xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list()

The "bufsize" comes from the root user. If "bufsize" is negative then, because of type promotion, neither of the validation checks at the start of the function are able to catch it: if (bufsize < sizeof(struct xfs_attrlist) || bufsize > XFS_XATTR_LIST_MAX) return -EINVAL; This means "bufsize" will trigger (WARN_ON_ONCE(size > INT_MAX)) in kvmalloc_node(). Fix this by changing the type from int to size_t. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Reviewed-by: Darrick J. Wong <djwong@kernel.org> Signed-off-by: Darrick J. Wong <djwong@kernel.org>
author: Dan Carpenter <dan.carpenter@oracle.com> 2021-12-21 20:38:19 +0300
committer: Darrick J. Wong <djwong@kernel.org> 2021-12-21 20:49:41 +0300
commit: 6ed6356b07714e0198be3bc3ecccc8b40a212de4 (patch)
tree: 1559112e1cb550e684fdd9d18f8329728c19d3e4 /fs/xfs/xfs_ioctl.c
parent: 132c460e49649685bf4b02ba43dea59062f797d9 (diff)
download: linux-6ed6356b07714e0198be3bc3ecccc8b40a212de4.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c
index 174cd8950cb6..29231a8c8a45 100644
--- a/fs/xfs/xfs_ioctl.c
+++ b/fs/xfs/xfs_ioctl.c
@@ -372,7 +372,7 @@ int
 xfs_ioc_attr_list(
 	struct xfs_inode		*dp,
 	void __user			*ubuf,
-	int				bufsize,
+	size_t				bufsize,
 	int				flags,
 	struct xfs_attrlist_cursor __user *ucursor)
 {
author	Dan Carpenter <dan.carpenter@oracle.com>	2021-12-21 20:38:19 +0300
committer	Darrick J. Wong <djwong@kernel.org>	2021-12-21 20:49:41 +0300
commit	6ed6356b07714e0198be3bc3ecccc8b40a212de4 (patch)
tree	1559112e1cb550e684fdd9d18f8329728c19d3e4 /fs/xfs/xfs_ioctl.c
parent	132c460e49649685bf4b02ba43dea59062f797d9 (diff)
download	linux-6ed6356b07714e0198be3bc3ecccc8b40a212de4.tar.xz