drivers/infiniband/hw/hfi1/user_sdma.c · c170d4ff21a8a525d782e3d1bc58d9538d95afe6 · Kirill Smelkov / linux · GitLab

Find file Blame History Permalink

RDMA/hfi1: Copy userspace arrays safely · c170d4ff

Philipp Stanner authored Nov 02, 2023

Currently, memdup_user() is utilized at two positions to copy userspace
arrays. This is done without overflow checks.

Use the new wrapper memdup_array_user() to copy the arrays more safely.
Suggested-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Philipp Stanner <pstanner@redhat.com>
Link: https://lore.kernel.org/r/20231102191308.52046-2-pstanner@redhat.comAcked-by: Dennis Dalessandro <dennis.dalessandro@cornelisnetworks.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>

c170d4ff

user_sdma.c 33.7 KB