| 2014-10-30 07:24:59 |
George Shuklin |
bug |
|
|
added bug |
| 2014-10-30 07:26:01 |
George Shuklin |
description |
If user create instance, resize it to larger flavor and than remove it, migration process does not stop, allowing user to repeat operation many times, causing overload to affected compute nodes over user quota.
Affected installation: most drastic effect happens on 'raw-disk' instances without live migration. Whole raw disk (full size of the flavor) is copied during migration.
If user delete instance it does not terminate rsync/scp keeping disk backing file opened regardless of removal by nova compute.
Because rsync/scp of large disks is rather slow, it gives malicious user enough time to repeat that operation few hundred times, causing disk space depletion on compute nodes, huge impact on management network and so on.
Proposed solution: abort migration (kill rsync/scp) as soon, as instance is deleted.
Affected installation: Havana, Icehouse, probably Juno (not tested). |
If user create instance, and resize it to larger flavor and than delete that instance, migration process does not stop. This allow user to repeat operation many times, causing overload to affected compute nodes over user quota.
Affected installation: most drastic effect happens on 'raw-disk' instances without live migration. Whole raw disk (full size of the flavor) is copied during migration.
If user delete instance it does not terminate rsync/scp keeping disk backing file opened regardless of removal by nova compute.
Because rsync/scp of large disks is rather slow, it gives malicious user enough time to repeat that operation few hundred times, causing disk space depletion on compute nodes, huge impact on management network and so on.
Proposed solution: abort migration (kill rsync/scp) as soon, as instance is deleted.
Affected installation: Havana, Icehouse, probably Juno (not tested). |
|
| 2014-10-30 12:39:42 |
Tristan Cacqueray |
bug task added |
|
ossa |
|
| 2014-10-30 12:39:51 |
Tristan Cacqueray |
ossa: status |
New |
Incomplete |
|
| 2014-10-30 12:42:35 |
Tristan Cacqueray |
bug |
|
|
added subscriber Andrew Laski |
| 2014-11-17 15:34:34 |
Thierry Carrez |
marked as duplicate |
|
1392527 |
|
| 2015-03-16 15:17:51 |
Thierry Carrez |
removed duplicate marker |
1392527 |
|
|
| 2015-03-19 10:39:21 |
Thierry Carrez |
ossa: importance |
Undecided |
Medium |
|
| 2015-03-19 10:39:21 |
Thierry Carrez |
ossa: status |
Incomplete |
Confirmed |
|
| 2015-03-25 13:21:23 |
Thierry Carrez |
bug |
|
|
added subscriber Nova Core security contacts |
| 2015-03-25 13:22:13 |
Thierry Carrez |
bug |
|
|
added subscriber Abhishek Kekane |
| 2015-03-25 13:22:32 |
Thierry Carrez |
bug |
|
|
added subscriber Tushar Patil |
| 2015-03-27 05:22:36 |
Tony Breeds |
nova: importance |
Undecided |
High |
|
| 2015-03-27 05:22:36 |
Tony Breeds |
nova: status |
New |
Confirmed |
|
| 2015-04-02 02:04:09 |
Tushar Patil |
bug |
|
|
added subscriber Kentaro Takeda |
| 2015-04-03 08:50:52 |
Abhishek Kekane |
attachment added |
|
0001-Truncate-instance-files-before-deleting.patch https://bugs.launchpad.net/nova/+bug/1387543/+attachment/4364933/+files/0001-Truncate-instance-files-before-deleting.patch |
|
| 2015-04-16 07:01:22 |
Abhishek Kekane |
attachment added |
|
0001-Kill-rsync-scp-processes-before-deleting-instance.patch https://bugs.launchpad.net/nova/+bug/1387543/+attachment/4376878/+files/0001-Kill-rsync-scp-processes-before-deleting-instance.patch |
|
| 2015-04-16 07:01:53 |
Abhishek Kekane |
attachment added |
|
0001-Store-pid-of-processes.patch https://bugs.launchpad.net/nova/+bug/1387543/+attachment/4376879/+files/0001-Store-pid-of-processes.patch |
|
| 2015-04-27 05:50:04 |
Kentaro Takeda |
bug |
|
|
added subscriber Takuya Tobinai |
| 2015-05-12 21:19:02 |
Tristan Cacqueray |
ossa: status |
Confirmed |
Triaged |
|
| 2015-06-01 23:09:35 |
Michael Still |
nova: assignee |
|
Michael Still (mikalstill) |
|
| 2015-06-01 23:13:15 |
Tony Breeds |
nova: assignee |
Michael Still (mikalstill) |
Tony Breeds (o-tony) |
|
| 2015-06-03 08:53:24 |
Abhishek Kekane |
bug |
|
|
added subscriber Toshikazu Ichikawa |
| 2015-06-03 08:53:43 |
Abhishek Kekane |
bug |
|
|
added subscriber Takashi NATSUME |
| 2015-06-11 03:59:47 |
Tony Breeds |
bug |
|
|
added subscriber Davanum Srinivas (DIMS) |
| 2015-06-15 16:34:02 |
Tristan Cacqueray |
ossa: status |
Triaged |
In Progress |
|
| 2015-06-16 16:18:56 |
Tristan Cacqueray |
summary |
Resize/delete combo allows to overload nova-compute |
Resize/delete combo allows to overload nova-compute (CVE-2015-3241) |
|
| 2015-06-16 16:19:13 |
Tristan Cacqueray |
cve linked |
|
2015-3241 |
|
| 2015-06-16 19:13:31 |
Tristan Cacqueray |
information type |
Private Security |
Public Security |
|
| 2015-06-18 06:38:13 |
OpenStack Infra |
nova: status |
Confirmed |
In Progress |
|
| 2015-06-18 06:38:13 |
OpenStack Infra |
nova: assignee |
Tony Breeds (o-tony) |
Abhishek Kekane (abhishek-kekane) |
|
| 2015-06-23 23:07:29 |
Tristan Cacqueray |
nominated for series |
|
nova/juno |
|
| 2015-06-23 23:07:29 |
Tristan Cacqueray |
nominated for series |
|
nova/kilo |
|
| 2015-06-23 23:12:34 |
Michael Still |
bug task added |
|
nova/juno |
|
| 2015-06-23 23:12:38 |
Michael Still |
bug task added |
|
nova/kilo |
|
| 2015-06-23 23:24:32 |
OpenStack Infra |
nova: assignee |
Abhishek Kekane (abhishek-kekane) |
Michael Still (mikalstill) |
|
| 2015-07-07 05:59:12 |
OpenStack Infra |
nova: assignee |
Michael Still (mikalstill) |
Abhishek Kekane (abhishek-kekane) |
|
| 2015-07-10 16:47:56 |
OpenStack Infra |
nova: assignee |
Abhishek Kekane (abhishek-kekane) |
Nikola Đipanov (ndipanov) |
|
| 2015-07-16 06:28:12 |
OpenStack Infra |
nova: assignee |
Nikola Đipanov (ndipanov) |
Abhishek Kekane (abhishek-kekane) |
|
| 2015-07-31 16:21:44 |
OpenStack Infra |
nova: status |
In Progress |
Fix Committed |
|
| 2015-08-01 18:45:54 |
George Shuklin |
tags |
|
juno-backport-potential |
|
| 2015-08-04 09:44:29 |
Koji Iida |
bug |
|
|
added subscriber Koji Iida |
| 2015-08-06 10:26:52 |
OpenStack Infra |
nova/kilo: status |
New |
In Progress |
|
| 2015-08-06 10:26:52 |
OpenStack Infra |
nova/kilo: assignee |
|
Abhishek Kekane (abhishek-kekane) |
|
| 2015-08-18 21:52:00 |
OpenStack Infra |
nova/kilo: status |
In Progress |
Fix Committed |
|
| 2015-08-19 03:59:19 |
OpenStack Infra |
tags |
juno-backport-potential |
in-stable-juno juno-backport-potential |
|
| 2015-08-19 09:21:36 |
OpenStack Infra |
nova/juno: status |
New |
In Progress |
|
| 2015-08-19 09:21:36 |
OpenStack Infra |
nova/juno: assignee |
|
Abhishek Kekane (abhishek-kekane) |
|
| 2015-08-24 16:04:55 |
OpenStack Infra |
nova/juno: status |
In Progress |
Fix Committed |
|
| 2015-08-24 21:05:37 |
Tristan Cacqueray |
ossa: status |
In Progress |
Fix Committed |
|
| 2015-08-24 21:05:40 |
Tristan Cacqueray |
ossa: assignee |
|
Tristan Cacqueray (tristan-cacqueray) |
|
| 2015-08-25 16:39:00 |
Tristan Cacqueray |
summary |
Resize/delete combo allows to overload nova-compute (CVE-2015-3241) |
[OSSA 2015-015] Resize/delete combo allows to overload nova-compute (CVE-2015-3241) |
|
| 2015-08-25 16:49:52 |
Tristan Cacqueray |
ossa: status |
Fix Committed |
Fix Released |
|
| 2015-09-03 11:43:17 |
Thierry Carrez |
nova: status |
Fix Committed |
Fix Released |
|
| 2015-09-03 11:43:17 |
Thierry Carrez |
nova: milestone |
|
liberty-3 |
|
| 2015-10-11 13:29:26 |
Chuck Short |
nova/kilo: milestone |
|
2015.1.2 |
|
| 2015-10-13 18:16:26 |
Chuck Short |
nova/kilo: status |
Fix Committed |
Fix Released |
|
| 2015-10-15 08:56:52 |
Thierry Carrez |
nova: milestone |
liberty-3 |
12.0.0 |
|
| 2015-11-14 15:10:20 |
Alan Pevec |
nova/juno: milestone |
|
2014.2.4 |
|
| 2015-11-19 21:48:55 |
Alan Pevec |
nova/juno: status |
Fix Committed |
Fix Released |
|
| 2016-01-21 20:31:27 |
Dave Walker |
nova/kilo: status |
Fix Released |
Fix Committed |
|
| 2016-01-21 20:31:27 |
Dave Walker |
nova/kilo: milestone |
2015.1.2 |
2015.1.3 |
|
| 2016-01-21 23:18:02 |
Dave Walker |
nova/kilo: status |
Fix Committed |
Fix Released |
|
