mds: fix mds damaged due to unexpected journal length

We used first next_safe_pos in pending_safe to update journal's safe_pos, but
it might not be flushed at this time, so journal's header may get incorrect
write_pos in some case, which could cause mds damaged.

This fix is trying to use current min next_safe_pos in pending_safe to update
journal's safe_pos.

Signed-off-by: Zhi Zhang <zhangz.david@outlook.com>

diff --git a/src/osdc/Journaler.cc b/src/osdc/Journaler.cc
index b2c75795c3e303e970f8f4f380f82ec9a0028351..a464d0fd75b5c6f3f4ea4cf3ec8f4e74ea959148 100644 (file)
--- a/src/osdc/Journaler.cc
+++ b/src/osdc/Journaler.cc
@@ -530,11 +530,12 @@ void Journaler::_finish_flush(int r, uint64_t start, ceph::real_time stamp)
   // adjust safe_pos
   auto it = pending_safe.find(start);
   ceph_assert(it != pending_safe.end());
+  uint64_t min_next_safe_pos = pending_safe.begin()->second;
   pending_safe.erase(it);
   if (pending_safe.empty())
     safe_pos = next_safe_pos;
   else
-    safe_pos = pending_safe.begin()->second;
+    safe_pos = min_next_safe_pos;
 
   ldout(cct, 10) << "_finish_flush safe from " << start
                 << ", pending_safe " << pending_safe