Back to bug 2130984
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Red Hat One Jira (issues.redhat.com) | 2022-09-29 15:27:53 UTC | Link ID | Red Hat Issue Tracker RHCEPH-5386 | |
| Hemanth Kumar | 2022-10-03 05:28:39 UTC | QA Contact | hyelloji | ymane |
| Venky Shankar | 2022-10-03 08:05:01 UTC | CC | vshankar | |
| Status | NEW | POST | ||
| Veera Raghava Reddy | 2022-10-03 15:01:29 UTC | CC | tserlin | |
| Status | POST | MODIFIED | ||
| Fixed In Version | ceph-17.2.3-47.el9cp | |||
| Flags | needinfo?(ymane) | |||
| Flags | needinfo?(vereddy) | |||
| CC | vereddy, ymane | |||
| Flags | needinfo?(ymane) needinfo?(vereddy) | |||
| errata-xmlrpc | 2022-10-03 15:03:31 UTC | Status | MODIFIED | ON_QA |
| Masauso Lungu | 2022-10-05 08:34:42 UTC | Docs Contact | mlungu | |
| Flags | needinfo?(dparmar) | |||
| CC | mlungu | |||
| Masauso Lungu | 2022-10-05 08:39:11 UTC | Blocks | 2126050 | |
| Pasi Karkkainen | 2022-10-05 09:00:55 UTC | CC | pasik | |
| Masauso Lungu | 2022-10-05 18:16:15 UTC | Blocks | 2126050 | |
| Masauso Lungu | 2022-10-10 21:17:49 UTC | Flags | needinfo?(dparmar) | |
| Dhairya Parmar | 2022-10-11 11:26:13 UTC | Doc Text | Cause: MDS is aborted if it receives a message that it doesn't understand Consequence: Any malicious client can crash the server by just sending a message of a new type to the server! That's a trivial denial of service. Besides malicious clients, it also means that when there's a protocol issue such as a new client erroneously sending new messages to the server, it crashes the whole system instead of just the new client. Fix: Do not abort MDS in case of unknown messages, instead close the session, blocklist and evict the client. Result: Protects MDS and the whole system from any intentional attacks like like denial of service from any malicious client(s) | |
| Doc Type | If docs needed, set a value | Bug Fix | ||
| Dhairya Parmar | 2022-10-11 11:29:15 UTC | Flags | needinfo?(dparmar) needinfo?(dparmar) | |
| Masauso Lungu | 2022-10-16 23:10:12 UTC | Doc Text | Cause: MDS is aborted if it receives a message that it doesn't understand Consequence: Any malicious client can crash the server by just sending a message of a new type to the server! That's a trivial denial of service. Besides malicious clients, it also means that when there's a protocol issue such as a new client erroneously sending new messages to the server, it crashes the whole system instead of just the new client. Fix: Do not abort MDS in case of unknown messages, instead close the session, blocklist and evict the client. Result: Protects MDS and the whole system from any intentional attacks like like denial of service from any malicious client(s) | .Do not abort MDS in case of unknown messages Previously, metadata servers (MDS) would abort if it received a message that it did not understand. As a result, any malicious client would crash the server by just sending a message of a new type to the server. Beside malicious clients, it also meant that whenever there is a protocol issue, such as a new client erroneously sending new messages to the server, the whole system would crash instead of just the new client. As a workaround, do not abort MDS incase of unknown messages, instead close the session, blocklist, and evict the client. This protects the MDS and the whole system from any intentional attacks like the denial of service from any malicious clients. |
| Flags | needinfo?(dparmar) | |||
| Dhairya Parmar | 2022-10-17 16:11:21 UTC | Flags | needinfo?(dparmar) | |
| Masauso Lungu | 2022-10-17 16:24:37 UTC | Doc Text | .Do not abort MDS in case of unknown messages Previously, metadata servers (MDS) would abort if it received a message that it did not understand. As a result, any malicious client would crash the server by just sending a message of a new type to the server. Beside malicious clients, it also meant that whenever there is a protocol issue, such as a new client erroneously sending new messages to the server, the whole system would crash instead of just the new client. As a workaround, do not abort MDS incase of unknown messages, instead close the session, blocklist, and evict the client. This protects the MDS and the whole system from any intentional attacks like the denial of service from any malicious clients. | .Do not abort MDS in case of unknown messages Previously, metadata servers (MDS) would abort if it received a message that it did not understand. As a result, any malicious client would crash the server by just sending a message of a new type to the server. Beside malicious clients, this also means that whenever there is a protocol issue, such as a new client erroneously sending new messages to the server, the whole system would crash instead of just the new client. As a workaround, do not abort MDS incase of unknown messages, instead close the session, blocklist, and evict the client. This protects the MDS and the whole system from any intentional attacks like the denial of service from any malicious clients. |
| Masauso Lungu | 2022-10-17 16:25:20 UTC | Blocks | 2126050 | |
| Yogesh Mane | 2022-11-03 04:36:34 UTC | Flags | needinfo?(dparmar) | |
| Dhairya Parmar | 2022-11-03 09:19:52 UTC | Flags | needinfo?(dparmar) | |
| Red Hat Bugzilla | 2022-12-31 19:04:04 UTC | Assignee | dparmar | vshankar |
| Red Hat Bugzilla | 2022-12-31 19:46:57 UTC | CC | ymane | |
| QA Contact | ymane | hyelloji | ||
| Red Hat Bugzilla | 2022-12-31 19:50:55 UTC | QA Contact | hyelloji | |
| CC | hyelloji | |||
| Red Hat Bugzilla | 2023-01-01 05:40:02 UTC | CC | tserlin | |
| Red Hat Bugzilla | 2023-01-01 08:47:57 UTC | CC | vereddy | |
| Red Hat Bugzilla | 2023-01-01 08:49:41 UTC | CC | vshankar | |
| Assignee | vshankar | nobody | ||
| Hemanth Kumar | 2023-01-03 12:21:31 UTC | QA Contact | ymane | |
| Assignee | nobody | vshankar | ||
| CC | hyelloji | |||
| Alasdair Kergon | 2023-01-04 04:39:42 UTC | Assignee | vshankar | dparmar |
| Alasdair Kergon | 2023-01-04 05:57:59 UTC | CC | vshankar | |
| Alasdair Kergon | 2023-01-04 06:02:03 UTC | CC | ymane | |
| Alasdair Kergon | 2023-01-04 06:29:04 UTC | CC | vereddy | |
| Red Hat Bugzilla | 2023-01-09 08:30:36 UTC | CC | ceph-eng-bugs | |
| Alasdair Kergon | 2023-01-09 19:43:36 UTC | CC | ceph-eng-bugs | |
| Yogesh Mane | 2023-01-13 06:28:27 UTC | Status | ON_QA | VERIFIED |
| Akash Raj | 2023-03-20 07:05:01 UTC | CC | akraj | |
| Flags | needinfo?(dparmar) | |||
| Anjana Suparna Sriram | 2023-03-20 07:56:37 UTC | CC | asriram | |
| Doc Text | .Do not abort MDS in case of unknown messages Previously, metadata servers (MDS) would abort if it received a message that it did not understand. As a result, any malicious client would crash the server by just sending a message of a new type to the server. Beside malicious clients, this also means that whenever there is a protocol issue, such as a new client erroneously sending new messages to the server, the whole system would crash instead of just the new client. As a workaround, do not abort MDS incase of unknown messages, instead close the session, blocklist, and evict the client. This protects the MDS and the whole system from any intentional attacks like the denial of service from any malicious clients. | .Do not abort MDS in case of unknown messages Previously, metadata servers (MDS) would abort if users received a message that they did not understand. As a result, any malicious client would crash the server by just sending a message of a new type to the server. Besides malicious clients, this also means that whenever there is a protocol issue, such as a new client erroneously sending new messages to the server, the whole system would crash instead of just the new client. As a workaround, do not abort MDS in case of unknown messages, instead close the session, blocklist, and evict the client. This protects the MDS and the whole system from any intentional attacks like the denial of service from any malicious clients. |
||
| Dhairya Parmar | 2023-03-20 08:05:21 UTC | Flags | needinfo?(dparmar) | |
| errata-xmlrpc | 2023-03-20 18:58:27 UTC | Resolution | --- | ERRATA |
| Status | VERIFIED | CLOSED | ||
| Last Closed | 2023-03-20 18:58:27 UTC | |||
| errata-xmlrpc | 2023-03-20 18:59:18 UTC | Link ID | Red Hat Product Errata RHBA-2023:1360 |
Back to bug 2130984