xfs: remote attribute overwrite causes transaction overrun

		 * Out of line attribute, cannot double split, but

		 * Out of line attribute, cannot double split, but

		 * make room for the attribute value itself.

		 * make room for the attribute value itself.

		 */

		 */

		uint	dblocks = XFS_B_TO_FSB(mp, valuelen);

		uint	dblocks = xfs_attr3_rmt_blocks(mp, valuelen);

		nblks += dblocks;

		nblks += dblocks;

		nblks += XFS_NEXTENTADD_SPACE_RES(mp, dblocks, XFS_ATTR_FORK);

		nblks += XFS_NEXTENTADD_SPACE_RES(mp, dblocks, XFS_ATTR_FORK);

	}

	}

		trace_xfs_attr_leaf_replace(args);

		trace_xfs_attr_leaf_replace(args);

		/* save the attribute state for later removal*/

		args->op_flags |= XFS_DA_OP_RENAME;	/* an atomic rename */

		args->op_flags |= XFS_DA_OP_RENAME;	/* an atomic rename */

		args->blkno2 = args->blkno;		/* set 2nd entry info*/

		args->blkno2 = args->blkno;		/* set 2nd entry info*/

		args->index2 = args->index;

		args->index2 = args->index;

		args->rmtblkno2 = args->rmtblkno;

		args->rmtblkno2 = args->rmtblkno;

		args->rmtblkcnt2 = args->rmtblkcnt;

		args->rmtblkcnt2 = args->rmtblkcnt;

		args->rmtvaluelen2 = args->rmtvaluelen;

		/*

		 * clear the remote attr state now that it is saved so that the

		 * values reflect the state of the attribute we are about to

		 * add, not the attribute we just found and will remove later.

		 */

		args->rmtblkno = 0;

		args->rmtblkcnt = 0;

		args->rmtvaluelen = 0;

	}

	}

	/*

	/*

		args->blkno = args->blkno2;

		args->blkno = args->blkno2;

		args->rmtblkno = args->rmtblkno2;

		args->rmtblkno = args->rmtblkno2;

		args->rmtblkcnt = args->rmtblkcnt2;

		args->rmtblkcnt = args->rmtblkcnt2;

		args->rmtvaluelen = args->rmtvaluelen2;

		if (args->rmtblkno) {

		if (args->rmtblkno) {

			error = xfs_attr_rmtval_remove(args);

			error = xfs_attr_rmtval_remove(args);

			if (error)

			if (error)

		trace_xfs_attr_node_replace(args);

		trace_xfs_attr_node_replace(args);

		/* save the attribute state for later removal*/

		args->op_flags |= XFS_DA_OP_RENAME;	/* atomic rename op */

		args->op_flags |= XFS_DA_OP_RENAME;	/* atomic rename op */

		args->blkno2 = args->blkno;		/* set 2nd entry info*/

		args->blkno2 = args->blkno;		/* set 2nd entry info*/

		args->index2 = args->index;

		args->index2 = args->index;

		args->rmtblkno2 = args->rmtblkno;

		args->rmtblkno2 = args->rmtblkno;

		args->rmtblkcnt2 = args->rmtblkcnt;

		args->rmtblkcnt2 = args->rmtblkcnt;

		args->rmtvaluelen2 = args->rmtvaluelen;

		/*

		 * clear the remote attr state now that it is saved so that the

		 * values reflect the state of the attribute we are about to

		 * add, not the attribute we just found and will remove later.

		 */

		args->rmtblkno = 0;

		args->rmtblkno = 0;

		args->rmtblkcnt = 0;

		args->rmtblkcnt = 0;

		args->rmtvaluelen = 0;

	}

	}

	retval = xfs_attr3_leaf_add(blk->bp, state->args);

	retval = xfs_attr3_leaf_add(blk->bp, state->args);

		args->blkno = args->blkno2;

		args->blkno = args->blkno2;

		args->rmtblkno = args->rmtblkno2;

		args->rmtblkno = args->rmtblkno2;

		args->rmtblkcnt = args->rmtblkcnt2;

		args->rmtblkcnt = args->rmtblkcnt2;

		args->rmtvaluelen = args->rmtvaluelen2;

		if (args->rmtblkno) {

		if (args->rmtblkno) {

			error = xfs_attr_rmtval_remove(args);

			error = xfs_attr_rmtval_remove(args);

			if (error)

			if (error)

		name_rmt->valueblk = 0;

		name_rmt->valueblk = 0;

		args->rmtblkno = 1;

		args->rmtblkno = 1;

		args->rmtblkcnt = xfs_attr3_rmt_blocks(mp, args->valuelen);

		args->rmtblkcnt = xfs_attr3_rmt_blocks(mp, args->valuelen);

		args->rmtvaluelen = args->valuelen;

	}

	}

	xfs_trans_log_buf(args->trans, bp,

	xfs_trans_log_buf(args->trans, bp,

	     XFS_DA_LOGRANGE(leaf, xfs_attr3_leaf_name(leaf, args->index),

	     XFS_DA_LOGRANGE(leaf, xfs_attr3_leaf_name(leaf, args->index),

			if (!xfs_attr_namesp_match(args->flags, entry->flags))

			if (!xfs_attr_namesp_match(args->flags, entry->flags))

				continue;

				continue;

			args->index = probe;

			args->index = probe;

			args->valuelen = be32_to_cpu(name_rmt->valuelen);

			args->rmtvaluelen = be32_to_cpu(name_rmt->valuelen);

			args->rmtblkno = be32_to_cpu(name_rmt->valueblk);

			args->rmtblkno = be32_to_cpu(name_rmt->valueblk);

			args->rmtblkcnt = xfs_attr3_rmt_blocks(

			args->rmtblkcnt = xfs_attr3_rmt_blocks(

							args->dp->i_mount,

							args->dp->i_mount,

							args->valuelen);

							args->rmtvaluelen);

			return XFS_ERROR(EEXIST);

			return XFS_ERROR(EEXIST);

		}

		}

	}

	}

		name_rmt = xfs_attr3_leaf_name_remote(leaf, args->index);

		name_rmt = xfs_attr3_leaf_name_remote(leaf, args->index);

		ASSERT(name_rmt->namelen == args->namelen);

		ASSERT(name_rmt->namelen == args->namelen);

		ASSERT(memcmp(args->name, name_rmt->name, args->namelen) == 0);

		ASSERT(memcmp(args->name, name_rmt->name, args->namelen) == 0);

		valuelen = be32_to_cpu(name_rmt->valuelen);

		args->rmtvaluelen = be32_to_cpu(name_rmt->valuelen);

		args->rmtblkno = be32_to_cpu(name_rmt->valueblk);

		args->rmtblkno = be32_to_cpu(name_rmt->valueblk);

		args->rmtblkcnt = xfs_attr3_rmt_blocks(args->dp->i_mount,

		args->rmtblkcnt = xfs_attr3_rmt_blocks(args->dp->i_mount,

						       valuelen);

						       args->rmtvaluelen);

		if (args->flags & ATTR_KERNOVAL) {

		if (args->flags & ATTR_KERNOVAL) {

			args->valuelen = valuelen;

			args->valuelen = args->rmtvaluelen;

			return 0;

			return 0;

		}

		}

		if (args->valuelen < valuelen) {

		if (args->valuelen < args->rmtvaluelen) {

			args->valuelen = valuelen;

			args->valuelen = args->rmtvaluelen;

			return XFS_ERROR(ERANGE);

			return XFS_ERROR(ERANGE);

		}

		}

		args->valuelen = valuelen;

		args->valuelen = args->rmtvaluelen;

	}

	}

	return 0;

	return 0;

}

}

		ASSERT((entry->flags & XFS_ATTR_LOCAL) == 0);

		ASSERT((entry->flags & XFS_ATTR_LOCAL) == 0);

		name_rmt = xfs_attr3_leaf_name_remote(leaf, args->index);

		name_rmt = xfs_attr3_leaf_name_remote(leaf, args->index);

		name_rmt->valueblk = cpu_to_be32(args->rmtblkno);

		name_rmt->valueblk = cpu_to_be32(args->rmtblkno);

		name_rmt->valuelen = cpu_to_be32(args->valuelen);

		name_rmt->valuelen = cpu_to_be32(args->rmtvaluelen);

		xfs_trans_log_buf(args->trans, bp,

		xfs_trans_log_buf(args->trans, bp,

			 XFS_DA_LOGRANGE(leaf, name_rmt, sizeof(*name_rmt)));

			 XFS_DA_LOGRANGE(leaf, name_rmt, sizeof(*name_rmt)));

	}

	}

		ASSERT((entry1->flags & XFS_ATTR_LOCAL) == 0);

		ASSERT((entry1->flags & XFS_ATTR_LOCAL) == 0);

		name_rmt = xfs_attr3_leaf_name_remote(leaf1, args->index);

		name_rmt = xfs_attr3_leaf_name_remote(leaf1, args->index);

		name_rmt->valueblk = cpu_to_be32(args->rmtblkno);

		name_rmt->valueblk = cpu_to_be32(args->rmtblkno);

		name_rmt->valuelen = cpu_to_be32(args->valuelen);

		name_rmt->valuelen = cpu_to_be32(args->rmtvaluelen);

		xfs_trans_log_buf(args->trans, bp1,

		xfs_trans_log_buf(args->trans, bp1,

			 XFS_DA_LOGRANGE(leaf1, name_rmt, sizeof(*name_rmt)));

			 XFS_DA_LOGRANGE(leaf1, name_rmt, sizeof(*name_rmt)));

	}

	}

				args.dp = context->dp;

				args.dp = context->dp;

				args.whichfork = XFS_ATTR_FORK;

				args.whichfork = XFS_ATTR_FORK;

				args.valuelen = valuelen;

				args.valuelen = valuelen;

				args.rmtvaluelen = valuelen;

				args.value = kmem_alloc(valuelen, KM_SLEEP | KM_NOFS);

				args.value = kmem_alloc(valuelen, KM_SLEEP | KM_NOFS);

				args.rmtblkno = be32_to_cpu(name_rmt->valueblk);

				args.rmtblkno = be32_to_cpu(name_rmt->valueblk);

				args.rmtblkcnt = xfs_attr3_rmt_blocks(

				args.rmtblkcnt = xfs_attr3_rmt_blocks(

	struct xfs_buf		*bp;

	struct xfs_buf		*bp;

	xfs_dablk_t		lblkno = args->rmtblkno;

	xfs_dablk_t		lblkno = args->rmtblkno;

	__uint8_t		*dst = args->value;

	__uint8_t		*dst = args->value;

	int			valuelen = args->valuelen;

	int			valuelen;

	int			nmap;

	int			nmap;

	int			error;

	int			error;

	int			blkcnt = args->rmtblkcnt;

	int			blkcnt = args->rmtblkcnt;

	trace_xfs_attr_rmtval_get(args);

	trace_xfs_attr_rmtval_get(args);

	ASSERT(!(args->flags & ATTR_KERNOVAL));

	ASSERT(!(args->flags & ATTR_KERNOVAL));

	ASSERT(args->rmtvaluelen == args->valuelen);

	valuelen = args->rmtvaluelen;

	while (valuelen > 0) {

	while (valuelen > 0) {

		nmap = ATTR_RMTVALUE_MAPSIZE;

		nmap = ATTR_RMTVALUE_MAPSIZE;

		error = xfs_bmapi_read(args->dp, (xfs_fileoff_t)lblkno,

		error = xfs_bmapi_read(args->dp, (xfs_fileoff_t)lblkno,

	 * attributes have headers, we can't just do a straight byte to FSB

	 * attributes have headers, we can't just do a straight byte to FSB

	 * conversion and have to take the header space into account.

	 * conversion and have to take the header space into account.

	 */

	 */

	blkcnt = xfs_attr3_rmt_blocks(mp, args->valuelen);

	blkcnt = xfs_attr3_rmt_blocks(mp, args->rmtvaluelen);

	error = xfs_bmap_first_unused(args->trans, args->dp, blkcnt, &lfileoff,

	error = xfs_bmap_first_unused(args->trans, args->dp, blkcnt, &lfileoff,

						   XFS_ATTR_FORK);

						   XFS_ATTR_FORK);

	if (error)

	if (error)

	 */

	 */

	lblkno = args->rmtblkno;

	lblkno = args->rmtblkno;

	blkcnt = args->rmtblkcnt;

	blkcnt = args->rmtblkcnt;

	valuelen = args->valuelen;

	valuelen = args->rmtvaluelen;

	while (valuelen > 0) {

	while (valuelen > 0) {

		struct xfs_buf	*bp;

		struct xfs_buf	*bp;

		xfs_daddr_t	dblkno;

		xfs_daddr_t	dblkno;

	int		index;		/* index of attr of interest in blk */

	int		index;		/* index of attr of interest in blk */

	xfs_dablk_t	rmtblkno;	/* remote attr value starting blkno */

	xfs_dablk_t	rmtblkno;	/* remote attr value starting blkno */

	int		rmtblkcnt;	/* remote attr value block count */

	int		rmtblkcnt;	/* remote attr value block count */

	int		rmtvaluelen;	/* remote attr value length in bytes */

	xfs_dablk_t	blkno2;		/* blkno of 2nd attr leaf of interest */

	xfs_dablk_t	blkno2;		/* blkno of 2nd attr leaf of interest */

	int		index2;		/* index of 2nd attr in blk */

	int		index2;		/* index of 2nd attr in blk */

	xfs_dablk_t	rmtblkno2;	/* remote attr value starting blkno */

	xfs_dablk_t	rmtblkno2;	/* remote attr value starting blkno */

	int		rmtblkcnt2;	/* remote attr value block count */

	int		rmtblkcnt2;	/* remote attr value block count */

	int		rmtvaluelen2;	/* remote attr value length in bytes */

	int		op_flags;	/* operation flags */

	int		op_flags;	/* operation flags */

	enum xfs_dacmp	cmpresult;	/* name compare result for lookups */

	enum xfs_dacmp	cmpresult;	/* name compare result for lookups */

} xfs_da_args_t;

} xfs_da_args_t;