Details
-
Technical task
-
Resolution: Fixed
-
Blocker
-
Lustre 2.4.0
-
6609
Description
Recent HSM patches seem to blindly trust incoming network data.
Examples include mdt_hsm_action handling of the action list where we blindly trust number of items supplied without testing against provided buffer sizes, also allocating buffers not using OBD_ALLOC_LARGE which provides somewaht easy DoS avenue.
Another example is mdt_hsm_request handling of hr_itemcount.
I suspect there are more cases like this in other patches.
Additionally sanity max values for all those item counts should be added in client side ioctl handlers to avoid easy local DoS avenues.
Attachments
Activity
Oleg, can you suggest a reasonable upper limit on the amount of memory that the MDT allocate to serve a single HSM request?
Also to make sure that I understand correctly, are you referring to master here? There are indeed some issues in master's hsm handlers, but if I look at mdt_hsm_action() then the allocations are all statically sized.
Patch landed.