Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-5365

invalid pool name accepted when setting stripe information

Details

    • Bug
    • Resolution: Unresolved
    • Minor
    • None
    • Lustre 2.6.0
    • None
    • 3
    • 14962

    Description

      When striping information is set for a file, the kernel will accept the name of an OST pool which does not exist. The lfs utility validates the pool name in user space, but this can be bypassed by using the ioctl() or fsetxattr() interfaces directly. See attached program.

      $  bass6@t222 >
gcc -I lustre/include -I libcfs/include pool_test.c lustre/utils/liblustreapi.a
$  bass6@t222 >
sudo ./a.out /mnt/lustre/`mktemp -u XXXX` /mnt/lustre/`mktemp -u XXXX` asdf
a.out: poolname 'asdf' accepted via ioctl() for file /mnt/lustre/uchD
a.out: poolname 'asdf' accepted via fsetxattr() for file /mnt/lustre/Ba5t

      Attachments

        Activity

          [LU-5365] invalid pool name accepted when setting stripe information
          yujian Jian Yu added a comment -

          Patch for master branch: http://review.whamcloud.com/11226

          yujian Jian Yu added a comment - Patch for master branch: http://review.whamcloud.com/11226
          adilger Andreas Dilger added a comment -

          The current implementation on the MDS is that if a pool name doesn't exist, the file will be created in the default pool. This is to avoid problems creating files if e.g. a default striping is set on a directory with a specific pool but the pool is later removed. Rather than making the userspace validation more robust (which adds overhead and can always be defeated), it would be better to handle this differently on the MDS and return an error (e.g. -ENXIO or whatever) if the pool does not exist.

          adilger Andreas Dilger added a comment - The current implementation on the MDS is that if a pool name doesn't exist, the file will be created in the default pool. This is to avoid problems creating files if e.g. a default striping is set on a directory with a specific pool but the pool is later removed. Rather than making the userspace validation more robust (which adds overhead and can always be defeated), it would be better to handle this differently on the MDS and return an error (e.g. -ENXIO or whatever) if the pool does not exist.
          pjones Peter Jones added a comment -

          Yu, Jian

          Could you please assist with this issue?

          Thanks

          Peter

          pjones Peter Jones added a comment - Yu, Jian Could you please assist with this issue? Thanks Peter

          People

            yujian Jian Yu
            nedbass Ned Bass (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated: