Backport required patches to fix CVE-2022-0670.
Signed-off-by: Sakib Sajal <[email protected]>
---
.../ceph/ceph/CVE-2022-0670_1.patch | 114 ++++++++++++++++++
.../ceph/ceph/CVE-2022-0670_2.patch | 67 ++++++++++
recipes-extended/ceph/ceph_15.2.15.bb | 2 +
3 files changed, 183 insertions(+)
create mode 100644 recipes-extended/ceph/ceph/CVE-2022-0670_1.patch
create mode 100644 recipes-extended/ceph/ceph/CVE-2022-0670_2.patch
diff --git a/recipes-extended/ceph/ceph/CVE-2022-0670_1.patch
b/recipes-extended/ceph/ceph/CVE-2022-0670_1.patch
new file mode 100644
index 0000000..ea790d3
--- /dev/null
+++ b/recipes-extended/ceph/ceph/CVE-2022-0670_1.patch
@@ -0,0 +1,114 @@
+From 0cd1d8aa5ac935f738365ba38b397cae0fc9179c Mon Sep 17 00:00:00 2001
+From: Kotresh HR <[email protected]>
+Date: Fri, 4 Feb 2022 14:55:03 +0530
+Subject: [PATCH] mgr/volumes: Fix subvolume discover during upgrade
+
+Fixes the subvolume discover to use the correct
+metadata file after an upgrade from legacy subvolume
+to v1. The fix makes sure, it doesn't use the
+handcrafted metadata file placed in the subvolume
+root of legacy subvolume.
+
+Co-authored-by: Arthur Outhenin-Chalandre <[email protected]>
+Co-authored-by: Dan van der Ster <[email protected]>
+Co-authored-by: Ramana Raja <[email protected]>
+Signed-off-by: Kotresh HR <[email protected]>
+(cherry picked from commit 7eba9cab6cfb9a13a84062177d7a0fa228311e13)
+
+Upstream-Status: Backport [0cd1d8aa5ac935f738365ba38b397cae0fc9179c]
+CVE: CVE-2022-0670
+
+Signed-off-by: Sakib Sajal <[email protected]>
+---
+ .../fs/operations/versions/metadata_manager.py | 17 ++++++++++++++---
+ .../fs/operations/versions/subvolume_base.py | 17 ++++++++++++++++-
+ 2 files changed, 30 insertions(+), 4 deletions(-)
+
+diff --git a/src/pybind/mgr/volumes/fs/operations/versions/metadata_manager.py
b/src/pybind/mgr/volumes/fs/operations/versions/metadata_manager.py
+index 1b6c4327837..cb3059e5653 100644
+--- a/src/pybind/mgr/volumes/fs/operations/versions/metadata_manager.py
++++ b/src/pybind/mgr/volumes/fs/operations/versions/metadata_manager.py
+@@ -40,16 +40,17 @@ class MetadataManager(object):
+ def refresh(self):
+ fd = None
+ conf_data = StringIO()
++ log.debug("opening config {0}".format(self.config_path))
+ try:
+- log.debug("opening config {0}".format(self.config_path))
+ fd = self.fs.open(self.config_path, os.O_RDONLY)
+ while True:
+ data = self.fs.read(fd, -1, MetadataManager.MAX_IO_BYTES)
+ if not len(data):
+ break
+ conf_data.write(data.decode('utf-8'))
+- conf_data.seek(0)
+- self.config.readfp(conf_data)
++ except UnicodeDecodeError:
++ raise MetadataMgrException(-errno.EINVAL,
++ "failed to decode, erroneous metadata config
'{0}'".format(self.config_path))
+ except cephfs.ObjectNotFound:
+ raise MetadataMgrException(-errno.ENOENT, "metadata config '{0}' not
found".format(self.config_path))
+ except cephfs.Error as e:
+@@ -58,6 +59,16 @@ class MetadataManager(object):
+ if fd is not None:
+ self.fs.close(fd)
+
++ conf_data.seek(0)
++ try:
++ if sys.version_info >= (3, 2):
++ self.config.read_file(conf_data)
++ else:
++ self.config.readfp(conf_data)
++ except configparser.Error:
++ raise MetadataMgrException(-errno.EINVAL, "failed to parse, erroneous
metadata config "
++ "'{0}'".format(self.config_path))
++
+ def flush(self):
+ # cull empty sections
+ for section in list(self.config.sections()):
+diff --git a/src/pybind/mgr/volumes/fs/operations/versions/subvolume_base.py
b/src/pybind/mgr/volumes/fs/operations/versions/subvolume_base.py
+index 2840a9f2ea3..b499d242e3b 100644
+--- a/src/pybind/mgr/volumes/fs/operations/versions/subvolume_base.py
++++ b/src/pybind/mgr/volumes/fs/operations/versions/subvolume_base.py
+@@ -5,6 +5,7 @@ import errno
+ import logging
+ from hashlib import md5
+ from typing import Dict, Union
++from pathlib import Path
+
+ import cephfs
+
+@@ -123,6 +124,15 @@ class SubvolumeBase(object):
+ raise NotImplementedError
+
+ def load_config(self):
++ try:
++ self.fs.stat(self.legacy_config_path)
++ self.legacy_mode = True
++ except cephfs.Error as e:
++ pass
++
++ log.debug("loading config "
++ "'{0}' [mode: {1}]".format(self.subvolname, "legacy"
++ if self.legacy_mode else "new"))
+ if self.legacy_mode:
+ self.metadata_mgr = MetadataManager(self.fs,
self.legacy_config_path, 0o640)
+ else:
+@@ -271,8 +281,13 @@ class SubvolumeBase(object):
+ self.fs.stat(self.base_path)
+ self.metadata_mgr.refresh()
+ log.debug("loaded subvolume '{0}'".format(self.subvolname))
++ subvolpath =
self.metadata_mgr.get_global_option(MetadataManager.GLOBAL_META_KEY_PATH)
++ if not self.legacy_mode and self.base_path.decode('utf-8') !=
str(Path(subvolpath).parent):
++ raise MetadataMgrException(-errno.ENOENT, 'fabricated .meta')
+ except MetadataMgrException as me:
+- if me.errno == -errno.ENOENT and not self.legacy_mode:
++ if me.errno in (-errno.ENOENT, -errno.EINVAL) and not
self.legacy_mode:
++ log.warn("subvolume '{0}', {1}, "
++ "assuming legacy_mode".format(self.subvolname,
me.error_str))
+ self.legacy_mode = True
+ self.load_config()
+ self.discover()
+--
+2.25.1
+
diff --git a/recipes-extended/ceph/ceph/CVE-2022-0670_2.patch
b/recipes-extended/ceph/ceph/CVE-2022-0670_2.patch
new file mode 100644
index 0000000..dad466b
--- /dev/null
+++ b/recipes-extended/ceph/ceph/CVE-2022-0670_2.patch
@@ -0,0 +1,67 @@
+From c774e03c29955f0fb668af6190a9750d03bb09b8 Mon Sep 17 00:00:00 2001
+From: Kotresh HR <[email protected]>
+Date: Thu, 9 Jun 2022 13:30:59 +0530
+Subject: [PATCH] mgr/volumes: V2 Fix for
+ test_subvolume_retain_snapshot_invalid_recreate
+
+Signed-off-by: Kotresh HR <[email protected]>
+
+Upstream-Status: Backport [c774e03c29955f0fb668af6190a9750d03bb09b8]
+CVE: CVE-2022-0670
+
+Signed-off-by: Sakib Sajal <[email protected]>
+
+---
+ .../mgr/volumes/fs/operations/versions/subvolume_base.py | 8 ++++++--
+ .../mgr/volumes/fs/operations/versions/subvolume_v1.py | 2 +-
+ 2 files changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/src/pybind/mgr/volumes/fs/operations/versions/subvolume_base.py
b/src/pybind/mgr/volumes/fs/operations/versions/subvolume_base.py
+index b499d242e3b..aba8c90cf67 100644
+--- a/src/pybind/mgr/volumes/fs/operations/versions/subvolume_base.py
++++ b/src/pybind/mgr/volumes/fs/operations/versions/subvolume_base.py
+@@ -17,6 +17,7 @@ from ...fs_util import get_ancestor_xattr
+ from ...exception import MetadataMgrException, VolumeException
+ from .op_sm import SubvolumeOpSm
+ from .auth_metadata import AuthMetadataManager
++from .subvolume_attrs import SubvolumeStates
+
+ log = logging.getLogger(__name__)
+
+@@ -112,7 +113,7 @@ class SubvolumeBase(object):
+ @property
+ def state(self):
+ """ Subvolume state, one of SubvolumeStates """
+- raise NotImplementedError
++ return
SubvolumeStates.from_value(self.metadata_mgr.get_global_option(MetadataManager.GLOBAL_META_KEY_STATE))
+
+ @property
+ def subvol_type(self):
+@@ -282,7 +283,10 @@ class SubvolumeBase(object):
+ self.metadata_mgr.refresh()
+ log.debug("loaded subvolume '{0}'".format(self.subvolname))
+ subvolpath =
self.metadata_mgr.get_global_option(MetadataManager.GLOBAL_META_KEY_PATH)
+- if not self.legacy_mode and self.base_path.decode('utf-8') !=
str(Path(subvolpath).parent):
++ # subvolume with retained snapshots has empty path, don't mistake
it for
++ # fabricated metadata.
++ if (not self.legacy_mode and self.state !=
SubvolumeStates.STATE_RETAINED and
++ self.base_path.decode('utf-8') !=
str(Path(subvolpath).parent)):
+ raise MetadataMgrException(-errno.ENOENT, 'fabricated .meta')
+ except MetadataMgrException as me:
+ if me.errno in (-errno.ENOENT, -errno.EINVAL) and not
self.legacy_mode:
+diff --git a/src/pybind/mgr/volumes/fs/operations/versions/subvolume_v1.py
b/src/pybind/mgr/volumes/fs/operations/versions/subvolume_v1.py
+index f7b13f17c77..9e772653ba5 100644
+--- a/src/pybind/mgr/volumes/fs/operations/versions/subvolume_v1.py
++++ b/src/pybind/mgr/volumes/fs/operations/versions/subvolume_v1.py
+@@ -673,7 +673,7 @@ class SubvolumeV1(SubvolumeBase, SubvolumeTemplate):
+
+ @property
+ def state(self):
+- return
SubvolumeStates.from_value(self.metadata_mgr.get_global_option(MetadataManager.GLOBAL_META_KEY_STATE))
++ return super(SubvolumeV1, self).state
+
+ @state.setter
+ def state(self, val):
+--
+2.25.1
+
diff --git a/recipes-extended/ceph/ceph_15.2.15.bb
b/recipes-extended/ceph/ceph_15.2.15.bb
index f2ece8c..d63051c 100644
--- a/recipes-extended/ceph/ceph_15.2.15.bb
+++ b/recipes-extended/ceph/ceph_15.2.15.bb
@@ -17,6 +17,8 @@ SRC_URI =
"http://download.ceph.com/tarballs/ceph-${PV}.tar.gz \
file://0001-buffer.h-add-missing-header-file-due-to-gcc-upgrade.patch \
file://0002-common-fix-FTBFS-due-to-dout-need_dynamic-on-GCC-12.patch \
file://CVE-2021-3979.patch \
+ file://CVE-2022-0670_1.patch \
+ file://CVE-2022-0670_2.patch \
"
SRC_URI[sha256sum] =
"5dccdaff2ebe18d435b32bfc06f8b5f474bf6ac0432a6a07d144b7c56700d0bf"
--
2.33.0
