Ocfs2 devel - Mar 2009 - [PATCH] ocfs2: Use xs->bucket to set xattr value outside.

Tristan,
	could you please run your xattr test against it?

xs->base used to be allocated a 4K size and all the contents in the
bucket are copied to the it. So in ocfs2_xattr_bucket_set_value_outside,
we are safe to use xs->base + offset. Now we use ocfs2_xattr_bucket to
abstract xattr bucket and xs->base is initialized to the start of the
bu_bhs[0]. So xs->base + offset will overflow when the value root is
stored outside the first block.

Then why we can survive the xattr test by now? It is because we always
read the bucket contiguously now and kernel mm allocate continguous
memory for us. We are lucky, but we should fix it. So just get the
right value root as other callers do.

Signed-off-by: Tao Ma <tao.ma at oracle.com>
---
 fs/ocfs2/xattr.c |   27 +++++++++++++++++++++------
 1 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/fs/ocfs2/xattr.c b/fs/ocfs2/xattr.c
index f1b9af1..503a1d7 100644
--- a/fs/ocfs2/xattr.c
+++ b/fs/ocfs2/xattr.c
@@ -4795,19 +4795,34 @@ static int ocfs2_xattr_bucket_set_value_outside(struct
inode *inode,
 						char *val,
 						int value_len)
 {
-	int offset;
+	int ret, offset, block_off;
 	struct ocfs2_xattr_value_root *xv;
 	struct ocfs2_xattr_entry *xe = xs->here;
+	struct ocfs2_xattr_bucket *bucket = xs->bucket;
+	struct ocfs2_xattr_header *xh = bucket_xh(bucket);
+	void *base;
 
 	BUG_ON(!xs->base || !xe || ocfs2_xattr_is_local(xe));
 
-	offset = le16_to_cpu(xe->xe_name_offset) +
-		 OCFS2_XATTR_SIZE(xe->xe_name_len);
+	ret = ocfs2_xattr_bucket_get_name_value(inode, xh,
+						xe - xh->xh_entries,
+						&block_off,
+						&offset);
+	if (ret) {
+		mlog_errno(ret);
+		goto out;
+	}
 
-	xv = (struct ocfs2_xattr_value_root *)(xs->base + offset);
+	base = bucket_block(xs->bucket, block_off);
+	xv = (struct ocfs2_xattr_value_root *)(base + offset +
+		 OCFS2_XATTR_SIZE(xe->xe_name_len));
 
-	return __ocfs2_xattr_set_value_outside(inode, handle,
-					       xv, val, value_len);
+	ret = __ocfs2_xattr_set_value_outside(inode, handle,
+					      xv, val, value_len);
+	if (ret)
+		mlog_errno(ret);
+out:
+	return ret;
 }
 
 static int ocfs2_rm_xattr_cluster(struct inode *inode,
-- 
1.6.2.rc2.16.gf474c

On Tue, 2009-03-10 at 07:49 +0800, Tao Ma wrote:
> Tristan,
> 	could you please run your xattr test against it?
Sure, tests will be carried on soon:-)

Tristan.
> 
> xs->base used to be allocated a 4K size and all the contents in the
> bucket are copied to the it. So in ocfs2_xattr_bucket_set_value_outside,
> we are safe to use xs->base + offset. Now we use ocfs2_xattr_bucket to
> abstract xattr bucket and xs->base is initialized to the start of the
> bu_bhs[0]. So xs->base + offset will overflow when the value root is
> stored outside the first block.
> 
> Then why we can survive the xattr test by now? It is because we always
> read the bucket contiguously now and kernel mm allocate continguous
> memory for us. We are lucky, but we should fix it. So just get the
> right value root as other callers do.
> 
> Signed-off-by: Tao Ma <tao.ma at oracle.com>
> ---
>  fs/ocfs2/xattr.c |   27 +++++++++++++++++++++------
>  1 files changed, 21 insertions(+), 6 deletions(-)
> 
> diff --git a/fs/ocfs2/xattr.c b/fs/ocfs2/xattr.c
> index f1b9af1..503a1d7 100644
> --- a/fs/ocfs2/xattr.c
> +++ b/fs/ocfs2/xattr.c
> @@ -4795,19 +4795,34 @@ static int
ocfs2_xattr_bucket_set_value_outside(struct inode *inode,
>  						char *val,
>  						int value_len)
>  {
> -	int offset;
> +	int ret, offset, block_off;
>  	struct ocfs2_xattr_value_root *xv;
>  	struct ocfs2_xattr_entry *xe = xs->here;
> +	struct ocfs2_xattr_bucket *bucket = xs->bucket;
> +	struct ocfs2_xattr_header *xh = bucket_xh(bucket);
> +	void *base;
>  
>  	BUG_ON(!xs->base || !xe || ocfs2_xattr_is_local(xe));
>  
> -	offset = le16_to_cpu(xe->xe_name_offset) +
> -		 OCFS2_XATTR_SIZE(xe->xe_name_len);
> +	ret = ocfs2_xattr_bucket_get_name_value(inode, xh,
> +						xe - xh->xh_entries,
> +						&block_off,
> +						&offset);
> +	if (ret) {
> +		mlog_errno(ret);
> +		goto out;
> +	}
>  
> -	xv = (struct ocfs2_xattr_value_root *)(xs->base + offset);
> +	base = bucket_block(xs->bucket, block_off);
> +	xv = (struct ocfs2_xattr_value_root *)(base + offset +
> +		 OCFS2_XATTR_SIZE(xe->xe_name_len));
>  
> -	return __ocfs2_xattr_set_value_outside(inode, handle,
> -					       xv, val, value_len);
> +	ret = __ocfs2_xattr_set_value_outside(inode, handle,
> +					      xv, val, value_len);
> +	if (ret)
> +		mlog_errno(ret);
> +out:
> +	return ret;
>  }
>  
>  static int ocfs2_rm_xattr_cluster(struct inode *inode,

V1 to V2:
Just remove the local variable bucket.

A long time ago, xs->base is allocated a 4K size and all the contents
in the bucket are copied to the it. Now we use ocfs2_xattr_bucket to
abstract xattr bucket and xs->base is initialized to the start of the
bu_bhs[0]. So xs->base + offset will overflow when the value root is
stored outside the first block.

Then why we can survive the xattr test by now? It is because we always
read the bucket contiguously now and kernel mm allocate continguous
memory for us. We are lucky, but we should fix it. So just get the
right value root as other callers do.

Signed-off-by: Tao Ma <tao.ma at oracle.com>
---
 fs/ocfs2/xattr.c |   26 ++++++++++++++++++++------
 1 files changed, 20 insertions(+), 6 deletions(-)

diff --git a/fs/ocfs2/xattr.c b/fs/ocfs2/xattr.c
index f1b9af1..195120d 100644
--- a/fs/ocfs2/xattr.c
+++ b/fs/ocfs2/xattr.c
@@ -4795,19 +4795,33 @@ static int ocfs2_xattr_bucket_set_value_outside(struct
inode *inode,
 						char *val,
 						int value_len)
 {
-	int offset;
+	int ret, offset, block_off;
 	struct ocfs2_xattr_value_root *xv;
 	struct ocfs2_xattr_entry *xe = xs->here;
+	struct ocfs2_xattr_header *xh = bucket_xh(xs->bucket);
+	void *base;
 
 	BUG_ON(!xs->base || !xe || ocfs2_xattr_is_local(xe));
 
-	offset = le16_to_cpu(xe->xe_name_offset) +
-		 OCFS2_XATTR_SIZE(xe->xe_name_len);
+	ret = ocfs2_xattr_bucket_get_name_value(inode, xh,
+						xe - xh->xh_entries,
+						&block_off,
+						&offset);
+	if (ret) {
+		mlog_errno(ret);
+		goto out;
+	}
 
-	xv = (struct ocfs2_xattr_value_root *)(xs->base + offset);
+	base = bucket_block(xs->bucket, block_off);
+	xv = (struct ocfs2_xattr_value_root *)(base + offset +
+		 OCFS2_XATTR_SIZE(xe->xe_name_len));
 
-	return __ocfs2_xattr_set_value_outside(inode, handle,
-					       xv, val, value_len);
+	ret = __ocfs2_xattr_set_value_outside(inode, handle,
+					      xv, val, value_len);
+	if (ret)
+		mlog_errno(ret);
+out:
+	return ret;
 }
 
 static int ocfs2_rm_xattr_cluster(struct inode *inode,
-- 
1.6.2.rc2.16.gf474c

On Tue, 2009-03-10 at 07:49 +0800, Tao Ma wrote:
> Tristan,
> 	could you please run your xattr test against it?
Awesome! All single&multi-nodes xattr tests passed!


For detail testing info, refer to:
http://oss.oracle.com/osswiki/OCFS2/XattrTest


Regards,
Tristan
> 
> xs->base used to be allocated a 4K size and all the contents in the
> bucket are copied to the it. So in ocfs2_xattr_bucket_set_value_outside,
> we are safe to use xs->base + offset. Now we use ocfs2_xattr_bucket to
> abstract xattr bucket and xs->base is initialized to the start of the
> bu_bhs[0]. So xs->base + offset will overflow when the value root is
> stored outside the first block.
> 
> Then why we can survive the xattr test by now? It is because we always
> read the bucket contiguously now and kernel mm allocate continguous
> memory for us. We are lucky, but we should fix it. So just get the
> right value root as other callers do.
> 
> Signed-off-by: Tao Ma <tao.ma at oracle.com>
> ---
>  fs/ocfs2/xattr.c |   27 +++++++++++++++++++++------
>  1 files changed, 21 insertions(+), 6 deletions(-)
> 
> diff --git a/fs/ocfs2/xattr.c b/fs/ocfs2/xattr.c
> index f1b9af1..503a1d7 100644
> --- a/fs/ocfs2/xattr.c
> +++ b/fs/ocfs2/xattr.c
> @@ -4795,19 +4795,34 @@ static int
ocfs2_xattr_bucket_set_value_outside(struct inode *inode,
>  						char *val,
>  						int value_len)
>  {
> -	int offset;
> +	int ret, offset, block_off;
>  	struct ocfs2_xattr_value_root *xv;
>  	struct ocfs2_xattr_entry *xe = xs->here;
> +	struct ocfs2_xattr_bucket *bucket = xs->bucket;
> +	struct ocfs2_xattr_header *xh = bucket_xh(bucket);
> +	void *base;
>  
>  	BUG_ON(!xs->base || !xe || ocfs2_xattr_is_local(xe));
>  
> -	offset = le16_to_cpu(xe->xe_name_offset) +
> -		 OCFS2_XATTR_SIZE(xe->xe_name_len);
> +	ret = ocfs2_xattr_bucket_get_name_value(inode, xh,
> +						xe - xh->xh_entries,
> +						&block_off,
> +						&offset);
> +	if (ret) {
> +		mlog_errno(ret);
> +		goto out;
> +	}
>  
> -	xv = (struct ocfs2_xattr_value_root *)(xs->base + offset);
> +	base = bucket_block(xs->bucket, block_off);
> +	xv = (struct ocfs2_xattr_value_root *)(base + offset +
> +		 OCFS2_XATTR_SIZE(xe->xe_name_len));
>  
> -	return __ocfs2_xattr_set_value_outside(inode, handle,
> -					       xv, val, value_len);
> +	ret = __ocfs2_xattr_set_value_outside(inode, handle,
> +					      xv, val, value_len);
> +	if (ret)
> +		mlog_errno(ret);
> +out:
> +	return ret;
>  }
>  
>  static int ocfs2_rm_xattr_cluster(struct inode *inode,

On Tue, Mar 10, 2009 at 07:49:33AM +0800, Tao Ma wrote:
> diff --git a/fs/ocfs2/xattr.c b/fs/ocfs2/xattr.c
> index f1b9af1..503a1d7 100644
> --- a/fs/ocfs2/xattr.c
> +++ b/fs/ocfs2/xattr.c
> @@ -4795,19 +4795,34 @@ static int
ocfs2_xattr_bucket_set_value_outside(struct inode *inode,
>  						char *val,
>  						int value_len)
>  {
> -	int offset;
> +	int ret, offset, block_off;
>  	struct ocfs2_xattr_value_root *xv;
>  	struct ocfs2_xattr_entry *xe = xs->here;
> +	struct ocfs2_xattr_bucket *bucket = xs->bucket;
> +	struct ocfs2_xattr_header *xh = bucket_xh(bucket);
	You only use 'bucket' once, to initialize xh.  I'd rather you
remove that variable and initialize xh with 'bucket_xh(xs->bucket)'. 
It
saves us some stack space.

Joel

-- 

Life's Little Instruction Book #99

	"Think big thoughts, but relish small pleasures."

Joel Becker
Principal Software Developer
Oracle
E-mail: joel.becker at oracle.com
Phone: (650) 506-8127