Bug 2130984

Summary: Do not abort MDS on unknown messages
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: Dhairya Parmar <dparmar>
Component: CephFSAssignee: Dhairya Parmar <dparmar>
Status: CLOSED ERRATA QA Contact: Yogesh Mane <ymane>
Severity: urgent Docs Contact: Masauso Lungu <mlungu>
Priority: urgent    
Version: 5.2CC: akraj, asriram, ceph-eng-bugs, cephqe-warriors, hyelloji, mlungu, pasik, vereddy, vshankar, ymane
Target Milestone: ---   
Target Release: 6.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ceph-17.2.3-47.el9cp Doc Type: Bug Fix
Doc Text:
.Do not abort MDS in case of unknown messages Previously, metadata servers (MDS) would abort if users received a message that they did not understand. As a result, any malicious client would crash the server by just sending a message of a new type to the server. Besides malicious clients, this also means that whenever there is a protocol issue, such as a new client erroneously sending new messages to the server, the whole system would crash instead of just the new client. As a workaround, do not abort MDS in case of unknown messages, instead close the session, blocklist, and evict the client. This protects the MDS and the whole system from any intentional attacks like the denial of service from any malicious clients.
 Story Points: ---
Clone Of: 2130901 Environment:
Last Closed: 2023-03-20 18:58:27 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2130901    
Bug Blocks: 2126050    

Description Dhairya Parmar 2022-09-29 15:20:30 UTC 
+++ This bug was initially created as a clone of Bug #2130901 +++

Description of problem:
Right now, in Server::dispatch(), we abort the MDS if we get a message type we don't understand.

This is horrible: it means that any malicious client can crash the server by just sending a message of a new type to the server! That's a trivial denial of service.
Besides malicious clients, it also means that when there's a protocol issue such as a new client erroneously sending new messages to the server, it crashes the whole system instead of just the new client.

Need to make sure MDS closes the session and blocklists the client on receiving unknown messages.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 30 errata-xmlrpc 2023-03-20 18:58:27 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat Ceph Storage 6.0 Bug Fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:1360