ocfs2: Use xs->bucket to set xattr value outside
authorTao Ma <tao.ma@oracle.com>
Thu, 12 Mar 2009 00:37:34 +0000 (08:37 +0800)
committerMark Fasheh <mfasheh@suse.com>
Thu, 12 Mar 2009 23:46:09 +0000 (16:46 -0700)
A long time ago, xs->base is allocated a 4K size and all the contents
in the bucket are copied to the it. Now we use ocfs2_xattr_bucket to
abstract xattr bucket and xs->base is initialized to the start of the
bu_bhs[0]. So xs->base + offset will overflow when the value root is
stored outside the first block.

Then why we can survive the xattr test by now? It is because we always
read the bucket contiguously now and kernel mm allocate continguous
memory for us. We are lucky, but we should fix it. So just get the
right value root as other callers do.

Signed-off-by: Tao Ma <tao.ma@oracle.com>
Acked-by: Joel Becker <joel.becker@oracle.com>
Signed-off-by: Mark Fasheh <mfasheh@suse.com>
fs/ocfs2/xattr.c

index c63efb5ef136d57720f07c95699a20fa358d4a6e..2563df89fc2a0e60f28a2e8958ddfda525099fb4 100644 (file)
@@ -4795,19 +4795,33 @@ static int ocfs2_xattr_bucket_set_value_outside(struct inode *inode,
                                                char *val,
                                                int value_len)
 {
-       int offset;
+       int ret, offset, block_off;
        struct ocfs2_xattr_value_root *xv;
        struct ocfs2_xattr_entry *xe = xs->here;
+       struct ocfs2_xattr_header *xh = bucket_xh(xs->bucket);
+       void *base;
 
        BUG_ON(!xs->base || !xe || ocfs2_xattr_is_local(xe));
 
-       offset = le16_to_cpu(xe->xe_name_offset) +
-                OCFS2_XATTR_SIZE(xe->xe_name_len);
+       ret = ocfs2_xattr_bucket_get_name_value(inode, xh,
+                                               xe - xh->xh_entries,
+                                               &block_off,
+                                               &offset);
+       if (ret) {
+               mlog_errno(ret);
+               goto out;
+       }
 
-       xv = (struct ocfs2_xattr_value_root *)(xs->base + offset);
+       base = bucket_block(xs->bucket, block_off);
+       xv = (struct ocfs2_xattr_value_root *)(base + offset +
+                OCFS2_XATTR_SIZE(xe->xe_name_len));
 
-       return __ocfs2_xattr_set_value_outside(inode, handle,
-                                              xv, val, value_len);
+       ret = __ocfs2_xattr_set_value_outside(inode, handle,
+                                             xv, val, value_len);
+       if (ret)
+               mlog_errno(ret);
+out:
+       return ret;
 }
 
 static int ocfs2_rm_xattr_cluster(struct inode *inode,