| Message ID | 4E5AEAA1.1070200@intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
Yan, Zheng wrote: > Offset field in data extent backref can underflow if clone range ioctl > is used. We can reliably detect the underflow because max file size is > limited to 2^63 and max data extent size is limited by block group size. > > Signed-off-by: Zheng Yan <zheng.z.yan@intel.com> Tested-by: Li Zefan <lizf@cn.fujitsu.com> ... > @@ -3323,8 +3323,11 @@ static int find_data_references(struct reloc_control *rc, > } > > key.objectid = ref_objectid; > - key.offset = ref_offset; > key.type = BTRFS_EXTENT_DATA_KEY; > + if (ref_offset > ((u64)-1 << 32)) > + key.offset = 0; > + else > + key.offset = ref_offset; This needs comment, as we're working around a corner case and a magic number is used. > > path->search_commit_root = 1; > path->skip_locking = 1; > -- -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c index 59bb176..107c9cf 100644 --- a/fs/btrfs/relocation.c +++ b/fs/btrfs/relocation.c @@ -3323,8 +3323,11 @@ static int find_data_references(struct reloc_control *rc, } key.objectid = ref_objectid; - key.offset = ref_offset; key.type = BTRFS_EXTENT_DATA_KEY; + if (ref_offset > ((u64)-1 << 32)) + key.offset = 0; + else + key.offset = ref_offset; path->search_commit_root = 1; path->skip_locking = 1;
Offset field in data extent backref can underflow if clone range ioctl is used. We can reliably detect the underflow because max file size is limited to 2^63 and max data extent size is limited by block group size. Signed-off-by: Zheng Yan <zheng.z.yan@intel.com> --- -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html