Bug #23232: RGWCopyObj silently corrupts the object that was mulitpart-uploaded in SSE-C - rgw - Ceph

Actions

Copy link

Bug #23232

closed

RGWCopyObj silently corrupts the object that was mulitpart-uploaded in SSE-C

Added by Jeegn Chen about 6 years ago. Updated about 6 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Casey Bodley

Target version:

% Done:

Source:

Tags:

Backport:

luminous

Regression:

Severity:

3 - minor

Reviewed:

Affected Versions:

Ceph - v12.2.2

ceph-qa-suite:

rgw

Pull request ID:

Crash signature (v1):

Crash signature (v2):

Description

The issue was found in 12.2.2.

The step to reproduce the issue is that

Create a bucket (Say A-bucket) and upload Object X through multipart upload in SSE-C.
Create another bucket (Say B-Bucket) but B-Bucket and A-Bucket have different data pools
Use s3cmd copy X in A-bucket to X_B in B-bucket
Download X_B from B-bucket and notice that the data is corrupted

Per check through the code, the rationale is that

The encrypted data in X_B was in Multipart manner since it is copied from X
The mannifest in X_B has been changed to Atomic manner by the copy operation
The GET operation follow the X_B's manifest to to decrypt the data in atomic way while the data is in fact encrypted in multipart way

It seems that current implementation does not support this kind of copy operation.
Before we figure out a comprehensive implementation to make it fully functional (maybe the compression manner instead of relying on the volatile manifest is preferred?), I think we should reject the cross-pool copy operation for multipart SSE-C objects explicitly instead of failing silently. Any suggestion?

Related issues 2 (1 open — 1 closed)