ext4: no need to remove extent if len is 0 in ext4_es_remove_extent()

len is 0 means no extent needs to be removed, so return immediately.
Otherwise it could trigger the following BUG_ON() in
ext4_es_remove_extent()

	end = lblk + len - 1;
	BUG_ON(end < lblk);

This could be reproduced by a simple truncate(1) command by an
unprivileged user

	truncate -s $(($((2**32 - 1)) * 4096)) /mnt/ext4/testfile

The same is true for __es_insert_extent().

Patched kernel passed xfstests regression test.

Signed-off-by: Eryu Guan <[email protected]>
Signed-off-by: "Theodore Ts'o" <[email protected]>
Reviewed-by: Zheng Liu <[email protected]>

diff --git a/fs/ext4/extents_status.c b/fs/ext4/extents_status.c
index 9f1380e054740b6635c692f2de1a04848a4f43e7..f768f4a98a2bb520bdb785f6718c9543454d401b 100644 (file)
--- a/fs/ext4/extents_status.c
+++ b/fs/ext4/extents_status.c
@@ -456,6 +456,9 @@ int ext4_es_insert_extent(struct inode *inode, ext4_lblk_t lblk,
        es_debug("add [%u/%u) %llu %llx to extent status tree of inode %lu\n",
                 lblk, len, pblk, status, inode->i_ino);
 
+       if (!len)
+               return 0;
+
        BUG_ON(end < lblk);
 
        newes.es_lblk = lblk;
@@ -649,6 +652,9 @@ int ext4_es_remove_extent(struct inode *inode, ext4_lblk_t lblk,
        es_debug("remove [%u/%u) from extent status tree of inode %lu\n",
                 lblk, len, inode->i_ino);
 
+       if (!len)
+               return err;
+
        end = lblk + len - 1;
        BUG_ON(end < lblk);