On Thu, Aug 20, 2020 at 11:13:42AM +0530, Chandan Babu R wrote: > Deleting a file range from the middle of an existing extent can cause > the per-inode extent count to increase by 1. This commit checks for > extent count overflow in such cases. > > Signed-off-by: Chandan Babu R <chandanrlinux@xxxxxxxxx> > --- > fs/xfs/libxfs/xfs_inode_fork.h | 6 ++++++ > fs/xfs/xfs_bmap_item.c | 4 ++++ > fs/xfs/xfs_bmap_util.c | 5 +++++ > 3 files changed, 15 insertions(+) > > diff --git a/fs/xfs/libxfs/xfs_inode_fork.h b/fs/xfs/libxfs/xfs_inode_fork.h > index 7fc2b129a2e7..2642e4847ee0 100644 > --- a/fs/xfs/libxfs/xfs_inode_fork.h > +++ b/fs/xfs/libxfs/xfs_inode_fork.h > @@ -39,6 +39,12 @@ struct xfs_ifork { > * extent to a fork and there's no possibility of splitting an existing mapping. > */ > #define XFS_IEXT_ADD_NOSPLIT_CNT (1) > +/* > + * Removing an extent from the middle of an existing extent can cause the extent > + * count to increase by 1. > + * i.e. | Old extent | Hole | Old extent | > + */ > +#define XFS_IEXT_REMOVE_CNT (1) The first thought that popped into my head after reading the subject line was "UH-oh, is this going to result in undeletable files when the extent counts hit max and the user tries to rm?" Then I realized that "when deleting an extent" actually refers to punching holes in the middle of files, not truncating them. So I think at the very least the subject line should be changed to say that we're talking about hole punching, not general file deletion; and the constant probably ought to be called XFS_IEXT_PUNCH_CNT to make that clearer. Aside from that the logic seems ok to me. (Also PS I'm not reviewing these patches in order...) --D > > /* > * Fork handling. > diff --git a/fs/xfs/xfs_bmap_item.c b/fs/xfs/xfs_bmap_item.c > index ec3691372e7c..b9c35fb10de4 100644 > --- a/fs/xfs/xfs_bmap_item.c > +++ b/fs/xfs/xfs_bmap_item.c > @@ -519,6 +519,10 @@ xfs_bui_item_recover( > } > xfs_trans_ijoin(tp, ip, 0); > > + error = xfs_iext_count_may_overflow(ip, whichfork, XFS_IEXT_REMOVE_CNT); > + if (error) > + goto err_inode; > + > count = bmap->me_len; > error = xfs_trans_log_finish_bmap_update(tp, budp, type, ip, whichfork, > bmap->me_startoff, bmap->me_startblock, &count, state); > diff --git a/fs/xfs/xfs_bmap_util.c b/fs/xfs/xfs_bmap_util.c > index 7b76a48b0885..59d4da38aadf 100644 > --- a/fs/xfs/xfs_bmap_util.c > +++ b/fs/xfs/xfs_bmap_util.c > @@ -891,6 +891,11 @@ xfs_unmap_extent( > > xfs_trans_ijoin(tp, ip, 0); > > + error = xfs_iext_count_may_overflow(ip, XFS_DATA_FORK, > + XFS_IEXT_REMOVE_CNT); > + if (error) > + goto out_trans_cancel; > + > error = xfs_bunmapi(tp, ip, startoffset_fsb, len_fsb, 0, 2, done); > if (error) > goto out_trans_cancel; > -- > 2.28.0 >