On Fri, 21 Sep 2012 17:24:44 +0200, David Sterba wrote:

On Fri, Sep 21, 2012 at 05:07:46PM +0800, Miao Xie wrote:

quoted

--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c

@@ -3335,6 +3335,24 @@ static long btrfs_ioctl_balance(struct file *file, void __user *arg)
 
 			goto do_balance;
 		}
+
+		if ((bargs->data.flags & BTRFS_BALANCE_ARGS_USAGE) &&
+		    (bargs->data.usage < 0 || bargs->data.usage > 100)) {

the 0 checks belong here

quoted

+			ret = -EINVAL;
+			goto out_bargs;
+		}
+
+		if ((bargs->meta.flags & BTRFS_BALANCE_ARGS_USAGE) &&
+		    (bargs->meta.usage < 0 || bargs->meta.usage > 100)) {
+			ret = -EINVAL;
+			goto out_bargs;
+		}
+
+		if ((bargs->sys.flags & BTRFS_BALANCE_ARGS_USAGE) &&
+		    (bargs->sys.usage < 0 || bargs->sys.usage > 100)) {
+			ret = -EINVAL;
+			goto out_bargs;
+		}
 	} else {
 		bargs = NULL;
 	}

@@ -2347,7 +2335,8 @@ static int chunk_usage_filter(struct btrfs_fs_info *fs_info, u64 chunk_offset,
 	cache = btrfs_lookup_block_group(fs_info, chunk_offset);
 	chunk_used = btrfs_block_group_used(&cache->item);
 
-	user_thresh = div_factor_fine(cache->key.offset, bargs->usage);
+	BUG_ON(bargs->usage < 0 || bargs->usage > 100);

otherwise it reliably crashes here

Sorry, I don't know why it will crash here if we input 0. I tried to input 0,
and it worked well.

I think the only case we must take into account is the users might input the wrong value (>100 or <0)
on the old kernel, and it can be stored into the filesystem. If we mount this filesystem
on the new kernel, some problems may happen.

Thanks
Miao