On Fri, Feb 22, 2013 at 01:34:03PM +0800, Eryu Guan wrote: > len is 0 means no extent needs to be removed, so return immediately. > Otherwise it could trigger the following BUG_ON() > > 436 end = offset + len - 1; > 437 BUG_ON(end < offset); > > This could be reproduced by a simple truncate(1) command by an > unprivileged user > > truncate -s $(($((2**32 - 1)) * 4096)) /mnt/ext4/testfile > > The same is true for __es_insert_extent(). > > Patched kernel passed xfstests regression test. > > Also remove comments about EXT4_I(inode)->i_es_lock, this rwlock > isn't hold by callers. > > Cc: Zheng Liu <wenqing.lz@xxxxxxxxxx> > Cc: "Theodore Ts'o" <tytso@xxxxxxx> > Signed-off-by: Eryu Guan <guaneryu@xxxxxxxxx> Thanks for fixing it. Reviewed-by: Zheng Liu <wenqing.lz@xxxxxxxxxx> Regards, - Zheng > --- > fs/ext4/extents_status.c | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) > > diff --git a/fs/ext4/extents_status.c b/fs/ext4/extents_status.c > index 564d981..3ac09ca 100644 > --- a/fs/ext4/extents_status.c > +++ b/fs/ext4/extents_status.c > @@ -328,6 +328,9 @@ static int __es_insert_extent(struct ext4_es_tree *tree, ext4_lblk_t offset, > struct extent_status *es; > ext4_lblk_t end = offset + len - 1; > > + if (!len) > + return 0; > + > BUG_ON(end < offset); > es = tree->cache_es; > if (es && offset == (extent_status_end(es) + 1)) { > @@ -386,7 +389,6 @@ out: > > /* > * ext4_es_insert_extent() adds a space to a delayed extent tree. > - * Caller holds inode->i_es_lock. > * > * ext4_es_insert_extent is called by ext4_da_write_begin and > * ext4_es_remove_extent. > @@ -415,7 +417,6 @@ int ext4_es_insert_extent(struct inode *inode, ext4_lblk_t offset, > > /* > * ext4_es_remove_extent() removes a space from a delayed extent tree. > - * Caller holds inode->i_es_lock. > * > * Return 0 on success, error code on failure. > */ > @@ -433,6 +434,9 @@ int ext4_es_remove_extent(struct inode *inode, ext4_lblk_t offset, > es_debug("remove [%u/%u) from extent status tree of inode %lu\n", > offset, len, inode->i_ino); > > + if (!len) > + return err; > + > end = offset + len - 1; > BUG_ON(end < offset); > write_lock(&EXT4_I(inode)->i_es_lock); > -- > 1.8.1.2 > > -- > To unsubscribe from this list: send the line "unsubscribe linux-ext4" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html