libceph: replace overzealous BUG_ON in osdmap_apply_incremental()

commit e00c3f71b5cf75681dbd74ee3f982a99cb690c2b upstream.

If the osdmap is (maliciously) corrupted such that the incremental
osdmap epoch is different from what is expected, there is no need to
BUG.  Instead, just declare the incremental osdmap to be invalid.

Cc: stable@vger.kernel.org
Reported-by: ziming zhang <ezrakiez@gmail.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/net/ceph/osdmap.c b/net/ceph/osdmap.c
index 06acc37555338c8baff23b5d5fc82a37ee98f1d4..fe796775e3e9fdbf3f235060a5b65ccfb0b8bdd6 100644 (file)
--- a/net/ceph/osdmap.c
+++ b/net/ceph/osdmap.c
@@ -1940,11 +1940,13 @@ struct ceph_osdmap *osdmap_apply_incremental(void **p, void *end,
                         sizeof(u64) + sizeof(u32), e_inval);
        ceph_decode_copy(p, &fsid, sizeof(fsid));
        epoch = ceph_decode_32(p);
-       BUG_ON(epoch != map->epoch+1);
        ceph_decode_copy(p, &modified, sizeof(modified));
        new_pool_max = ceph_decode_64(p);
        new_flags = ceph_decode_32(p);
 
+       if (epoch != map->epoch + 1)
+               goto e_inval;
+
        /* full map? */
        ceph_decode_32_safe(p, end, len, e_inval);
        if (len > 0) {