xenapi: resize down incompatible with auto_disk_config == 0

Bug #1081225 reported by Andrew Laski
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Fix Released
Medium
Andrew Laski

Bug Description

On a deployment utilizing xenapi it seems that resizing an instance down should not be an option when auto_disk_config is 0. Currently when this happens the resize up codepath is used and the instance memory is sized down, but the disk space is not. So a user could boot up an instance with the largest disk available then resize down to a smaller instance and still have the large disk on their instance. But resizing the disk down would be dangerous if the filesystem on the instance hasn't been resized first.

Tags: xenserver
Revision history for this message
Andrew Laski (alaski) wrote :
Revision history for this message
Andrew Laski (alaski) wrote :

I don't know if this actually warrants a security bug, but since there's potential for abuse in current deployments I figured I would start like this.

Revision history for this message
Michael Still (mikal) wrote :

I don't think this is a security vulnerability, but I'll wait for a second opinion on that before opening this bug up for public viewing. The patch looks reasonable to me by the way.

Changed in nova:
status: New → Triaged
importance: Undecided → Medium
Revision history for this message
Russell Bryant (russellb) wrote :

Agreed that I don't think this is a security vulnerability. A bug for sure, though.

Revision history for this message
Russell Bryant (russellb) wrote :

Since it seems we have a couple of agreements on this not being a vulnerability, I'm going to open this bug up.

Thanks for being on the side of caution!

information type: Private Security → Public
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/16693

Changed in nova:
assignee: nobody → Andrew Laski (alaski)
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (master)

Reviewed: https://review.openstack.org/16693
Committed: http://github.com/openstack/nova/commit/7c5c8a743c21733120c85fdefb84b4357f5848d0
Submitter: Jenkins
Branch: master

commit 7c5c8a743c21733120c85fdefb84b4357f5848d0
Author: Andrew Laski <email address hidden>
Date: Tue Nov 20 13:25:36 2012 -0500

    Xenapi: Don't resize down if not auto_disk_config

    It is not safe to resize down an instance if the filesystem has not been
    resized first, but with auto_disk_config == False there's no guarantee
    that it has happened. And not resizing down the disk space with the
    instance allows for users to have more space on their instance than the
    type should allow.

    Fixes bug 1081225

    Change-Id: I980c0699dfc272155e274a96d6e08e131c1372d9

Changed in nova:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in nova:
milestone: none → grizzly-2
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in nova:
milestone: grizzly-2 → 2013.1
tags: added: xenserver
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/31952

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (master)

Reviewed: https://review.openstack.org/31952
Committed: http://github.com/openstack/nova/commit/1cf78d34830b684a311f0c78d98b2eb189fc4a5c
Submitter: Jenkins
Branch: master

commit 1cf78d34830b684a311f0c78d98b2eb189fc4a5c
Author: John Garbutt <email address hidden>
Date: Thu Jun 6 12:48:49 2013 +0100

    xenapi: remove auto_disk_config check during resize

    This check was introduced by the following change:
    7c5c8a743c21733120c85fdefb84b4357f5848d0

    This is an alternative fix to ensure resize down
    is not processed if the disk cannot be resized.

    Note the failure now registers an instance action
    and does not leave the VM in an error state.

    In addition, this keeps the behavior that a failure
    to resize up and instance during spawn will not
    cause the operation to fail and put the VM into error.

    fixes bug 1188135
    fixes bug 1187934
    fixes bug 1081225

    Change-Id: I5b3dfdc7fcda26c55702dde6cdf191beee0c818c

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Patches

Remote bug watches

Bug watches keep track of this bug in other bug trackers.