diff mbox series

xen/privcmd: Use memdup_array_user() in alloc_ioreq()

Message ID 41e333f7-1f3a-41b6-a121-a3c0ae54e36f@web.de (mailing list archive)
State Accepted
Commit b2c52b8c128ea07f1632c516cec0d72cb63b5599
Headers show
Series xen/privcmd: Use memdup_array_user() in alloc_ioreq() | expand

Commit Message

Markus Elfring Jan. 28, 2024, 5:09 p.m. UTC 
From: Markus Elfring <elfring@users.sourceforge.net>
Date: Sun, 28 Jan 2024 17:50:43 +0100

* The function “memdup_array_user” was added with the
  commit 313ebe47d75558511aa1237b6e35c663b5c0ec6f ("string.h: add
  array-wrappers for (v)memdup_user()").
  Thus use it accordingly.

  This issue was detected by using the Coccinelle software.

* Delete a label which became unnecessary with this refactoring.

Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
---
 drivers/xen/privcmd.c | 15 +++++----------
 1 file changed, 5 insertions(+), 10 deletions(-)

--
2.43.0

Comments

Jürgen Groß Feb. 13, 2024, 7:47 a.m. UTC | #1 
On 28.01.24 18:09, Markus Elfring wrote:
> From: Markus Elfring <elfring@users.sourceforge.net>
> Date: Sun, 28 Jan 2024 17:50:43 +0100
> 
> * The function “memdup_array_user” was added with the
>    commit 313ebe47d75558511aa1237b6e35c663b5c0ec6f ("string.h: add
>    array-wrappers for (v)memdup_user()").
>    Thus use it accordingly.
> 
>    This issue was detected by using the Coccinelle software.
> 
> * Delete a label which became unnecessary with this refactoring.
> 
> Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>

Reviewed-by: Juergen Gross <jgross@suse.com>


Juergen
diff mbox series

Patch

diff --git a/drivers/xen/privcmd.c b/drivers/xen/privcmd.c
index 35b6e306026a..2c8f6d047c11 100644
--- a/drivers/xen/privcmd.c
+++ b/drivers/xen/privcmd.c
@@ -1223,18 +1223,13 @@  struct privcmd_kernel_ioreq *alloc_ioreq(struct privcmd_ioeventfd *ioeventfd)
 	kioreq->ioreq = (struct ioreq *)(page_to_virt(pages[0]));
 	mmap_write_unlock(mm);

-	size = sizeof(*ports) * kioreq->vcpus;
-	ports = kzalloc(size, GFP_KERNEL);
-	if (!ports) {
-		ret = -ENOMEM;
+	ports = memdup_array_user(u64_to_user_ptr(ioeventfd->ports),
+				  kioreq->vcpus, sizeof(*ports));
+	if (IS_ERR(ports) {
+		ret = PTR_ERR(ports);
 		goto error_kfree;
 	}

-	if (copy_from_user(ports, u64_to_user_ptr(ioeventfd->ports), size)) {
-		ret = -EFAULT;
-		goto error_kfree_ports;
-	}
-
 	for (i = 0; i < kioreq->vcpus; i++) {
 		kioreq->ports[i].vcpu = i;
 		kioreq->ports[i].port = ports[i];
@@ -1256,7 +1251,7 @@  struct privcmd_kernel_ioreq *alloc_ioreq(struct privcmd_ioeventfd *ioeventfd)
 error_unbind:
 	while (--i >= 0)
 		unbind_from_irqhandler(irq_from_evtchn(ports[i]), &kioreq->ports[i]);
-error_kfree_ports:
+
 	kfree(ports);
 error_kfree:
 	kfree(kioreq);