ceph OSDMap DoS

Vulnerability analysis

Summary: The libceph OSD map processing code contains an overzealous BUG_ON() assertion that can be triggered by maliciously crafted or corrupted incremental OSD map data, causing a kernel panic and denial of service.

Root Cause: The original code used BUG_ON(epoch != map->epoch+1) to validate that incremental OSD map epochs are sequential. However, BUG_ON() causes an immediate kernel panic, which is inappropriate for handling potentially malicious input data that could come from untrusted network sources.

Attack Surface: This vulnerability affects systems using Ceph distributed storage that process OSD map updates from potentially untrusted sources. The attack surface includes network-facing Ceph clients and servers that handle incremental OSD map data, which could be maliciously crafted to trigger the assertion failure.

Fix Mechanism: The patch replaces the BUG_ON() assertion with a conditional check that gracefully handles epoch mismatches by jumping to the error handling path (e_inval), which marks the incremental OSD map as invalid without crashing the kernel.