xfs: remote attribute overwrite causes transaction overrun

Commit e461fcb ("xfs: remote attribute lookups require the value length") passes the remote attribute length in the xfs_da_args structure on lookup so that CRC calculations and validity checking can be performed correctly by related code. This, unfortunately has the side effect of changing the args->valuelen parameter in cases where it shouldn't. That is, when we replace a remote attribute, the incoming replacement stores the value and length in args->value and args->valuelen, but then the lookup which finds the existing remote attribute overwrites args->valuelen with the length of the remote attribute being replaced. Hence when we go to create the new attribute, we create it of the size of the existing remote attribute, not the size it is supposed to be. When the new attribute is much smaller than the old attribute, this results in a transaction overrun and an ASSERT() failure on a debug kernel: XFS: Assertion failed: tp->t_blk_res_used <= tp->t_blk_res, file: fs/xfs/xfs_trans.c, line: 331 Fix this by keeping the remote attribute value length separate to the attribute value length in the xfs_da_args structure. The enables us to pass the length of the remote attribute to be removed without overwriting the new attribute's length. Also, ensure that when we save remote block contexts for a later rename we zero the original state variables so that we don't confuse the state of the attribute to be removes with the state of the new attribute that we just added. [Spotted by Brain Foster.] Signed-off-by: Dave Chinner <dchinner@redhat.com> Reviewed-by: Brian Foster <bfoster@redhat.com> Signed-off-by: Dave Chinner <david@fromorbit.com>
author: Dave Chinner <dchinner@redhat.com> 2014-05-05 17:37:31 -0400
committer: Dave Chinner <david@fromorbit.com> 2014-05-05 17:37:31 -0400
commit: 8275cdd0e7ac550dcce2b3ef6d2fb3b808c1ae59 (patch)
tree: 2f249712b18b943a8d3667dd7c5c6ef614e4fa59 /fs/xfs/xfs_attr.c
parent: d540e43b0ab134b22f015f725ce6e070d12b0244 (diff)
1 files changed, 23 insertions, 1 deletions
diff --git a/fs/xfs/xfs_attr.c b/fs/xfs/xfs_attr.c
index 01b6a0102fbd..abda1124a70f 100644
--- a/fs/xfs/xfs_attr.c
+++ b/fs/xfs/xfs_attr.c
@@ -213,7 +213,7 @@ xfs_attr_calc_size(
                 * Out of line attribute, cannot double split, but
                 * make room for the attribute value itself.
                 */
-                uint    dblocks = XFS_B_TO_FSB(mp, valuelen);
+                uint    dblocks = xfs_attr3_rmt_blocks(mp, valuelen);
                nblks += dblocks;
                nblks += XFS_NEXTENTADD_SPACE_RES(mp, dblocks, XFS_ATTR_FORK);
        }
@@ -698,11 +698,22 @@ xfs_attr_leaf_addname(xfs_da_args_t *args)
                trace_xfs_attr_leaf_replace(args);
+                /* save the attribute state for later removal*/
                args->op_flags |= XFS_DA_OP_RENAME;     /* an atomic rename */
                args->blkno2 = args->blkno;             /* set 2nd entry info*/
                args->index2 = args->index;
                args->rmtblkno2 = args->rmtblkno;
                args->rmtblkcnt2 = args->rmtblkcnt;
+                args->rmtvaluelen2 = args->rmtvaluelen;
+                /*
+                 * clear the remote attr state now that it is saved so that the
+                 * values reflect the state of the attribute we are about to
+                 * add, not the attribute we just found and will remove later.
+                 */
+                args->rmtblkno = 0;
+                args->rmtblkcnt = 0;
+                args->rmtvaluelen = 0;
        }
        /*
@@ -794,6 +805,7 @@ xfs_attr_leaf_addname(xfs_da_args_t *args)
                args->blkno = args->blkno2;
                args->rmtblkno = args->rmtblkno2;
                args->rmtblkcnt = args->rmtblkcnt2;
+                args->rmtvaluelen = args->rmtvaluelen2;
                if (args->rmtblkno) {
                        error = xfs_attr_rmtval_remove(args);
                        if (error)
@@ -999,13 +1011,22 @@ restart:
                trace_xfs_attr_node_replace(args);
+                /* save the attribute state for later removal*/
                args->op_flags |= XFS_DA_OP_RENAME;     /* atomic rename op */
                args->blkno2 = args->blkno;             /* set 2nd entry info*/
                args->index2 = args->index;
                args->rmtblkno2 = args->rmtblkno;
                args->rmtblkcnt2 = args->rmtblkcnt;
+                args->rmtvaluelen2 = args->rmtvaluelen;
+                /*
+                 * clear the remote attr state now that it is saved so that the
+                 * values reflect the state of the attribute we are about to
+                 * add, not the attribute we just found and will remove later.
+                 */
                args->rmtblkno = 0;
                args->rmtblkcnt = 0;
+                args->rmtvaluelen = 0;
        }
        retval = xfs_attr3_leaf_add(blk->bp, state->args);
@@ -1133,6 +1154,7 @@ restart:
                args->blkno = args->blkno2;
                args->rmtblkno = args->rmtblkno2;
                args->rmtblkcnt = args->rmtblkcnt2;
+                args->rmtvaluelen = args->rmtvaluelen2;
                if (args->rmtblkno) {
                        error = xfs_attr_rmtval_remove(args);
                        if (error)
author	Dave Chinner <dchinner@redhat.com>	2014-05-05 17:37:31 -0400
committer	Dave Chinner <david@fromorbit.com>	2014-05-05 17:37:31 -0400
commit	8275cdd0e7ac550dcce2b3ef6d2fb3b808c1ae59 (patch)
tree	2f249712b18b943a8d3667dd7c5c6ef614e4fa59 /fs/xfs/xfs_attr.c
parent	d540e43b0ab134b22f015f725ce6e070d12b0244 (diff)