Re: [PATCH] staging:wlan-ng: use memdup_user instead of kmalloc/copy_from_user

Michal Hocko Mon, 15 Feb 2021 04:44:51 -0800

On Sat 13-02-21 15:05:28, Ivan Safonov wrote:
> memdup_user() is shorter and safer equivalent
> of kmalloc/copy_from_user pair.
> 
> Signed-off-by: Ivan Safonov <insafo...@gmail.com>
> ---
>  drivers/staging/wlan-ng/p80211netdev.c | 28 ++++++++++++--------------
>  1 file changed, 13 insertions(+), 15 deletions(-)
> 
> diff --git a/drivers/staging/wlan-ng/p80211netdev.c 
> b/drivers/staging/wlan-ng/p80211netdev.c
> index a15abb2c8f54..6f9666dc0277 100644
> --- a/drivers/staging/wlan-ng/p80211netdev.c
> +++ b/drivers/staging/wlan-ng/p80211netdev.c
> @@ -569,24 +569,22 @@ static int p80211knetdev_do_ioctl(struct net_device 
> *dev,
>               goto bail;
>       }
>  
> -     /* Allocate a buf of size req->len */
> -     msgbuf = kmalloc(req->len, GFP_KERNEL);
> -     if (msgbuf) {
> -             if (copy_from_user(msgbuf, (void __user *)req->data, req->len))
> -                     result = -EFAULT;
> -             else
> -                     result = p80211req_dorequest(wlandev, msgbuf);
> +     msgbuf = memdup_user(req->data, req->len);


Move to memdup_user is definitely a right step. What is the range of
req->len though? If this can be larger than PAGE_SIZE then vmemdup_user
would be a better alternative.

-- 
Michal Hocko
SUSE Labs
_______________________________________________
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel

Re: [PATCH] staging:wlan-ng: use memdup_user instead of kmalloc/copy_from_user

Reply via email to