From dac72ff0b3b34dfe85bc7527bca5505ac09f3be8 Mon Sep 17 00:00:00 2001 From: Venky Shankar Date: Mon, 24 Aug 2020 21:48:53 -0400 Subject: [PATCH] mds: restrict setting/removing certain xattrs in ceph namespace Since all ceph.* xattrs need not be virtual (stored in inode structure), restrict certain xattrs (ceph.mirror.info) to be persisted in xattr_map. Other ceph.* xattrs which do not pass the virtual xattr check are rejected. Signed-off-by: Venky Shankar --- src/mds/Server.cc | 10 ++++++++++ src/mds/Server.h | 9 +++++++++ 2 files changed, 19 insertions(+) diff --git a/src/mds/Server.cc b/src/mds/Server.cc index 91598f173f0..c5881e1b351 100644 --- a/src/mds/Server.cc +++ b/src/mds/Server.cc @@ -6012,6 +6012,11 @@ void Server::handle_client_setxattr(MDRequestRef& mdr) return; } + if (!is_allowed_ceph_xattr(name)) { + respond_to_request(mdr, -EINVAL); + return; + } + CInode *cur = rdlock_path_pin_ref(mdr, true); if (!cur) return; @@ -6105,6 +6110,11 @@ void Server::handle_client_removexattr(MDRequestRef& mdr) return; } + if (!is_allowed_ceph_xattr(name)) { + respond_to_request(mdr, -EINVAL); + return; + } + CInode* cur = rdlock_path_pin_ref(mdr, true); if (!cur) return; diff --git a/src/mds/Server.h b/src/mds/Server.h index 10c9df553f0..df0b9cb16c4 100644 --- a/src/mds/Server.h +++ b/src/mds/Server.h @@ -417,6 +417,15 @@ private: xattr_name == "ceph.dir.pin.distributed"sv; } + static bool is_allowed_ceph_xattr(std::string_view xattr_name) { + // not a ceph xattr -- allow! + if (xattr_name.rfind("ceph.", 0) != 0) { + return true; + } + + return xattr_name == "ceph.mirror.info"; + } + void reply_client_request(MDRequestRef& mdr, const ref_t &reply); void flush_session(Session *session, MDSGatherBuilder& gather); -- 2.39.5