add crash protection from backend modifications (#16846)

2023-03-20 09:08:42 -07:00
parent 3b5dbf9046
commit 6c11dbffd5
6 changed files with 61 additions and 29 deletions
--- a/cmd/batch-handlers.go
+++ b/cmd/batch-handlers.go
@@ -1222,7 +1222,6 @@ func (j *BatchJobPool) canceler(jobID string, cancel bool) error {
 	if canceler, ok := j.jobCancelers[jobID]; ok {
 		if cancel {
 			canceler()
-
 		}
 	}
 	delete(j.jobCancelers, jobID)
--- a/cmd/bootstrap-messages.go
+++ b/cmd/bootstrap-messages.go
@@ -78,7 +78,7 @@ func (bs *bootstrapTracer) Record(msg string) {

 func (bs *bootstrapTracer) Events() []madmin.TraceInfo {
 	traceInfo := make([]madmin.TraceInfo, 0, bootstrapMsgsLimit)
-	
+
 	// Add all messages in order
 	addAll := func(info []bootstrapInfo) {
 		for _, msg := range info {
--- a/cmd/erasure-healing.go
+++ b/cmd/erasure-healing.go
@@ -505,8 +505,34 @@ func (er *erasureObjects) healObject(ctx context.Context, bucket string, object
 	migrateDataDir := mustGetUUID()

 	// Reorder so that we have data disks first and parity disks next.
+	if !latestMeta.Deleted && len(latestMeta.Erasure.Distribution) != len(availableDisks) {
+		err := fmt.Errorf("unexpected file distribution (%v) from available disks (%v), looks like backend disks have been manually modified refusing to heal %s/%s(%s)",
+			latestMeta.Erasure.Distribution, availableDisks, bucket, object, versionID)
+		logger.LogIf(ctx, err)
+		return er.defaultHealResult(latestMeta, storageDisks, storageEndpoints, errs,
+			bucket, object, versionID), err
+	}
+
 	latestDisks := shuffleDisks(availableDisks, latestMeta.Erasure.Distribution)
+
+	if !latestMeta.Deleted && len(latestMeta.Erasure.Distribution) != len(outDatedDisks) {
+		err := fmt.Errorf("unexpected file distribution (%v) from outdated disks (%v), looks like backend disks have been manually modified refusing to heal %s/%s(%s)",
+			latestMeta.Erasure.Distribution, outDatedDisks, bucket, object, versionID)
+		logger.LogIf(ctx, err)
+		return er.defaultHealResult(latestMeta, storageDisks, storageEndpoints, errs,
+			bucket, object, versionID), err
+	}
+
 	outDatedDisks = shuffleDisks(outDatedDisks, latestMeta.Erasure.Distribution)
+
+	if !latestMeta.Deleted && len(latestMeta.Erasure.Distribution) != len(partsMetadata) {
+		err := fmt.Errorf("unexpected file distribution (%v) from metadata entries (%v), looks like backend disks have been manually modified refusing to heal %s/%s(%s)",
+			latestMeta.Erasure.Distribution, len(partsMetadata), bucket, object, versionID)
+		logger.LogIf(ctx, err)
+		return er.defaultHealResult(latestMeta, storageDisks, storageEndpoints, errs,
+			bucket, object, versionID), err
+	}
+
 	partsMetadata = shufflePartsMetadata(partsMetadata, latestMeta.Erasure.Distribution)

 	copyPartsMetadata := make([]FileInfo, len(partsMetadata))
--- a/cmd/erasure-object.go
+++ b/cmd/erasure-object.go
@@ -658,6 +658,13 @@ func (er erasureObjects) getObjectFileInfo(ctx context.Context, bucket, object s
 		return fi, nil, nil, err
 	}

+	if !fi.Deleted && len(fi.Erasure.Distribution) != len(onlineDisks) {
+		err := fmt.Errorf("unexpected file distribution (%v) from online disks (%v), looks like backend disks have been manually modified refusing to heal %s/%s(%s)",
+			fi.Erasure.Distribution, onlineDisks, bucket, object, opts.VersionID)
+		logger.LogIf(ctx, err)
+		return fi, nil, nil, toObjectErr(err, bucket, object, opts.VersionID)
+	}
+
 	filterOnlineDisksInplace(fi, metaArr, onlineDisks)

 	// if one of the disk is offline, return right here no need