On 2012年09月25日 00:17, David Sterba wrote:

On Mon, Sep 24, 2012 at 12:38:07PM +0800, Wang Sheng-Hui wrote:

quoted

Check range early to avoid further check/compute in case
of range error.

Signed-off-by: Wang Sheng-Hui <redacted>
---
 fs/btrfs/extent_io.c |   16 ++++++++--------
 1 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
index 4c87847..9250cf5 100644
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c

@@ -4643,6 +4643,14 @@ int map_private_extent_buffer(struct extent_buffer *eb, unsigned long start,
 	unsigned long end_i = (start_offset + start + min_len - 1) >>
 		PAGE_CACHE_SHIFT;
 
+	if (start + min_len > eb->len) {
+		printk(KERN_ERR "btrfs bad mapping eb start %llu len %lu, "
+		       "wanted %lu %lu\n", (unsigned long long)eb->start,
+		       eb->len, start, min_len);
+		WARN_ON(1);
+		return -EINVAL;
+	}
+
 	if (i != end_i)
 		return -EINVAL;

4665         unsigned long i = (start_offset + start) >> PAGE_CACHE_SHIFT;
4666         unsigned long end_i = (start_offset + start + min_len - 1) >>
4667                 PAGE_CACHE_SHIFT;

so the check above effectively verifies that

  min_len - 1 < PAGE_CACHE_SIZE
AND
  is within the same page

The other check

	if (start + min_len > eb->len) {

looks if the requested data do not lie out of the bounds of the extent
buffer, where min_len is filled with sizeof(something).

So, both the checks look for corrupted metadata, I don't see the need to
swap them.

Reread the code and it really does the check.
Got it. Thanks for your explanation.

david