| Message ID | 20230814125501.303210-1-ruanjinjie@huawei.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [-next] stm class: Switch to memdup_user_nul() helper | expand |
Ping. On 2023/8/14 20:55, Ruan Jinjie wrote: > Although stm_write() use the kbuf with its count, the last byte of > kbuf is not initialized and there may be problems. > > Use memdup_user_nul() helper instead of open-coding to simplify the code > and fix the above issue. > > Signed-off-by: Ruan Jinjie <ruanjinjie@huawei.com> > --- > drivers/hwtracing/stm/core.c | 12 +++--------- > 1 file changed, 3 insertions(+), 9 deletions(-) > > diff --git a/drivers/hwtracing/stm/core.c b/drivers/hwtracing/stm/core.c > index 534fbefc7f6a..342d0ab6e8ca 100644 > --- a/drivers/hwtracing/stm/core.c > +++ b/drivers/hwtracing/stm/core.c > @@ -645,15 +645,9 @@ static ssize_t stm_char_write(struct file *file, const char __user *buf, > return err; > } > > - kbuf = kmalloc(count + 1, GFP_KERNEL); > - if (!kbuf) > - return -ENOMEM; > - > - err = copy_from_user(kbuf, buf, count); > - if (err) { > - kfree(kbuf); > - return -EFAULT; > - } > + kbuf = memdup_user_nul(buf, count); > + if (IS_ERR(kbuf)) > + return PTR_ERR(kbuf); > > pm_runtime_get_sync(&stm->dev); >
diff --git a/drivers/hwtracing/stm/core.c b/drivers/hwtracing/stm/core.c index 534fbefc7f6a..342d0ab6e8ca 100644 --- a/drivers/hwtracing/stm/core.c +++ b/drivers/hwtracing/stm/core.c @@ -645,15 +645,9 @@ static ssize_t stm_char_write(struct file *file, const char __user *buf, return err; } - kbuf = kmalloc(count + 1, GFP_KERNEL); - if (!kbuf) - return -ENOMEM; - - err = copy_from_user(kbuf, buf, count); - if (err) { - kfree(kbuf); - return -EFAULT; - } + kbuf = memdup_user_nul(buf, count); + if (IS_ERR(kbuf)) + return PTR_ERR(kbuf); pm_runtime_get_sync(&stm->dev);
Although stm_write() use the kbuf with its count, the last byte of kbuf is not initialized and there may be problems. Use memdup_user_nul() helper instead of open-coding to simplify the code and fix the above issue. Signed-off-by: Ruan Jinjie <ruanjinjie@huawei.com> --- drivers/hwtracing/stm/core.c | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-)