From 61b214f338eea26e25ac022128804a9fe7bdc491 Mon Sep 17 00:00:00 2001
From: Fedor Uporov <fsu@FreeBSD.org>
Date: Tue, 12 Dec 2017 20:15:57 +0000
Subject: [PATCH] Move buffer size checks outside of the vnode locks.

Reviewed by:    kib, cem, pfg (mentor)
Approved by:    pfg (mentor)
MFC after:      1 weeks

Differential Revision:    https://reviews.freebsd.org/D13405
---
 sys/kern/vfs_extattr.c | 21 +++++++++------------
 1 file changed, 9 insertions(+), 12 deletions(-)

diff --git a/sys/kern/vfs_extattr.c b/sys/kern/vfs_extattr.c
index a18a61169bcc..5739ca349e04 100644
--- a/sys/kern/vfs_extattr.c
+++ b/sys/kern/vfs_extattr.c
@@ -167,6 +167,9 @@ extattr_set_vp(struct vnode *vp, int attrnamespace, const char *attrname,
 	ssize_t cnt;
 	int error;
 
+	if (nbytes > IOSIZE_MAX)
+		return (EINVAL);
+
 	error = vn_start_write(vp, &mp, V_WAIT | PCATCH);
 	if (error)
 		return (error);
@@ -177,10 +180,6 @@ extattr_set_vp(struct vnode *vp, int attrnamespace, const char *attrname,
 	auio.uio_iov = &aiov;
 	auio.uio_iovcnt = 1;
 	auio.uio_offset = 0;
-	if (nbytes > IOSIZE_MAX) {
-		error = EINVAL;
-		goto done;
-	}
 	auio.uio_resid = nbytes;
 	auio.uio_rw = UIO_WRITE;
 	auio.uio_segflg = UIO_USERSPACE;
@@ -330,6 +329,9 @@ extattr_get_vp(struct vnode *vp, int attrnamespace, const char *attrname,
 	size_t size, *sizep;
 	int error;
 
+	if (nbytes > IOSIZE_MAX)
+		return (EINVAL);
+
 	vn_lock(vp, LK_SHARED | LK_RETRY);
 
 	/*
@@ -346,10 +348,6 @@ extattr_get_vp(struct vnode *vp, int attrnamespace, const char *attrname,
 		auio.uio_iov = &aiov;
 		auio.uio_iovcnt = 1;
 		auio.uio_offset = 0;
-		if (nbytes > IOSIZE_MAX) {
-			error = EINVAL;
-			goto done;
-		}
 		auio.uio_resid = nbytes;
 		auio.uio_rw = UIO_READ;
 		auio.uio_segflg = UIO_USERSPACE;
@@ -638,6 +636,9 @@ extattr_list_vp(struct vnode *vp, int attrnamespace, void *data,
 	ssize_t cnt;
 	int error;
 
+	if (nbytes > IOSIZE_MAX)
+		return (EINVAL);
+
 	vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
 
 	auiop = NULL;
@@ -649,10 +650,6 @@ extattr_list_vp(struct vnode *vp, int attrnamespace, void *data,
 		auio.uio_iov = &aiov;
 		auio.uio_iovcnt = 1;
 		auio.uio_offset = 0;
-		if (nbytes > IOSIZE_MAX) {
-			error = EINVAL;
-			goto done;
-		}
 		auio.uio_resid = nbytes;
 		auio.uio_rw = UIO_READ;
 		auio.uio_segflg = UIO_USERSPACE;