From affd1652d7baed6909ae2fd12fa4147e46db7d90 Mon Sep 17 00:00:00 2001
From: Trond Myklebust <Trond.Myklebust@netapp.com>
Date: Tue, 14 Aug 2012 17:14:17 -0400
Subject: [PATCH] --- yaml --- r: 322109 b: refs/heads/master c:
 cff298c721099c9ac4cea7196a37097ba2847946 h: refs/heads/master i:   322107:
 703fb2382162af77e96bb0e952ae2532db55dc20 v: v3

---
 [refs]                 |  2 +-
 trunk/fs/nfs/nfs4xdr.c | 11 ++++++-----
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/[refs] b/[refs]
index a9ee86cbf036..337241c92c1d 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: b291f1b1c86aa0c7bc3df2994e6a1a4e53f1fde0
+refs/heads/master: cff298c721099c9ac4cea7196a37097ba2847946
diff --git a/trunk/fs/nfs/nfs4xdr.c b/trunk/fs/nfs/nfs4xdr.c
index 54d3f5a9faa6..1bfbd67c556d 100644
--- a/trunk/fs/nfs/nfs4xdr.c
+++ b/trunk/fs/nfs/nfs4xdr.c
@@ -5045,10 +5045,10 @@ static int decode_getacl(struct xdr_stream *xdr, struct rpc_rqst *req,
 			 struct nfs_getaclres *res)
 {
 	unsigned int savep;
-	__be32 *bm_p;
 	uint32_t attrlen,
 		 bitmap[3] = {0};
 	int status;
+	unsigned int pg_offset;
 
 	res->acl_len = 0;
 	if ((status = decode_op_hdr(xdr, OP_GETATTR)) != 0)
@@ -5056,7 +5056,8 @@ static int decode_getacl(struct xdr_stream *xdr, struct rpc_rqst *req,
 
 	xdr_enter_page(xdr, xdr->buf->page_len);
 
-	bm_p = xdr->p;
+	/* Calculate the offset of the page data */
+	pg_offset = xdr->buf->head[0].iov_len;
 
 	if ((status = decode_attr_bitmap(xdr, bitmap)) != 0)
 		goto out;
@@ -5070,18 +5071,18 @@ static int decode_getacl(struct xdr_stream *xdr, struct rpc_rqst *req,
 		/* The bitmap (xdr len + bitmaps) and the attr xdr len words
 		 * are stored with the acl data to handle the problem of
 		 * variable length bitmaps.*/
-		res->acl_data_offset = (xdr->p - bm_p) << 2;
+		res->acl_data_offset = xdr_stream_pos(xdr) - pg_offset;
 
 		/* We ignore &savep and don't do consistency checks on
 		 * the attr length.  Let userspace figure it out.... */
 		res->acl_len = attrlen;
-		if (attrlen + res->acl_data_offset > xdr->buf->page_len) {
+		if (attrlen > (xdr->nwords << 2)) {
 			if (res->acl_flags & NFS4_ACL_LEN_REQUEST) {
 				/* getxattr interface called with a NULL buf */
 				goto out;
 			}
 			dprintk("NFS: acl reply: attrlen %u > page_len %u\n",
-					attrlen, xdr->buf->page_len);
+					attrlen, xdr->nwords << 2);
 			return -EINVAL;
 		}
 	} else