xfs: lift buffer allocation into xfs_ioc_attr_list
Lift the buffer allocation from the two callers into xfs_ioc_attr_list.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Chandan Rajendra <chandanrlinux@gmail.com>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c
index c88ed3e..34f5969 100644
--- a/fs/xfs/xfs_ioctl.c
+++ b/fs/xfs/xfs_ioctl.c
@@ -352,13 +352,14 @@ xfs_ioc_attr_put_listent(
int
xfs_ioc_attr_list(
struct xfs_inode *dp,
- char *buffer,
+ void __user *ubuf,
int bufsize,
int flags,
struct attrlist_cursor_kern *cursor)
{
struct xfs_attr_list_context context;
struct xfs_attrlist *alist;
+ void *buffer;
int error;
if (bufsize < sizeof(struct xfs_attrlist) ||
@@ -382,11 +383,9 @@ xfs_ioc_attr_list(
(cursor->hashval || cursor->blkno || cursor->offset))
return -EINVAL;
- /*
- * Check for a properly aligned buffer.
- */
- if (((long)buffer) & (sizeof(int)-1))
- return -EFAULT;
+ buffer = kmem_zalloc_large(bufsize, 0);
+ if (!buffer)
+ return -ENOMEM;
/*
* Initialize the output buffer.
@@ -407,7 +406,13 @@ xfs_ioc_attr_list(
alist->al_offset[0] = context.bufsize;
error = xfs_attr_list(&context);
- ASSERT(error <= 0);
+ if (error)
+ goto out_free;
+
+ if (copy_to_user(ubuf, buffer, bufsize))
+ error = -EFAULT;
+out_free:
+ kmem_free(buffer);
return error;
}
@@ -421,7 +426,6 @@ xfs_attrlist_by_handle(
struct xfs_fsop_attrlist_handlereq __user *p = arg;
xfs_fsop_attrlist_handlereq_t al_hreq;
struct dentry *dentry;
- char *kbuf;
if (!capable(CAP_SYS_ADMIN))
return -EPERM;
@@ -432,26 +436,15 @@ xfs_attrlist_by_handle(
if (IS_ERR(dentry))
return PTR_ERR(dentry);
- kbuf = kmem_zalloc_large(al_hreq.buflen, 0);
- if (!kbuf)
+ cursor = (attrlist_cursor_kern_t *)&al_hreq.pos;
+ error = xfs_ioc_attr_list(XFS_I(d_inode(dentry)), al_hreq.buffer,
+ al_hreq.buflen, al_hreq.flags, cursor);
+ if (error)
goto out_dput;
- cursor = (attrlist_cursor_kern_t *)&al_hreq.pos;
- error = xfs_ioc_attr_list(XFS_I(d_inode(dentry)), kbuf, al_hreq.buflen,
- al_hreq.flags, cursor);
- if (error)
- goto out_kfree;
-
- if (copy_to_user(&p->pos, cursor, sizeof(attrlist_cursor_kern_t))) {
- error = -EFAULT;
- goto out_kfree;
- }
-
- if (copy_to_user(al_hreq.buffer, kbuf, al_hreq.buflen))
+ if (copy_to_user(&p->pos, cursor, sizeof(attrlist_cursor_kern_t)))
error = -EFAULT;
-out_kfree:
- kmem_free(kbuf);
out_dput:
dput(dentry);
return error;
diff --git a/fs/xfs/xfs_ioctl.h b/fs/xfs/xfs_ioctl.h
index cb7b94c..ec6448b 100644
--- a/fs/xfs/xfs_ioctl.h
+++ b/fs/xfs/xfs_ioctl.h
@@ -39,7 +39,7 @@ xfs_readlink_by_handle(
int xfs_ioc_attrmulti_one(struct file *parfilp, struct inode *inode,
uint32_t opcode, void __user *uname, void __user *value,
uint32_t *len, uint32_t flags);
-int xfs_ioc_attr_list(struct xfs_inode *dp, char *buffer, int bufsize,
+int xfs_ioc_attr_list(struct xfs_inode *dp, void __user *ubuf, int bufsize,
int flags, struct attrlist_cursor_kern *cursor);
extern struct dentry *
diff --git a/fs/xfs/xfs_ioctl32.c b/fs/xfs/xfs_ioctl32.c
index 840d179..17e1491 100644
--- a/fs/xfs/xfs_ioctl32.c
+++ b/fs/xfs/xfs_ioctl32.c
@@ -359,7 +359,6 @@ xfs_compat_attrlist_by_handle(
compat_xfs_fsop_attrlist_handlereq_t __user *p = arg;
compat_xfs_fsop_attrlist_handlereq_t al_hreq;
struct dentry *dentry;
- char *kbuf;
if (!capable(CAP_SYS_ADMIN))
return -EPERM;
@@ -371,27 +370,16 @@ xfs_compat_attrlist_by_handle(
if (IS_ERR(dentry))
return PTR_ERR(dentry);
- error = -ENOMEM;
- kbuf = kmem_zalloc_large(al_hreq.buflen, 0);
- if (!kbuf)
+ cursor = (attrlist_cursor_kern_t *)&al_hreq.pos;
+ error = xfs_ioc_attr_list(XFS_I(d_inode(dentry)),
+ compat_ptr(al_hreq.buffer), al_hreq.buflen,
+ al_hreq.flags, cursor);
+ if (error)
goto out_dput;
- cursor = (attrlist_cursor_kern_t *)&al_hreq.pos;
- error = xfs_ioc_attr_list(XFS_I(d_inode(dentry)), kbuf, al_hreq.buflen,
- al_hreq.flags, cursor);
- if (error)
- goto out_kfree;
-
- if (copy_to_user(&p->pos, cursor, sizeof(attrlist_cursor_kern_t))) {
- error = -EFAULT;
- goto out_kfree;
- }
-
- if (copy_to_user(compat_ptr(al_hreq.buffer), kbuf, al_hreq.buflen))
+ if (copy_to_user(&p->pos, cursor, sizeof(attrlist_cursor_kern_t)))
error = -EFAULT;
-out_kfree:
- kmem_free(kbuf);
out_dput:
dput(dentry);
return error;