[LU-4101] mdt_reint_setxattr allows removal of trusted xattrs Created: 14/Oct/13 Updated: 11/Mar/14 Resolved: 04/Mar/14 |
|
| Status: | Resolved |
| Project: | Lustre |
| Component/s: | None |
| Affects Version/s: | Lustre 2.5.0 |
| Fix Version/s: | Lustre 2.6.0, Lustre 2.5.1, Lustre 2.4.3 |
| Type: | Bug | Priority: | Critical |
| Reporter: | John Hammond | Assignee: | John Hammond |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | mdt | ||
| Severity: | 3 |
| Rank (Obsolete): | 11016 |
| Description |
|
In mdt_reint_setxattr() the permissions checking is all dead code because we first test to see if the xattr name starts with "user" then we compare it to the "trusted.xxx" names: if (strncmp(xattr_name, XATTR_USER_PREFIX,
sizeof(XATTR_USER_PREFIX) - 1) == 0) {
if (!(exp_connect_flags(req->rq_export) & OBD_CONNECT_XATTR))
GOTO(out, rc = -EOPNOTSUPP);
if (strcmp(xattr_name, XATTR_NAME_LOV) == 0)
GOTO(out, rc = -EACCES);
if (strcmp(xattr_name, XATTR_NAME_LMA) == 0)
GOTO(out, rc = 0);
if (strcmp(xattr_name, XATTR_NAME_LINK) == 0)
GOTO(out, rc = 0);
# touch f0 # getfattr -d -m- f0 # file: f0 lustre.lov=0s0AvRCwEAAAAPAAAAAAAAAAAEAAACAAAAAAAQAAEAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= trusted.link=0s3/HqEQEAAAAsAAAAAAAAAAAAAAAAAAAAABQAAAACAAAABwAAAAEAAAAAZjA= trusted.lma=0sAAAAAAAAAAAABAAAAgAAAA8AAAAAAAAA trusted.lov=0s0AvRCwEAAAAPAAAAAAAAAAAEAAACAAAAAAAQAAEAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= # setfattr -x trusted.link f0 # getfattr -d -m- f0 # file: f0 lustre.lov=0s0AvRCwEAAAAPAAAAAAAAAAAEAAACAAAAAAAQAAEAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= trusted.lma=0sAAAAAAAAAAAABAAAAgAAAA8AAAAAAAAA trusted.lov=0s0AvRCwEAAAAPAAAAAAAAAAAEAAACAAAAAAAQAAEAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= # lfs path2fid f0 [0x200000400:0xf:0x0] # lfs fid2path /mnt/lustre 0x200000400:0xf:0x0 ioctl err -61: No data available (61) fid2path: error on FID 0x200000400:0xf:0x0: No data available t:lustre# getfattr -d -m- f0 # file: f0 lustre.lov=0s0AvRCwEAAAAPAAAAAAAAAAAEAAACAAAAAAAQAAEAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= trusted.lma=0sAAAAAAAAAAAABAAAAgAAAA8AAAAAAAAA trusted.lov=0s0AvRCwEAAAAPAAAAAAAAAAAEAAACAAAAAAAQAAEAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= t:lustre# setfattr -x trusted.lma f0 t:lustre# getfattr -d -m- f0 # file: f0 lustre.lov=0s0AvRCwEAAAAPAAAAAAAAAAAEAAACAAAAAAAQAAEAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= trusted.lov=0s0AvRCwEAAAAPAAAAAAAAAAAEAAACAAAAAAAQAAEAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= t:lustre# lfs hsm_archive f0 t:lustre# getfattr -d -m- f0 # file: f0 lustre.lov=0s0AvRCwEAAAAPAAAAAAAAAAAEAAACAAAAAAAQAAEAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= trusted.hsm=0sAAAAAAEAAAABAAAAAAAAAAAAAAAAAAAA trusted.lov=0s0AvRCwEAAAAPAAAAAAAAAAAEAAACAAAAAAAQAAEAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= t:lustre# setfattr -x trusted.hsm f0 t:lustre# getfattr -d -m- f0 # file: f0 lustre.lov=0s0AvRCwEAAAAPAAAAAAAAAAAEAAACAAAAAAAQAAEAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= trusted.lov=0s0AvRCwEAAAAPAAAAAAAAAAAEAAACAAAAAAAQAAEAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= # cd /mnt/lustre2 t:lustre2# getfattr -d -m- f0 # file: f0 lustre.lov=0s0AvRCwEAAAAPAAAAAAAAAAAEAAACAAAAAAAQAAEAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= trusted.lov=0s0AvRCwEAAAAPAAAAAAAAAAAEAAACAAAAAAAQAAEAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= |
| Comments |
| Comment by John Hammond [ 14/Oct/13 ] |
|
Please see http://review.whamcloud.com/7943. |
| Comment by John Hammond [ 16/Oct/13 ] |
|
See also https://projectlava.xyratex.com/show_bug.cgi?id=10667. |
| Comment by John Hammond [ 19/Nov/13 ] |
|
The patch has landed to master (for 2.6.0). |
| Comment by Andreas Dilger [ 04/Mar/14 ] |
|
Patch should also be landed for 2.5 and probably 2.4 as well. |