IBM Support

IBM Storage Scale 5.1.0.0-5.1.9.4 and 5.2.0.0-5.2.0.1: Potential undetected data corruption on file audit logging records

Notification


Risk classification

HIPER (High Impact and/or Pervasive)

Abstract

IBM has identified a potential undetected file system data integrity issue with the file audit logging records in file systems with IBM Storage Scale, versions 5.1.0.0 through 5.1.9.4 and 5.2.0.0 through 5.2.0.1. If a user initiates compression of audit log files, audit log files actively being written to can become corrupted and unrecoverable.

Description

When running file audit logging, audit events are written to Audit Log Files in the Audit Log fileset (.audit_log, by default). If these files are compressed while file audit logging is actively writing to them, the active files in Audit Log that are being written to can become corrupted and unrecoverable. Audit files are compressed automatically after mmfsd is done writing to them, and the audit records are not intended to be compressed before mmfsd is done writing to them. Because file system activity is usually present all the time, it is likely that there will be an active audit log that is being written to on each node at any point in time.

Users affected
This issue will affect clients for which all the following conditions are true:

  • IBM Storage Scale 5.1.0.0 through 5.1.9.4 or V5.2.0.0 through 5.2.0.1
  • File audit logging is enabled
  • User-initiated compression is triggered against the files residing in the audit log fileset. For more information, see File compression in IBM Storage Scale documentation.

Problem determination
A “file system struct error” will be triggered by the issues, and compression or decompression will fail against the affected audit records.

The /var/log/messages file (or the output of the errpt command on AIX) might contain an entry similar to the following:
Error=MMFS_FSSTRUCT, ID=0x94B1F045, Tag=12662454:   Invalid disk data structure.  Error code 113

Recommended Action

Clients that are affected and running 5.1.9.0 to 5.1.9.4 should upgrade to IBM Storage Scale 5.1.9.5 or later.
Clients that are affected and running 5.2.0.0 should upgrade to IBM Storage Scale 5.2.1.0 or higher.

For more information, consult the next IBM Support page: https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Storage+Scale&release=5.1.9&platform=All&function=all

If an upgrade is not possible, clients should contact IBM Support and request an interim fix (efix) for this problem.

IBM Storage Scale 5.1.0.0 through 5.1.9.4
IBM Storage Scale 5.2.0.0 and 5.2.0.1
APAR IJ51457

For products that include IBM Storage Scale, you should contact the product vendor to determine the means to update your environment with the fixes described in this flash. If your environment includes other software that relies on IBM Storage Scale, you should work with the providers of that software to assess if it also needs to be upgraded, along with IBM Storage Scale.

Until the fix can be applied
While the affected clients should upgrade their systems as described above at the earliest opportunity, the following can reduce the chance of undetected data loss:

  • Avoid compressing file audit logging records in the audit log fileset.
Internal use: 330720

Reference ID

Note: For internal reference D.330720

Date first published

25 September 2024

[{"Risk Classification":"HIPER","Line of Business":{"code":"LOB69","label":"Storage TPS"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"STXKQY","label":"IBM Storage Scale"},"ARM Category":[{"code":"a8m3p000000hAkCAAU","label":"FAL"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
25 September 2024

UID

ibm17168928

Page Feedback