From: Marcio Barbosa <mbarbosa@sinenomine.net>
Date: Wed, 21 Jun 2017 20:24:05 +0000 (-0400)
Subject: ubik: check if epoch is sane before db relabel
X-Git-Tag: upstream/1.8.0_pre5^2~3
X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=50fcd6763d4387950390b732d2a131c230d44c99;p=packages%2Fo%2Fopenafs.git

ubik: check if epoch is sane before db relabel

The sync-site relabels its database at the end of the first write
transaction. The new label will be equal to the time at which the
sync-site in question first received its coordinator mandate. This time
is stored by a global called ubik_epochTime. In order to make sure that
the new database label is sane, only relabel the database if
ubik_epochTime is within a specific range.

Reviewed-on: https://gerrit.openafs.org/12640
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@dson.org>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit f5c289d00aaf7c5525b477da5b89f6675456c211)

Change-Id: I78ebd2b8aeae01ef5e3b826ad6f1de5a5c1db79e
Reviewed-on: https://gerrit.openafs.org/12886
Reviewed-by: Marcio Brito Barbosa <mbarbosa@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
---

diff --git a/src/ubik/disk.c b/src/ubik/disk.c
index 926c825e0..6f96efcea 100644
--- a/src/ubik/disk.c
+++ b/src/ubik/disk.c
@@ -866,6 +866,7 @@ udisk_commit(struct ubik_trans *atrans)
     struct ubik_dbase *dbase;
     afs_int32 code = 0;
     struct ubik_version oldversion, newversion;
+    afs_int32 now = FT_ApproxTime();
 
     if (atrans->flags & TRDONE)
 	return (UTWOENDS);
@@ -876,6 +877,13 @@ udisk_commit(struct ubik_trans *atrans)
 	/* On the first write to the database. We update the versions */
 	if (ubeacon_AmSyncSite() && !(urecovery_state & UBIK_RECLABELDB)) {
 	    UBIK_VERSION_LOCK;
+	    if (version_globals.ubik_epochTime < UBIK_MILESTONE
+		|| version_globals.ubik_epochTime > now) {
+		ubik_print
+		    ("Ubik: New database label %d is out of the valid range (%d - %d)\n",
+		     version_globals.ubik_epochTime, UBIK_MILESTONE, now);
+		panic("Writing Ubik DB label\n");
+	    }
 	    oldversion = dbase->version;
 	    newversion.epoch = version_globals.ubik_epochTime;
 	    newversion.counter = 1;
diff --git a/src/ubik/ubik.p.h b/src/ubik/ubik.p.h
index 2c1a3181b..9454cacb4 100644
--- a/src/ubik/ubik.p.h
+++ b/src/ubik/ubik.p.h
@@ -55,6 +55,11 @@
 #include <lwp.h>
 #endif
 
+/*! Sanity check: This macro represents an arbitrary date in the past
+ * (Tue Jun 20 15:36:43 2017). The database epoch must be greater or
+ * equal to this value. */
+#define	UBIK_MILESTONE	    1497987403
+
 /*!
  * \brief per-client structure for ubik
  */