[#LU-2714] HSM: add sanity checks for incoming RPCs

HSM - Coordinator - Land to Master (LU-2061) [LU-2714] HSM: add sanity checks for incoming RPCs Created: 30/Jan/13 Updated: 07/Mar/13 Resolved: 07/Mar/13
Status:	Closed
Project:	Lustre
Component/s:	None
Affects Version/s:	Lustre 2.4.0
Fix Version/s:	Lustre 2.4.0

Type:

Technical task

Priority:

Blocker

Reporter:

Oleg Drokin

Assignee:

John Hammond

Resolution:

Fixed

Votes:

Labels:

Rank (Obsolete):

6609

Description

Recent HSM patches seem to blindly trust incoming network data.
Examples include mdt_hsm_action handling of the action list where we blindly trust number of items supplied without testing against provided buffer sizes, also allocating buffers not using OBD_ALLOC_LARGE which provides somewaht easy DoS avenue.
Another example is mdt_hsm_request handling of hr_itemcount.
I suspect there are more cases like this in other patches.

Additionally sanity max values for all those item counts should be added in client side ioctl handlers to avoid easy local DoS avenues.

Comments

Comment by Peter Jones [ 21/Feb/13 ]

John

Could you please look into this one?

Thanks

Peter

Comment by John Hammond [ 21/Feb/13 ]

Oleg, can you suggest a reasonable upper limit on the amount of memory that the MDT allocate to serve a single HSM request?

Also to make sure that I understand correctly, are you referring to master here? There are indeed some issues in master's hsm handlers, but if I look at mdt_hsm_action() then the allocations are all statically sized.

Comment by John Hammond [ 21/Feb/13 ]

Please see http://review.whamcloud.com/5507.

Comment by John Hammond [ 07/Mar/13 ]

Patch landed.

Generated at Sat Feb 10 01:27:34 UTC 2024 using Jira 9.4.14#940014-sha1:734e6822bbf0d45eff9af51f82432957f73aa32c.

[LU-2714] HSM: add sanity checks for incoming RPCs Created: 30/Jan/13 Updated: 07/Mar/13 Resolved: 07/Mar/13