Hello,
btrfs_find_free_objectid may return a used objectid due to arithmetic
underflow. This bug may happen when parameter 'root' is tree root, so
it may cause serious problems when creating snapshot or sub-volume.
Regards
YZ
---
diff -r 6c243ad8dddf inode-map.c
--- a/inode-map.c Fri Jan 18 10:54:22 2008 -0500
+++ b/inode-map.c Tue Jan 22 19:59:20 2008 +0800
@@ -62,7 +62,6 @@ int btrfs_find_free_objectid(struct btrf
struct btrfs_path *path;
struct btrfs_key key;
int ret;
- u64 hole_size = 0;
int slot = 0;
u64 last_ino = 0;
int start_found;
@@ -109,8 +108,7 @@ int btrfs_find_free_objectid(struct btrf
if (start_found) {
if (last_ino < search_start)
last_ino = search_start;
- hole_size = key.objectid - last_ino;
- if (hole_size > 0) {
+ if (key.objectid > last_ino) {
*objectid = last_ino;
goto found;
}