Bug 738484

Summary: clvmd hangs/crash if invalid local request sent
Product: Red Hat Enterprise Linux 6 Reporter: Roman <rommer>
Component: lvm2Assignee: Milan Broz <mbroz>
Status: CLOSED ERRATA QA Contact: Corey Marthaler <cmarthal>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.1CC: agk, dwysocha, heinzm, jbrassow, mbroz, prajnoha, prockai, pvrabec, thornber, zkabelac
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: lvm2-2.02.95-1.el6 Doc Type: Bug Fix
Doc Text:
Previously, if clvmd received invalid request through its socket (for example an incomplete header sent), clvmd process could crash or stay in infinite loop. Additional checks were added so such invalid packet now causes proper error reply to client and clvmd no longer crashes.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2012-06-20 14:59:53 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 756082    
Attachments:
Description Flags
clvmd patch none

Description Roman 2011-09-14 23:20:47 UTC 
Description of problem:
clvmd hangs or crash if invalid request sent via /var/run/lvm/clvmd.sock

Version-Release number of selected component (if applicable):
lvm2-cluster-2.02.83-3.el6.x86_64

How reproducible:
always

Steps to Reproduce:
1. start clvmd
2. run perl -e 'print "\xff"x32' | socat STDIN UNIX-CONNECT:/var/run/lvm/clvmd.sock
  
Actual results:
clvmd crash or hangs and eat 100% of CPU

Expected results:
no hang or crash occurs

Additional info:
invalid request may send lvm in case of memory pressure or similar problem.
attached patch solved problem for me.
Comment 1 Roman 2011-09-14 23:21:57 UTC 
Created attachment 523277 [details]
clvmd patch
Comment 3 Milan Broz 2011-09-15 11:32:41 UTC 
Yes, this seem to be reasonable fix, thanks.
Comment 4 Milan Broz 2011-09-16 14:41:29 UTC 
Slightly modified patch committed upstream, thanks.
Comment 10 Milan Broz 2012-04-24 18:18:45 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Previously, if clvmd received invalid request through its socket (for example an incomplete header sent), clvmd process could crash or stay in infinite loop.
Additional checks were added so such invalid packet now causes proper error reply to client and clvmd no longer crashes.
Comment 11 Corey Marthaler 2012-04-26 21:52:47 UTC 
Marking verified (SanityOnly).
Comment 13 errata-xmlrpc 2012-06-20 14:59:53 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0962.html