Btrfs: fix off-by-one in file clone

Btrfs uses inclusive range end for lock_extent(), unlock_extent() and
related functions, so we made off-by-one errors in file clone.

This fixes it and also fixes some style problems.

Signed-off-by: Liu Bo <bo.li.liu@oracle.com>

diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
index 4d7f4bb..d6836af 100644 (file)
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -2481,13 +2481,13 @@ static noinline long btrfs_ioctl_clone(struct file *file, unsigned long srcfd,
           another, and lock file content */
        while (1) {
                struct btrfs_ordered_extent *ordered;
-               lock_extent(&BTRFS_I(src)->io_tree, off, off+len);
-               ordered = btrfs_lookup_first_ordered_extent(src, off+len);
+               lock_extent(&BTRFS_I(src)->io_tree, off, off + len - 1);
+               ordered = btrfs_lookup_first_ordered_extent(src, off + len - 1);
                if (!ordered &&
-                   !test_range_bit(&BTRFS_I(src)->io_tree, off, off+len,
-                                  EXTENT_DELALLOC, 0, NULL))
+                   !test_range_bit(&BTRFS_I(src)->io_tree, off, off + len - 1,
+                                   EXTENT_DELALLOC, 0, NULL))
                        break;
-               unlock_extent(&BTRFS_I(src)->io_tree, off, off+len);
+               unlock_extent(&BTRFS_I(src)->io_tree, off, off + len - 1);
                if (ordered)
                        btrfs_put_ordered_extent(ordered);
                btrfs_wait_ordered_range(src, off, len);
@@ -2561,7 +2561,7 @@ static noinline long btrfs_ioctl_clone(struct file *file, unsigned long srcfd,
                        btrfs_release_path(path);
 
                        if (key.offset + datal <= off ||
-                           key.offset >= off+len)
+                           key.offset >= off + len - 1)
                                goto next;
 
                        memcpy(&new_key, &key, sizeof(new_key));
@@ -2662,8 +2662,8 @@ static noinline long btrfs_ioctl_clone(struct file *file, unsigned long srcfd,
                                        new_key.offset += skip;
                                }
 
-                               if (key.offset + datal > off+len)
-                                       trim = key.offset + datal - (off+len);
+                               if (key.offset + datal > off + len)
+                                       trim = key.offset + datal - (off + len);
 
                                if (comp && (skip || trim)) {
                                        ret = -EINVAL;
@@ -2740,7 +2740,7 @@ next:
        ret = 0;
 out:
        btrfs_release_path(path);
-       unlock_extent(&BTRFS_I(src)->io_tree, off, off+len);
+       unlock_extent(&BTRFS_I(src)->io_tree, off, off + len - 1);
 out_unlock:
        mutex_unlock(&src->i_mutex);
        mutex_unlock(&inode->i_mutex);