2130984 – Do not abort MDS on unknown messages

Bug 2130984 - Do not abort MDS on unknown messages

Summary: Do not abort MDS on unknown messages

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Ceph Storage
Classification:	Red Hat Storage
Component:	CephFS
Sub Component:
Version:	5.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	urgent
Severity:	urgent
Target Milestone:	---
Target Release:	6.0
Assignee:	Dhairya Parmar
QA Contact:	Yogesh Mane
Docs Contact:	Masauso Lungu
URL:
Whiteboard:
Depends On:	2130901
Blocks:	2126050
TreeView+	depends on / blocked

Reported:	2022-09-29 15:20 UTC by Dhairya Parmar
Modified:	2023-03-20 18:59 UTC (History)
CC List:	10 users (show)
Fixed In Version:	ceph-17.2.3-47.el9cp
Doc Type:	Bug Fix
Doc Text:	.Do not abort MDS in case of unknown messages Previously, metadata servers (MDS) would abort if users received a message that they did not understand. As a result, any malicious client would crash the server by just sending a message of a new type to the server. Besides malicious clients, this also means that whenever there is a protocol issue, such as a new client erroneously sending new messages to the server, the whole system would crash instead of just the new client. As a workaround, do not abort MDS in case of unknown messages, instead close the session, blocklist, and evict the client. This protects the MDS and the whole system from any intentional attacks like the denial of service from any malicious clients.
Clone Of:	2130901
Environment:
Last Closed:	2023-03-20 18:58:27 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHCEPH-5386	0	None	None	None	2022-09-29 15:27:53 UTC
Red Hat Product Errata	RHBA-2023:1360	0	None	None	None	2023-03-20 18:59:18 UTC

Description Dhairya Parmar 2022-09-29 15:20:30 UTC

+++ This bug was initially created as a clone of Bug #2130901 +++

Description of problem:
Right now, in Server::dispatch(), we abort the MDS if we get a message type we don't understand.

This is horrible: it means that any malicious client can crash the server by just sending a message of a new type to the server! That's a trivial denial of service.
Besides malicious clients, it also means that when there's a protocol issue such as a new client erroneously sending new messages to the server, it crashes the whole system instead of just the new client.

Need to make sure MDS closes the session and blocklists the client on receiving unknown messages.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 30 errata-xmlrpc 2023-03-20 18:58:27 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat Ceph Storage 6.0 Bug Fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:1360

Note You need to log in before you can comment on or make changes to this bug.