From patchwork Mon Aug 29 01:25:53 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yan, Zheng" X-Patchwork-Id: 1106022 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by demeter2.kernel.org (8.14.4/8.14.4) with ESMTP id p7T1QL1I023774 for ; Mon, 29 Aug 2011 01:26:21 GMT Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751892Ab1H2BZy (ORCPT ); Sun, 28 Aug 2011 21:25:54 -0400 Received: from mga09.intel.com ([134.134.136.24]:19106 "EHLO mga09.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751696Ab1H2BZy (ORCPT ); Sun, 28 Aug 2011 21:25:54 -0400 Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga102.jf.intel.com with ESMTP; 28 Aug 2011 18:25:53 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="4.67,352,1309762800"; d="scan'208";a="43094524" Received: from zyan5-mobl.sh.intel.com (HELO [10.239.36.32]) ([10.239.36.32]) by orsmga001.jf.intel.com with ESMTP; 28 Aug 2011 18:25:53 -0700 Message-ID: <4E5AEAA1.1070200@intel.com> Date: Mon, 29 Aug 2011 09:25:53 +0800 From: "Yan, Zheng" User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:5.0) Gecko/20110624 Thunderbird/5.0 MIME-Version: 1.0 CC: linux-btrfs@vger.kernel.org Subject: [PATCH] btrfs: check file extent backref offset underflow To: unlisted-recipients:; (no To-header on input) Sender: linux-btrfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-btrfs@vger.kernel.org X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.2.6 (demeter2.kernel.org [140.211.167.43]); Mon, 29 Aug 2011 01:26:21 +0000 (UTC) Offset field in data extent backref can underflow if clone range ioctl is used. We can reliably detect the underflow because max file size is limited to 2^63 and max data extent size is limited by block group size. Signed-off-by: Zheng Yan Tested-by: Li Zefan --- -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c index 59bb176..107c9cf 100644 --- a/fs/btrfs/relocation.c +++ b/fs/btrfs/relocation.c @@ -3323,8 +3323,11 @@ static int find_data_references(struct reloc_control *rc, } key.objectid = ref_objectid; - key.offset = ref_offset; key.type = BTRFS_EXTENT_DATA_KEY; + if (ref_offset > ((u64)-1 << 32)) + key.offset = 0; + else + key.offset = ref_offset; path->search_commit_root = 1; path->skip_locking = 1;