From 1c7d6584a7811b7785ae5c1e378f14b5ba0971cf Mon Sep 17 00:00:00 2001
From: takeshi_hoshina <takeshi_hoshina@mail.toyota.co.jp>
Date: Mon, 2 Nov 2020 11:07:33 +0900
Subject: basesystem-jj recipes

---
 ...-caps-for-pre-octopus-client-tell-command.patch | 95 ++++++++++++++++++++++
 1 file changed, 95 insertions(+)
 create mode 100644 external/meta-virtualization/recipes-extended/ceph/ceph/0002-mon-enforce-caps-for-pre-octopus-client-tell-command.patch

(limited to 'external/meta-virtualization/recipes-extended/ceph/ceph/0002-mon-enforce-caps-for-pre-octopus-client-tell-command.patch')

diff --git a/external/meta-virtualization/recipes-extended/ceph/ceph/0002-mon-enforce-caps-for-pre-octopus-client-tell-command.patch b/external/meta-virtualization/recipes-extended/ceph/ceph/0002-mon-enforce-caps-for-pre-octopus-client-tell-command.patch
new file mode 100644
index 00000000..79f2174b
--- /dev/null
+++ b/external/meta-virtualization/recipes-extended/ceph/ceph/0002-mon-enforce-caps-for-pre-octopus-client-tell-command.patch
@@ -0,0 +1,95 @@
+From ddbac9b2779172876ebd2d26b68b04b02350a125 Mon Sep 17 00:00:00 2001
+From: Josh Durgin <jdurgin@redhat.com>
+Date: Thu, 23 Apr 2020 00:22:10 -0400
+Subject: [PATCH 2/3] mon: enforce caps for pre-octopus client tell commands
+
+This affects only the commands whitelisted here - in particular
+injectargs requires write access to the monitors.
+
+Signed-off-by: Josh Durgin <jdurgin@redhat.com>
+
+Upstream-status: Backport 
+[https://github.com/ceph/ceph/commit/fc5e56b75a97c4652c87e9959aad1c4dec45010d]
+
+Signed-off-by: Liu Haitao <haitao.liu@windriver.com>
+---
+ src/mon/Monitor.cc | 56 +++++++++++++++++++++++-----------------------
+ 1 file changed, 28 insertions(+), 28 deletions(-)
+
+diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc
+index b7cb3eae..eecd2f68 100644
+--- a/src/mon/Monitor.cc
++++ b/src/mon/Monitor.cc
+@@ -3226,34 +3226,6 @@ void Monitor::handle_command(MonOpRequestRef op)
+     return;
+   }
+ 
+-  // compat kludge for legacy clients trying to tell commands that are
+-  // new.  see bottom of MonCommands.h.  we need to handle both (1)
+-  // pre-octopus clients and (2) octopus clients with a mix of pre-octopus
+-  // and octopus mons.
+-  if ((!HAVE_FEATURE(m->get_connection()->get_features(), SERVER_OCTOPUS) ||
+-       monmap->min_mon_release < ceph_release_t::octopus) &&
+-      (prefix == "injectargs" ||
+-       prefix == "smart" ||
+-       prefix == "mon_status" ||
+-       prefix == "heap")) {
+-    if (m->get_connection()->get_messenger() == 0) {
+-      // Prior to octopus, monitors might forward these messages
+-      // around. that was broken at baseline, and if we try to process
+-      // this message now, it will assert out when we try to send a
+-      // message in reply from the asok/tell worker (see
+-      // AnonConnection).  Just reply with an error.
+-      dout(5) << __func__ << " failing forwarded command from a (presumably) "
+-	      << "pre-octopus peer" << dendl;
+-      reply_command(
+-	op, -EBUSY,
+-	"failing forwarded tell command in mixed-version mon cluster", 0);
+-      return;
+-    }
+-    dout(5) << __func__ << " passing command to tell/asok" << dendl;
+-    cct->get_admin_socket()->queue_tell_command(m);
+-    return;
+-  }
+-
+   string module;
+   string err;
+ 
+@@ -3368,6 +3340,34 @@ void Monitor::handle_command(MonOpRequestRef op)
+       << "entity='" << session->entity_name << "' "
+       << "cmd=" << m->cmd << ": dispatch";
+ 
++  // compat kludge for legacy clients trying to tell commands that are
++  // new.  see bottom of MonCommands.h.  we need to handle both (1)
++  // pre-octopus clients and (2) octopus clients with a mix of pre-octopus
++  // and octopus mons.
++  if ((!HAVE_FEATURE(m->get_connection()->get_features(), SERVER_OCTOPUS) ||
++       monmap->min_mon_release < ceph_release_t::octopus) &&
++      (prefix == "injectargs" ||
++       prefix == "smart" ||
++       prefix == "mon_status" ||
++       prefix == "heap")) {
++    if (m->get_connection()->get_messenger() == 0) {
++      // Prior to octopus, monitors might forward these messages
++      // around. that was broken at baseline, and if we try to process
++      // this message now, it will assert out when we try to send a
++      // message in reply from the asok/tell worker (see
++      // AnonConnection).  Just reply with an error.
++      dout(5) << __func__ << " failing forwarded command from a (presumably) "
++	      << "pre-octopus peer" << dendl;
++      reply_command(
++	op, -EBUSY,
++	"failing forwarded tell command in mixed-version mon cluster", 0);
++      return;
++    }
++    dout(5) << __func__ << " passing command to tell/asok" << dendl;
++    cct->get_admin_socket()->queue_tell_command(m);
++    return;
++  }
++
+   if (mon_cmd->is_mgr()) {
+     const auto& hdr = m->get_header();
+     uint64_t size = hdr.front_len + hdr.middle_len + hdr.data_len;
+-- 
+2.25.1
+
-- 
cgit 1.2.3-korg