ocfs2: fix NULL pointer dereference in ocfs2_duplicate_clusters_by_page

		goto out;

	} else if (ret == 1) {

		clusters_need = wc->w_clen;

		ret = ocfs2_refcount_cow(inode, filp, di_bh,

		ret = ocfs2_refcount_cow(inode, di_bh,

					 wc->w_cpos, wc->w_clen, UINT_MAX);

		if (ret) {

			mlog_errno(ret);

	if (!(ext_flags & OCFS2_EXT_REFCOUNTED))

		goto out;

	return ocfs2_refcount_cow(inode, NULL, fe_bh, cpos, 1, cpos+1);

	return ocfs2_refcount_cow(inode, fe_bh, cpos, 1, cpos+1);

out:

	return status;

		zero_clusters = last_cpos - zero_cpos;

	if (needs_cow) {

		rc = ocfs2_refcount_cow(inode, NULL, di_bh, zero_cpos,

		rc = ocfs2_refcount_cow(inode, di_bh, zero_cpos,

					zero_clusters, UINT_MAX);

		if (rc) {

			mlog_errno(rc);

	*meta_level = 1;

	ret = ocfs2_refcount_cow(inode, file, di_bh, cpos, clusters, UINT_MAX);

	ret = ocfs2_refcount_cow(inode, di_bh, cpos, clusters, UINT_MAX);

	if (ret)

		mlog_errno(ret);

out:

	u64 ino = ocfs2_metadata_cache_owner(context->et.et_ci);

	u64 old_blkno = ocfs2_clusters_to_blocks(inode->i_sb, p_cpos);

	ret = ocfs2_duplicate_clusters_by_page(handle, context->file, cpos,

	ret = ocfs2_duplicate_clusters_by_page(handle, inode, cpos,

					       p_cpos, new_p_cpos, len);

	if (ret) {

		mlog_errno(ret);

struct ocfs2_cow_context {

	struct inode *inode;

	struct file *file;

	u32 cow_start;

	u32 cow_len;

	struct ocfs2_extent_tree data_et;

			    u32 *num_clusters,

			    unsigned int *extent_flags);

	int (*cow_duplicate_clusters)(handle_t *handle,

				      struct file *file,

				      struct inode *inode,

				      u32 cpos, u32 old_cluster,

				      u32 new_cluster, u32 new_len);

};

}

int ocfs2_duplicate_clusters_by_page(handle_t *handle,

				     struct file *file,

				     struct inode *inode,

				     u32 cpos, u32 old_cluster,

				     u32 new_cluster, u32 new_len)

{

	int ret = 0, partial;

	struct inode *inode = file_inode(file);

	struct ocfs2_caching_info *ci = INODE_CACHE(inode);

	struct super_block *sb = ocfs2_metadata_cache_get_super(ci);

	struct super_block *sb = inode->i_sb;

	u64 new_block = ocfs2_clusters_to_blocks(sb, new_cluster);

	struct page *page;

	pgoff_t page_index;

		if (PAGE_CACHE_SIZE <= OCFS2_SB(sb)->s_clustersize)

			BUG_ON(PageDirty(page));

		if (PageReadahead(page)) {

			page_cache_async_readahead(mapping,

						   &file->f_ra, file,

						   page, page_index,

						   readahead_pages);

		}

		if (!PageUptodate(page)) {

			ret = block_read_full_page(page, ocfs2_get_block);

			if (ret) {

			}

		}

		ocfs2_map_and_dirty_page(inode, handle, from, to,

		ocfs2_map_and_dirty_page(inode,

					 handle, from, to,

					 page, 0, &new_block);

		mark_page_accessed(page);

unlock:

}

int ocfs2_duplicate_clusters_by_jbd(handle_t *handle,

				    struct file *file,

				    struct inode *inode,

				    u32 cpos, u32 old_cluster,

				    u32 new_cluster, u32 new_len)

{

	int ret = 0;

	struct inode *inode = file_inode(file);

	struct super_block *sb = inode->i_sb;

	struct ocfs2_caching_info *ci = INODE_CACHE(inode);

	int i, blocks = ocfs2_clusters_to_blocks(sb, new_len);

	/*If the old clusters is unwritten, no need to duplicate. */

	if (!(ext_flags & OCFS2_EXT_UNWRITTEN)) {

		ret = context->cow_duplicate_clusters(handle, context->file,

		ret = context->cow_duplicate_clusters(handle, context->inode,

						      cpos, old, new, len);

		if (ret) {

			mlog_errno(ret);

	return ret;

}

static void ocfs2_readahead_for_cow(struct inode *inode,

				    struct file *file,

				    u32 start, u32 len)

{

	struct address_space *mapping;

	pgoff_t index;

	unsigned long num_pages;

	int cs_bits = OCFS2_SB(inode->i_sb)->s_clustersize_bits;

	if (!file)

		return;

	mapping = file->f_mapping;

	num_pages = (len << cs_bits) >> PAGE_CACHE_SHIFT;

	if (!num_pages)

		num_pages = 1;

	index = ((loff_t)start << cs_bits) >> PAGE_CACHE_SHIFT;

	page_cache_sync_readahead(mapping, &file->f_ra, file,

				  index, num_pages);

}

/*

 * Starting at cpos, try to CoW write_len clusters.  Don't CoW

 * past max_cpos.  This will stop when it runs into a hole or an

 * unrefcounted extent.

 */

static int ocfs2_refcount_cow_hunk(struct inode *inode,

				   struct file *file,

				   struct buffer_head *di_bh,

				   u32 cpos, u32 write_len, u32 max_cpos)

{

	BUG_ON(cow_len == 0);

	ocfs2_readahead_for_cow(inode, file, cow_start, cow_len);

	context = kzalloc(sizeof(struct ocfs2_cow_context), GFP_NOFS);

	if (!context) {

		ret = -ENOMEM;

	context->ref_root_bh = ref_root_bh;

	context->cow_duplicate_clusters = ocfs2_duplicate_clusters_by_page;

	context->get_clusters = ocfs2_di_get_clusters;

	context->file = file;

	ocfs2_init_dinode_extent_tree(&context->data_et,

				      INODE_CACHE(inode), di_bh);

 * clusters between cpos and cpos+write_len are safe to modify.

 */

int ocfs2_refcount_cow(struct inode *inode,

		       struct file *file,

		       struct buffer_head *di_bh,

		       u32 cpos, u32 write_len, u32 max_cpos)

{

			num_clusters = write_len;

		if (ext_flags & OCFS2_EXT_REFCOUNTED) {

			ret = ocfs2_refcount_cow_hunk(inode, file, di_bh, cpos,

			ret = ocfs2_refcount_cow_hunk(inode, di_bh, cpos,

						      num_clusters, max_cpos);

			if (ret) {

				mlog_errno(ret);

					  int *credits,

					  int *ref_blocks);

int ocfs2_refcount_cow(struct inode *inode,

		       struct file *filep, struct buffer_head *di_bh,

		       struct buffer_head *di_bh,

		       u32 cpos, u32 write_len, u32 max_cpos);

typedef int (ocfs2_post_refcount_func)(struct inode *inode,

			     u32 cpos, u32 write_len,

			     struct ocfs2_post_refcount *post);

int ocfs2_duplicate_clusters_by_page(handle_t *handle,

				     struct file *file,

				     struct inode *inode,

				     u32 cpos, u32 old_cluster,

				     u32 new_cluster, u32 new_len);

int ocfs2_duplicate_clusters_by_jbd(handle_t *handle,

				    struct file *file,

				    struct inode *inode,

				    u32 cpos, u32 old_cluster,

				    u32 new_cluster, u32 new_len);

int ocfs2_cow_sync_writeback(struct super_block *sb,