Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp4785787pxb; Mon, 15 Feb 2021 00:47:32 -0800 (PST) X-Google-Smtp-Source: ABdhPJxpA2AC/H/Xs9bew4Rv852Xlg4tBWwfTBe0Vys2ofsnTiqf7X5LoEn+yBiBuiaizxCJogMe X-Received: by 2002:a50:ee10:: with SMTP id g16mr14491899eds.62.1613378852390; Mon, 15 Feb 2021 00:47:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1613378852; cv=none; d=google.com; s=arc-20160816; b=W4uvtPwIXaw+/WVJuCLIB3iDSMCWXcxQH++tyYf6Bo7lEp2WS3BMExuzHSSWls7IVU 5eqjoNBAbM8shW1R7OQdK6CxSmIMl0ifLxJSWNfw7Nyd6xc32xqEzjrwZb1dYIso2LHZ HyilQcNNxUjRj70JkEzDqp2s1Fburz5lflLvq5AWqOzQwN8yhq7eCfN5c3nHv1X723Tg Dh5GPZVsrZzN6b2cJ8P5GeVMbMldDcS+n6l5AcfTzXDbsImUigYdKgu6nOtjwmB0Ncnv WdtQJxAPmCdorzSHjjyjLq5ldGI8a81506Po0uwOtBktxnZ1Zu+9WoSSmWGJciPH5Nck vXrA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=7p0ZgJ7y6ZYSp40cSR2HClicIs9V9AmTmeD/P0zrzfM=; b=vAanIH4Pk5So3R6bCeSSpAU4AkJuJs55oOIwDqdqKieNsKBWjvG+AK+C60vmS6x2K+ q2JwFRtbIVlb2yTUyyXXo9Eg3lTX167NiuP1QRjT83yYaSJmFLT2dyx1bUD6MdCZAAkU 0YB2mj+RP6/u8WiEqXCjsB5a/CTndVOQ0cBFFLpHBLo34X8hIoS2eSADK4MFRfaMYbMv hHo5UuPsn9pspOoPW0u3lsn78+qbgvI9EvoJMOVjDkNt7yskGjaW08DtMIkoyOrRqSgS Esbk7g89GbC3S/lEE2pOy4k7naSkraGLrYCj8N4kivwEu2pJrrl0VeoNbpvBxLsYXWsD ABOw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=jR+Ajl9q; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=suse.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id 26si3366899ejv.296.2021.02.15.00.47.08; Mon, 15 Feb 2021 00:47:32 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=jR+Ajl9q; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=suse.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229892AbhBOIpL (ORCPT + 99 others); Mon, 15 Feb 2021 03:45:11 -0500 Received: from mx2.suse.de ([195.135.220.15]:42588 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229693AbhBOIpL (ORCPT ); Mon, 15 Feb 2021 03:45:11 -0500 X-Virus-Scanned: by amavisd-new at test-mx.suse.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1613378665; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=7p0ZgJ7y6ZYSp40cSR2HClicIs9V9AmTmeD/P0zrzfM=; b=jR+Ajl9qThbiHeigkerXV0mkqJhMebC+WU2WKgJwC+evDZjAkMvChSzoKIJTaZd1NNOzBm e055hpfXlrJirRBuSzYrMeJvD0SOeSNpaI4DPTAfe6l+UNcpINMj7gDQ0SzsxV1H6Uf7lb SeZrlXHJmXen2taNgw8BLT2CjlyeqpI= Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id E0FC3AD78; Mon, 15 Feb 2021 08:44:24 +0000 (UTC) Date: Mon, 15 Feb 2021 09:44:24 +0100 From: Michal Hocko To: Ivan Safonov Cc: Greg Kroah-Hartman , Andrew Morton , Allen Pais , Johannes Weiner , Waiman Long , Abheek Dhawan , devel@driverdev.osuosl.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] staging:wlan-ng: use memdup_user instead of kmalloc/copy_from_user Message-ID: References: <20210213120527.451531-1-insafonov@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210213120527.451531-1-insafonov@gmail.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat 13-02-21 15:05:28, Ivan Safonov wrote: > memdup_user() is shorter and safer equivalent > of kmalloc/copy_from_user pair. > > Signed-off-by: Ivan Safonov > --- > drivers/staging/wlan-ng/p80211netdev.c | 28 ++++++++++++-------------- > 1 file changed, 13 insertions(+), 15 deletions(-) > > diff --git a/drivers/staging/wlan-ng/p80211netdev.c b/drivers/staging/wlan-ng/p80211netdev.c > index a15abb2c8f54..6f9666dc0277 100644 > --- a/drivers/staging/wlan-ng/p80211netdev.c > +++ b/drivers/staging/wlan-ng/p80211netdev.c > @@ -569,24 +569,22 @@ static int p80211knetdev_do_ioctl(struct net_device *dev, > goto bail; > } > > - /* Allocate a buf of size req->len */ > - msgbuf = kmalloc(req->len, GFP_KERNEL); > - if (msgbuf) { > - if (copy_from_user(msgbuf, (void __user *)req->data, req->len)) > - result = -EFAULT; > - else > - result = p80211req_dorequest(wlandev, msgbuf); > + msgbuf = memdup_user(req->data, req->len); Move to memdup_user is definitely a right step. What is the range of req->len though? If this can be larger than PAGE_SIZE then vmemdup_user would be a better alternative. -- Michal Hocko SUSE Labs