| Message ID | 20240507201238.213396-2-thorsten.blum@toblux.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | misc: fastrpc: Use memdup_user() | expand |
On Tue, May 7, 2024, at 22:12, Thorsten Blum wrote: > Switching to memdup_user() overwrites the allocated memory only once, > whereas kzalloc() followed by copy_from_user() initializes the allocated > memory to zero and then immediately overwrites it. > > Fixes the following Coccinelle/coccicheck warning reported by > memdup_user.cocci: > > WARNING opportunity for memdup_user > > Signed-off-by: Thorsten Blum <thorsten.blum@toblux.com> The patch looks correct to me. > --- > drivers/misc/fastrpc.c | 11 +++-------- > 1 file changed, 3 insertions(+), 8 deletions(-) > > diff --git a/drivers/misc/fastrpc.c b/drivers/misc/fastrpc.c > index 4c67e2c5a82e..2857cddaf812 100644 > --- a/drivers/misc/fastrpc.c > +++ b/drivers/misc/fastrpc.c > @@ -1259,17 +1259,12 @@ static int > fastrpc_init_create_static_process(struct fastrpc_user *fl, > goto err; > } > > - name = kzalloc(init.namelen, GFP_KERNEL); > - if (!name) { > - err = -ENOMEM; > + name = memdup_user((void __user *)(uintptr_t)init.name, init.namelen); > + if (IS_ERR(name)) { > + err = PTR_ERR(name); > goto err; > } There is also a chance to simplify this further using u64_to_user_ptr() instead of the double cast if you want. Acked-by: Arnd Bergmann <arnd@arndb.de> Arnd
diff --git a/drivers/misc/fastrpc.c b/drivers/misc/fastrpc.c index 4c67e2c5a82e..2857cddaf812 100644 --- a/drivers/misc/fastrpc.c +++ b/drivers/misc/fastrpc.c @@ -1259,17 +1259,12 @@ static int fastrpc_init_create_static_process(struct fastrpc_user *fl, goto err; } - name = kzalloc(init.namelen, GFP_KERNEL); - if (!name) { - err = -ENOMEM; + name = memdup_user((void __user *)(uintptr_t)init.name, init.namelen); + if (IS_ERR(name)) { + err = PTR_ERR(name); goto err; } - if (copy_from_user(name, (void __user *)(uintptr_t)init.name, init.namelen)) { - err = -EFAULT; - goto err_name; - } - if (!fl->cctx->remote_heap) { err = fastrpc_remote_heap_alloc(fl, fl->sctx->dev, init.memlen, &fl->cctx->remote_heap);
Switching to memdup_user() overwrites the allocated memory only once, whereas kzalloc() followed by copy_from_user() initializes the allocated memory to zero and then immediately overwrites it. Fixes the following Coccinelle/coccicheck warning reported by memdup_user.cocci: WARNING opportunity for memdup_user Signed-off-by: Thorsten Blum <thorsten.blum@toblux.com> --- drivers/misc/fastrpc.c | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-)