within the mm subsystem.

Signed-off-by: Lorenzo Stoakes <lstoakes@gmail.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Acked-by: Michal Hocko <mhocko@suse.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
crush: remove redundant local variable 2016-10-05T21:02:10+00:00 Ilya Dryomov idryomov@gmail.com 2016-09-27T10:35:55+00:00 64f77566e1c84990d6c448bb3960f899521c0b7d Remove extra x1 variable, it's just temporary placeholder that clutters the code unnecessarily. Reflects ceph.git commit 0d19408d91dd747340d70287b4ef9efd89e95c6b. Signed-off-by: Ilya Dryomov <idryomov@gmail.com> 
Remove extra x1 variable, it's just temporary placeholder that
clutters the code unnecessarily.

Reflects ceph.git commit 0d19408d91dd747340d70287b4ef9efd89e95c6b.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
crush: don't normalize input of crush_ln iteratively 2016-10-05T21:02:04+00:00 Ilya Dryomov idryomov@gmail.com 2016-09-27T10:30:09+00:00 74a5293832b3c1f7cb8f86fb9af9ee747138d355 Use __builtin_clz() supported by GCC and Clang to figure out how many bits we should shift instead of shifting by a bit in a loop until the value gets normalized. Improves performance of this function by up to 3x in worst-case scenario and overall straw2 performance by ~10%. Reflects ceph.git commit 110de33ca497d94fc4737e5154d3fe781fa84a0a. Signed-off-by: Ilya Dryomov <idryomov@gmail.com> 
Use __builtin_clz() supported by GCC and Clang to figure out
how many bits we should shift instead of shifting by a bit
in a loop until the value gets normalized. Improves performance
of this function by up to 3x in worst-case scenario and overall
straw2 performance by ~10%.

Reflects ceph.git commit 110de33ca497d94fc4737e5154d3fe781fa84a0a.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
libceph: ceph_build_auth() doesn't need ceph_auth_build_hello() 2016-10-03T14:13:50+00:00 Ilya Dryomov idryomov@gmail.com 2016-09-23T07:57:57+00:00 464691bd52b46a565153ec2a3b8b9984dacd4a00 A static bug finder (EBA) on Linux 4.7: Double lock in net/ceph/auth.c second lock at 108: mutex_lock(& ac->mutex); [ceph_auth_build_hello] after calling from 263: ret = ceph_auth_build_hello(ac, msg_buf, msg_len); if ! ac->protocol -> true at 262 first lock at 261: mutex_lock(& ac->mutex); [ceph_build_auth] ceph_auth_build_hello() is never called, because the protocol is always initialized, whether we are checking existing tickets (in delayed_work()) or getting new ones after invalidation (in invalidate_authorizer()). Reported-by: Iago Abal <iari@itu.dk> Signed-off-by: Ilya Dryomov <idryomov@gmail.com> 
A static bug finder (EBA) on Linux 4.7:

    Double lock in net/ceph/auth.c
    second lock at 108: mutex_lock(& ac->mutex); [ceph_auth_build_hello]
    after calling from 263: ret = ceph_auth_build_hello(ac, msg_buf, msg_len);
    if ! ac->protocol -> true at 262
    first lock at 261: mutex_lock(& ac->mutex); [ceph_build_auth]

ceph_auth_build_hello() is never called, because the protocol is always
initialized, whether we are checking existing tickets (in delayed_work())
or getting new ones after invalidation (in invalidate_authorizer()).

Reported-by: Iago Abal <iari@itu.dk>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
libceph: use CEPH_AUTH_UNKNOWN in ceph_auth_build_hello() 2016-10-03T14:13:50+00:00 Ilya Dryomov idryomov@gmail.com 2016-09-23T07:57:56+00:00 fdc723e77bcf17ec2646fdef031e7f135968a9b7 Signed-off-by: Ilya Dryomov <idryomov@gmail.com> 
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
rbd: add 'client_addr' sysfs rbd device attribute 2016-08-24T21:49:16+00:00 Ilya Dryomov idryomov@gmail.com 2016-08-18T16:38:43+00:00 005a07bf0a92e7f0e73fc9a6c9acc992c5dbd00c Export client addr/nonce, so userspace can check if a image is being blacklisted. Signed-off-by: Mike Christie <mchristi@redhat.com> [idryomov@gmail.com: ceph_client_addr(), endianess fix] Signed-off-by: Ilya Dryomov <idryomov@gmail.com> 
Export client addr/nonce, so userspace can check if a image is being
blacklisted.

Signed-off-by: Mike Christie <mchristi@redhat.com>
[idryomov@gmail.com: ceph_client_addr(), endianess fix]
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
rbd: support for exclusive-lock feature 2016-08-24T21:49:16+00:00 Ilya Dryomov idryomov@gmail.com 2016-08-12T14:40:02+00:00 ed95b21a4b0a71ef89306cdeb427d53cc9cb343f Add basic support for RBD_FEATURE_EXCLUSIVE_LOCK feature. Maintenance operations (resize, snapshot create, etc) are offloaded to librbd via returning -EOPNOTSUPP - librbd should request the lock and execute the operation. Signed-off-by: Ilya Dryomov <idryomov@gmail.com> Reviewed-by: Mike Christie <mchristi@redhat.com> Tested-by: Mike Christie <mchristi@redhat.com> 
Add basic support for RBD_FEATURE_EXCLUSIVE_LOCK feature.  Maintenance
operations (resize, snapshot create, etc) are offloaded to librbd via
returning -EOPNOTSUPP - librbd should request the lock and execute the
operation.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Mike Christie <mchristi@redhat.com>
Tested-by: Mike Christie <mchristi@redhat.com>