mds: restrict setting/removing certain xattrs in ceph namespace

Since all ceph.* xattrs need not be virtual (stored in inode
structure), restrict certain xattrs (ceph.mirror.info) to be
persisted in xattr_map. Other ceph.* xattrs which do not pass
the virtual xattr check are rejected.

Signed-off-by: Venky Shankar <vshankar@redhat.com>

diff --git a/src/mds/Server.cc b/src/mds/Server.cc
index 91598f173f0f0cb889e6f0ba9b785016bb3a1f02..c5881e1b351c8e8ffc3ec8d03c0f66fa26eb70d1 100644 (file)
--- a/src/mds/Server.cc
+++ b/src/mds/Server.cc
@@ -6012,6 +6012,11 @@ void Server::handle_client_setxattr(MDRequestRef& mdr)
     return;
   }
 
+  if (!is_allowed_ceph_xattr(name)) {
+    respond_to_request(mdr, -EINVAL);
+    return;
+  }
+
   CInode *cur = rdlock_path_pin_ref(mdr, true);
   if (!cur)
     return;
@@ -6105,6 +6110,11 @@ void Server::handle_client_removexattr(MDRequestRef& mdr)
     return;
   }
 
+  if (!is_allowed_ceph_xattr(name)) {
+    respond_to_request(mdr, -EINVAL);
+    return;
+  }
+
   CInode* cur = rdlock_path_pin_ref(mdr, true);
   if (!cur)
     return;

diff --git a/src/mds/Server.h b/src/mds/Server.h
index 10c9df553f07d4fe5b9dc2c131fe6be882c5758b..df0b9cb16c420ce9d7d28213cbd1d1e991b5cf41 100644 (file)
--- a/src/mds/Server.h
+++ b/src/mds/Server.h
@@ -417,6 +417,15 @@ private:
            xattr_name == "ceph.dir.pin.distributed"sv;
   }
 
+  static bool is_allowed_ceph_xattr(std::string_view xattr_name) {
+    // not a ceph xattr -- allow!
+    if (xattr_name.rfind("ceph.", 0) != 0) {
+      return true;
+    }
+
+    return xattr_name == "ceph.mirror.info";
+  }
+
   void reply_client_request(MDRequestRef& mdr, const ref_t<MClientReply> &reply);
   void flush_session(Session *session, MDSGatherBuilder& gather);