mds: validate file layouts during replay

Instead of letting potentially bogus stuff into
the cache, go damaged().

Signed-off-by: John Spray <john.spray@redhat.com>

diff --git a/src/mds/journal.cc b/src/mds/journal.cc
index 64d4d2a74b6e42c7686e8f8214b11c7465a8dd57..0f27971b1326f2259d77650161b1108f146fd0c5 100644 (file)
--- a/src/mds/journal.cc
+++ b/src/mds/journal.cc
@@ -572,6 +572,25 @@ void EMetaBlob::fullbit::update_inode(MDSRank *mds, CInode *in)
    */
   in->oldest_snap = oldest_snap;
   in->decode_snap_blob(snapbl);
+
+  /*
+   * In case there was anything malformed in the journal that we are
+   * replaying, do sanity checks on the inodes we're replaying and
+   * go damaged instead of letting any trash into a live cache
+   */
+  if (in->is_file()) {
+    // Files must have valid layouts with a pool set
+    if (in->inode.layout.pool_id == -1 || !in->inode.layout.is_valid()) {
+      dout(0) << "EMetaBlob.replay invalid layout on ino " << *in
+              << ": " << in->inode.layout << dendl;
+      std::ostringstream oss;
+      oss << "Invalid layout for inode 0x" << std::hex << in->inode.ino
+          << std::dec << " in journal";
+      mds->clog->error() << oss.str();
+      mds->damaged();
+      assert(0);  // Should be unreachable because damaged() calls respawn()
+    }
+  }
 }
 
 // EMetaBlob::remotebit