Julia Lawall schrieb: > From: Julia Lawall <ju...@diku.dk> > > Use memdup_user when user data is immediately copied into the > allocated region. > > The semantic patch that makes this change is as follows: > (http://coccinelle.lip6.fr/) > > // <smpl> > @@ > expression from,to,size,flag; > position p; > identifier l1,l2; > @@ > > - to = \(kmal...@p\|kzal...@p\)(size,flag); > + to = memdup_user(from,size); > if ( > - to==NULL > + IS_ERR(to) > || ...) { > <+... when != goto l1; > - -ENOMEM > + PTR_ERR(to) > ...+> > } > - if (copy_from_user(to, from, size) != 0) { > - <+... when != goto l2; > - -EFAULT > - ...+> > - } > // </smpl> > > Signed-off-by: Julia Lawall <ju...@diku.dk> > > --- > drivers/infiniband/core/ucm.c | 11 +++-------- > 1 file changed, 3 insertions(+), 8 deletions(-) > > diff --git a/drivers/infiniband/core/ucm.c b/drivers/infiniband/core/ucm.c > index 4647484..08f948d 100644 > --- a/drivers/infiniband/core/ucm.c > +++ b/drivers/infiniband/core/ucm.c > @@ -706,14 +706,9 @@ static int ib_ucm_alloc_data(const void **dest, u64 src, > u32 len) > if (!len) > return 0; > > - data = kmalloc(len, GFP_KERNEL); > - if (!data) > - return -ENOMEM; > - > - if (copy_from_user(data, (void __user *)(unsigned long)src, len)) { > - kfree(data); > - return -EFAULT; > - } > + data = memdup_user((void __user *)(unsigned long)src, len); > + if (IS_ERR(data)) > + return PTR_ERR(data); > > *dest = data; > return 0; > --
This cast look strange, can it happen that (unsigned long)<(u64) ? (is there a 32bit infiniband) ? just my 2 cents, wh -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
