summaryrefslogtreecommitdiffstats
path: root/fs/xfs
diff options
context:
space:
mode:
Diffstat (limited to 'fs/xfs')
-rw-r--r--fs/xfs/xfs_ioctl.c39
-rw-r--r--fs/xfs/xfs_ioctl.h2
-rw-r--r--fs/xfs/xfs_ioctl32.c22
3 files changed, 22 insertions, 41 deletions
diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c
index c88ed3e58f82..34f59697f8dd 100644
--- a/fs/xfs/xfs_ioctl.c
+++ b/fs/xfs/xfs_ioctl.c
@@ -352,13 +352,14 @@ xfs_ioc_attr_put_listent(
int
xfs_ioc_attr_list(
struct xfs_inode *dp,
- char *buffer,
+ void __user *ubuf,
int bufsize,
int flags,
struct attrlist_cursor_kern *cursor)
{
struct xfs_attr_list_context context;
struct xfs_attrlist *alist;
+ void *buffer;
int error;
if (bufsize < sizeof(struct xfs_attrlist) ||
@@ -382,11 +383,9 @@ xfs_ioc_attr_list(
(cursor->hashval || cursor->blkno || cursor->offset))
return -EINVAL;
- /*
- * Check for a properly aligned buffer.
- */
- if (((long)buffer) & (sizeof(int)-1))
- return -EFAULT;
+ buffer = kmem_zalloc_large(bufsize, 0);
+ if (!buffer)
+ return -ENOMEM;
/*
* Initialize the output buffer.
@@ -407,7 +406,13 @@ xfs_ioc_attr_list(
alist->al_offset[0] = context.bufsize;
error = xfs_attr_list(&context);
- ASSERT(error <= 0);
+ if (error)
+ goto out_free;
+
+ if (copy_to_user(ubuf, buffer, bufsize))
+ error = -EFAULT;
+out_free:
+ kmem_free(buffer);
return error;
}
@@ -421,7 +426,6 @@ xfs_attrlist_by_handle(
struct xfs_fsop_attrlist_handlereq __user *p = arg;
xfs_fsop_attrlist_handlereq_t al_hreq;
struct dentry *dentry;
- char *kbuf;
if (!capable(CAP_SYS_ADMIN))
return -EPERM;
@@ -432,26 +436,15 @@ xfs_attrlist_by_handle(
if (IS_ERR(dentry))
return PTR_ERR(dentry);
- kbuf = kmem_zalloc_large(al_hreq.buflen, 0);
- if (!kbuf)
- goto out_dput;
-
cursor = (attrlist_cursor_kern_t *)&al_hreq.pos;
- error = xfs_ioc_attr_list(XFS_I(d_inode(dentry)), kbuf, al_hreq.buflen,
- al_hreq.flags, cursor);
+ error = xfs_ioc_attr_list(XFS_I(d_inode(dentry)), al_hreq.buffer,
+ al_hreq.buflen, al_hreq.flags, cursor);
if (error)
- goto out_kfree;
-
- if (copy_to_user(&p->pos, cursor, sizeof(attrlist_cursor_kern_t))) {
- error = -EFAULT;
- goto out_kfree;
- }
+ goto out_dput;
- if (copy_to_user(al_hreq.buffer, kbuf, al_hreq.buflen))
+ if (copy_to_user(&p->pos, cursor, sizeof(attrlist_cursor_kern_t)))
error = -EFAULT;
-out_kfree:
- kmem_free(kbuf);
out_dput:
dput(dentry);
return error;
diff --git a/fs/xfs/xfs_ioctl.h b/fs/xfs/xfs_ioctl.h
index cb7b94c576a7..ec6448b259fb 100644
--- a/fs/xfs/xfs_ioctl.h
+++ b/fs/xfs/xfs_ioctl.h
@@ -39,7 +39,7 @@ xfs_readlink_by_handle(
int xfs_ioc_attrmulti_one(struct file *parfilp, struct inode *inode,
uint32_t opcode, void __user *uname, void __user *value,
uint32_t *len, uint32_t flags);
-int xfs_ioc_attr_list(struct xfs_inode *dp, char *buffer, int bufsize,
+int xfs_ioc_attr_list(struct xfs_inode *dp, void __user *ubuf, int bufsize,
int flags, struct attrlist_cursor_kern *cursor);
extern struct dentry *
diff --git a/fs/xfs/xfs_ioctl32.c b/fs/xfs/xfs_ioctl32.c
index 840d17951407..17e14916757b 100644
--- a/fs/xfs/xfs_ioctl32.c
+++ b/fs/xfs/xfs_ioctl32.c
@@ -359,7 +359,6 @@ xfs_compat_attrlist_by_handle(
compat_xfs_fsop_attrlist_handlereq_t __user *p = arg;
compat_xfs_fsop_attrlist_handlereq_t al_hreq;
struct dentry *dentry;
- char *kbuf;
if (!capable(CAP_SYS_ADMIN))
return -EPERM;
@@ -371,27 +370,16 @@ xfs_compat_attrlist_by_handle(
if (IS_ERR(dentry))
return PTR_ERR(dentry);
- error = -ENOMEM;
- kbuf = kmem_zalloc_large(al_hreq.buflen, 0);
- if (!kbuf)
- goto out_dput;
-
cursor = (attrlist_cursor_kern_t *)&al_hreq.pos;
- error = xfs_ioc_attr_list(XFS_I(d_inode(dentry)), kbuf, al_hreq.buflen,
- al_hreq.flags, cursor);
+ error = xfs_ioc_attr_list(XFS_I(d_inode(dentry)),
+ compat_ptr(al_hreq.buffer), al_hreq.buflen,
+ al_hreq.flags, cursor);
if (error)
- goto out_kfree;
-
- if (copy_to_user(&p->pos, cursor, sizeof(attrlist_cursor_kern_t))) {
- error = -EFAULT;
- goto out_kfree;
- }
+ goto out_dput;
- if (copy_to_user(compat_ptr(al_hreq.buffer), kbuf, al_hreq.buflen))
+ if (copy_to_user(&p->pos, cursor, sizeof(attrlist_cursor_kern_t)))
error = -EFAULT;
-out_kfree:
- kmem_free(kbuf);
out_dput:
dput(dentry);
return error;