Skip to content

Commit 1a4ed8f

Browse files
fdmananamasoncl
authored andcommitted
Btrfs: fix invalid leaf slot access in btrfs_lookup_extent()
If we couldn't find our extent item, we accessed the current slot (path->slots[0]) to check if it corresponds to an equivalent skinny metadata item. However this slot could be beyond our last item in the leaf (i.e. path->slots[0] >= btrfs_header_nritems(leaf)), in which case we shouldn't process it. Since btrfs_lookup_extent() is only used to find extent items for data extents, fix this by removing completely the logic that looks up for an equivalent skinny metadata item, since it can not exist. Signed-off-by: Filipe Manana <[email protected]> Signed-off-by: Chris Mason <[email protected]>
1 parent 21e7626 commit 1a4ed8f

File tree

3 files changed

+4
-10
lines changed

3 files changed

+4
-10
lines changed

fs/btrfs/ctree.h

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3276,7 +3276,7 @@ int btrfs_run_delayed_refs(struct btrfs_trans_handle *trans,
32763276
struct btrfs_root *root, unsigned long count);
32773277
int btrfs_async_run_delayed_refs(struct btrfs_root *root,
32783278
unsigned long count, int wait);
3279-
int btrfs_lookup_extent(struct btrfs_root *root, u64 start, u64 len);
3279+
int btrfs_lookup_data_extent(struct btrfs_root *root, u64 start, u64 len);
32803280
int btrfs_lookup_extent_info(struct btrfs_trans_handle *trans,
32813281
struct btrfs_root *root, u64 bytenr,
32823282
u64 offset, int metadata, u64 *refs, u64 *flags);

fs/btrfs/extent-tree.c

Lines changed: 2 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -710,8 +710,8 @@ void btrfs_clear_space_info_full(struct btrfs_fs_info *info)
710710
rcu_read_unlock();
711711
}
712712

713-
/* simple helper to search for an existing extent at a given offset */
714-
int btrfs_lookup_extent(struct btrfs_root *root, u64 start, u64 len)
713+
/* simple helper to search for an existing data extent at a given offset */
714+
int btrfs_lookup_data_extent(struct btrfs_root *root, u64 start, u64 len)
715715
{
716716
int ret;
717717
struct btrfs_key key;
@@ -726,12 +726,6 @@ int btrfs_lookup_extent(struct btrfs_root *root, u64 start, u64 len)
726726
key.type = BTRFS_EXTENT_ITEM_KEY;
727727
ret = btrfs_search_slot(NULL, root->fs_info->extent_root, &key, path,
728728
0, 0);
729-
if (ret > 0) {
730-
btrfs_item_key_to_cpu(path->nodes[0], &key, path->slots[0]);
731-
if (key.objectid == start &&
732-
key.type == BTRFS_METADATA_ITEM_KEY)
733-
ret = 0;
734-
}
735729
btrfs_free_path(path);
736730
return ret;
737731
}

fs/btrfs/tree-log.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -672,7 +672,7 @@ static noinline int replay_one_extent(struct btrfs_trans_handle *trans,
672672
* is this extent already allocated in the extent
673673
* allocation tree? If so, just add a reference
674674
*/
675-
ret = btrfs_lookup_extent(root, ins.objectid,
675+
ret = btrfs_lookup_data_extent(root, ins.objectid,
676676
ins.offset);
677677
if (ret == 0) {
678678
ret = btrfs_inc_extent_ref(trans, root,

0 commit comments

Comments
 (0)