yahoo-eng-team team mailing list archive

[Jeremy Stanley <fungi@xxxxxxxxxxx>]

Since this report concerns a possible security risk, an incomplete
security advisory task has been added while the core security reviewers
for the affected project or projects confirm the bug and discuss the
scope of any vulnerability along with potential solutions.

I've switched this report from private security to public security
because it was prematurely disclosed (a proposed fix explicitly
mentioning the bug was pushed to public code review rather than uploaded
as a bug attachment).

** Information type changed from Private Security to Public Security

** Also affects: ossa
   Importance: Undecided
       Status: New

** Changed in: ossa
       Status: New => Incomplete

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1492121

Title:
  VMware: failed volume detachment leads to instances remaining on
  backend and volume still in 'in-use' state

Status in OpenStack Compute (nova):
  New
Status in OpenStack Security Advisory:
  Incomplete

Bug description:
  When the volume detachment fails the termination of the instance will lead to the following:
  1. The Nova instance is deleted
  2. The Instance on the VC still exists
  3. The volume is in 'in-use' state

  The nova instance is deleted but the backend is not updated and the
  volumes are not set as available

  One example of this happening is when the spawning of the instance fails with an exception when attaching the volume.
  This issue could lead to a DDOS of the backend as the resources on the backend are not cleaned up correctly.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1492121/+subscriptions