On Tue, Jan 14, 2020 at 09:10:26AM +0100, Christoph Hellwig wrote:
> Simplify the user copy code by using strndup_user. This means that we
> now do one memory allocation per operation instead of one per ioctl,
> but memory allocations are cheap compared to the actual file system
> operations.
>
> Signed-off-by: Christoph Hellwig <hch@xxxxxx>
Looks ok,
Reviewed-by: Darrick J. Wong <darrick.wong@xxxxxxxxxx>
--D
> ---
> fs/xfs/xfs_ioctl.c | 17 +++++------------
> fs/xfs/xfs_ioctl32.c | 17 +++++------------
> 2 files changed, 10 insertions(+), 24 deletions(-)
>
> diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c
> index 6bd0684a3528..f4d5c865e29e 100644
> --- a/fs/xfs/xfs_ioctl.c
> +++ b/fs/xfs/xfs_ioctl.c
> @@ -446,11 +446,6 @@ xfs_attrmulti_by_handle(
> goto out_dput;
> }
>
> - error = -ENOMEM;
> - attr_name = kmalloc(MAXNAMELEN, GFP_KERNEL);
> - if (!attr_name)
> - goto out_kfree_ops;
> -
> error = 0;
> for (i = 0; i < am_hreq.opcount; i++) {
> if ((ops[i].am_flags & ATTR_ROOT) &&
> @@ -460,12 +455,11 @@ xfs_attrmulti_by_handle(
> }
> ops[i].am_flags &= ~ATTR_KERNEL_FLAGS;
>
> - ops[i].am_error = strncpy_from_user((char *)attr_name,
> - ops[i].am_attrname, MAXNAMELEN);
> - if (ops[i].am_error == 0 || ops[i].am_error == MAXNAMELEN)
> - error = -ERANGE;
> - if (ops[i].am_error < 0)
> + attr_name = strndup_user(ops[i].am_attrname, MAXNAMELEN);
> + if (IS_ERR(attr_name)) {
> + ops[i].am_error = PTR_ERR(attr_name);
> break;
> + }
>
> switch (ops[i].am_opcode) {
> case ATTR_OP_GET:
> @@ -496,13 +490,12 @@ xfs_attrmulti_by_handle(
> default:
> ops[i].am_error = -EINVAL;
> }
> + kfree(attr_name);
> }
>
> if (copy_to_user(am_hreq.ops, ops, size))
> error = -EFAULT;
>
> - kfree(attr_name);
> - out_kfree_ops:
> kfree(ops);
> out_dput:
> dput(dentry);
> diff --git a/fs/xfs/xfs_ioctl32.c b/fs/xfs/xfs_ioctl32.c
> index 1092c66e48d6..e6a7f619a54c 100644
> --- a/fs/xfs/xfs_ioctl32.c
> +++ b/fs/xfs/xfs_ioctl32.c
> @@ -443,11 +443,6 @@ xfs_compat_attrmulti_by_handle(
> goto out_dput;
> }
>
> - error = -ENOMEM;
> - attr_name = kmalloc(MAXNAMELEN, GFP_KERNEL);
> - if (!attr_name)
> - goto out_kfree_ops;
> -
> error = 0;
> for (i = 0; i < am_hreq.opcount; i++) {
> if ((ops[i].am_flags & ATTR_ROOT) &&
> @@ -457,13 +452,12 @@ xfs_compat_attrmulti_by_handle(
> }
> ops[i].am_flags &= ~ATTR_KERNEL_FLAGS;
>
> - ops[i].am_error = strncpy_from_user((char *)attr_name,
> - compat_ptr(ops[i].am_attrname),
> + attr_name = strndup_user(compat_ptr(ops[i].am_attrname),
> MAXNAMELEN);
> - if (ops[i].am_error == 0 || ops[i].am_error == MAXNAMELEN)
> - error = -ERANGE;
> - if (ops[i].am_error < 0)
> + if (IS_ERR(attr_name)) {
> + ops[i].am_error = PTR_ERR(attr_name);
> break;
> + }
>
> switch (ops[i].am_opcode) {
> case ATTR_OP_GET:
> @@ -494,13 +488,12 @@ xfs_compat_attrmulti_by_handle(
> default:
> ops[i].am_error = -EINVAL;
> }
> + kfree(attr_name);
> }
>
> if (copy_to_user(compat_ptr(am_hreq.ops), ops, size))
> error = -EFAULT;
>
> - kfree(attr_name);
> - out_kfree_ops:
> kfree(ops);
> out_dput:
> dput(dentry);
> --
> 2.24.1
>
