btrfs: qgroups: Fix BUG_ON condition in tree level check

The current code was erroneously checking for
root_level > BTRFS_MAX_LEVEL. If we had a root_level of 8 then the check
won't trigger and we could potentially hit a buffer overflow. The
correct check should be root_level >= BTRFS_MAX_LEVEL .

Signed-off-by: Nikolay Borisov <nborisov@suse.com>
Reviewed-by: Qu Wenruo <quwenruo.btrfs@gmx.com>
Signed-off-by: David Sterba <dsterba@suse.com>

diff --git a/fs/btrfs/qgroup.c b/fs/btrfs/qgroup.c
index 4ce351efe2813e101c74658873a25cff434633d6..acb48983be26a838040960920c830c160ba88eb4 100644 (file)
--- a/fs/btrfs/qgroup.c
+++ b/fs/btrfs/qgroup.c
@@ -1603,7 +1603,7 @@ int btrfs_qgroup_trace_subtree(struct btrfs_trans_handle *trans,
        struct extent_buffer *eb = root_eb;
        struct btrfs_path *path = NULL;
 
-       BUG_ON(root_level < 0 || root_level > BTRFS_MAX_LEVEL);
+       BUG_ON(root_level < 0 || root_level >= BTRFS_MAX_LEVEL);
        BUG_ON(root_eb == NULL);
 
        if (!test_bit(BTRFS_FS_QUOTA_ENABLED, &fs_info->flags))