Details
-
Bug
-
Resolution: Fixed
-
Minor
-
Lustre 2.14.0
-
None
-
3
-
9223372036854775807
Description
Basically, from the moment anyone can do setflags, we shouldn't trust flags for anything that might crash the client.
Not sure how much we care about lustre client local crash, but this should be a trivial fix (replace LBUG by some warning + return einval? I don't think we can restrict setflags to root-only, but even that would be dubious to me. Alternatively prevent setflags/clearflags from touching this particular bit?..)
I found this by adding some lustre ioctl definitions to the trinity syscall fuzzer and letting it run for a (very short) bit, I bet there are other low hanging fruits. I might set an intern on this (putting more lustre-specific stuff in trinity and reporting bugs) if you're interested.
(And if you're not interested I can submit a patch around next month, no time right now and already got too distracted...)
Reproducer:
#include <linux/fs.h> #include <linux/types.h> #include <sys/ioctl.h> #include <sys/stat.h> #include <fcntl.h> #include <linux/lustre/lustre_idl.h> int main(int argc, char *argv[]) { int fd; long int flags = 0x2; if ((fd = open(argv[1], O_CREAT|O_RDWR)) < 0) return -1; ioctl(fd, LL_IOC_SETFLAGS, &flags); ioctl(fd, LL_IOC_GROUP_UNLOCK, NULL); return 0; }