[Openstack-security] [Bug 1350766] Re: Race condition: compute intermittently corrupts base images on download from glance
Michael Steffens
michael_steffens at posteo.de
Mon Aug 4 06:38:22 UTC 2014
** Tags added: compute
** Tags added: libvirt security
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1350766
Title:
Race condition: compute intermittently corrupts base images on
download from glance
Status in OpenStack Compute (Nova):
New
Bug description:
Under certain conditions, which I happen to meet often on my Icehouse
single node setup, uploaded images or snapshots fail to boot. See also
https://ask.openstack.org/en/question/42804/icehouse-how-to-boot-a
-snapshot-from-a-running-instance/
Reason: When first instantiating a QCOW2 image, it's
(1) downloaded as QCOW2 to /var/lib/nova/instances/_base/IMAGEID.part
(2) converted to RAW format base /var/lib/nova/instances/_base/IMAGEID.converted using qemu-img
The step (1) is performed in nova/image/glance.py,
GlanceImageService.download using buffered IO, which does not
guarantee the resulting data to be written to disk on file close.
Consequently, the source image file may not be written completely when
qemu-img sub-process starts reading in step (2). Whether the result is
good or bad depends on speed of download, file size, and how quickly
qemu-image can digest its input.
Proposed fix: enforce fsync on output File object before returning
from download. Patch attached.
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1350766/+subscriptions
More information about the Openstack-security
mailing list