Hi,
In posix_lookup, it allocates a dict for storing the values of the
extended attributes and other hint keys set into the xdata of call path
(i.e. wind path) by higher xlators (such as quick-read, bit-rot-stub etc).
But if the creation of new dict fails, then a NULL dict is returned in
the callback path. There might be many xlators for which the key-value
information present in the dict might be very important for making
certain decisions (Ex: In bit-rot-stub it tries to fetch an extended
attribute which tells whether the object is bad or not. If the the key
is present in the dict means the object is bad and the xlator updates
the same in the inode context. Later when there is any read/modify
operations on that object, the fop is failed instead of allowing to
continue).
Now suppose in posix_lookup the dict creation fails, then posix simply
proceeds with the lookup operation and if other stat operations
succeeded, then lookup will return success with NULL dict.
if (xdata && (op_ret == 0)) {
xattr = posix_xattr_fill (this, real_path, loc, NULL,
-1, xdata,
&buf);
}
The above piece of code in posix_lookup creates a new dict called
@xattr. The return value of posix_xattr_fill is not checked.
So in this case, as per the bit-rot-stub example mentioned above, there
is a possibility that the object being looked up is a bad object (marked
by the scrubber). And since lookup succeeded, but the bad-object xattr
is not obtained in the callback (dict itself being NULL), bit-rot-stub
xlator does not mark that object as bad and might allow further
read/write requests coming, thus allowing bad data to be served.
There might be other xlators as well dependent upon the xattrs being
returned in lookup.
Should we fail lookup if the dict creation fails?
Regards,
Raghavendra Bhat
_______________________________________________
Gluster-devel mailing list
Gluster-devel@xxxxxxxxxxx
http://www.gluster.org/mailman/listinfo/gluster-devel
