From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756735AbcIMUnT (ORCPT ); Tue, 13 Sep 2016 16:43:19 -0400 Received: from mout.web.de ([212.227.17.12]:54561 "EHLO mout.web.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751042AbcIMUnR (ORCPT ); Tue, 13 Sep 2016 16:43:17 -0400 Subject: [PATCH 2/7] AGPGART: Use memdup_user() rather than duplicating its implementation To: kernel-janitors@vger.kernel.org, David Airlie References: <566ABCD9.1060404@users.sourceforge.net> <5204ca92-2cdf-8115-567c-4ac29816fcec@users.sourceforge.net> Cc: LKML , Julia Lawall From: SF Markus Elfring Message-ID: Date: Tue, 13 Sep 2016 22:43:05 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.3.0 MIME-Version: 1.0 In-Reply-To: <5204ca92-2cdf-8115-567c-4ac29816fcec@users.sourceforge.net> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K0:4auFMJ+VDfvNdxcSedEzPfawjpmxpAfzt1VJn+uquetExMA+28j OfXiDWQVFGT5DCxMT9QOpWqsQWzj6kolAxXZI0i808d6O7+wdRetY3gsplpEdXT5dO/m3YT CfgRjnTWKyZafElnMwQ4DR66IQUGk+YpNz8DKKUuuoheekdRfEyV7qTwx2Fb+NY2jEFKx6O 3og1pVpEW7CXxY3WX4hrQ== X-UI-Out-Filterresults: notjunk:1;V01:K0:9x7i4mSRKoM=:HpOM2BnALwFIh11QxWQbYi LsSH7F5ipRJW3l/H2ovt4dg6a4qBsKI20RrLY8YnUSRN9/wrmVYlRRgpN+ltiT2k29cHLzmDM EuFnYpluuuTts3/6GcJ86SYFBQhN0+JluFkeZA6NsUvAhrLrO9kHBmi3JEJQmFWsyj9r9y58z pZ+OYflmaB/+0YR3y0z/63fg+PtR8OXMxL9rLK9H1zuft36fgvVr2AVrAUQUNiiMxj1nwBSn/ tGF4Hl3m0rv/XdeNZthtmWp0clztb5XHXMmWBFYFleSyl80A/cXjawWkQi0759rkch+afl/E+ a7mPwvyQMOYyDXEN5IXmmtj/N+tkpXaMDqTGSB8a0r0smIvbQY+qxR/bylSs81+dPclptuUU2 6db7y/ELV4gA8uOB3o9QG0lplLZRqYsaAIBCc6bglOrMciTo/h11pSnij5gt/ViNtkzp4KRu/ PlqTn4ldViCA70N281mAT53hCQtlZsDZq/PYEsigXAx6bcQqEwum5Pf0RS243HZrSZkk8KrJG 7bw85fjoJHKneqqmB1fQP/52v3INq3RFBSJc/O5REGKmK/KJuucMKEUFyx0eQXGmYk4P0BMho Docl2fh+saKdAJoFL3wjEsFsq+i4oJaMmWqWN3bD8jVK/5ibNHWxyv6tyCgW3hZnmnAp9np3c aKFPaBM7CB/Jjj0N5hw0QLyNQuj6mkCDSctFHvqgD6f2erurK1r6jj9CP505DddOEKcHB9JN+ GCMM0oYVFfWkfx5cX+ClEsfa45RrJo4adKehVuqixpRQLvnjJi/+63Ev5Z4eiFojkdaUfmtMH 1olzJyU Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Markus Elfring Date: Tue, 13 Sep 2016 21:00:44 +0200 * Reuse existing functionality from memdup_user() instead of keeping duplicate source code. * Try this copy operation before allocating memory for the local variable "ksegment". Signed-off-by: Markus Elfring --- drivers/char/agp/compat_ioctl.c | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/drivers/char/agp/compat_ioctl.c b/drivers/char/agp/compat_ioctl.c index a2b69db..68d4dc7 100644 --- a/drivers/char/agp/compat_ioctl.c +++ b/drivers/char/agp/compat_ioctl.c @@ -98,11 +98,10 @@ static int compat_agpioc_reserve_wrap(struct agp_file_private *priv, void __user if (ureserve.seg_count >= 16384) return -EINVAL; - usegment = kmalloc_array(ureserve.seg_count, - sizeof(*usegment), - GFP_KERNEL); - if (!usegment) - return -ENOMEM; + usegment = memdup_user((void __user *) ureserve.seg_list, + sizeof(*usegment) * ureserve.seg_count); + if (IS_ERR(usegment)) + return PTR_ERR(usegment); ksegment = kmalloc_array(kreserve.seg_count, sizeof(*ksegment), @@ -112,13 +111,6 @@ static int compat_agpioc_reserve_wrap(struct agp_file_private *priv, void __user return -ENOMEM; } - if (copy_from_user(usegment, (void __user *) ureserve.seg_list, - sizeof(*usegment) * ureserve.seg_count)) { - kfree(usegment); - kfree(ksegment); - return -EFAULT; - } - for (seg = 0; seg < ureserve.seg_count; seg++) { ksegment[seg].pg_start = usegment[seg].pg_start; ksegment[seg].pg_count = usegment[seg].pg_count; -- 2.10.0