[LU-10767] Potential buffer overflow in lfs_setdirstripe Created: 05/Mar/18 Updated: 29/Jan/22 Resolved: 29/Jan/22 |
|
| Status: | Resolved |
| Project: | Lustre |
| Component/s: | None |
| Affects Version/s: | Lustre 2.11.0 |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Minor |
| Reporter: | Oleg Drokin | Assignee: | WC Triage |
| Resolution: | Not a Bug | Votes: | 0 |
| Labels: | None | ||
| Issue Links: |
|
||||||||||||
| Severity: | 3 | ||||||||||||
| Rank (Obsolete): | 9223372036854775807 | ||||||||||||
| Description |
|
When we have more than 4000 MDTs, the code in lfs_setdirstripe will break: if (auto_distributed) { int r; int nr = MAX(param->lsp_stripe_count, lsb->sb_count / 2); /* don't use server whose usage is above 90% */ while (nr != param->lsp_stripe_count && obd_statfs_ratio(&lsb->sb_buf[nr].sd_st) > 90) nr = MAX(param->lsp_stripe_count, nr / 2); /* get \a r between [0, nr) */ r = rand() % nr; param->lsp_stripe_offset = lsb->sb_buf[r].sd_index; but lsb->sb_buf is defined as 2000 elements (LL_STATFS_MAX->LOV_MAX_STRIPE_COUNT->2000) This was introduced by https://review.whamcloud.com/30598 |
| Comments |
| Comment by Andreas Dilger [ 29/Jan/22 ] |
|
Code replaced in patch https://review.whamcloud.com/35825 " |