ceph: fix listxattr vxattr buffer length calculation

	struct inode *inode = d_inode(dentry);

	struct ceph_inode_info *ci = ceph_inode(inode);

	struct ceph_vxattr *vxattrs = ceph_inode_vxattrs(inode);

	u32 vir_namelen = 0;

	bool len_only = (size == 0);

	u32 namelen;

	int err;

	u32 len;

	int i;

	spin_lock(&ci->i_ceph_lock);

	err = __build_xattrs(inode);

	if (err < 0)

		goto out;

	/*

	 * Start with virtual dir xattr names (if any) (including

	 * terminating '\0' characters for each).

	 */

	vir_namelen = ceph_vxattrs_name_size(vxattrs);

	/* adding 1 byte per each variable due to the null termination */

	/* add 1 byte for each xattr due to the null termination */

	namelen = ci->i_xattrs.names_size + ci->i_xattrs.count;

	if (!len_only) {

		if (namelen > size) {

			err = -ERANGE;

	if (size && vir_namelen + namelen > size)

		goto out;

	err = namelen + vir_namelen;

	if (size == 0)

			goto out;

		}

		names = __copy_xattr_names(ci, names);

		size -= namelen;

	}

	/* virtual xattr names, too */

	err = namelen;

	if (vxattrs) {

		for (i = 0; vxattrs[i].name; i++) {

			if (!(vxattrs[i].flags & VXATTR_FLAG_HIDDEN) &&

			    !(vxattrs[i].exists_cb &&

			      !vxattrs[i].exists_cb(ci))) {

				len = sprintf(names, "%s", vxattrs[i].name);

				names += len + 1;

				err += len + 1;

			size_t this_len;

			if (vxattrs[i].flags & VXATTR_FLAG_HIDDEN)

				continue;

			if (vxattrs[i].exists_cb && !vxattrs[i].exists_cb(ci))

				continue;

			this_len = strlen(vxattrs[i].name) + 1;

			namelen += this_len;

			if (len_only)

				continue;

			if (this_len > size) {

				err = -ERANGE;

				goto out;

			}

			memcpy(names, vxattrs[i].name, this_len);

			names += this_len;

			size -= this_len;

		}

	}

	err = namelen;

out:

	spin_unlock(&ci->i_ceph_lock);

	return err;