Feature #53046
closedrbd-nbd: generate and send device cookie with netlink connect request
0%
Description
On remap/attach of the device, there is no way for rbd-nbd to defend if the backend storage is matching with the initial backend storage.
Say, if an initial map request for backend "pool1/image1" got mapped to /dev/nbd0 and the userspace process is terminated/detached. A next remap/attach request within reattach-timeout is allowed to use /dev/nbd0 for a different backend "pool1/image2"
For example, an operation like below could be dangerous:
$ sudo rbd-nbd map --try-netlink rbd-pool/ext4-image
/dev/nbd0
$ sudo blkid /dev/nbd0
/dev/nbd0: UUID="bfc444b4-64b1-418f-8b36-6e0d170cfc04" TYPE="ext4"
$ sudo pkill 15 rbd-nbd <- nodeplugin terminate
$ sudo rbd-nbd attach --try-netlink --device /dev/nbd0 rbd-pool/xfs-image
/dev/nbd0
$ sudo blkid /dev/nbd0
/dev/nbd0: UUID="d29bf343-6570-4069-a9ea-2fa156ced908" TYPE="xfs"
Updated by Prasanna Kumar Kalever over 2 years ago
Updated by Mykola Golub over 2 years ago
- Status changed from New to Fix Under Review
- Pull request ID set to 41323
Updated by Mykola Golub over 2 years ago
- Status changed from Fix Under Review to Pending Backport
Updated by Backport Bot over 2 years ago
- Copied to Backport #53066: pacific: rbd-nbd: generate and send device cookie with netlink connect request added
Updated by Ilya Dryomov about 2 years ago
- Project changed from Ceph to rbd
- Assignee set to Prasanna Kumar Kalever
Updated by Deepika Upadhyay about 2 years ago
just to track related changes: promote rbd-nbd attach and detach at rbd integrated cli https://github.com/ceph/ceph/pull/41279/
Updated by Ilya Dryomov almost 2 years ago
- Status changed from Pending Backport to Resolved