3 Below is a list of known issues in older releases of Tahoe-LAFS, and how to
4 manage them. The current version of this file can be found at
6 http://tahoe-lafs.org/source/tahoe/trunk/docs/historical/historical_known_issues.txt
8 Issues in newer releases of Tahoe-LAFS can be found at:
10 http://tahoe-lafs.org/source/tahoe/trunk/docs/known_issues.rst
13 == issues in Tahoe v1.1.0, released 2008-06-11 ==
15 (Tahoe v1.1.0 was superceded by v1.2.0 which was released 2008-07-21.)
17 === more than one file can match an immutable file cap ===
19 In Tahoe v1.0 and v1.1, a flaw in the cryptographic integrity check
20 makes it possible for the original uploader of an immutable file to
21 produce more than one immutable file matching the same capability, so
22 that different downloads using the same capability could result in
23 different files. This flaw can be exploited only by the original
24 uploader of an immutable file, which means that it is not a severe
25 vulnerability: you can still rely on the integrity check to make sure
26 that the file you download with a given capability is a file that the
27 original uploader intended. The only issue is that you can't assume
28 that every time you use the same capability to download a file you'll
31 ==== how to manage it ====
33 This was fixed in Tahoe v1.2.0, released 2008-07-21, under ticket
34 #491. Upgrade to that release of Tahoe and then you can rely on the
35 property that there is only one file that you can download using a
36 given capability. If you are still using Tahoe v1.0 or v1.1, then
37 remember that the original uploader could produce multiple files that
38 match the same capability, so for example if someone gives you a
39 capability, and you use it to download a file, and you give that
40 capability to your friend, and he uses it to download a file, you and
41 your friend could get different files.
44 === server out of space when writing mutable file ===
46 If a v1.0 or v1.1 storage server runs out of disk space or is
47 otherwise unable to write to its local filesystem, then problems can
48 ensue. For immutable files, this will not lead to any problem (the
49 attempt to upload that share to that server will fail, the partially
50 uploaded share will be deleted from the storage server's "incoming
51 shares" directory, and the client will move on to using another
52 storage server instead).
54 If the write was an attempt to modify an existing mutable file,
55 however, a problem will result: when the attempt to write the new
56 share fails (e.g. due to insufficient disk space), then it will be
57 aborted and the old share will be left in place. If enough such old
58 shares are left, then a subsequent read may get those old shares and
59 see the file in its earlier state, which is a "rollback" failure.
60 With the default parameters (3-of-10), six old shares will be enough
61 to potentially lead to a rollback failure.
63 ==== how to manage it ====
65 Make sure your Tahoe storage servers don't run out of disk space.
66 This means refusing storage requests before the disk fills up. There
67 are a couple of ways to do that with v1.1.
69 First, there is a configuration option named "sizelimit" which will
70 cause the storage server to do a "du" style recursive examination of
71 its directories at startup, and then if the sum of the size of files
72 found therein is greater than the "sizelimit" number, it will reject
73 requests by clients to write new immutable shares.
75 However, that can take a long time (something on the order of a minute
76 of examination of the filesystem for each 10 GB of data stored in the
77 Tahoe server), and the Tahoe server will be unavailable to clients
80 Another option is to set the "readonly_storage" configuration option
81 on the storage server before startup. This will cause the storage
82 server to reject all requests to upload new immutable shares.
84 Note that neither of these configurations affect mutable shares: even
85 if sizelimit is configured and the storage server currently has
86 greater space used than allowed, or even if readonly_storage is
87 configured, servers will continue to accept new mutable shares and
88 will continue to accept requests to overwrite existing mutable shares.
90 Mutable files are typically used only for directories, and are usually
91 much smaller than immutable files, so if you use one of these
92 configurations to stop the influx of immutable files while there is
93 still sufficient disk space to receive an influx of (much smaller)
94 mutable files, you may be able to avoid the potential for "rollback"
97 A future version of Tahoe will include a fix for this issue. Here is
98 [http://tahoe-lafs.org/pipermail/tahoe-dev/2008-May/000630.html the
99 mailing list discussion] about how that future version will work.
102 === pyOpenSSL/Twisted defect causes false alarms in tests ===
104 The combination of Twisted v8.0 or Twisted v8.1 with pyOpenSSL v0.7
105 causes the Tahoe v1.1 unit tests to fail, even though the behavior of
106 Tahoe itself which is being tested is correct.
108 ==== how to manage it ====
110 If you are using Twisted v8.0 or Twisted v8.1 and pyOpenSSL v0.7, then
111 please ignore ERROR "Reactor was unclean" in test_system and
112 test_introducer. Upgrading to a newer version of Twisted or pyOpenSSL
113 will cause those false alarms to stop happening (as will downgrading
114 to an older version of either of those packages).
115 == issues in Tahoe v1.0.0, released 2008-03-25 ==
117 (Tahoe v1.0 was superceded by v1.1 which was released 2008-06-11.)
119 === server out of space when writing mutable file ===
121 In addition to the problems caused by insufficient disk space
122 described above, v1.0 clients which are writing mutable files when the
123 servers fail to write to their filesystem are likely to think the
124 write succeeded, when it in fact failed. This can cause data loss.
126 ==== how to manage it ====
128 Upgrade client to v1.1, or make sure that servers are always able to
129 write to their local filesystem (including that there is space
130 available) as described in "issue 1" above.
133 === server out of space when writing immutable file ===
135 Tahoe v1.0 clients are using v1.0 servers which are unable to write to
136 their filesystem during an immutable upload will correctly detect the
137 first failure, but if they retry the upload without restarting the
138 client, or if another client attempts to upload the same file, the
139 second upload may appear to succeed when it hasn't, which can lead to
142 ==== how to manage it ====
144 Upgrading either or both of the client and the server to v1.1 will fix
145 this issue. Also it can be avoided by ensuring that the servers are
146 always able to write to their local filesystem (including that there
147 is space available) as described in "issue 1" above.
150 === large directories or mutable files of certain sizes ===
152 If a client attempts to upload a large mutable file with a size
153 greater than about 3,139,000 and less than or equal to 3,500,000 bytes
154 then it will fail but appear to succeed, which can lead to data loss.
156 (Mutable files larger than 3,500,000 are refused outright). The
157 symptom of the failure is very high memory usage (3 GB of memory) and
158 100% CPU for about 5 minutes, before it appears to succeed, although
161 Directories are stored in mutable files, and a directory of
162 approximately 9000 entries may fall into this range of mutable file
163 sizes (depending on the size of the filenames or other metadata
164 associated with the entries).
166 ==== how to manage it ====
168 This was fixed in v1.1, under ticket #379. If the client is upgraded
169 to v1.1, then it will fail cleanly instead of falsely appearing to
170 succeed when it tries to write a file whose size is in this range. If
171 the server is also upgraded to v1.1, then writes of mutable files
172 whose size is in this range will succeed. (If the server is upgraded
173 to v1.1 but the client is still v1.0 then the client will still suffer
177 === uploading files greater than 12 GiB ===
179 If a Tahoe v1.0 client uploads a file greater than 12 GiB in size, the file will
180 be silently corrupted so that it is not retrievable, but the client will think
181 that it succeeded. This is a "data loss" failure.
183 ==== how to manage it ====
185 Don't upload files larger than 12 GiB. If you have previously uploaded files of
186 that size, assume that they have been corrupted and are not retrievable from the
187 Tahoe storage grid. Tahoe v1.1 clients will refuse to upload files larger than
188 12 GiB with a clean failure. A future release of Tahoe will remove this
189 limitation so that larger files can be uploaded.
192 === pycryptopp defect resulting in data corruption ===
194 Versions of pycryptopp earlier than pycryptopp-0.5.0 had a defect
195 which, when compiled with some compilers, would cause AES-256
196 encryption and decryption to be computed incorrectly. This could
197 cause data corruption. Tahoe v1.0 required, and came with a bundled
198 copy of, pycryptopp v0.3.
200 ==== how to manage it ====
202 You can detect whether pycryptopp-0.3 has this failure when it is
203 compiled by your compiler. Run the unit tests that come with
204 pycryptopp-0.3: unpack the "pycryptopp-0.3.tar" file that comes in the
205 Tahoe v1.0 {{{misc/dependencies}}} directory, cd into the resulting
206 {{{pycryptopp-0.3.0}}} directory, and execute {{{python ./setup.py
207 test}}}. If the tests pass, then your compiler does not trigger this
projects / tahoe-lafs / tahoe-lafs.git / blob