Bug#573490: drbd fails to load: "drbd: disagrees about version of symbol cn_add_callback"
tags 573490 + patch
affects 573490 drbd8-source
thanks
On Thu, Mar 11, 2010 at 02:38:23PM -0700, dann frazier wrote:
> On Thu, Mar 11, 2010 at 09:43:45PM +0100, Tomas Pospisek wrote:
> > Package: linux-2.6
> > Version: 2.6.26-21lenny4
> > Severity: critical
> >
> > drbd fails to load and there goes my failover high available cluster...
> > *t
>
> well, crap - we ignored that ABI change because google showed only an
> old/deprecated module as an out-of-tree user, but we obviously missed
> drbd. We'll work on an update to the drbd modules.
This patch builds for me, but I don't have a drbd setup. I'd
appreciate it if someone could test it :)
diff -u drbd8-8.0.14/debian/changelog drbd8-8.0.14/debian/changelog
--- drbd8-8.0.14/debian/changelog
+++ drbd8-8.0.14/debian/changelog
@@ -1,3 +1,10 @@
+drbd8 (2:8.0.14-2+lenny1) UNRELEASED; urgency=high
+
+ * Update for connector API change in linux-2.6_2.6.26-21lenny4
+ * Restrict netlink calls to users with CAP_SYS_ADMIN (CVE Requested)
+
+ -- dann frazier <dannf@debian.org> Thu, 11 Mar 2010 15:47:53 -0700
+
drbd8 (2:8.0.14-2) unstable; urgency=low
* Drop dpatch build-dependency.
only in patch2:
unchanged:
--- drbd8-8.0.14.orig/user/drbdsetup.c
+++ drbd8-8.0.14/user/drbdsetup.c
@@ -408,6 +408,7 @@
EM(ProtocolCRequired) = "Protocol C required",
EM(VMallocFailed) = "vmalloc() failed. Out of memory?",
EM(DataOfWrongCurrent) = "Can only attach to the data we lost last (see kernel log).",
+ EM(ERR_PERM) = "Permission denied. CAP_SYS_ADMIN necessary",
};
#define MAX_ERROR (sizeof(error_messages)/sizeof(*error_messages))
const char * error_to_string(int err_no)
only in patch2:
unchanged:
--- drbd8-8.0.14.orig/drbd/drbd_nl.c
+++ drbd8-8.0.14/drbd/drbd_nl.c
@@ -1764,9 +1764,14 @@
};
+#ifdef KERNEL_HAS_CN_SKB_PARMS
+STATIC void drbd_connector_callback(struct cn_msg *req, struct netlink_skb_parms *nsp)
+{
+#else
STATIC void drbd_connector_callback(void *data)
{
struct cn_msg *req = data;
+#endif
struct drbd_nl_cfg_req *nlp = (struct drbd_nl_cfg_req *)req->data;
struct cn_handler_struct *cm;
struct cn_msg *cn_reply;
@@ -1782,13 +1787,20 @@
return;
}
+#ifdef KERNEL_HAS_CN_SKB_PARMS
+ if (!cap_raised(nsp->eff_cap, CAP_SYS_ADMIN)) {
+ retcode = ERR_PERM;
+ goto fail;
+ }
+#endif
+
mdev = ensure_mdev(nlp);
if (!mdev) {
retcode = MinorNotKnown;
goto fail;
}
- TRACE(TraceTypeNl, TraceLvlSummary, nl_trace_packet(data););
+ TRACE(TraceTypeNl, TraceLvlSummary, nl_trace_packet(req););
if (nlp->packet_type >= P_nl_after_last_packet) {
retcode = UnknownNetLinkPacket;
only in patch2:
unchanged:
--- drbd8-8.0.14.orig/drbd/linux/drbd_config.h
+++ drbd8-8.0.14/drbd/linux/drbd_config.h
@@ -85,4 +85,8 @@
//#define NEED_SG_SET_BUF
#define HAVE_LINUX_SCATTERLIST_H
+/* In 2.6.32 we finally fixed connector to pass netlink_skb_parms to the callback
+ */
+#define KERNEL_HAS_CN_SKB_PARMS
+
#endif
only in patch2:
unchanged:
--- drbd8-8.0.14.orig/drbd/linux/drbd.h
+++ drbd8-8.0.14/drbd/linux/drbd.h
@@ -140,6 +140,7 @@
CSUMSResyncRunning, /* DRBD 8.2 only */
VERIFYIsRunning, /* DRBD 8.2 only */
DataOfWrongCurrent,
+ ERR_PERM,
/* insert new ones above this line */
AfterLastRetCode
only in patch2:
unchanged:
--- drbd8-8.0.14.orig/scripts/adjust_drbd_config_h.sh
+++ drbd8-8.0.14/scripts/adjust_drbd_config_h.sh
@@ -104,6 +104,11 @@
have_linux_scatterlist_h=0
need_sg_set_buf=1
fi
+ if grep_q "netlink_skb_parms" $KDIR/include/linux/connector.h ; then
+ have_netlink_skb_parms=1
+ else
+ have_netlink_skb_parms=0
+ fi
else
# not a 2.6. kernel. just leave it alone...
exit 0
@@ -131,6 +136,8 @@
{ ( $need_sg_set_buf ? '' : '//' ) . \$1}e;
s{.*(#define HAVE_LINUX_SCATTERLIST_H.*)}
{ ( $have_linux_scatterlist_h ? '' : '//' ) . \$1}e;
+ s{.*(#define KERNEL_HAS_CN_SKB_PARMS.*)}
+ { ( $have_netlink_skb_parms ? '' : '//' ) . \$1}e;
" \
< ./linux/drbd_config.h \
> ./linux/drbd_config.h.new
Reply to: