libceph: replace overzealous BUG_ON in osdmap_apply_incremental()

If the osdmap is (maliciously) corrupted such that the incremental osdmap epoch is different from what is expected, there is no need to BUG. Instead, just declare the incremental osdmap to be invalid. Cc: stable@vger.kernel.org Reported-by: ziming zhang <ezrakiez@gmail.com> Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
author: Ilya Dryomov <idryomov@gmail.com> 2025-12-15 11:53:31 +0100
committer: Ilya Dryomov <idryomov@gmail.com> 2026-01-05 13:28:26 +0100
commit: e00c3f71b5cf75681dbd74ee3f982a99cb690c2b (patch)
tree: 3543274b6ef14bb7d6afa6b868e9a55153fd202f /net/ceph/osdmap.c
parent: 818156caffbf55cb4d368f9c3cac64e458fb49c9 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/net/ceph/osdmap.c b/net/ceph/osdmap.c
index 34b3ab59602f..3377a22e3f6c 100644
--- a/net/ceph/osdmap.c
+++ b/net/ceph/osdmap.c
@@ -1979,11 +1979,13 @@ struct ceph_osdmap *osdmap_apply_incremental(void **p, void *end, bool msgr2,
 			 sizeof(u64) + sizeof(u32), e_inval);
 	ceph_decode_copy(p, &fsid, sizeof(fsid));
 	epoch = ceph_decode_32(p);
-	BUG_ON(epoch != map->epoch+1);
 	ceph_decode_copy(p, &modified, sizeof(modified));
 	new_pool_max = ceph_decode_64(p);
 	new_flags = ceph_decode_32(p);
 
+	if (epoch != map->epoch + 1)
+		goto e_inval;
+
 	/* full map? */
 	ceph_decode_32_safe(p, end, len, e_inval);
 	if (len > 0) {
author	Ilya Dryomov <idryomov@gmail.com>	2025-12-15 11:53:31 +0100
committer	Ilya Dryomov <idryomov@gmail.com>	2026-01-05 13:28:26 +0100
commit	e00c3f71b5cf75681dbd74ee3f982a99cb690c2b (patch)
tree	3543274b6ef14bb7d6afa6b868e9a55153fd202f /net/ceph/osdmap.c
parent	818156caffbf55cb4d368f9c3cac64e458fb49c9 (diff)