[LU-13257] client local DoS -- ASSERTION( fd->fd_grouplock.lg_lock != ((void *)0) ) failed after 'setflags' Created: 17/Feb/20 Updated: 23/Jan/24 |
|
| Status: | Open |
| Project: | Lustre |
| Component/s: | None |
| Affects Version/s: | Lustre 2.14.0 |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Minor |
| Reporter: | Dominique Martinet (Inactive) | Assignee: | Dominique Martinet (Inactive) |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | None | ||
| Severity: | 3 |
| Rank (Obsolete): | 9223372036854775807 |
| Description |
|
Basically, from the moment anyone can do setflags, we shouldn't trust flags for anything that might crash the client. Not sure how much we care about lustre client local crash, but this should be a trivial fix (replace LBUG by some warning + return einval? I don't think we can restrict setflags to root-only, but even that would be dubious to me. Alternatively prevent setflags/clearflags from touching this particular bit?..) I found this by adding some lustre ioctl definitions to the trinity syscall fuzzer and letting it run for a (very short) bit, I bet there are other low hanging fruits. I might set an intern on this (putting more lustre-specific stuff in trinity and reporting bugs) if you're interested. Reproducer: #include <linux/fs.h> #include <linux/types.h> #include <sys/ioctl.h> #include <sys/stat.h> #include <fcntl.h> #include <linux/lustre/lustre_idl.h> int main(int argc, char *argv[]) { int fd; long int flags = 0x2; if ((fd = open(argv[1], O_CREAT|O_RDWR)) < 0) return -1; ioctl(fd, LL_IOC_SETFLAGS, &flags); ioctl(fd, LL_IOC_GROUP_UNLOCK, NULL); return 0; } |
| Comments |
| Comment by Peter Jones [ 17/Feb/20 ] |
|
Thanks Dominque |
| Comment by Gerrit Updater [ 23/Jan/24 ] |
|
"Vitaly Fertman <vitaly.fertman@hpe.com>" uploaded a new patch: https://review.whamcloud.com/c/fs/lustre-release/+/53782 |