Bug #55725
closedMDS allows a (kernel) client to exceed the xattrs key/value limits
100%
Description
A client is allowed to set as many xattrs in an inode as it wants, as long as it has CAP_XATTR_EXCL. This will allow him to buffer the xattrs and send them to the MDS later on. This will eventually result in crashing the MDS (and possibly also requires recovering the filesystem?).
There was an attempt long time ago to fix this in https://tracker.ceph.com/issues/19033, which resulted in commit eb915d0eeccb ("cephfs: fix write_buf's _len overflow problem"). This fix added a maximum size for the xattrs (keys + values). But this maximum is only enforced when a client uses the synchronous MDS_OP_SETXATTR operation.
Here's a small test case:
# dd if=/dev/zero bs=1 count=65536 2> /dev/null | attr -s myattr /mnt/myfile attr_set: No space left on device Could not set "myattr" for /mnt/myfile # dd if=/dev/zero bs=1 count=65536 2> /dev/null | attr -s myattr /mnt/myfile Attribute "myattr" set to a 65536 byte value for /mnt/myfile: #
Updated by Luis Henriques almost 4 years ago
I've created https://github.com/ceph/ceph/pull/46357 that's still an RFC as I'm not sure that's the way to go. I'll also sent a kernel patch that tries to mitigate the issue: https://lore.kernel.org/ceph-devel/20220520115426.438-1-lhenriques@suse.de/
Updated by Venky Shankar almost 4 years ago
- Status changed from New to Fix Under Review
- Assignee set to Luis Henriques
- Target version set to v18.0.0
- Backport set to quincy, pacific
- Severity changed from 3 - minor to 2 - major
- Pull request ID set to 46357
Updated by Venky Shankar about 3 years ago
- Status changed from Fix Under Review to Pending Backport
Updated by Upkeep Bot about 3 years ago
- Copied to Backport #59034: quincy: MDS allows a (kernel) client to exceed the xattrs key/value limits added
Updated by Upkeep Bot about 3 years ago
- Copied to Backport #59035: pacific: MDS allows a (kernel) client to exceed the xattrs key/value limits added
Updated by Upkeep Bot about 3 years ago
- Copied to Backport #59036: pacific: MDS allows a (kernel) client to exceed the xattrs key/value limits added
Updated by Upkeep Bot about 3 years ago
- Copied to Backport #59037: quincy: MDS allows a (kernel) client to exceed the xattrs key/value limits added
Updated by Venky Shankar almost 3 years ago
- Backport changed from quincy, pacific to reef,quincy,pacific
Updated by Upkeep Bot almost 3 years ago
- Copied to Backport #59405: reef: MDS allows a (kernel) client to exceed the xattrs key/value limits added
Updated by Patrick Donnelly about 2 years ago
- Target version changed from v18.0.0 to v19.1.0
Updated by Konstantin Shalygin about 1 year ago
- Status changed from Pending Backport to Resolved
- % Done changed from 0 to 100
Updated by Upkeep Bot 8 months ago
- Merge Commit set to 9623dd25393ccac5c64546069303bf2725a336c9
- Fixed In set to v18.0.0-2838-g9623dd25393
- Released In set to v19.2.0~2739
- Upkeep Timestamp set to 2025-07-13T17:38:48+00:00