https://jira.whamcloud.com This file is an XML representation of an issue en-us 9.4.14 940014 05-12-2023 https://jira.whamcloud.com/browse/LU-7187 Lustre <p>The Lustre client doesn't appear to sanitize the contents of the job stats variable. </p> <p>For example:<br/> <span class="error">&#91;root@client ~&#93;</span># lctl set_param jobid_var=TESTINGVAR<br/> jobid_var=TESTINGVAR</p> <p><span class="error">&#91;user@client test_dir&#93;</span># export TESTINGVAR=$(echo -e "test\n\n\a\b\tstring"); touch example.file</p> <p><span class="error">&#91;user@mds1 ~&#93;</span># lctl get_param -n mdt.*.job_stats<br/> job_stats:</p> <ul class="alternate" type="square"> <li>job_id: test</li> </ul> <p> string<br/> snapshot_time: 1442594528<br/> open: </p> { samples: 1, unit: reqs } <p> close: </p> { samples: 1, unit: reqs } <p> mknod: </p> { samples: 0, unit: reqs } <p> link: </p> { samples: 0, unit: reqs } <p> unlink: </p> { samples: 0, unit: reqs } <p> mkdir: </p> { samples: 0, unit: reqs } <p> rmdir: </p> { samples: 0, unit: reqs } <p> rename: </p> { samples: 0, unit: reqs } <p> getattr: </p> { samples: 0, unit: reqs } <p> setattr: </p> { samples: 1, unit: reqs } <p> getxattr: </p> { samples: 0, unit: reqs } <p> setxattr: </p> { samples: 0, unit: reqs } <p> statfs: </p> { samples: 0, unit: reqs } <p> sync: </p> { samples: 0, unit: reqs } <p> samedir_rename: </p> { samples: 0, unit: reqs } <p> crossdir_rename: </p> { samples: 0, unit: reqs } <p>This also produces an audible bell (the \a).</p> <p>I wouldn't say this is a bug, but it is probably unintended behavior. It's definitely reproducible. I've tested with some various escape codes. Probably my favorite thus far has been setting color codes. </p> <p>Thanks,<br/> &#8211;<br/> Jesse</p> RHEL 6.6 LU-7187

Client does not sanitize jobstats variable

Improvement Critical Resolved Fixed Niu Yawei Jesse Hanley Fri, 18 Sep 2015 16:57:40 +0000 Thu, 29 Oct 2015 12:53:58 +0000 Fri, 2 Oct 2015 12:55:39 +0000 Lustre 2.7.0 Lustre 2.5.4 Lustre 2.8.0 0 10 <p>Probably the best/easiest thing to do is filter this at both the input and output of the jobid to use isprint() and replace non-printing characters with '.' or similar. At worst this could allow some collisions in the jobid statistics. </p> <p>I don't think it's a bug, given that non-printable character is allowed in the jobid environment variable.<br/> If user don't want the non-printable character for some reason, I think it's user app/script's (in user level) duty to set the restriction, so that won't affect other users who want non-printable character.</p> <p>Niu, I agree it's not strictly Lustre bug. But we might be a bit more proactive lookign for user's good here and still filter out unprintable characters anyway at least on the output.<br/> So let's go with that, should not be hard to do.</p> <blockquote> <p>Niu, I agree it's not strictly Lustre bug. But we might be a bit more proactive lookign for user's good here and still filter out unprintable characters anyway at least on the output.<br/> So let's go with that, should not be hard to do.</p></blockquote> <p>Sure, I think we can replace the non-printable character with some special character like '?' on the output side, so that to confine the output of jobid in single line.</p> <p>Niu Yawei (yawei.niu@intel.com) uploaded a new patch: <a href="http://review.whamcloud.com/16593" class="external-link" target="_blank" rel="nofollow noopener">http://review.whamcloud.com/16593</a><br/> Subject: <a href="https://jira.whamcloud.com/browse/LU-7187" title="Client does not sanitize jobstats variable" class="issue-link" data-issue-key="LU-7187"><del>LU-7187</del></a> jobstats: confine the output of jobid to single line<br/> Project: fs/lustre-release<br/> Branch: master<br/> Current Patch Set: 1<br/> Commit: c31038f1c6a2de133ec9c70e32f0bbd378552a74</p> <p>Oleg Drokin (oleg.drokin@intel.com) merged in patch <a href="http://review.whamcloud.com/16593/" class="external-link" target="_blank" rel="nofollow noopener">http://review.whamcloud.com/16593/</a><br/> Subject: <a href="https://jira.whamcloud.com/browse/LU-7187" title="Client does not sanitize jobstats variable" class="issue-link" data-issue-key="LU-7187"><del>LU-7187</del></a> jobstats: confine the output of jobid to single line<br/> Project: fs/lustre-release<br/> Branch: master<br/> Current Patch Set: <br/> Commit: fb60c82405ba7f84dd9dd5411e9bdae3ecb8cf4a</p> <p>Landed for 2.8.0</p> Related Development Rank 1|hzxo4f: Rank (Obsolete) 9223372036854775807