Actions
Bug #55725
openMDS allows a (kernel) client to exceed the xattrs key/value limits
Status:
Pending Backport
Priority:
Normal
Assignee:
Category:
Correctness/Safety
Target version:
% Done:
0%
Source:
Tags:
backport_processed
Backport:
reef,quincy,pacific
Regression:
No
Severity:
2 - major
Reviewed:
Affected Versions:
ceph-qa-suite:
Component(FS):
Client, MDS
Labels (FS):
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
A client is allowed to set as many xattrs in an inode as it wants, as long as it has CAP_XATTR_EXCL. This will allow him to buffer the xattrs and send them to the MDS later on. This will eventually result in crashing the MDS (and possibly also requires recovering the filesystem?).
There was an attempt long time ago to fix this in https://tracker.ceph.com/issues/19033, which resulted in commit eb915d0eeccb ("cephfs: fix write_buf's _len overflow problem"). This fix added a maximum size for the xattrs (keys + values). But this maximum is only enforced when a client uses the synchronous MDS_OP_SETXATTR operation.
Here's a small test case:
# dd if=/dev/zero bs=1 count=65536 2> /dev/null | attr -s myattr /mnt/myfile attr_set: No space left on device Could not set "myattr" for /mnt/myfile # dd if=/dev/zero bs=1 count=65536 2> /dev/null | attr -s myattr /mnt/myfile Attribute "myattr" set to a 65536 byte value for /mnt/myfile: #
Actions