mirror of
https://github.com/ceph/ceph
synced 2024-12-16 16:39:21 +00:00
Ceph is a distributed object, block, and file storage platform
2cc76bcd12
For cephx, build_authorizer reads a bunch of state (especially the current session_key) which can be updated by the MonClient. With no locks held, Pipe::connect() calls SimpleMessenger::get_authorizer() which ends up calling RadosClient::get_authorizer() and then AuthClientHandler::bulid_authorizer(). This unsafe usage can lead to crashes like: Program terminated with signal 11, Segmentation fault. 0x00007fa0d2ddb7cb in ceph::buffer::ptr::release (this=0x7f987a5e3070) at common/buffer.cc:370 370 common/buffer.cc: No such file or directory. in common/buffer.cc (gdb) bt 0x00007fa0d2ddb7cb in ceph::buffer::ptr::release (this=0x7f987a5e3070) at common/buffer.cc:370 0x00007fa0d2ddec00 in ~ptr (this=0x7f989c03b830) at ./include/buffer.h:171 ceph::buffer::list::rebuild (this=0x7f989c03b830) at common/buffer.cc:817 0x00007fa0d2ddecb9 in ceph::buffer::list::c_str (this=0x7f989c03b830) at common/buffer.cc:1045 0x00007fa0d2ea4dc2 in Pipe::connect (this=0x7fa0c4307340) at msg/Pipe.cc:907 0x00007fa0d2ea7d73 in Pipe::writer (this=0x7fa0c4307340) at msg/Pipe.cc:1518 0x00007fa0d2eb44dd in Pipe::Writer::entry (this=<value optimized out>) at msg/Pipe.h:59 0x00007fa0e0f5f9d1 in start_thread (arg=0x7f987a5e4700) at pthread_create.c:301 0x00007fa0de560b6d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115 and Error in `qemu-system-x86_64': invalid fastbin entry (free): 0x00007ff12887ff20 *** ======= Backtrace: ========= /lib/x86_64-linux-gnu/libc.so.6(+0x80a46)[0x7ff3dea1fa46] /usr/lib/librados.so.2(+0x29eb03)[0x7ff3e3d43b03] /usr/lib/librados.so.2(_ZNK9CryptoKey7encryptEP11CephContextRKN4ceph6buffer4listERS4_RSs+0x71)[0x7ff3e3d42661] /usr/lib/librados.so.2(_Z21encode_encrypt_enc_blIN4ceph6buffer4listEEvP11CephContextRKT_RK9CryptoKeyRS2_RSs+0xfe)[0x7ff3e3d417de] /usr/lib/librados.so.2(_Z14encode_encryptIN4ceph6buffer4listEEiP11CephContextRKT_RK9CryptoKeyRS2_RSs+0xa2)[0x7ff3e3d41912] /usr/lib/librados.so.2(_ZN19CephxSessionHandler12sign_messageEP7Message+0x242)[0x7ff3e3d40de2] /usr/lib/librados.so.2(_ZN4Pipe6writerEv+0x92b)[0x7ff3e3e61b2b] /usr/lib/librados.so.2(_ZN4Pipe6Writer5entryEv+0xd)[0x7ff3e3e6c7fd] /lib/x86_64-linux-gnu/libpthread.so.0(+0x7f8e)[0x7ff3ded6ff8e] /lib/x86_64-linux-gnu/libc.so.6(clone+0x6d)[0x7ff3dea99a0d] Fix this by adding an rwlock to AuthClientHandler. A simpler fix would be to move RadosClient::get_authorizer() into the MonClient() under the MonClient lock, but this would not catch all uses of other Authorizer, e.g. for verify_authorizer() and it would serialize independent connection attempts. This mainly matters for cephx, but none and unknown can have the global_id reset as well. Partially-fixes: #6480 Backport: dumpling, emperor Signed-off-by: Josh Durgin <josh.durgin@inktank.com> |
||
|---|---|---|
| admin | ||
| ceph-object-corpus@d9870cdfd8 | ||
| debian | ||
| doc | ||
| examples/librados | ||
| fusetrace | ||
| keys | ||
| m4 | ||
| man | ||
| qa | ||
| share | ||
| src | ||
| udev | ||
| wireshark | ||
| .gitignore | ||
| .gitmodule_mirrors | ||
| .gitmodules | ||
| .mailmap | ||
| .organizationmap | ||
| AUTHORS | ||
| autogen.sh | ||
| ceph.spec.in | ||
| ChangeLog | ||
| CodingStyle | ||
| configure.ac | ||
| COPYING | ||
| COPYING-LGPL2.1 | ||
| do_autogen.sh | ||
| Doxyfile | ||
| INSTALL | ||
| Makefile.am | ||
| NEWS | ||
| PendingReleaseNotes | ||
| README | ||
| SubmittingPatches | ||
============================================
Ceph - a scalable distributed storage system
============================================
Please see http://ceph.com/ for current info.
Contributing Code
=================
Most of Ceph is licensed under the LGPL version 2.1. Some
miscellaneous code is under BSD-style license or is public domain.
The documentation is licensed under Creative Commons
Attribution-ShareAlike (CC BY-SA). There are a handful of headers
included here that are licensed under the GPL. Please see the file
COPYING for a full inventory of licenses by file.
Code contributions must include a valid "Signed-off-by" acknowledging
the license for the modified or contributed file. Please see the file
SubmittingPatches for details on what that means and on how to
generate and submit patches.
We do not require assignment of copyright to contribute code; code is
contributed under the terms of the applicable license.
Building Ceph
=============
To prepare the source tree after it has been git cloned,
$ git submodule update --init
To build the server daemons, and FUSE client, execute the following:
$ ./autogen.sh
$ ./configure
$ make
(Note that the FUSE client will only be built if libfuse is present.)
Dependencies
------------
The configure script will complain about any missing dependencies as
it goes. You can also refer to debian/control or ceph.spec.in for the
package build dependencies on those platforms. In many cases,
dependencies can be avoided with --with-foo or --without-bar switches.
For example,
$ ./configure --with-nss # use libnss instead of libcrypto++
$ ./configure --without-radosgw # do not build radosgw and avoid libfcgi-dev
$ ./configure --without-tcmalloc # avoid google-perftools dependency
Building packages
-----------------
You can build packages for Debian or Debian-derived (e.g., Ubuntu)
systems with
$ sudo apt-get install dpkg-dev
$ dpkg-checkbuilddeps # make sure we have all dependencies
$ dpkg-buildpackage
For RPM-based systems (Redhat, Suse, etc.),
$ rpmbuild
Building the Documentation
==========================
Prerequisites
-------------
To build the documentation, you must install the following:
- python-dev
- python-pip
- python-virtualenv
- doxygen
- ditaa
- libxml2-dev
- libxslt-dev
- dot
- graphviz
For example:
sudo apt-get install python-dev python-pip python-virtualenv doxygen ditaa libxml2-dev libxslt-dev dot graphviz
Building the Documentation
--------------------------
To build the documentation, ensure that you are in the top-level `/ceph directory, and execute the build script. For example:
$ admin/build-doc
Build Prerequisites
===================
debian-based
------------
To build the source code, you must install the following:
- automake
- autoconf
- pkg-config
- gcc
- g++
- make
- libboost-dev
- libedit-dev
- libssl-dev
- libtool
- libfcgi
- libfcgi-dev
- xfslibs-dev
- libfuse-dev
- linux-kernel-headers
- libcrypto++-dev
- libaio-dev
- libgoogle-perftools-dev
- libkeyutils-dev
- uuid-dev
- libblkid-dev
- libatomic-ops-dev
- libboost-program-options-dev
- libboost-system-dev
- libboost-thread-dev
- libexpat1-dev
- libleveldb-dev
- libsnappy-dev
- libcurl4-gnutls-dev
- python-argparse
- python-flask
For example:
$ apt-get install automake autoconf pkg-config gcc g++ make libboost-dev libedit-dev libssl-dev libtool libfcgi libfcgi-dev xfslibs-dev libfuse-dev linux-kernel-headers libcrypto++-dev libaio-dev libgoogle-perftools-dev libkeyutils-dev uuid-dev libblkid-dev libatomic-ops-dev libboost-program-options-dev libboost-system-dev libboost-thread-dev libexpat1-dev libleveldb-dev libsnappy-dev libcurl4-gnutls-dev python-argparse python-flask python-nose
Note: libsnappy-dev and libleveldb-dev are not available upstream for natty, oneiric, and squeeze. Backports for Ceph can be found at ceph.com/debian-leveldb.
rpm-based
---------
These are the rpm packages needed to install in an rpm-based OS:
autoconf
automake
gcc
gcc-c++
make
libtool
python-argparse
python-flask
libuuid-devel
libblkid-devel
keyutils-libs-devel
cryptopp-devel
nss-devel
fcgi-devel
expat-devel
libcurl-devel
xfsprogs-devel
fuse-devel
gperftools-devel
libedit-devel
libatomic_ops-devel
snappy-devel
leveldb-devel
libaio-devel
boost-devel
For example:
$ yum install autoconf automake gcc gcc-c++ make libtool python-argparse python-flask libuuid-devel libblkid-devel keyutils-libs-devel cryptopp-devel nss-devel fcgi-devel expat-devel libcurl-devel xfsprogs-devel fuse-devel gperftools-devel libedit-devel libatomic_ops-devel snappy-devel leveldb-devel libaio-devel boost-devel python-nose