Re: Btrfs: check range early in map_private_extent_buffer
From: Wang Sheng-Hui
Date: Mon Sep 24 2012 - 20:24:38 EST
On 2012å09æ25æ 00:17, David Sterba wrote:
> On Mon, Sep 24, 2012 at 12:38:07PM +0800, Wang Sheng-Hui wrote:
>> Check range early to avoid further check/compute in case
>> of range error.
>>
>> Signed-off-by: Wang Sheng-Hui <shhuiw@xxxxxxxxx>
>> ---
>> fs/btrfs/extent_io.c | 16 ++++++++--------
>> 1 files changed, 8 insertions(+), 8 deletions(-)
>>
>> diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
>> index 4c87847..9250cf5 100644
>> --- a/fs/btrfs/extent_io.c
>> +++ b/fs/btrfs/extent_io.c
>> @@ -4643,6 +4643,14 @@ int map_private_extent_buffer(struct extent_buffer *eb, unsigned long start,
>> unsigned long end_i = (start_offset + start + min_len - 1) >>
>> PAGE_CACHE_SHIFT;
>>
>> + if (start + min_len > eb->len) {
>> + printk(KERN_ERR "btrfs bad mapping eb start %llu len %lu, "
>> + "wanted %lu %lu\n", (unsigned long long)eb->start,
>> + eb->len, start, min_len);
>> + WARN_ON(1);
>> + return -EINVAL;
>> + }
>> +
>> if (i != end_i)
>> return -EINVAL;
>
> 4665 unsigned long i = (start_offset + start) >> PAGE_CACHE_SHIFT;
> 4666 unsigned long end_i = (start_offset + start + min_len - 1) >>
> 4667 PAGE_CACHE_SHIFT;
>
> so the check above effectively verifies that
>
> min_len - 1 < PAGE_CACHE_SIZE
> AND
> is within the same page
>
> The other check
>
> if (start + min_len > eb->len) {
>
> looks if the requested data do not lie out of the bounds of the extent
> buffer, where min_len is filled with sizeof(something).
>
> So, both the checks look for corrupted metadata, I don't see the need to
> swap them.
Reread the code and it really does the check.
Got it. Thanks for your explanation.
>
> david
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/