libceph: replace overzealous BUG_ON in osdmap_apply_incremental()

If the osdmap is (maliciously) corrupted such that the incremental
osdmap epoch is different from what is expected, there is no need to
BUG.  Instead, just declare the incremental osdmap to be invalid.

Cc: stable@vger.kernel.org
Reported-by: ziming zhang <ezrakiez@gmail.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>

diff --git a/net/ceph/osdmap.c b/net/ceph/osdmap.c
index 34b3ab59602f73caf026569d7cdc3a6b2aa76b1a..3377a22e3f6c1a26213fc67b9b833b53c046eeb8 100644 (file)
--- a/net/ceph/osdmap.c
+++ b/net/ceph/osdmap.c
@@ -1979,11 +1979,13 @@ struct ceph_osdmap *osdmap_apply_incremental(void **p, void *end, bool msgr2,
                         sizeof(u64) + sizeof(u32), e_inval);
        ceph_decode_copy(p, &fsid, sizeof(fsid));
        epoch = ceph_decode_32(p);
-       BUG_ON(epoch != map->epoch+1);
        ceph_decode_copy(p, &modified, sizeof(modified));
        new_pool_max = ceph_decode_64(p);
        new_flags = ceph_decode_32(p);
 
+       if (epoch != map->epoch + 1)
+               goto e_inval;
+
        /* full map? */
        ceph_decode_32_safe(p, end, len, e_inval);
        if (len > 0) {