2 files changed, 77 insertions, 0 deletions
diff --git a/recipes-extended/glusterfs/files/CVE-2023-26253.patch b/recipes-extended/glusterfs/files/CVE-2023-26253.patch
new file mode 100644
index 0000000..828c162
--- /dev/null
+++ b/recipes-extended/glusterfs/files/CVE-2023-26253.patch
@@ -0,0 +1,76 @@
+commit 0cbf51a9827af0e3a35f5cfa823bfa39740bbc58
+Author: mohit84 <moagrawa@redhat.com>
+Date:   Thu Mar 30 13:02:19 2023 +0530
+Subject: [PATCH] fuse: Resolve asan bug in during receive event notification
+ (#4024)
+    The fuse xlator notify function tries to assign data object to graph
+    object without checking an event. In case of upcall event data object
+    represents upcall object so during access of graph object the process
+    crashed for asan build.
+    Solution: Access the graph->id only while an event is associated
+    specifically to fuse xlator
+    > Fixes: #3954
+    > Change-Id: I6b2869256b26d22163879737dcf163510d1cd8bf
+    > Signed-off-by: Mohit Agrawal moagrawa@redhat.com
+    > (Reviewed on upstream link #4019)
+    Fixes: #3954
+    Change-Id: I6b2869256b26d22163879737dcf163510d1cd8bf
+CVE: CVE-2023-26253
+Upstream-Status: Backport [https://github.com/gluster/glusterfs/commit/0cbf51a9827af0e3a35f5cfa823bfa39740bbc58]
+Signed-off-by: Soumya <soumya.sambu@windriver.com>
+---
+ xlators/mount/fuse/src/fuse-bridge.c | 14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+diff --git a/xlators/mount/fuse/src/fuse-bridge.c b/xlators/mount/fuse/src/fuse-bridge.c
+index c3945d7..0c01a43 100644
+--- a/xlators/mount/fuse/src/fuse-bridge.c
+++ b/xlators/mount/fuse/src/fuse-bridge.c
+@@ -6198,6 +6198,7 @@ notify(xlator_t *this, int32_t event, void *data, ...)
+     int32_t ret = 0;
+     fuse_private_t *private = NULL;
+     gf_boolean_t start_thread = _gf_false;
+    gf_boolean_t event_graph = _gf_true;
+     glusterfs_graph_t *graph = NULL;
+ 
+    private
+@@ -6205,9 +6206,6 @@ notify(xlator_t *this, int32_t event, void *data, ...)
+ 
+     graph = data;
+ 
+-    gf_log("fuse", GF_LOG_DEBUG, "got event %d on graph %d", event,
+-           ((graph) ? graph->id : 0));
+-
+     switch (event) {
+         case GF_EVENT_GRAPH_NEW:
+             break;
+@@ -6271,9 +6269,19 @@ notify(xlator_t *this, int32_t event, void *data, ...)
+         }
+ 
+         default:
+            /* Set the event_graph to false so that event
+               debug msg would not try to access invalid graph->id
+               while data object is not matched to graph object
+               for ex in case of upcall event data object represents
+               gf_upcall object
+            */
+            event_graph = _gf_false;
+             break;
+     }
+ 
+    gf_log("fuse", GF_LOG_DEBUG, "got event %d on graph %d", event,
+           ((graph && event_graph) ? graph->id : -1));
+
+     return ret;
+ }
+ 
+-- 
+2.35.5
diff --git a/recipes-extended/glusterfs/glusterfs.inc b/recipes-extended/glusterfs/glusterfs.inc
index baa8962..e5bedca 100644
--- a/recipes-extended/glusterfs/glusterfs.inc
+++ b/recipes-extended/glusterfs/glusterfs.inc
@@ -20,6 +20,7 @@ SRC_URI += "file://glusterd.init \
            file://glusterd-change-port-range.patch \
            file://configure.ac-allow-PYTHON-values-to-be-passed-via-en.patch \
            file://0001-cli-duplicate-defns-of-cli_default_conn_timeout-and-.patch \
+            file://CVE-2023-26253.patch \
           "
 LICENSE = "(LGPL-3.0-or-later | GPL-2.0-only) & GPL-3.0-or-later & LGPL-3.0-or-later & GPL-2.0-or-later & LGPL-2.0-or-later & LGPL-2.1-or-later & Apache-2.0"

diff --git a/recipes-extended/glusterfs/files/CVE-2023-26253.patch b/recipes-extended/glusterfs/files/CVE-2023-26253.patch new file mode 100644 index 0000000..828c162 --- /dev/null +++ b/recipes-extended/glusterfs/files/CVE-2023-26253.patch
@@ -0,0 +1,76 @@
		1	commit 0cbf51a9827af0e3a35f5cfa823bfa39740bbc58
		2	Author: mohit84 <moagrawa@redhat.com>
		3	Date: Thu Mar 30 13:02:19 2023 +0530
		4	Subject: [PATCH] fuse: Resolve asan bug in during receive event notification
		5	(#4024)
		6
		7	The fuse xlator notify function tries to assign data object to graph
		8	object without checking an event. In case of upcall event data object
		9	represents upcall object so during access of graph object the process
		10	crashed for asan build.
		11
		12	Solution: Access the graph->id only while an event is associated
		13	specifically to fuse xlator
		14
		15	> Fixes: #3954
		16	> Change-Id: I6b2869256b26d22163879737dcf163510d1cd8bf
		17	> Signed-off-by: Mohit Agrawal moagrawa@redhat.com
		18	> (Reviewed on upstream link #4019)
		19
		20	Fixes: #3954
		21	Change-Id: I6b2869256b26d22163879737dcf163510d1cd8bf
		22
		23	CVE: CVE-2023-26253
		24
		25	Upstream-Status: Backport [https://github.com/gluster/glusterfs/commit/0cbf51a9827af0e3a35f5cfa823bfa39740bbc58]
		26
		27	Signed-off-by: Soumya <soumya.sambu@windriver.com>
		28	---
		29	xlators/mount/fuse/src/fuse-bridge.c \| 14 +++++++++++---
		30	1 file changed, 11 insertions(+), 3 deletions(-)
		31
		32	diff --git a/xlators/mount/fuse/src/fuse-bridge.c b/xlators/mount/fuse/src/fuse-bridge.c
		33	index c3945d7..0c01a43 100644
		34	--- a/xlators/mount/fuse/src/fuse-bridge.c
		35	+++ b/xlators/mount/fuse/src/fuse-bridge.c
		36	@@ -6198,6 +6198,7 @@ notify(xlator_t this, int32_t event, void data, ...)
		37	int32_t ret = 0;
		38	fuse_private_t *private = NULL;
		39	gf_boolean_t start_thread = _gf_false;
		40	+ gf_boolean_t event_graph = _gf_true;
		41	glusterfs_graph_t *graph = NULL;
		42
		43	private
		44	@@ -6205,9 +6206,6 @@ notify(xlator_t this, int32_t event, void data, ...)
		45
		46	graph = data;
		47
		48	- gf_log("fuse", GF_LOG_DEBUG, "got event %d on graph %d", event,
		49	- ((graph) ? graph->id : 0));
		50	-
		51	switch (event) {
		52	case GF_EVENT_GRAPH_NEW:
		53	break;
		54	@@ -6271,9 +6269,19 @@ notify(xlator_t this, int32_t event, void data, ...)
		55	}
		56
		57	default:
		58	+ /* Set the event_graph to false so that event
		59	+ debug msg would not try to access invalid graph->id
		60	+ while data object is not matched to graph object
		61	+ for ex in case of upcall event data object represents
		62	+ gf_upcall object
		63	+ */
		64	+ event_graph = _gf_false;
		65	break;
		66	}
		67
		68	+ gf_log("fuse", GF_LOG_DEBUG, "got event %d on graph %d", event,
		69	+ ((graph && event_graph) ? graph->id : -1));
		70	+
		71	return ret;
		72	}
		73
		74	--
		75	2.35.5
		76


diff --git a/recipes-extended/glusterfs/glusterfs.inc b/recipes-extended/glusterfs/glusterfs.inc index baa8962..e5bedca 100644 --- a/recipes-extended/glusterfs/glusterfs.inc +++ b/recipes-extended/glusterfs/glusterfs.inc
@@ -20,6 +20,7 @@ SRC_URI += "file://glusterd.init \
20	file://glusterd-change-port-range.patch \	20	file://glusterd-change-port-range.patch \
21	file://configure.ac-allow-PYTHON-values-to-be-passed-via-en.patch \	21	file://configure.ac-allow-PYTHON-values-to-be-passed-via-en.patch \
22	file://0001-cli-duplicate-defns-of-cli_default_conn_timeout-and-.patch \	22	file://0001-cli-duplicate-defns-of-cli_default_conn_timeout-and-.patch \
		23	file://CVE-2023-26253.patch \
23	"	24	"
24		25
25	LICENSE = "(LGPL-3.0-or-later \| GPL-2.0-only) & GPL-3.0-or-later & LGPL-3.0-or-later & GPL-2.0-or-later & LGPL-2.0-or-later & LGPL-2.1-or-later & Apache-2.0"	26	LICENSE = "(LGPL-3.0-or-later \| GPL-2.0-only) & GPL-3.0-or-later & LGPL-3.0-or-later & GPL-2.0-or-later & LGPL-2.0-or-later & LGPL-2.1-or-later & Apache-2.0"