libceph: replace overzealous BUG_ON in osdmap_apply_incremental()

commit e00c3f71b5cf75681dbd74ee3f982a99cb690c2b upstream.

If the osdmap is (maliciously) corrupted such that the incremental
osdmap epoch is different from what is expected, there is no need to
BUG.  Instead, just declare the incremental osdmap to be invalid.

Cc: stable@vger.kernel.org
Reported-by: ziming zhang <ezrakiez@gmail.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/net/ceph/osdmap.c b/net/ceph/osdmap.c
index ce4a4c23fc6bedfe68a1636b9991285667c9d790..ddaf7b4c75645d5add8e03be0a896c60fa3f6e7c 100644 (file)
--- a/net/ceph/osdmap.c
+++ b/net/ceph/osdmap.c
@@ -1959,11 +1959,13 @@ struct ceph_osdmap *osdmap_apply_incremental(void **p, void *end, bool msgr2,
                         sizeof(u64) + sizeof(u32), e_inval);
        ceph_decode_copy(p, &fsid, sizeof(fsid));
        epoch = ceph_decode_32(p);
-       BUG_ON(epoch != map->epoch+1);
        ceph_decode_copy(p, &modified, sizeof(modified));
        new_pool_max = ceph_decode_64(p);
        new_flags = ceph_decode_32(p);
 
+       if (epoch != map->epoch + 1)
+               goto e_inval;
+
        /* full map? */
        ceph_decode_32_safe(p, end, len, e_inval);
        if (len > 0) {