Re: [dm-devel] [PATCH next] Btrfs: fix comparison in __btrfs_map_block()

2016-07-17 Thread Mike Christie 
On 07/15/2016 10:03 AM, Vincent Stehlé wrote:
> Add missing comparison to op in expression, which was forgotten when doing
> the REQ_OP transition.
> 
> Fixes: b3d3fa519905 ("btrfs: update __btrfs_map_block for REQ_OP transition")
> Signed-off-by: Vincent Stehlé 
> Cc: Mike Christie 
> Cc: Jens Axboe 
> ---
> 
> 
> Hi,
> 
> I saw that issue in linux next.
> 
> Not sure if it is too late to squash the fix with commit b3d3fa519905 or
> not...
> 
> Best regards,
> 
> Vincent.
> 
> 
>  fs/btrfs/volumes.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c
> index a69203a..6ee1e36 100644
> --- a/fs/btrfs/volumes.c
> +++ b/fs/btrfs/volumes.c
> @@ -5533,7 +5533,7 @@ static int __btrfs_map_block(struct btrfs_fs_info 
> *fs_info, int op,
>   }
>  
>   } else if (map->type & BTRFS_BLOCK_GROUP_DUP) {
> - if (op == REQ_OP_WRITE || REQ_OP_DISCARD ||
> + if (op == REQ_OP_WRITE || op == REQ_OP_DISCARD ||
>   op == REQ_GET_READ_MIRRORS) {
>   num_stripes = map->num_stripes;
>   } else if (mirror_num) {
> 


Shoot. Dumb mistake by me. It is of course correct.

Reviewed-by: Mike Christie 

--
dm-devel mailing list
dm-devel@redhat.com
https://www.redhat.com/mailman/listinfo/dm-devel

Re: [dm-devel] [PATCH next] Btrfs: fix comparison in __btrfs_map_block()

2016-07-17 Thread Christoph Hellwig 
On Sun, Jul 17, 2016 at 03:51:03PM -0500, Mike Christie wrote:
> > 
> > diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c
> > index a69203a..6ee1e36 100644
> > --- a/fs/btrfs/volumes.c
> > +++ b/fs/btrfs/volumes.c
> > @@ -5533,7 +5533,7 @@ static int __btrfs_map_block(struct btrfs_fs_info 
> > *fs_info, int op,
> > }
> >  
> > } else if (map->type & BTRFS_BLOCK_GROUP_DUP) {
> > -   if (op == REQ_OP_WRITE || REQ_OP_DISCARD ||
> > +   if (op == REQ_OP_WRITE || op == REQ_OP_DISCARD ||
> > op == REQ_GET_READ_MIRRORS) {
> > num_stripes = map->num_stripes;
> > } else if (mirror_num) {
> > 
> 
> 
> Shoot. Dumb mistake by me. It is of course correct.

Ad while we're at it we need to fix up that REQ_GET_READ_MIRRORS thing.
Overloading the op localally in a fs is going to create problems sooner
or later as no one touching the generic values and/or the code
mashalling it in different forms knows about it.

--
dm-devel mailing list
dm-devel@redhat.com
https://www.redhat.com/mailman/listinfo/dm-devel

[dm-devel] [PATCH] multipath-tools: Perform socket client uid check on IPC commands.

2016-07-17 Thread Gris Ge 
Problem:
A non-root user could send and execute 'shutdown' IPC command to
multipathd.

Fix:
Use getsockopt() to find out socket client uid, only query (list or
show) command are allowed for non-root(uid != 0) socket connection.
An error message "permission deny: need to be root" will be sent
otherwise.

Signed-off-by: Gris Ge 
---
 multipathd/main.c   | 13 +++--
 multipathd/uxlsnr.c | 19 +++
 multipathd/uxlsnr.h |  4 +++-
 3 files changed, 33 insertions(+), 3 deletions(-)

diff --git a/multipathd/main.c b/multipathd/main.c
index c129298..97843bb 100644
--- a/multipathd/main.c
+++ b/multipathd/main.c
@@ -1008,7 +1008,8 @@ map_discovery (struct vectors * vecs)
 }
 
 int
-uxsock_trigger (char * str, char ** reply, int * len, void * trigger_data)
+uxsock_trigger (char * str, char ** reply, int * len, bool is_root,
+   void * trigger_data)
 {
struct vectors * vecs;
int r;
@@ -1017,6 +1018,14 @@ uxsock_trigger (char * str, char ** reply, int * len, 
void * trigger_data)
*len = 0;
vecs = (struct vectors *)trigger_data;
 
+   if ((str != NULL) && (is_root == false) &&
+   (strncmp(str, "list", strlen("list")) != 0) &&
+   (strncmp(str, "show", strlen("show")) != 0)) {
+   *reply = STRDUP("permission deny: need to be root");
+   *len = strlen(*reply) + 1;
+   return 1;
+   }
+
r = parse_cmd(str, reply, len, vecs, uxsock_timeout / 1000);
 
if (r > 0) {
@@ -1520,7 +1529,7 @@ check_path (struct vectors * vecs, struct path * pp, int 
ticks)
} else if (ret == PATHINFO_SKIPPED) {
put_multipath_config(conf);
return -1;
-   } 
+   }
put_multipath_config(conf);
}
return 0;
diff --git a/multipathd/uxlsnr.c b/multipathd/uxlsnr.c
index abd1486..347dd13 100644
--- a/multipathd/uxlsnr.c
+++ b/multipathd/uxlsnr.c
@@ -32,6 +32,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #include "main.h"
 #include "cli.h"
@@ -52,6 +53,23 @@ struct pollfd *polls;
 volatile sig_atomic_t reconfig_sig = 0;
 volatile sig_atomic_t log_reset_sig = 0;
 
+static bool _socket_client_is_root(int fd);
+
+static bool _socket_client_is_root(int fd)
+{
+   socklen_t len = 0;
+   struct ucred uc;
+
+   len = sizeof(struct ucred);
+   if ((fd >= 0) &&
+   (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &uc, &len) == 0) &&
+   (uc.uid == 0))
+   return true;
+
+   /* Treat error as not root client */
+   return false;
+}
+
 /*
  * handle a new client joining
  */
@@ -242,6 +260,7 @@ void * uxsock_listen(uxsock_trigger_fn uxsock_trigger, void 
* trigger_data)
condlog(4, "cli[%d]: Got request [%s]",
i, inbuf);
uxsock_trigger(inbuf, &reply, &rlen,
+  _socket_client_is_root(c->fd),
   trigger_data);
if (reply) {
if (send_packet(c->fd,
diff --git a/multipathd/uxlsnr.h b/multipathd/uxlsnr.h
index d274b04..f53c7b9 100644
--- a/multipathd/uxlsnr.h
+++ b/multipathd/uxlsnr.h
@@ -1,7 +1,9 @@
 #ifndef _UXLSNR_H
 #define _UXLSNR_H
 
-typedef int (uxsock_trigger_fn)(char *, char **, int *, void *);
+#include 
+
+typedef int (uxsock_trigger_fn)(char *, char **, int *, bool, void *);
 
 void * uxsock_listen(uxsock_trigger_fn uxsock_trigger,
 void * trigger_data);
-- 
2.9.0

--
dm-devel mailing list
dm-devel@redhat.com
https://www.redhat.com/mailman/listinfo/dm-devel