[PATCH v2 3/5] kernel: watch_queue: copy user-array safely

From: Philipp Stanner
Date: Fri Sep 08 2023 - 16:04:13 EST

Next message: Philipp Stanner: "[PATCH v2 4/5] drm_lease.c: copy user-array safely"
Previous message: Philipp Stanner: "[PATCH v2 2/5] kernel: kexec: copy user-array safely"
In reply to: Baoquan He: "Re: [PATCH v2 2/5] kernel: kexec: copy user-array safely"
Next in thread: Philipp Stanner: "[PATCH v2 4/5] drm_lease.c: copy user-array safely"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Currently, there is no overflow-check with memdup_user().

Use the new function memdup_array_user() instead of memdup_user() for
duplicating the user-space array safely.

Suggested-by: David Airlie <airlied@xxxxxxxxxx>
Signed-off-by: Philipp Stanner <pstanner@xxxxxxxxxx>
---
kernel/watch_queue.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/watch_queue.c b/kernel/watch_queue.c
index d0b6b390ee42..778b4056700f 100644
--- a/kernel/watch_queue.c
+++ b/kernel/watch_queue.c
@@ -331,7 +331,7 @@ long watch_queue_set_filter(struct pipe_inode_info *pipe,
filter.__reserved != 0)
return -EINVAL;

- tf = memdup_user(_filter->filters, filter.nr_filters * sizeof(*tf));
+ tf = memdup_array_user(_filter->filters, filter.nr_filters, sizeof(*tf));
if (IS_ERR(tf))
return PTR_ERR(tf);

--
2.41.0

Next message: Philipp Stanner: "[PATCH v2 4/5] drm_lease.c: copy user-array safely"
Previous message: Philipp Stanner: "[PATCH v2 2/5] kernel: kexec: copy user-array safely"
In reply to: Baoquan He: "Re: [PATCH v2 2/5] kernel: kexec: copy user-array safely"
Next in thread: Philipp Stanner: "[PATCH v2 4/5] drm_lease.c: copy user-array safely"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]