From patchwork Thu Feb 28 18:26:40 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: [2/6] ext4: improve ext4_es_can_be_merged() to avoid a potential overflow Date: Thu, 28 Feb 2013 08:26:40 -0000 From: Zheng Liu X-Patchwork-Id: 224126 Message-Id: <1362076004-10087-3-git-send-email-wenqing.lz@taobao.com> To: linux-ext4@vger.kernel.org Cc: Zheng Liu , "Theodore Ts'o" , Dmitry Monakhov From: Zheng Liu This commit tries to improve ext4_es_can_be_merged. We check the length of extent to avoid a potential overflow. Signed-off-by: Zheng Liu Cc: "Theodore Ts'o" Cc: Dmitry Monakhov --- fs/ext4/extents_status.c | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/fs/ext4/extents_status.c b/fs/ext4/extents_status.c index f768f4a..a769485 100644 --- a/fs/ext4/extents_status.c +++ b/fs/ext4/extents_status.c @@ -329,17 +329,33 @@ static void ext4_es_free_extent(struct inode *inode, struct extent_status *es) static int ext4_es_can_be_merged(struct extent_status *es1, struct extent_status *es2) { - if (es1->es_lblk + es1->es_len != es2->es_lblk) + __u64 es1_len, es2_len, max_len; + + if (ext4_es_status(es1) ^ ext4_es_status(es2)) return 0; - if (ext4_es_status(es1) != ext4_es_status(es2)) + max_len = 0xFFFFFFFFULL; + es1_len = es1->es_len; + es2_len = es2->es_len; + + if (es1_len + es2_len > max_len) return 0; - if ((ext4_es_is_written(es1) || ext4_es_is_unwritten(es1)) && - (ext4_es_pblock(es1) + es1->es_len != ext4_es_pblock(es2))) + if (es1->es_lblk + es1_len != es2->es_lblk) return 0; - return 1; + if ((ext4_es_is_written(es1) || ext4_es_is_unwritten(es1)) && + (ext4_es_pblock(es1) + es1_len == ext4_es_pblock(es2))) + return 1; + + if (ext4_es_is_hole(es1)) + return 1; + + /* we need to check delayed extent is without unwritten status */ + if (ext4_es_is_delayed(es1) && !ext4_es_is_unwritten(es1)) + return 1; + + return 0; } static struct extent_status *