Linux Kernel https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v4.19.67 2019-03-27T05:14:39Z 2019-03-27T05:14:39Z Ilya Dryomov idryomov@gmail.com 2019-03-20T08:46:58Z urn:sha1:9cae232a8706875b4cdbe8fc4756aef616b8c7ba commit bb229bbb3bf63d23128e851a1f3b85c083178fa1 upstream. Because map updates are distributed lazily, an OSD may not know about the new blacklist for quite some time after "osd blacklist add" command is completed. This makes it possible for a blacklisted but still alive client to overwrite a post-blacklist update, resulting in data corruption. Waiting for latest osdmap in ceph_monc_blacklist_add() and thus using the post-blacklist epoch for all post-blacklist requests ensures that all such requests "wait" for the blacklist to come into force on their respective OSDs. Cc: stable@vger.kernel.org Fixes: 6305a3b41515 ("libceph: support for blacklisting clients") Signed-off-by: Ilya Dryomov <idryomov@gmail.com> Reviewed-by: Jason Dillaman <dillaman@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-11-21T08:19:16Z Ilya Dryomov idryomov@gmail.com 2018-09-26T16:03:16Z urn:sha1:542705afd8abefe743f15941b706a0a89ad66493 commit 94e6992bb560be8bffb47f287194adf070b57695 upstream. If the read is large enough, we end up spinning in the messenger: libceph: osd0 192.168.122.1:6801 io error libceph: osd0 192.168.122.1:6801 io error libceph: osd0 192.168.122.1:6801 io error This is a receive side limit, so only reads were affected. Cc: stable@vger.kernel.org Signed-off-by: Ilya Dryomov <idryomov@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-08-02T19:33:25Z Ilya Dryomov idryomov@gmail.com 2018-07-27T17:25:32Z urn:sha1:cc255c76c70f7a87d97939621eae04b600d9f4a1 Derive the signature from the entire buffer (both AES cipher blocks) instead of using just the first half of the first block, leaving out data_crc entirely. This addresses CVE-2018-1129. Link: http://tracker.ceph.com/issues/24837 Signed-off-by: Ilya Dryomov <idryomov@gmail.com> Reviewed-by: Sage Weil <sage@redhat.com> 2018-08-02T19:33:24Z Ilya Dryomov idryomov@gmail.com 2018-07-27T17:18:34Z urn:sha1:6daca13d2e72bedaaacfc08f873114c9307d5aea When a client authenticates with a service, an authorizer is sent with a nonce to the service (ceph_x_authorize_[ab]) and the service responds with a mutation of that nonce (ceph_x_authorize_reply). This lets the client verify the service is who it says it is but it doesn't protect against a replay: someone can trivially capture the exchange and reuse the same authorizer to authenticate themselves. Allow the service to reject an initial authorizer with a random challenge (ceph_x_authorize_challenge). The client then has to respond with an updated authorizer proving they are able to decrypt the service's challenge and that the new authorizer was produced for this specific connection instance. The accepting side requires this challenge and response unconditionally if the client side advertises they have CEPHX_V2 feature bit. This addresses CVE-2018-1128. Link: http://tracker.ceph.com/issues/24836 Signed-off-by: Ilya Dryomov <idryomov@gmail.com> Reviewed-by: Sage Weil <sage@redhat.com> 2018-08-02T19:33:22Z Ilya Dryomov idryomov@gmail.com 2018-07-26T13:17:46Z urn:sha1:262614c4294d33b1f19e0d18c0091d9c329b544a We already copy authorizer_reply_buf and authorizer_reply_buf_len into ceph_connection. Factoring out __prepare_write_connect() requires two more: authorizer_buf and authorizer_buf_len. Store the pointer to the handshake in con->auth rather than piling on. Signed-off-by: Ilya Dryomov <idryomov@gmail.com> Reviewed-by: Sage Weil <sage@redhat.com> 2018-08-02T19:33:20Z Ilya Dryomov idryomov@gmail.com 2018-07-23T12:11:40Z urn:sha1:f7e52d8efe8588c5d4b4c78eb33da81d89486c1a Signed-off-by: Ilya Dryomov <idryomov@gmail.com> 2018-08-02T19:33:14Z Arnd Bergmann arnd@arndb.de 2018-07-13T20:18:37Z urn:sha1:fac02ddf910814c24f5d9d969dfdab5227f6f3eb The request mtime field is used all over ceph, and is currently represented as a 'timespec' structure in Linux. This changes it to timespec64 to allow times beyond 2038, modifying all users at the same time. [ Remove now redundant ts variable in writepage_nounlock(). ] Signed-off-by: Arnd Bergmann <arnd@arndb.de> Reviewed-by: Ilya Dryomov <idryomov@gmail.com> Signed-off-by: Ilya Dryomov <idryomov@gmail.com> 2018-08-02T19:26:12Z Arnd Bergmann arnd@arndb.de 2018-07-13T20:18:34Z urn:sha1:473bd2d780d1699d81b25f57c0ec4de633a28eb8 ceph_con_keepalive_expired() is the last user of timespec_add() and some of the last uses of ktime_get_real_ts(). Replacing this with timespec64 based interfaces lets us remove that deprecated API. I'm introducing new ceph_encode_timespec64()/ceph_decode_timespec64() here that take timespec64 structures and convert to/from ceph_timespec, which is defined to have an unsigned 32-bit tv_sec member. This extends the range of valid times to year 2106, avoiding the year 2038 overflow. The ceph file system portion still uses the old functions for inode timestamps, this will be done separately after the VFS layer is converted. Signed-off-by: Arnd Bergmann <arnd@arndb.de> Reviewed-by: Ilya Dryomov <idryomov@gmail.com> Signed-off-by: Ilya Dryomov <idryomov@gmail.com> 2018-08-02T19:26:11Z Ilya Dryomov idryomov@gmail.com 2018-06-27T14:42:51Z urn:sha1:c9ed51c9123ab5e8f79b7d53a9afd786b43d4fe6 The wire format dictates that the length of string fits into 4 bytes. Take u32 instead of size_t to reflect that. We were already truncating len in ceph_pagelist_encode_32() -- this just pushes that truncation one level up. Signed-off-by: Ilya Dryomov <idryomov@gmail.com> 2018-08-02T19:26:11Z Ilya Dryomov idryomov@gmail.com 2018-06-25T15:26:55Z urn:sha1:6d54228fd1f293d00576ab2c3d2e4992c7cce12f The wire format dictates that payload_len fits into 4 bytes. Take u32 instead of size_t to reflect that. All callers pass a small integer, so no changes required. Signed-off-by: Ilya Dryomov <idryomov@gmail.com>