diff options
| author | John Spray <john.spray@redhat.com> | 2016-04-06 14:04:01 +0200 |
|---|---|---|
| committer | John Spray <john.spray@redhat.com> | 2016-04-06 17:23:16 +0200 |
| commit | d544e447dfcd3377ba4cc525abea9ea230c55852 (patch) | |
| tree | 946c10f6fd4d357064ef3514dfd08012048a9b73 /src/mds/journal.cc | |
| parent | mds: add operator<< for file_layout_t (diff) | |
| download | ceph-d544e447dfcd3377ba4cc525abea9ea230c55852.tar.xz ceph-d544e447dfcd3377ba4cc525abea9ea230c55852.zip | |
mds: validate file layouts during replay
Instead of letting potentially bogus stuff into
the cache, go damaged().
Signed-off-by: John Spray <john.spray@redhat.com>
Diffstat (limited to 'src/mds/journal.cc')
| -rw-r--r-- | src/mds/journal.cc | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/src/mds/journal.cc b/src/mds/journal.cc index 64d4d2a74b6..0f27971b132 100644 --- a/src/mds/journal.cc +++ b/src/mds/journal.cc @@ -572,6 +572,25 @@ void EMetaBlob::fullbit::update_inode(MDSRank *mds, CInode *in) */ in->oldest_snap = oldest_snap; in->decode_snap_blob(snapbl); + + /* + * In case there was anything malformed in the journal that we are + * replaying, do sanity checks on the inodes we're replaying and + * go damaged instead of letting any trash into a live cache + */ + if (in->is_file()) { + // Files must have valid layouts with a pool set + if (in->inode.layout.pool_id == -1 || !in->inode.layout.is_valid()) { + dout(0) << "EMetaBlob.replay invalid layout on ino " << *in + << ": " << in->inode.layout << dendl; + std::ostringstream oss; + oss << "Invalid layout for inode 0x" << std::hex << in->inode.ino + << std::dec << " in journal"; + mds->clog->error() << oss.str(); + mds->damaged(); + assert(0); // Should be unreachable because damaged() calls respawn() + } + } } // EMetaBlob::remotebit |