1. 19 Jul, 2010 3 commits
    • Dan Rosenberg's avatar
      Btrfs: fix checks in BTRFS_IOC_CLONE_RANGE · 2ebc3464
      Dan Rosenberg authored
      1.  The BTRFS_IOC_CLONE and BTRFS_IOC_CLONE_RANGE ioctls should check
      whether the donor file is append-only before writing to it.
      
      2.  The BTRFS_IOC_CLONE_RANGE ioctl appears to have an integer
      overflow that allows a user to specify an out-of-bounds range to copy
      from the source file (if off + len wraps around).  I haven't been able
      to successfully exploit this, but I'd imagine that a clever attacker
      could use this to read things he shouldn't.  Even if it's not
      exploitable, it couldn't hurt to be safe.
      Signed-off-by: default avatarDan Rosenberg <dan.j.rosenberg@gmail.com>
      cc: stable@kernel.org
      Signed-off-by: default avatarChris Mason <chris.mason@oracle.com>
      2ebc3464
    • Sage Weil's avatar
      Btrfs: fix CLONE ioctl destination file size expansion to block boundary · b5384d48
      Sage Weil authored
      The CLONE and CLONE_RANGE ioctls round up the range of extents being
      cloned to the block size when the range to clone extends to the end of file
      (this is always the case with CLONE).  It was then using that offset when
      extending the destination file's i_size.  Fix this by not setting i_size
      beyond the originally requested ending offset.
      
      This bug was introduced by a22285a6 (2.6.35-rc1).
      Signed-off-by: default avatarSage Weil <sage@newdream.net>
      Signed-off-by: default avatarChris Mason <chris.mason@oracle.com>
      b5384d48
    • Chris Mason's avatar
      Btrfs: fix split_leaf double split corner case · 99d8f83c
      Chris Mason authored
      split_leaf was not properly balancing leaves when it was forced to
      split a leaf twice.  This commit adds an extra push left and right
      before forcing the double split in hopes of getting the slot where
      we want to insert at either the start or end of the leaf.
      
      If the extra pushes do work, then we are able to avoid splitting twice
      and we keep the tree properly balanced.
      Signed-off-by: default avatarChris Mason <chris.mason@oracle.com>
      99d8f83c
  2. 11 Jun, 2010 17 commits
  3. 27 May, 2010 5 commits
  4. 26 May, 2010 3 commits
    • Chris Mason's avatar
      Btrfs: avoid ENOSPC errors in btrfs_dirty_inode · 94b60442
      Chris Mason authored
      btrfs_dirty_inode tries to sneak in without much waiting or
      space reservation, mostly for performance reasons.  This
      usually works well but can cause problems when there are
      many many writers.
      
      When btrfs_update_inode fails with ENOSPC, we fallback
      to a slower btrfs_start_transaction call that will reserve
      some space.
      Signed-off-by: default avatarChris Mason <chris.mason@oracle.com>
      94b60442
    • Chris Mason's avatar
      Btrfs: move O_DIRECT space reservation to btrfs_direct_IO · 3f7c579c
      Chris Mason authored
      This moves the delalloc space reservation done for O_DIRECT
      into btrfs_direct_IO.  This way we don't leak reserved space
      if the generic O_DIRECT write code errors out before it
      calls into btrfs_direct_IO.
      Signed-off-by: default avatarChris Mason <chris.mason@oracle.com>
      3f7c579c
    • Chris Mason's avatar
      Btrfs: rework O_DIRECT enospc handling · 4845e44f
      Chris Mason authored
      This changes O_DIRECT write code to mark extents as delalloc
      while it is processing them.  Yan Zheng has reworked the
      enospc accounting based on tracking delalloc extents and
      this makes it much easier to track enospc in the O_DIRECT code.
      
      There are a few space cases with the O_DIRECT code though,
      it only sets the EXTENT_DELALLOC bits, instead of doing
      EXTENT_DELALLOC | EXTENT_DIRTY | EXTENT_UPTODATE, because
      we don't want to mess with clearing the dirty and uptodate
      bits when things go wrong.  This is important because there
      are no pages in the page cache, so any extent state structs
      that we put in the tree won't get freed by releasepage.  We have
      to clear them ourselves as the DIO ends.
      
      With this commit, we reserve space at in btrfs_file_aio_write,
      and then as each btrfs_direct_IO call progresses it sets
      EXTENT_DELALLOC on the range.
      
      btrfs_get_blocks_direct is responsible for clearing the delalloc
      at the same time it drops the extent lock.
      Signed-off-by: default avatarChris Mason <chris.mason@oracle.com>
      4845e44f
  5. 25 May, 2010 12 commits