https://jira.whamcloud.com This file is an XML representation of an issue en-us 9.4.14 940014 05-12-2023 https://jira.whamcloud.com/browse/LU-7919 Lustre <p>buffer overflow in mount_lustre: parse_ldd(),append_option()</p> <p>Reproduction Steps:<br/> ================<br/> <span class="error">&#91;root@dev-1 tests&#93;</span># sh llmount.sh<br/> <span class="error">&#91;root@dev-1 tests&#93;</span># rm -f /tmp/A2000; for x in $(seq 1 4000); do echo -n A &gt;&gt; /tmp/A2000 ; done<br/> <span class="error">&#91;root@dev-1 tests&#93;</span># umount /mnt/mds1<br/> <span class="error">&#91;root@dev-1 tests&#93;</span># losetup /dev/loop0 /tmp/lustre-mdt1<br/> <span class="error">&#91;root@dev-1 tests&#93;</span># mount -t lustre /dev/loop0 /mnt/mds1 -o option4kplus=$(cat /tmp/A2000 )</p> <p>failure logs:<br/> =========</p> <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent"> <pre class="code-java">[root@dev-1 tests]# mount -t lustre /dev/loop0 /mnt/mds1 -o option4kplus=$(cat /tmp/A2000 ) mount.lustre: mount /dev/loop0 at /mnt/mds1 failed: Invalid argument This may have multiple causes. Are the mount options correct? Check the syslog <span class="code-keyword">for</span> more info. *** glibc detected *** /sbin/mount.lustre: free(): invalid next size (normal): 0x000000000234f050 *** ======= Backtrace: ========= /lib64/libc.so.6[0x3bbc075e66] /lib64/libc.so.6[0x3bbc0789b3] /sbin/mount.lustre(main+0x411)[0x402f11] /lib64/libc.so.6(__libc_start_main+0xfd)[0x3bbc01ed5d] /sbin/mount.lustre[0x4024a9] </pre> </div></div> LU-7919

Buffer overflow in mount_lustre: parse_ldd(),append_option()

Bug Major Resolved Fixed WC Triage Lokesh Nagappa Jaliminche mount Fri, 25 Mar 2016 10:47:52 +0000 Thu, 27 Oct 2022 00:24:56 +0000 Sat, 8 Oct 2016 19:11:07 +0000 Lustre 2.8.0 Lustre 2.9.0 0 5 <p>lokesh.jaliminche (lokesh.jaliminche@seagate.com) uploaded a new patch: <a href="http://review.whamcloud.com/19158" class="external-link" target="_blank" rel="nofollow noopener">http://review.whamcloud.com/19158</a><br/> Subject: <a href="https://jira.whamcloud.com/browse/LU-7919" title="Buffer overflow in mount_lustre: parse_ldd(),append_option()" class="issue-link" data-issue-key="LU-7919"><del>LU-7919</del></a> mount: Buffer overflow issue while parsing mount<br/> Project: fs/lustre-release<br/> Branch: master<br/> Current Patch Set: 1<br/> Commit: 8fae5045d8f92ca8924dc33684903d032b06dd39</p> <p>Regarding failure on test-board, <br/> <a href="https://testing.hpdd.intel.com/test_sets/bb6c7ec6-5de3-11e6-906c-5254006e85c2" class="external-link" target="_blank" rel="nofollow noopener">https://testing.hpdd.intel.com/test_sets/bb6c7ec6-5de3-11e6-906c-5254006e85c2</a></p> <p>I have checked on my local quartet setup, it is working properly.<br/> My test case is looking for the error string when mount options exceeds the size limit , </p> <p>here are the logs on my local quartet setup<br/> ==================================</p> <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent"> <pre class="code-java">ogs on Local quartet setup intel master == conf-sanity test 98: Buffer-overflow check <span class="code-keyword">while</span> parsing mount_opts == 14:56:11 (1470734771) start mds service on 192.168.56.147 Loading modules from /root/mrp/intel/lustre-wc/lustre detected 1 online CPUs by sysfs libcfs will create CPU partition based on online CPUs debug=-1 subsystem_debug=all -lnet -lnd -pinger ../lnet/lnet/lnet options: <span class="code-quote">'networks=tcp0(eth0) accept=all'</span> gss/krb5 is not supported quota/lquota options: <span class="code-quote">'hash_lqs_cur_bits=3'</span> pdsh@dev-8: 192.168.56.147: ssh exited with exit code 1 Starting mds1: -o loop /tmp/lustre-mdt1 /mnt/lustre-mds1 pdsh@dev-8: 192.168.56.147: ssh exited with exit code 1 pdsh@dev-8: 192.168.56.147: ssh exited with exit code 1 Started lustre-MDT0000 start ost1 service on 192.168.56.145 pdsh@dev-8: 192.168.56.145: ssh exited with exit code 1 Starting ost1: -o loop /tmp/lustre-ost1 /mnt/lustre-ost1 pdsh@dev-8: 192.168.56.145: ssh exited with exit code 1 pdsh@dev-8: 192.168.56.145: ssh exited with exit code 1 Started lustre-OST0000 mount lustre on /mnt/lustre..... Starting client: dev-8: -o user_xattr,flock 192.168.56.147@tcp:/lustre /mnt/lustre setup single mount lustre success stop mds service on 192.168.56.147 Stopping /mnt/lustre-mds1 (opts:-f) on 192.168.56.147 pdsh@dev-8: 192.168.56.147: ssh exited with exit code 1 start mds service on 192.168.56.147 pdsh@dev-8: 192.168.56.147: ssh exited with exit code 1 Starting mds1: -o user_xattr,user_xattr,user_xattr,user_xattr,loop /tmp/lustre-mdt1 /mnt/lustre-mds1 192.168.56.147: error: mount options exceeds page size of kernel pdsh@dev-8: 192.168.56.147: ssh exited with exit code 7 Start of /tmp/lustre-mdt1 on mds1 failed 7 </pre> </div></div> <p>Test case checks for this string <font color="Green"> error: mount options exceeds page size of kernel </font> but instead I am getting different error on Maloo test-board</p> <p>Logs on Maloo Test-Board<br/> =====================</p> <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent"> <pre class="code-java"> == conf-sanity test 98: Buffer-overflow check <span class="code-keyword">while</span> parsing mount_opts =============================== 02:11:19 (1470708679) start mds service on trevis-57vm7 CMD: trevis-57vm7 mkdir -p /mnt/lustre-mds1 Loading modules from /usr/lib64/lustre detected 1 online CPUs by sysfs libcfs will create CPU partition based on online CPUs debug=-1 subsystem_debug=all -lnet -lnd -pinger CMD: trevis-57vm7 test -b /dev/lvm-Role_MDS/P1 CMD: trevis-57vm7 e2label /dev/lvm-Role_MDS/P1 Starting mds1: /dev/lvm-Role_MDS/P1 /mnt/lustre-mds1 CMD: trevis-57vm7 mkdir -p /mnt/lustre-mds1; mount -t lustre /dev/lvm-Role_MDS/P1 /mnt/lustre-mds1 CMD: trevis-57vm7 /usr/sbin/lctl get_param -n health_check CMD: trevis-57vm7 PATH=/usr/lib64/lustre/tests:/usr/lib/lustre/tests:/usr/lib64/lustre/tests:/opt/iozone/bin:/usr/lib64/lustre/tests<span class="code-comment">//usr/lib64/lustre/tests:/usr/lib64/lustre/tests:/usr/lib64/lustre/tests/../utils:/opt/iozone/bin:/usr/lib64/lustre/tests/mpi:/usr/lib64/lustre/tests/racer:/usr/lib64/lustre/../lustre-iokit/sgpdd-survey:/usr/lib64/lustre/tests:/usr/lib64/lustre/utils/gss:/usr/lib64/lustre/utils:/usr/lib64/qt-3.3/bin:/usr/lib64/compat-openmpi16/bin:/usr/bin:/bin:/usr/sbin:/sbin::/sbin:/bin:/usr/sbin: NAME=autotest_config sh rpc.sh set_default_debug \<span class="code-quote">"-1\"</span> \<span class="code-quote">"all -lnet -lnd -pinger\"</span> 4 </span>CMD: trevis-57vm7 e2label /dev/lvm-Role_MDS/P1 2&gt;/dev/<span class="code-keyword">null</span> | grep -E <span class="code-quote">':[a-zA-Z]{3}[0-9]{4}'</span> CMD: trevis-57vm7 e2label /dev/lvm-Role_MDS/P1 2&gt;/dev/<span class="code-keyword">null</span> | grep -E <span class="code-quote">':[a-zA-Z]{3}[0-9]{4}'</span> CMD: trevis-57vm7 e2label /dev/lvm-Role_MDS/P1 2&gt;/dev/<span class="code-keyword">null</span> . . . CMD: trevis-57vm7 umount -d -f /mnt/lustre-mds3 CMD: trevis-57vm7 lsmod | grep lnet &gt; /dev/<span class="code-keyword">null</span> &amp;&amp; lctl dl | grep <span class="code-quote">' ST '</span> stop mds service on trevis-57vm3 CMD: trevis-57vm3 grep -c /mnt/lustre-mds4<span class="code-quote">' '</span> /proc/mounts Stopping /mnt/lustre-mds4 (opts:-f) on trevis-57vm3 CMD: trevis-57vm3 umount -d -f /mnt/lustre-mds4 CMD: trevis-57vm3 lsmod | grep lnet &gt; /dev/<span class="code-keyword">null</span> &amp;&amp; lctl dl | grep <span class="code-quote">' ST '</span> start mds service on trevis-57vm7 CMD: trevis-57vm7 mkdir -p /mnt/lustre-mds1 CMD: trevis-57vm7 test -b /dev/lvm-Role_MDS/P1 CMD: trevis-57vm7 e2label /dev/lvm-Role_MDS/P1 Starting mds1: -o user_xattr,user_xattr,user_xattr,user_xattr,user_xattr,user_xattr /dev/lvm-Role_MDS/P1 /mnt/lustre-mds1 pdsh@trevis-57vm1: trevis-57vm7: mcmd: Bad read of expected verification number off of stderr socket: Success Start of /dev/lvm-Role_MDS/P1 on mds1 failed 254 conf-sanity test_98: @@@@@@ FAIL: Buffer overflow check failed Trace dump: </pre> </div></div> <p>In above logs I am getting this error <br/> <font color="red"> "mcmd: Bad read of expected verification number off of stderr socket: Success Start of /dev/lvm-Role_MDS/P1 on mds1 failed 254"</font><br/> which is unexpected. I am not sure if this is happening because of my patch, can someone please help me get more info on this ?</p> <p>Oleg Drokin (oleg.drokin@intel.com) merged in patch <a href="http://review.whamcloud.com/19158/" class="external-link" target="_blank" rel="nofollow noopener">http://review.whamcloud.com/19158/</a><br/> Subject: <a href="https://jira.whamcloud.com/browse/LU-7919" title="Buffer overflow in mount_lustre: parse_ldd(),append_option()" class="issue-link" data-issue-key="LU-7919"><del>LU-7919</del></a> mount: Buffer overflow issue while parsing mount<br/> Project: fs/lustre-release<br/> Branch: master<br/> Current Patch Set: <br/> Commit: 00049e341a1e978c635b44f1d3ae474d0eb75f10</p> <p>Landed for 2.9</p> Related LU-7965 LU-11785 Development Rank 1|hzy5ov: Rank (Obsolete) 9223372036854775807 Severity