Minor fix for btrfs_csum_file_block.

Execution should goto label 'insert' when 'btrfs_next_leaf' return a
non-zero value, otherwise the parameter 'slot' for
'btrfs_item_key_to_cpu' may be out of bounds. The original codes jump
to  label 'insert' only when 'btrfs_next_leaf' return a negative
value.

Signed-off-by: Chris Mason <chris.mason@oracle.com>

diff --git a/fs/btrfs/file-item.c b/fs/btrfs/file-item.c
index 482a2b615327ef93dcd28676f0a7057193f6b5d6..7eb9a5412e2f09ca7698024a491e6f65c406bc80 100644 (file)
--- a/fs/btrfs/file-item.c
+++ b/fs/btrfs/file-item.c
@@ -178,13 +178,11 @@ int btrfs_csum_file_block(struct btrfs_trans_handle *trans,
                nritems = btrfs_header_nritems(path->nodes[0]);
                if (path->slots[0] >= nritems - 1) {
                        ret = btrfs_next_leaf(root, path);
-                       if (ret == 1) {
+                       if (ret == 1)
                                found_next = 1;
-                       } else if (ret == 0) {
-                               slot = 0;
-                       } else {
+                       if (ret != 0)
                                goto insert;
-                       }
+                       slot = 0;
                }
                btrfs_item_key_to_cpu(path->nodes[0], &found_key, slot);
                if (found_key.objectid != objectid ||
@@ -238,7 +236,7 @@ insert:
        csum_offset = 0;
        if (found_next) {
                u64 tmp = min((u64)i_size_read(inode), next_offset);
-               tmp -= offset + root->sectorsize - 1;
+               tmp -= offset & ~((u64)root->sectorsize -1);
                tmp >>= root->fs_info->sb->s_blocksize_bits;
                tmp = max((u64)1, tmp);
                tmp = min(tmp, (u64)MAX_CSUM_ITEMS(root));