[LU-9074] Read-only Bind Mount of Lustre Allows File Creation

Related — Tue, 27 Jun 2017 09:03:53 +0000

On attempting to set up some read-only bind mounts on nodes in order to provide pseudo isolation within the single namespace of a Lustre FS, the following issue is seen.

After the read-only bind mount is created on Lustre mount /work, files can still be created. Although the created file cannot be written to:

Set up the bind mount using /work:

 # mount --bind /work /tmp/bind_ro/

 # mount -o remount,ro /tmp/bind_ro/

 # mount | grep bind_ro
 /work on /tmp/bind_ro type none (ro,bind)

Touch a file that does not exist, which yields an error.

 # touch /tmp/bind_ro/gbrown
 touch: cannot touch `/tmp/bind_ro/gbrown': Read-only file system

It would be expected that the preceding 'touch' did not create a file.

However, a file was created:

 ls -l /tmp/bind_ro/gbrown
 -rw-r--r-- 1 root root 0 Sep  9 13:59 /tmp/bind_ro/gbrown

Though the file was created, it cannot be written to:

We can't write data to the file, the cat below returns no output.

 # echo foo > /tmp/bind_ro/gbrown
 -bash: /tmp/bind_ro/gbrown: Read-only file system
 
 # cat /tmp/bind_ro/gbrown

Comparatively, no file is created when the read-only bind mount is executed on NFS::

 # mount --bind /cm/shared/ /tmp/bind_ro/

 # mount -o remount,ro /tmp/bind_ro/
 
 # touch /tmp/bind_ro/gbrown
 touch: cannot touch `/tmp/bind_ro/gbrown': Read-only file system
 
 # ls -l /tmp/bind_ro/gbrown
 ls: cannot access /tmp/bind_ro/gbrown: No such file or directory

The following are strace excerpts comparing the 'touch' process between Lustre and NFS:

Attempting to touch a file within a read-only bind mount of a Lustre FS.

 # strace -v -s 1024 touch foobar 2>&1 | tee /tmp/strace_lustre.out
 
 ...
 
 futex(0x7fffffff925c, FUTEX_WAKE_PRIVATE, 1) = 0
 futex(0x7fffffff925c, 0x189 /* FUTEX_??? */, 1, NULL, 2aaaab470700) = -1 EAGAIN (Resource temporarily unavailable)
 rt_sigaction(SIGRTMIN, {0x2aaaab2588f0, [], SA_RESTORER|SA_SIGINFO, 0x2aaaab262850}, NULL, 8) = 0
 rt_sigaction(SIGRT_1, {0x2aaaab258980, [], SA_RESTORER|SA_RESTART|SA_SIGINFO, 0x2aaaab262850}, NULL, 8) = 0
 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
 getrlimit(RLIMIT_STACK, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 0
 brk(0)                                  = 0x60e000
 brk(0x62f000)                           = 0x62f000
 open("foobar", O_WRONLY|O_CREAT|O_NOCTTY|O_NONBLOCK, 0666) = -1 EROFS (Read-only file system)
 utimensat(AT_FDCWD, "foobar", NULL, 0)  = -1 EROFS (Read-only file system)
 write(2, "touch: ", 7touch: )                  = 7
 write(2, "cannot touch `foobar'", 21cannot touch `foobar')   = 21
 write(2, ": Read-only file system", 23: Read-only file system) = 23
 write(2, "\n", 1
 )                       = 1
 close(1)                                = 0
 close(2)                                = 0
 exit_group(1)                           = ?

File is created.

 # stat foobar
 
   File: `foobar'
   Size: 0               Blocks: 0          IO Block: 4194304 regular empty file
 Device: 886a9b20h/2288687904d   Inode: 144116072587526409  Links: 1
 Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/    root)
 Access: 2016-09-21 07:51:29.000000000 +0000
 Modify: 2016-09-21 07:51:29.000000000 +0000
 Change: 2016-09-21 07:51:29.000000000 +0000
  Birth: -

Attempting to touch a file within a read-only bind mount of a NFS FS.

 # strace -v -s 1024 touch foobar 2>&1 | tee /tmp/strace_nfs.out
 
 ...
 
 futex(0x7fffffff925c, FUTEX_WAKE_PRIVATE, 1) = 0
 futex(0x7fffffff925c, 0x189 /* FUTEX_??? */, 1, NULL, 2aaaab470700) = -1 EAGAIN (Resource temporarily unavailable)
 rt_sigaction(SIGRTMIN, {0x2aaaab2588f0, [], SA_RESTORER|SA_SIGINFO, 0x2aaaab262850}, NULL, 8) = 0
 rt_sigaction(SIGRT_1, {0x2aaaab258980, [], SA_RESTORER|SA_RESTART|SA_SIGINFO, 0x2aaaab262850}, NULL, 8) = 0
 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
 getrlimit(RLIMIT_STACK, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 0
 brk(0)                                  = 0x60e000
 brk(0x62f000)                           = 0x62f000
 open("foobar", O_WRONLY|O_CREAT|O_NOCTTY|O_NONBLOCK, 0666) = -1 EROFS (Read-only file system)
 utimensat(AT_FDCWD, "foobar", NULL, 0)  = -1 ENOENT (No such file or directory)
 write(2, "touch: ", 7touch: )                  = 7
 write(2, "cannot touch `foobar'", 21cannot touch `foobar')   = 21
 write(2, ": Read-only file system", 23: Read-only file system) = 23
 write(2, "\n", 1
 )                       = 1
 close(1)                                = 0
 close(2)                                = 0
 exit_group(1)                           = ?

File is not created.

 # stat foobar
 
 stat: cannot stat `foobar': No such file or directory

Whamcloud Community JIRA

[LU-9074] Read-only Bind Mount of Lustre Allows File Creation