prevent random people from encoding the OSDMap

This is a safety check: nobody should be encoding OSDMaps except: - the mons - MOSDMap, when encoding old OSDMaps with legacy encodings - ceph-dencoder - the OSD More importantly, nobody should be encoding OSDMap::Incremental except - the leader mon We use a reserved feature bit to indicate that the encoder is enlightened. Note that we skip this check for legacy encodings, so we don't touch MOSDMap in this patch. Signed-off-by: Sage Weil <sage@redhat.com>
ceph · Nov 10, 2014 · 7009440 · 7009440
1 parent c0836ca
commit 7009440
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 5 deletions.
diff --git a/src/mon/OSDMonitor.cc b/src/mon/OSDMonitor.cc
@@ -109,7 +109,7 @@ void OSDMonitor::create_initial()
   newmap.created = newmap.modified = ceph_clock_now(g_ceph_context);
 
   // encode into pending incremental
-  newmap.encode(pending_inc.fullmap, mon->quorum_features);
+  newmap.encode(pending_inc.fullmap, mon->quorum_features | CEPH_FEATURE_RESERVED);
 }
 
 void OSDMonitor::update_from_paxos(bool *need_bootstrap)
@@ -217,7 +217,7 @@ void OSDMonitor::update_from_paxos(bool *need_bootstrap)
     if (!f)
       f = -1;
     bufferlist full_bl;
-    osdmap.encode(full_bl, f);
+    osdmap.encode(full_bl, f | CEPH_FEATURE_RESERVED);
     tx_size += full_bl.length();
 
     put_version_full(t, osdmap.epoch, full_bl);
@@ -644,7 +644,7 @@ void OSDMonitor::encode_pending(MonitorDBStore::TransactionRef t)
 
   // encode
   assert(get_last_committed() + 1 == pending_inc.epoch);
-  ::encode(pending_inc, bl, mon->quorum_features);
+  ::encode(pending_inc, bl, mon->quorum_features | CEPH_FEATURE_RESERVED);
 
   /* put everything in the transaction */
   put_version(t, pending_inc.epoch, bl);

diff --git a/src/osd/OSD.cc b/src/osd/OSD.cc
@@ -6196,7 +6196,7 @@ void OSD::handle_osd_map(MOSDMap *m)
 	     << dendl;
 
       bufferlist fbl;
-      o->encode(fbl);
+      o->encode(fbl, inc.encode_features | CEPH_FEATURE_RESERVED);
 
       hobject_t fulloid = get_osdmap_pobject_name(e);
       t.write(META_COLL, fulloid, 0, fbl.length(), fbl);

diff --git a/src/osd/OSDMap.cc b/src/osd/OSDMap.cc
@@ -396,6 +396,13 @@ void OSDMap::Incremental::encode(bufferlist& bl, uint64_t features) const
     return;
   }
 
+  // only a select set of callers should *ever* be encoding new
+  // OSDMaps.  others should be passing around the canonical encoded
+  // buffers from on high.  select out those callers by passing in an
+  // "impossible" feature bit.
+  assert(features & CEPH_FEATURE_RESERVED);
+  features &= ~CEPH_FEATURE_RESERVED;
+
   // meta-encoding: how we include client-used and osd-specific data
   ENCODE_START(7, 7, bl);
 
@@ -1786,6 +1793,14 @@ void OSDMap::encode(bufferlist& bl, uint64_t features) const
     encode_classic(bl, features);
     return;
   }
+
+  // only a select set of callers should *ever* be encoding new
+  // OSDMaps.  others should be passing around the canonical encoded
+  // buffers from on high.  select out those callers by passing in an
+  // "impossible" feature bit.
+  assert(features & CEPH_FEATURE_RESERVED);
+  features &= ~CEPH_FEATURE_RESERVED;
+
   // meta-encoding: how we include client-used and osd-specific data
   ENCODE_START(7, 7, bl);
 

diff --git a/src/test/encoding/ceph_dencoder.cc b/src/test/encoding/ceph_dencoder.cc
@@ -312,7 +312,7 @@ int main(int argc, const char **argv)
 	usage(cerr);
 	exit(1);
       }
-      den->encode(encbl, features);
+      den->encode(encbl, features | CEPH_FEATURE_RESERVED); // hack for OSDMap
     } else if (*i == string("decode")) {
       if (!den) {
 	cerr << "must first select type with 'type <name>'" << std::endl;