diff options
Diffstat (limited to 'external/meta-virtualization/recipes-extended/ceph/ceph/0002-mon-enforce-caps-for-pre-octopus-client-tell-command.patch')
| -rw-r--r-- | external/meta-virtualization/recipes-extended/ceph/ceph/0002-mon-enforce-caps-for-pre-octopus-client-tell-command.patch | 95 |
1 files changed, 95 insertions, 0 deletions
diff --git a/external/meta-virtualization/recipes-extended/ceph/ceph/0002-mon-enforce-caps-for-pre-octopus-client-tell-command.patch b/external/meta-virtualization/recipes-extended/ceph/ceph/0002-mon-enforce-caps-for-pre-octopus-client-tell-command.patch new file mode 100644 index 00000000..79f2174b --- /dev/null +++ b/external/meta-virtualization/recipes-extended/ceph/ceph/0002-mon-enforce-caps-for-pre-octopus-client-tell-command.patch @@ -0,0 +1,95 @@ +From ddbac9b2779172876ebd2d26b68b04b02350a125 Mon Sep 17 00:00:00 2001 +From: Josh Durgin <jdurgin@redhat.com> +Date: Thu, 23 Apr 2020 00:22:10 -0400 +Subject: [PATCH 2/3] mon: enforce caps for pre-octopus client tell commands + +This affects only the commands whitelisted here - in particular +injectargs requires write access to the monitors. + +Signed-off-by: Josh Durgin <jdurgin@redhat.com> + +Upstream-status: Backport +[https://github.com/ceph/ceph/commit/fc5e56b75a97c4652c87e9959aad1c4dec45010d] + +Signed-off-by: Liu Haitao <haitao.liu@windriver.com> +--- + src/mon/Monitor.cc | 56 +++++++++++++++++++++++----------------------- + 1 file changed, 28 insertions(+), 28 deletions(-) + +diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc +index b7cb3eae..eecd2f68 100644 +--- a/src/mon/Monitor.cc ++++ b/src/mon/Monitor.cc +@@ -3226,34 +3226,6 @@ void Monitor::handle_command(MonOpRequestRef op) + return; + } + +- // compat kludge for legacy clients trying to tell commands that are +- // new. see bottom of MonCommands.h. we need to handle both (1) +- // pre-octopus clients and (2) octopus clients with a mix of pre-octopus +- // and octopus mons. +- if ((!HAVE_FEATURE(m->get_connection()->get_features(), SERVER_OCTOPUS) || +- monmap->min_mon_release < ceph_release_t::octopus) && +- (prefix == "injectargs" || +- prefix == "smart" || +- prefix == "mon_status" || +- prefix == "heap")) { +- if (m->get_connection()->get_messenger() == 0) { +- // Prior to octopus, monitors might forward these messages +- // around. that was broken at baseline, and if we try to process +- // this message now, it will assert out when we try to send a +- // message in reply from the asok/tell worker (see +- // AnonConnection). Just reply with an error. +- dout(5) << __func__ << " failing forwarded command from a (presumably) " +- << "pre-octopus peer" << dendl; +- reply_command( +- op, -EBUSY, +- "failing forwarded tell command in mixed-version mon cluster", 0); +- return; +- } +- dout(5) << __func__ << " passing command to tell/asok" << dendl; +- cct->get_admin_socket()->queue_tell_command(m); +- return; +- } +- + string module; + string err; + +@@ -3368,6 +3340,34 @@ void Monitor::handle_command(MonOpRequestRef op) + << "entity='" << session->entity_name << "' " + << "cmd=" << m->cmd << ": dispatch"; + ++ // compat kludge for legacy clients trying to tell commands that are ++ // new. see bottom of MonCommands.h. we need to handle both (1) ++ // pre-octopus clients and (2) octopus clients with a mix of pre-octopus ++ // and octopus mons. ++ if ((!HAVE_FEATURE(m->get_connection()->get_features(), SERVER_OCTOPUS) || ++ monmap->min_mon_release < ceph_release_t::octopus) && ++ (prefix == "injectargs" || ++ prefix == "smart" || ++ prefix == "mon_status" || ++ prefix == "heap")) { ++ if (m->get_connection()->get_messenger() == 0) { ++ // Prior to octopus, monitors might forward these messages ++ // around. that was broken at baseline, and if we try to process ++ // this message now, it will assert out when we try to send a ++ // message in reply from the asok/tell worker (see ++ // AnonConnection). Just reply with an error. ++ dout(5) << __func__ << " failing forwarded command from a (presumably) " ++ << "pre-octopus peer" << dendl; ++ reply_command( ++ op, -EBUSY, ++ "failing forwarded tell command in mixed-version mon cluster", 0); ++ return; ++ } ++ dout(5) << __func__ << " passing command to tell/asok" << dendl; ++ cct->get_admin_socket()->queue_tell_command(m); ++ return; ++ } ++ + if (mon_cmd->is_mgr()) { + const auto& hdr = m->get_header(); + uint64_t size = hdr.front_len + hdr.middle_len + hdr.data_len; +-- +2.25.1 + |