Backport required patches to fix CVE-2022-0670. Signed-off-by: Sakib Sajal <[email protected]> --- .../ceph/ceph/CVE-2022-0670_1.patch | 114 ++++++++++++++++++ .../ceph/ceph/CVE-2022-0670_2.patch | 67 ++++++++++ recipes-extended/ceph/ceph_15.2.15.bb | 2 + 3 files changed, 183 insertions(+) create mode 100644 recipes-extended/ceph/ceph/CVE-2022-0670_1.patch create mode 100644 recipes-extended/ceph/ceph/CVE-2022-0670_2.patch
diff --git a/recipes-extended/ceph/ceph/CVE-2022-0670_1.patch b/recipes-extended/ceph/ceph/CVE-2022-0670_1.patch new file mode 100644 index 0000000..ea790d3 --- /dev/null +++ b/recipes-extended/ceph/ceph/CVE-2022-0670_1.patch @@ -0,0 +1,114 @@ +From 0cd1d8aa5ac935f738365ba38b397cae0fc9179c Mon Sep 17 00:00:00 2001 +From: Kotresh HR <[email protected]> +Date: Fri, 4 Feb 2022 14:55:03 +0530 +Subject: [PATCH] mgr/volumes: Fix subvolume discover during upgrade + +Fixes the subvolume discover to use the correct +metadata file after an upgrade from legacy subvolume +to v1. The fix makes sure, it doesn't use the +handcrafted metadata file placed in the subvolume +root of legacy subvolume. + +Co-authored-by: Arthur Outhenin-Chalandre <[email protected]> +Co-authored-by: Dan van der Ster <[email protected]> +Co-authored-by: Ramana Raja <[email protected]> +Signed-off-by: Kotresh HR <[email protected]> +(cherry picked from commit 7eba9cab6cfb9a13a84062177d7a0fa228311e13) + +Upstream-Status: Backport [0cd1d8aa5ac935f738365ba38b397cae0fc9179c] +CVE: CVE-2022-0670 + +Signed-off-by: Sakib Sajal <[email protected]> +--- + .../fs/operations/versions/metadata_manager.py | 17 ++++++++++++++--- + .../fs/operations/versions/subvolume_base.py | 17 ++++++++++++++++- + 2 files changed, 30 insertions(+), 4 deletions(-) + +diff --git a/src/pybind/mgr/volumes/fs/operations/versions/metadata_manager.py b/src/pybind/mgr/volumes/fs/operations/versions/metadata_manager.py +index 1b6c4327837..cb3059e5653 100644 +--- a/src/pybind/mgr/volumes/fs/operations/versions/metadata_manager.py ++++ b/src/pybind/mgr/volumes/fs/operations/versions/metadata_manager.py +@@ -40,16 +40,17 @@ class MetadataManager(object): + def refresh(self): + fd = None + conf_data = StringIO() ++ log.debug("opening config {0}".format(self.config_path)) + try: +- log.debug("opening config {0}".format(self.config_path)) + fd = self.fs.open(self.config_path, os.O_RDONLY) + while True: + data = self.fs.read(fd, -1, MetadataManager.MAX_IO_BYTES) + if not len(data): + break + conf_data.write(data.decode('utf-8')) +- conf_data.seek(0) +- self.config.readfp(conf_data) ++ except UnicodeDecodeError: ++ raise MetadataMgrException(-errno.EINVAL, ++ "failed to decode, erroneous metadata config '{0}'".format(self.config_path)) + except cephfs.ObjectNotFound: + raise MetadataMgrException(-errno.ENOENT, "metadata config '{0}' not found".format(self.config_path)) + except cephfs.Error as e: +@@ -58,6 +59,16 @@ class MetadataManager(object): + if fd is not None: + self.fs.close(fd) + ++ conf_data.seek(0) ++ try: ++ if sys.version_info >= (3, 2): ++ self.config.read_file(conf_data) ++ else: ++ self.config.readfp(conf_data) ++ except configparser.Error: ++ raise MetadataMgrException(-errno.EINVAL, "failed to parse, erroneous metadata config " ++ "'{0}'".format(self.config_path)) ++ + def flush(self): + # cull empty sections + for section in list(self.config.sections()): +diff --git a/src/pybind/mgr/volumes/fs/operations/versions/subvolume_base.py b/src/pybind/mgr/volumes/fs/operations/versions/subvolume_base.py +index 2840a9f2ea3..b499d242e3b 100644 +--- a/src/pybind/mgr/volumes/fs/operations/versions/subvolume_base.py ++++ b/src/pybind/mgr/volumes/fs/operations/versions/subvolume_base.py +@@ -5,6 +5,7 @@ import errno + import logging + from hashlib import md5 + from typing import Dict, Union ++from pathlib import Path + + import cephfs + +@@ -123,6 +124,15 @@ class SubvolumeBase(object): + raise NotImplementedError + + def load_config(self): ++ try: ++ self.fs.stat(self.legacy_config_path) ++ self.legacy_mode = True ++ except cephfs.Error as e: ++ pass ++ ++ log.debug("loading config " ++ "'{0}' [mode: {1}]".format(self.subvolname, "legacy" ++ if self.legacy_mode else "new")) + if self.legacy_mode: + self.metadata_mgr = MetadataManager(self.fs, self.legacy_config_path, 0o640) + else: +@@ -271,8 +281,13 @@ class SubvolumeBase(object): + self.fs.stat(self.base_path) + self.metadata_mgr.refresh() + log.debug("loaded subvolume '{0}'".format(self.subvolname)) ++ subvolpath = self.metadata_mgr.get_global_option(MetadataManager.GLOBAL_META_KEY_PATH) ++ if not self.legacy_mode and self.base_path.decode('utf-8') != str(Path(subvolpath).parent): ++ raise MetadataMgrException(-errno.ENOENT, 'fabricated .meta') + except MetadataMgrException as me: +- if me.errno == -errno.ENOENT and not self.legacy_mode: ++ if me.errno in (-errno.ENOENT, -errno.EINVAL) and not self.legacy_mode: ++ log.warn("subvolume '{0}', {1}, " ++ "assuming legacy_mode".format(self.subvolname, me.error_str)) + self.legacy_mode = True + self.load_config() + self.discover() +-- +2.25.1 + diff --git a/recipes-extended/ceph/ceph/CVE-2022-0670_2.patch b/recipes-extended/ceph/ceph/CVE-2022-0670_2.patch new file mode 100644 index 0000000..dad466b --- /dev/null +++ b/recipes-extended/ceph/ceph/CVE-2022-0670_2.patch @@ -0,0 +1,67 @@ +From c774e03c29955f0fb668af6190a9750d03bb09b8 Mon Sep 17 00:00:00 2001 +From: Kotresh HR <[email protected]> +Date: Thu, 9 Jun 2022 13:30:59 +0530 +Subject: [PATCH] mgr/volumes: V2 Fix for + test_subvolume_retain_snapshot_invalid_recreate + +Signed-off-by: Kotresh HR <[email protected]> + +Upstream-Status: Backport [c774e03c29955f0fb668af6190a9750d03bb09b8] +CVE: CVE-2022-0670 + +Signed-off-by: Sakib Sajal <[email protected]> + +--- + .../mgr/volumes/fs/operations/versions/subvolume_base.py | 8 ++++++-- + .../mgr/volumes/fs/operations/versions/subvolume_v1.py | 2 +- + 2 files changed, 7 insertions(+), 3 deletions(-) + +diff --git a/src/pybind/mgr/volumes/fs/operations/versions/subvolume_base.py b/src/pybind/mgr/volumes/fs/operations/versions/subvolume_base.py +index b499d242e3b..aba8c90cf67 100644 +--- a/src/pybind/mgr/volumes/fs/operations/versions/subvolume_base.py ++++ b/src/pybind/mgr/volumes/fs/operations/versions/subvolume_base.py +@@ -17,6 +17,7 @@ from ...fs_util import get_ancestor_xattr + from ...exception import MetadataMgrException, VolumeException + from .op_sm import SubvolumeOpSm + from .auth_metadata import AuthMetadataManager ++from .subvolume_attrs import SubvolumeStates + + log = logging.getLogger(__name__) + +@@ -112,7 +113,7 @@ class SubvolumeBase(object): + @property + def state(self): + """ Subvolume state, one of SubvolumeStates """ +- raise NotImplementedError ++ return SubvolumeStates.from_value(self.metadata_mgr.get_global_option(MetadataManager.GLOBAL_META_KEY_STATE)) + + @property + def subvol_type(self): +@@ -282,7 +283,10 @@ class SubvolumeBase(object): + self.metadata_mgr.refresh() + log.debug("loaded subvolume '{0}'".format(self.subvolname)) + subvolpath = self.metadata_mgr.get_global_option(MetadataManager.GLOBAL_META_KEY_PATH) +- if not self.legacy_mode and self.base_path.decode('utf-8') != str(Path(subvolpath).parent): ++ # subvolume with retained snapshots has empty path, don't mistake it for ++ # fabricated metadata. ++ if (not self.legacy_mode and self.state != SubvolumeStates.STATE_RETAINED and ++ self.base_path.decode('utf-8') != str(Path(subvolpath).parent)): + raise MetadataMgrException(-errno.ENOENT, 'fabricated .meta') + except MetadataMgrException as me: + if me.errno in (-errno.ENOENT, -errno.EINVAL) and not self.legacy_mode: +diff --git a/src/pybind/mgr/volumes/fs/operations/versions/subvolume_v1.py b/src/pybind/mgr/volumes/fs/operations/versions/subvolume_v1.py +index f7b13f17c77..9e772653ba5 100644 +--- a/src/pybind/mgr/volumes/fs/operations/versions/subvolume_v1.py ++++ b/src/pybind/mgr/volumes/fs/operations/versions/subvolume_v1.py +@@ -673,7 +673,7 @@ class SubvolumeV1(SubvolumeBase, SubvolumeTemplate): + + @property + def state(self): +- return SubvolumeStates.from_value(self.metadata_mgr.get_global_option(MetadataManager.GLOBAL_META_KEY_STATE)) ++ return super(SubvolumeV1, self).state + + @state.setter + def state(self, val): +-- +2.25.1 + diff --git a/recipes-extended/ceph/ceph_15.2.15.bb b/recipes-extended/ceph/ceph_15.2.15.bb index f2ece8c..d63051c 100644 --- a/recipes-extended/ceph/ceph_15.2.15.bb +++ b/recipes-extended/ceph/ceph_15.2.15.bb @@ -17,6 +17,8 @@ SRC_URI = "http://download.ceph.com/tarballs/ceph-${PV}.tar.gz \ file://0001-buffer.h-add-missing-header-file-due-to-gcc-upgrade.patch \ file://0002-common-fix-FTBFS-due-to-dout-need_dynamic-on-GCC-12.patch \ file://CVE-2021-3979.patch \ + file://CVE-2022-0670_1.patch \ + file://CVE-2022-0670_2.patch \ " SRC_URI[sha256sum] = "5dccdaff2ebe18d435b32bfc06f8b5f474bf6ac0432a6a07d144b7c56700d0bf" -- 2.33.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#7601): https://lists.yoctoproject.org/g/meta-virtualization/message/7601 Mute This Topic: https://lists.yoctoproject.org/mt/93512577/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
