LinuxLists.cc - [PATCH] xen/privcmd: Use memdup_array_user() in alloc

2024-01-28 17:10:06

Subject: [PATCH] xen/privcmd: Use memdup_array_user() in alloc_ioreq()

From: Markus Elfring <[email protected]>
Date: Sun, 28 Jan 2024 17:50:43 +0100

* The function “memdup_array_user” was added with the
commit 313ebe47d75558511aa1237b6e35c663b5c0ec6f ("string.h: add
array-wrappers for (v)memdup_user()").
Thus use it accordingly.

This issue was detected by using the Coccinelle software.

* Delete a label which became unnecessary with this refactoring.

Signed-off-by: Markus Elfring <[email protected]>
---
drivers/xen/privcmd.c | 15 +++++----------
1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/drivers/xen/privcmd.c b/drivers/xen/privcmd.c
index 35b6e306026a..2c8f6d047c11 100644
--- a/drivers/xen/privcmd.c
+++ b/drivers/xen/privcmd.c
@@ -1223,18 +1223,13 @@ struct privcmd_kernel_ioreq *alloc_ioreq(struct privcmd_ioeventfd *ioeventfd)
kioreq->ioreq = (struct ioreq *)(page_to_virt(pages[0]));
mmap_write_unlock(mm);

- size = sizeof(*ports) * kioreq->vcpus;
- ports = kzalloc(size, GFP_KERNEL);
- if (!ports) {
- ret = -ENOMEM;
+ ports = memdup_array_user(u64_to_user_ptr(ioeventfd->ports),
+ kioreq->vcpus, sizeof(*ports));
+ if (IS_ERR(ports) {
+ ret = PTR_ERR(ports);
goto error_kfree;
}

- if (copy_from_user(ports, u64_to_user_ptr(ioeventfd->ports), size)) {
- ret = -EFAULT;
- goto error_kfree_ports;
- }
-
for (i = 0; i < kioreq->vcpus; i++) {
kioreq->ports[i].vcpu = i;
kioreq->ports[i].port = ports[i];
@@ -1256,7 +1251,7 @@ struct privcmd_kernel_ioreq *alloc_ioreq(struct privcmd_ioeventfd *ioeventfd)
error_unbind:
while (--i >= 0)
unbind_from_irqhandler(irq_from_evtchn(ports[i]), &kioreq->ports[i]);
-error_kfree_ports:
+
kfree(ports);
error_kfree:
kfree(kioreq);
--
2.43.0

2024-02-13 07:47:51

by Juergen Gross

[permalink] [raw]

Subject: Re: [PATCH] xen/privcmd: Use memdup_array_user() in alloc_ioreq()

On 28.01.24 18:09, Markus Elfring wrote:
> From: Markus Elfring <[email protected]>
> Date: Sun, 28 Jan 2024 17:50:43 +0100
>
> * The function “memdup_array_user” was added with the
> commit 313ebe47d75558511aa1237b6e35c663b5c0ec6f ("string.h: add
> array-wrappers for (v)memdup_user()").
> Thus use it accordingly.
>
> This issue was detected by using the Coccinelle software.
>
> * Delete a label which became unnecessary with this refactoring.
>
> Signed-off-by: Markus Elfring <[email protected]>

Reviewed-by: Juergen Gross <[email protected]>

Juergen

Attachments:

OpenPGP_0xB0DE9DD628BF132F.asc (3.66 kB)
OpenPGP public key OpenPGP_signature.asc (505.00 B)
OpenPGP digital signature Download all attachments