Re: [PATCH v2] s390/pkey: Use memdup_user() rather than duplicating its implementation

From: Christian Borntraeger <borntraeger@de.ibm.com>
To: Markus Elfring <Markus.Elfring@web.de>,
	linux-s390@vger.kernel.org, Joe Perches <joe@perches.com>,
	Harald Freudenberger <freude@linux.ibm.com>,
	Heiko Carstens <heiko.carstens@de.ibm.com>,
	Ingo Franzki <ifranzki@linux.ibm.com>,
	Vasily Gorbik <gor@linux.ibm.com>
Cc: LKML <linux-kernel@vger.kernel.org>, kernel-janitors@vger.kernel.org
Subject: Re: [PATCH v2] s390/pkey: Use memdup_user() rather than duplicating its implementation
Date: Thu, 7 Nov 2019 13:44:11 +0100	[thread overview]
Message-ID: <833d7d5e-6ede-6bdd-a2cc-2da7f0b03908@de.ibm.com> (raw)
In-Reply-To: <deb7893f-3cfe-18fc-3feb-b26b290bf3c6@web.de>

On 07.11.19 11:06, Markus Elfring wrote:
> From: Markus Elfring <elfring@users.sourceforge.net>
> Date: Thu, 7 Nov 2019 10:40:18 +0100
> 
> Reuse existing functionality from memdup_user() instead of keeping
> duplicate source code.
> 
> Generated by: scripts/coccinelle/api/memdup_user.cocci
> 
> Delete local variables which became unnecessary with this refactoring
> in two function implementations.
> 
> Fixes: f2bbc96e7cfad3891b7bf9bd3e566b9b7ab4553d ("s390/pkey: add CCA AES cipher key support")

With that patch description, the Fixes tag is wrong...but (see below)

> Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
> ---
> 
> v2:
> Further changes were requested by Joe Perches.
> https://lore.kernel.org/r/6137855bb4170c438c7436cbdb7dfd21639a8855.camel@perches.com/
> 
> * The proposed usage of two conditional operators was replaced by
>   an other code structure.
> 
> * A sanity check was adjusted for the function “_copy_apqns_from_user”.
> 
> 
>  drivers/s390/crypto/pkey_api.c | 26 ++++----------------------
>  1 file changed, 4 insertions(+), 22 deletions(-)
> 
> diff --git a/drivers/s390/crypto/pkey_api.c b/drivers/s390/crypto/pkey_api.c
> index 9de3d46b3253..ac99fd97569d 100644
> --- a/drivers/s390/crypto/pkey_api.c
> +++ b/drivers/s390/crypto/pkey_api.c
> @@ -715,36 +715,18 @@ static int pkey_apqns4keytype(enum pkey_key_type ktype,
> 
>  static void *_copy_key_from_user(void __user *ukey, size_t keylen)
>  {
> -	void *kkey;
> -
>  	if (!ukey || keylen < MINKEYBLOBSIZE || keylen > KEYBLOBBUFSIZE)
>  		return ERR_PTR(-EINVAL);
> -	kkey = kmalloc(keylen, GFP_KERNEL);
> -	if (!kkey)
> -		return ERR_PTR(-ENOMEM);
> -	if (copy_from_user(kkey, ukey, keylen)) {
> -		kfree(kkey);
> -		return ERR_PTR(-EFAULT);
> -	}
> 
> -	return kkey;
> +	return memdup_user(ukey, keylen);

This part looks good

>  }
> 
>  static void *_copy_apqns_from_user(void __user *uapqns, size_t nr_apqns)
>  {

This part below is not an equivalent replacement. In fact you are fixing a bug here...

> -	void *kapqns = NULL;
> -	size_t nbytes;
> -
> -	if (uapqns && nr_apqns > 0) {
> -		nbytes = nr_apqns * sizeof(struct pkey_apqn);
> -		kapqns = kmalloc(nbytes, GFP_KERNEL);
> -		if (!kapqns)
> -			return ERR_PTR(-ENOMEM);
> -		if (copy_from_user(kapqns, uapqns, nbytes))

	.... here we would need to kfree kapqns, but we do not. So this is
a memory leak. Isnt it?

So indeed this is fixing something. But please rework your the patch 
description accordingly.

> -			return ERR_PTR(-EFAULT);
> -	}

> +	if (!uapqns || nr_apqns <= 0)
> +		return NULL;
> 
> -	return kapqns;
> +	return memdup_user(uapqns, nr_apqns * sizeof(struct pkey_apqn));
>  }
> 
>  static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd,
> --
> 2.24.0
> 