Cinder

snapshots are not being counted towards volume quota

Bug #1137927 reported by Gerry Fahy on 2013-03-01

14

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Cinder	Fix Released	Medium	John Griffith	Cinder 2013.1 "grizzly"
	Folsom	Won't Fix	High	John Griffith

Bug Description

I cannot create a 999GB volume because I already have a few small volumes and this would exceed my quota :-

cinder create 999 --display_name "gf_stb_quota_test_001" --display_description "gf_stb_quota_test_001"
ERROR: VolumeSizeExceedsAvailableQuota: Requested volume exceeds allowed volume size quota (HTTP 413) (Request-ID: req-982acca1-ff8a-483f-a329-822580295993)

BUT
I can proceed to create an 899GB volume and then take snapshots of same :-

cinder create 899 --display_name "gf_stb_quota_test_001" --display_description "gf_stb_quota_test_001"
cinder list
+--------------------------------------+-----------+--------------------------------+------+-------------+----------+-------------+
| b3523658-b78c-4762-968d-8e706c42d291 | available | gf_stb_quota_test_001 | 899 | None | false | |
+--------------------------------------+-----------+--------------------------------+------+-------------+----------+-------------+

cinder snapshot-create b3523658-b78c-4762-968d-8e706c42d291 --display-name "snap_gf_stb_quota_test_001" --display-description "snap_gf_stb_quota_test_001

cinder snapshot-list
+--------------------------------------+--------------------------------------+-----------+----------------------------+------+
| ID | Volume ID | Status | Display Name | Size |
+--------------------------------------+--------------------------------------+-----------+----------------------------+------+
| b4a7badc-ed79-4876-a2cb-4a8f0e7893a3 | b3523658-b78c-4762-968d-8e706c42d291 | available | snap_gf_stb_quota_test_001 | 899 |
+--------------------------------------+--------------------------------------+-----------+----------------------------+------+

I can continue making such snapshots to use up available storage in a denial-of-service attack since the snapshots are not being counted against my volume quota.

Hence I am also marking this bug as a scurity vulnerability.

Revision history for this message

John Griffith (john-griffith) wrote on 2013-03-01:

#1

So a bug for sure, we need either a separate snapshot-quota class or use the volume-quota. I'm not sure about categorizing it as security risk and DOS susceptibility though.

John Griffith (john-griffith) on 2013-03-01

Changed in cinder:
assignee:	nobody → John Griffith (john-griffith)
status:	New → Triaged

Revision history for this message

John Griffith (john-griffith) wrote on 2013-03-01:

#2

bug-1137927-master-v1.patch Edit (11.7 KiB, text/plain)

Added default quotas and checking for snapshots. This provides a seperate count limit for snapshots, but shares the gigabytes quota between volumes and snapshots.

tags:

added: folsom-backport

Revision history for this message

Thierry Carrez (ttx) wrote on 2013-03-05:

#3

VMT guys: opinion ? I'm a bit torn on this one. This could be seen as a quota limitation, and pushing a "fix" for this in Folsom changes the semantics of what counted towards the quota, so it's rather invasive...

Revision history for this message

Russell Bryant (russellb) wrote on 2013-03-06:

#4

My opinion is that we should not treat this as a vulnerability. This based on precedence we've set handling past issues.

We've had quota related issues in the past that we've gone both ways with. In the cases where we've treated it as *not* a vulnerability, it has been in cases where the user would likely be billed or otherwise held accountable for the resources they consume. I think this fits that case.

Revision history for this message

Thierry Carrez (ttx) wrote on 2013-03-07:

#5

OK, unless someone complains, I'll open this up and we'll target the bug to RC1 for public fixing.

Thierry Carrez (ttx) on 2013-03-08

information type:	Private Security → Public
Changed in cinder:
milestone:	none → grizzly-rc1
importance:	Undecided → Medium

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-03-11: Fix proposed to cinder (master)

#6

Fix proposed to branch: master
Review: https://review.openstack.org/24071

Changed in cinder:
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-03-14: Fix proposed to cinder (stable/folsom)

#7

Fix proposed to branch: stable/folsom
Review: https://review.openstack.org/24479

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-03-14: Fix merged to cinder (master)

#8

Reviewed: https://review.openstack.org/24071
Committed: http://github.com/openstack/cinder/commit/4b52b1481e3cb6c358252826785228638b0f717d
Submitter: Jenkins
Branch: master

commit 4b52b1481e3cb6c358252826785228638b0f717d
Author: John Griffith <email address hidden>
Date: Mon Mar 11 09:21:56 2013 -0600

Count Snapshots towards volume/gigabyte quotas.

Cinder has quotas and limits for volume-count and Gigabytes used,
however we were only counting volumes against these quotas.

This change introduces a snapshot-count limit and also counts
snapshots against this Gigabytes quota allowed for a Tenant.

Fixed bug: 1137927

Change-Id: Ib9b00b84b05597de9b5725a7f5898fe10a20b9d9

Changed in cinder:
status:	In Progress → Fix Committed

Thierry Carrez (ttx) on 2013-03-15

Changed in cinder:
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2013-04-04

Changed in cinder:
milestone:	grizzly-rc1 → 2013.1

Mark McLoughlin (markmc) on 2013-04-09

tags:

removed: folsom-backport

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

bug-1137927-master-v1.patch Edit

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.