@@ -362,6 +362,16 @@ xfs_ioc_attr_list(
struct xfs_attrlist *alist;
int error;
+ if (bufsize < sizeof(struct xfs_attrlist) ||
+ bufsize > XFS_XATTR_LIST_MAX)
+ return -EINVAL;
+
+ /*
+ * Reject flags, only allow namespaces.
+ */
+ if (flags & ~(ATTR_ROOT | ATTR_SECURE))
+ return -EINVAL;
+
/*
* Validate the cursor.
*/
@@ -416,15 +426,6 @@ xfs_attrlist_by_handle(
return -EPERM;
if (copy_from_user(&al_hreq, arg, sizeof(xfs_fsop_attrlist_handlereq_t)))
return -EFAULT;
- if (al_hreq.buflen < sizeof(struct xfs_attrlist) ||
- al_hreq.buflen > XFS_XATTR_LIST_MAX)
- return -EINVAL;
-
- /*
- * Reject flags, only allow namespaces.
- */
- if (al_hreq.flags & ~(ATTR_ROOT | ATTR_SECURE))
- return -EINVAL;
dentry = xfs_handlereq_to_dentry(parfilp, &al_hreq.hreq);
if (IS_ERR(dentry))
@@ -366,15 +366,6 @@ xfs_compat_attrlist_by_handle(
if (copy_from_user(&al_hreq, arg,
sizeof(compat_xfs_fsop_attrlist_handlereq_t)))
return -EFAULT;
- if (al_hreq.buflen < sizeof(struct xfs_attrlist) ||
- al_hreq.buflen > XFS_XATTR_LIST_MAX)
- return -EINVAL;
-
- /*
- * Reject flags, only allow namespaces.
- */
- if (al_hreq.flags & ~(ATTR_ROOT | ATTR_SECURE))
- return -EINVAL;
dentry = xfs_compat_handlereq_to_dentry(parfilp, &al_hreq.hreq);
if (IS_ERR(dentry))
Lift the flags and bufsize checks from both callers into the common code in xfs_ioc_attr_list. Signed-off-by: Christoph Hellwig <hch@lst.de> --- fs/xfs/xfs_ioctl.c | 19 ++++++++++--------- fs/xfs/xfs_ioctl32.c | 9 --------- 2 files changed, 10 insertions(+), 18 deletions(-)