Bug #53417
openlibrbd/crypto: Uninitialized image data may be gibberish
0%
Description
By convention, librbd returns zeros when reading uninitialized image data.
When using encryption, this convention is not guaranteed.
Specifically, this can happen when non-sparse reads are issued to the OSDs,
such in the case where the reads are smaller than rbd_sparse_read_threshold_bytes.
In such cases, the OSD reads will return zeros, which will be decrypted by the crypto object dispatch layer.
Reproducing this issue is therefore easy:
Create an empty RBD image.
Format the image to use encryption (e.g. rbd encryption format with LUKS1/2).
Make sure rbd_sparse_read_threshold_bytes is set to 64KB (default).
Open the image (rbd_open) and load encryption (rbd_encryption_load).
Read 4K of data (nevermind the offset, could be offset 0 for exmaple).
Instead of zeros you will get decrypted zeros (looks like random data).
Updated by Or Ozeri over 2 years ago
To reproduce, you may need to read from an area where the relevant rados object exists, so first write a small amount of data which will create the object, then read from another uninitialized area of the same object.
Updated by Mykola Golub over 2 years ago
- Status changed from New to Fix Under Review
- Target version deleted (
v16.2.7) - Backport set to ,octopus,nautilus
Updated by Mykola Golub over 2 years ago
- Backport changed from ,octopus,nautilus to pacific
Updated by Ilya Dryomov almost 2 years ago
- Backport changed from pacific to pacific,quincy