[lvm-devel] [PATCH RFC] clvmd: verify messages before processing
David Teigland
teigland at redhat.com
Wed Jul 31 15:31:11 UTC 2013
On Wed, Jul 31, 2013 at 09:33:23AM +0100, Christine Caulfield wrote:
> >@@ -2189,10 +2286,22 @@ error:
> > void process_message(struct local_client *client, char *buf, int len,
> > const char *csid)
> > {
> >+ char nodename[max_cluster_member_name_len];
> > struct clvm_header *inheader;
> >+ int rv;
> >
> > inheader = (struct clvm_header *) buf;
> > ntoh_clvm(inheader); /* Byteswap fields */
> >+
> >+ rv = verify_message(buf, len);
> >+ if (rv < 0) {
> >+ memset(nodename, 0, sizeof(nodename));
> >+ clops->name_from_csid(csid, nodename);
> >+ log_error("process_message from %s len %d bad verify\n", nodename, len);
> >+ dump_message(buf, len);
>
> Here you will probably have to return an error to the calling clvmd
> or you will get delays when the caller times out. If that happens
> then the 'timed-out' message is less than helpful
The thinking behind no reply was that if a command sends a bogus message,
it doesn't deserve a reply, and even if it got one, may not handle it
properly anyway. So, if we're dealing with a bogus non-message, I think
we're beyond the point where we can be helpful. I'm mainly trying to just
protect clvmd from faulty commands. But, I looked at how feasible it
would be, and I don't think it's worth the trouble -- we'd have to do the
whole add_to_lvmqueue() thing, etc.
More information about the lvm-devel
mailing list