From: Yan, Zheng <zheng.z.yan@intel.com>
Date: Mon, 29 Aug 2011 01:25:53 +0000 (+0800)
Subject: btrfs: check file extent backref offset underflow
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=84850e8d8a5ec7b9d3c47d224e9a10c9da52ff1b;p=GitHub%2Fexynos8895%2Fandroid_kernel_samsung_universal8895.git

btrfs: check file extent backref offset underflow

Offset field in data extent backref can underflow if clone range ioctl
is used. We can reliably detect the underflow because max file size is
limited to 2^63 and max data extent size is limited by block group size.

Signed-off-by: Zheng Yan  <zheng.z.yan@intel.com>
---

diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c
index 10af6a0e0865..24d654ce7a06 100644
--- a/fs/btrfs/relocation.c
+++ b/fs/btrfs/relocation.c
@@ -3322,8 +3322,11 @@ static int find_data_references(struct reloc_control *rc,
 	}
 
 	key.objectid = ref_objectid;
-	key.offset = ref_offset;
 	key.type = BTRFS_EXTENT_DATA_KEY;
+	if (ref_offset > ((u64)-1 << 32))
+		key.offset = 0;
+	else
+		key.offset = ref_offset;
 
 	path->search_commit_root = 1;
 	path->skip_locking = 1;