On 21-02-16 18:12:05, Al Viro wrote:
> On Mon, Feb 15, 2021 at 05:45:33PM -0800, Ben Widawsky wrote:
> > + if (cmd->info.size_in) {
> > + mbox_cmd.payload_in = kvzalloc(cmd->info.size_in, GFP_KERNEL);
> > + if (!mbox_cmd.payload_in) {
> > + rc = -ENOMEM;
> > + goto out;
> > + }
> > +
> > + if (copy_from_user(mbox_cmd.payload_in,
> > + u64_to_user_ptr(in_payload),
> > + cmd->info.size_in)) {
> > + rc = -EFAULT;
> > + goto out;
> > + }
>
> Umm... Do you need to open-code vmemdup_user()? The only difference is
> GFP_KERNEL allocation instead of GFP_USER one, and the latter is arguably
> saner here... Zeroing is definitely pointless - you either overwrite
> the entire buffer with copy_from_user(), or you fail and free the damn
> thing.
mea culpa. In fact it was previously memdup_user and Dan suggested I switch to
vmemdup_user.
https://lore.kernel.org/linux-cxl/capcyv4j+ixvgeo5q2ohv4kdkbzbnohzj3kdovreqjjpbsre...@mail.gmail.com/
Will fix for the next version.
Thanks.
