Git Repo - linux.git/commit

author	Filipe Manana <[email protected]>
	Mon, 30 Mar 2015 17:26:47 +0000 (18:26 +0100)
committer	Chris Mason <[email protected]>
	Mon, 13 Apr 2015 14:03:27 +0000 (07:03 -0700)
commit	113e8283869b9855c8b999796aadd506bbac155f
tree	568520a2b8ba61cdeaf4e3c51f022a9efee16e3e	tree \| snapshot
parent	df858e76723ace61342b118aa4302bd09de4e386	commit \| diff

Btrfs: fix inode eviction infinite loop after extent_same ioctl

If we pass a length of 0 to the extent_same ioctl, we end up locking an
extent range with a start offset greater then its end offset (if the
destination file's offset is greater than zero). This results in a warning
from extent_io.c:insert_state through the following call chain:

  btrfs_extent_same()
    btrfs_double_lock()
      lock_extent_range()
        lock_extent(inode->io_tree, offset, offset + len - 1)
          lock_extent_bits()
            __set_extent_bit()
              insert_state()
                --> WARN_ON(end < start)

This leads to an infinite loop when evicting the inode. This is the same
problem that my previous patch titled
"Btrfs: fix inode eviction infinite loop after cloning into it" addressed
but for the extent_same ioctl instead of the clone ioctl.

CC: <[email protected]>
Signed-off-by: Filipe Manana <[email protected]>
Reviewed-by: Omar Sandoval <[email protected]>
Signed-off-by: Chris Mason <[email protected]>