2023-11-03 11:32:14

by Philipp Stanner

[permalink] [raw]
Subject: [PATCH v2] drivers/comedi: use standard array-copy-function

comedi_fops.c utilizes memdup_user() to copy a userspace array.

The new function memdup_array_user() provides a standardized way to copy
userspace-arrays. It makes it easier to see that an array is being
copied and, additionally, performs a generic overflow-check which might
help make the code more robust in case of changes in the future.

Replace memdup_user() with memdup_array_user().

Suggested-by: Dave Airlie <[email protected]>
Signed-off-by: Philipp Stanner <[email protected]>
Reviewed-by: Ian Abbott <[email protected]>
---
Changes in v2:
- Rephrase commit message so that it doesn't sound as if an actual
overflow is being fixed here. (Greg K-H)
- Add Reviewed-by from Ian Abbott
---
drivers/comedi/comedi_fops.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/comedi/comedi_fops.c b/drivers/comedi/comedi_fops.c
index 1548dea15df1..1b481731df96 100644
--- a/drivers/comedi/comedi_fops.c
+++ b/drivers/comedi/comedi_fops.c
@@ -1714,8 +1714,8 @@ static int __comedi_get_user_chanlist(struct comedi_device *dev,

lockdep_assert_held(&dev->mutex);
cmd->chanlist = NULL;
- chanlist = memdup_user(user_chanlist,
- cmd->chanlist_len * sizeof(unsigned int));
+ chanlist = memdup_array_user(user_chanlist,
+ cmd->chanlist_len, sizeof(unsigned int));
if (IS_ERR(chanlist))
return PTR_ERR(chanlist);

--
2.41.0