summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorYan, Zheng <zheng.z.yan@intel.com>2011-08-29 03:25:53 +0200
committerDavid Sterba <dsterba@suse.cz>2011-10-20 18:10:31 +0200
commit84850e8d8a5ec7b9d3c47d224e9a10c9da52ff1b (patch)
tree799dd9e0b150361dc2a5cdf3772a0ce8395d5f06
parentBtrfs: don't flush the cache inode before writing it (diff)
downloadlinux-84850e8d8a5ec7b9d3c47d224e9a10c9da52ff1b.tar.xz
linux-84850e8d8a5ec7b9d3c47d224e9a10c9da52ff1b.zip
btrfs: check file extent backref offset underflow
Offset field in data extent backref can underflow if clone range ioctl is used. We can reliably detect the underflow because max file size is limited to 2^63 and max data extent size is limited by block group size. Signed-off-by: Zheng Yan <zheng.z.yan@intel.com>
-rw-r--r--fs/btrfs/relocation.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c
index 10af6a0e0865..24d654ce7a06 100644
--- a/fs/btrfs/relocation.c
+++ b/fs/btrfs/relocation.c
@@ -3322,8 +3322,11 @@ static int find_data_references(struct reloc_control *rc,
}
key.objectid = ref_objectid;
- key.offset = ref_offset;
key.type = BTRFS_EXTENT_DATA_KEY;
+ if (ref_offset > ((u64)-1 << 32))
+ key.offset = 0;
+ else
+ key.offset = ref_offset;
path->search_commit_root = 1;
path->skip_locking = 1;