Lift the flags and bufsize checks from both callers into the common code in xfs_ioc_attr_list. Signed-off-by: Christoph Hellwig <hch@xxxxxx> --- fs/xfs/xfs_ioctl.c | 19 ++++++++++--------- fs/xfs/xfs_ioctl32.c | 9 --------- 2 files changed, 10 insertions(+), 18 deletions(-) diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c index 5a88e4d3c8b9..2cc53da070e7 100644 --- a/fs/xfs/xfs_ioctl.c +++ b/fs/xfs/xfs_ioctl.c @@ -362,6 +362,16 @@ xfs_ioc_attr_list( struct xfs_attrlist *alist; int error; + if (bufsize < sizeof(struct xfs_attrlist) || + bufsize > XFS_XATTR_LIST_MAX) + return -EINVAL; + + /* + * Reject flags, only allow namespaces. + */ + if (flags & ~(ATTR_ROOT | ATTR_SECURE)) + return -EINVAL; + /* * Validate the cursor. */ @@ -416,15 +426,6 @@ xfs_attrlist_by_handle( return -EPERM; if (copy_from_user(&al_hreq, arg, sizeof(xfs_fsop_attrlist_handlereq_t))) return -EFAULT; - if (al_hreq.buflen < sizeof(struct xfs_attrlist) || - al_hreq.buflen > XFS_XATTR_LIST_MAX) - return -EINVAL; - - /* - * Reject flags, only allow namespaces. - */ - if (al_hreq.flags & ~(ATTR_ROOT | ATTR_SECURE)) - return -EINVAL; dentry = xfs_handlereq_to_dentry(parfilp, &al_hreq.hreq); if (IS_ERR(dentry)) diff --git a/fs/xfs/xfs_ioctl32.c b/fs/xfs/xfs_ioctl32.c index 6ea64ceebec1..c11d009a9319 100644 --- a/fs/xfs/xfs_ioctl32.c +++ b/fs/xfs/xfs_ioctl32.c @@ -366,15 +366,6 @@ xfs_compat_attrlist_by_handle( if (copy_from_user(&al_hreq, arg, sizeof(compat_xfs_fsop_attrlist_handlereq_t))) return -EFAULT; - if (al_hreq.buflen < sizeof(struct xfs_attrlist) || - al_hreq.buflen > XFS_XATTR_LIST_MAX) - return -EINVAL; - - /* - * Reject flags, only allow namespaces. - */ - if (al_hreq.flags & ~(ATTR_ROOT | ATTR_SECURE)) - return -EINVAL; dentry = xfs_compat_handlereq_to_dentry(parfilp, &al_hreq.hreq); if (IS_ERR(dentry)) -- 2.20.1
