Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-5757

hsm: userspace can set about any HSM flags. Checks are inexistant.

Details

    • Bug
    • Resolution: Fixed
    • Minor
    • Lustre 2.8.0
    • Lustre 2.7.0, Lustre 2.5.3
    • 3
    • 16155

    Description

      Creating, opening and executing the following commands on a regular file:

      rc = llapi_hsm_state_set_fd(fd, HS_EXISTS, 0, -1789);
rc = llapi_hsm_state_set_fd(fd, HS_DIRTY, 0, 0);
rc = llapi_hsm_state_set_fd(fd, 0, HS_DIRTY, 0);
rc = llapi_hsm_state_set_fd(fd, HS_ARCHIVED, 0, 0);
rc = llapi_hsm_state_set_fd(fd, HS_RELEASED, 0, 0);
rc = llapi_hsm_state_set_fd(fd, HS_NORELEASE, 0, 0);
rc = llapi_hsm_state_set_fd(fd, HS_NOARCHIVE, 0, 0);
rc = llapi_hsm_state_set_fd(fd, HS_LOST, 0, 0);
rc = llapi_hsm_state_set_fd(fd, 0x00080000, 0, 0);
rc = llapi_hsm_state_set_fd(fd, 0x80000000, 0, 0);

      results in this:

      # ../utils/lfs hsm_state /mnt/lustre/hsm_check_test
 /mnt/lustre/hsm_check_test: (0x8008007d) released exists archived never_release never_archive lost_from_hsm, archive_id:-1789

      Some of these flags should not be user settable. Unknown flags should not be set. The archive_id should not be anything but >=0 (or 1?) and <=32.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. LU-6453 Interop 2.7.0<->2.8 sanity-hsm test_500: One llapi HSM test failed

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open

          Activity

            [LU-5757] hsm: userspace can set about any HSM flags. Checks are inexistant.
            rread Robert Read added a comment -

            Interesting. This appears to only be a limitation of the kuc interface. If a copytool doesn't specify an archive id when it calls register (i.e. passes a 0), then it seems it can handle any archive id.

            rread Robert Read added a comment - Interesting. This appears to only be a limitation of the kuc interface. If a copytool doesn't specify an archive id when it calls register (i.e. passes a 0), then it seems it can handle any archive id.
            fzago Frank Zago (Inactive) added a comment - - edited

            Robert,

            I think the 32 archive ids is a limitation of Lustre. lhsmtool_posix.c has this:

                 60 /* copytool uses a 32b bitmask field to register with kuc
     61  * archive num = 0 => all
     62  * archive num from 1 to 32
     63  */
     64 #define MAX_ARCHIVE_CNT (sizeof(__u32) * 8)
            fzago Frank Zago (Inactive) added a comment - - edited Robert, I think the 32 archive ids is a limitation of Lustre. lhsmtool_posix.c has this: 60 /* copytool uses a 32b bitmask field to register with kuc 61 * archive num = 0 => all 62 * archive num from 1 to 32 63 */ 64 #define MAX_ARCHIVE_CNT (sizeof(__u32) * 8)
            rread Robert Read added a comment -

            I believe the LOST flag is intended to be set by userspace, since this reflects backend state that the kernel is unaware of. It is also useful to be able to clear the flags from user space to allow a file to be moved to a different HSM archive backend. (Although it would be better to clear flags automatically when the archive_id is changed, though that would be a behavior change and might break something.)

            rread Robert Read added a comment - I believe the LOST flag is intended to be set by userspace, since this reflects backend state that the kernel is unaware of. It is also useful to be able to clear the flags from user space to allow a file to be moved to a different HSM archive backend. (Although it would be better to clear flags automatically when the archive_id is changed, though that would be a behavior change and might break something.)
            rread Robert Read added a comment -

            Why is archive_id limited to max 32?

            rread Robert Read added a comment - Why is archive_id limited to max 32?
            fzago Frank Zago (Inactive) added a comment -

            This test was done as root.

            I checked with a user, and most of these commands are reject with -EPERM. I think that's wrong too because -EPERM should only be used when the user doesn't have the correct permissions on that file.

            fzago Frank Zago (Inactive) added a comment - This test was done as root. I checked with a user, and most of these commands are reject with -EPERM. I think that's wrong too because -EPERM should only be used when the user doesn't have the correct permissions on that file.
            adilger Andreas Dilger added a comment -

            Just to confirm - this can only be done on files a user owns, or by root? It definitely makes sense to add better checks for the HSM input (see also LU-2714), so a general review of all such input would be welcome.

            adilger Andreas Dilger added a comment - Just to confirm - this can only be done on files a user owns, or by root? It definitely makes sense to add better checks for the HSM input (see also LU-2714 ), so a general review of all such input would be welcome.

            People

              bfaccini Bruno Faccini (Inactive)
              fzago Frank Zago (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: