From: John Spray <john.spray@redhat.com>
Date: Thu, 17 Jul 2014 12:15:10 +0000 (+0100)
Subject: osdc/Journaler: validate header on load and save
X-Git-Tag: v0.84~87^2~3
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=ed3bc4c385a227895cd4d487960d374ee4e60f2d;p=ceph.git

osdc/Journaler: validate header on load and save

Previously if the journal header contained invalid
write, expire or trimmed offsets, we would end up
hitting a hard-to-understand assertion much later.

Instead, raise the error right away if the fields
are identifiably bad at load time, and assert that
they're valid before persisting them.

Signed-off-by: John Spray <john.spray@redhat.com>
---

diff --git a/src/osdc/Journaler.cc b/src/osdc/Journaler.cc
index 941fe41b217d..94a7fd2a2559 100644
--- a/src/osdc/Journaler.cc
+++ b/src/osdc/Journaler.cc
@@ -216,9 +216,17 @@ void Journaler::_finish_read_head(int r, bufferlist& bl)
   bufferlist::iterator p = bl.begin();
   ::decode(h, p);
 
+  bool corrupt = false;
   if (h.magic != magic) {
     ldout(cct, 0) << "on disk magic '" << h.magic << "' != my magic '"
 	    << magic << "'" << dendl;
+    corrupt = true;
+  } else if (h.write_pos < h.expire_pos || h.expire_pos < h.trimmed_pos) {
+    ldout(cct, 0) << "Corrupt header (bad offsets): " << h << dendl;
+    corrupt = true;
+  }
+
+  if (corrupt) {
     list<Context*> ls;
     ls.swap(waitfor_recover);
     finish_contexts(cct, ls, -EINVAL);
@@ -349,6 +357,10 @@ void Journaler::write_head(Context *oncommit)
   last_written.stream_format = stream_format;
   ldout(cct, 10) << "write_head " << last_written << dendl;
   
+  // Avoid persisting bad pointers in case of bugs
+  assert(last_written.write_pos >= last_written.expire_pos);
+  assert(last_written.expire_pos >= last_written.trimmed_pos);
+
   last_wrote_head = ceph_clock_now(cct);
 
   bufferlist bl;