btrfs: check file extent backref offset underflow

Offset field in data extent backref can underflow if clone range ioctl
is used. We can reliably detect the underflow because max file size is
limited to 2^63 and max data extent size is limited by block group size.

Signed-off-by: Zheng Yan  <zheng.z.yan@intel.com>

diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c
index 10af6a0e08651c281ed0484dd5aacff9b17738d5..24d654ce7a061206347173c407196fdcf0bc8742 100644 (file)
--- a/fs/btrfs/relocation.c
+++ b/fs/btrfs/relocation.c
@@ -3322,8 +3322,11 @@ static int find_data_references(struct reloc_control *rc,
        }
 
        key.objectid = ref_objectid;
-       key.offset = ref_offset;
        key.type = BTRFS_EXTENT_DATA_KEY;
+       if (ref_offset > ((u64)-1 << 32))
+               key.offset = 0;
+       else
+               key.offset = ref_offset;
 
        path->search_commit_root = 1;
        path->skip_locking = 1;