lsm: convert security_setselfattr() to use memdup_user()

As suggested by the kernel test robot, memdup_user() is a better option than the combo of kmalloc()/copy_from_user(). Reported-by: kernel test robot <lkp@intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202310270805.2ArE52i5-lkp@intel.com/Acked-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Paul Moore <paul@paul-moore.com>

lsm: convert security_setselfattr() to use memdup_user()
As suggested by the kernel test robot, memdup_user() is a better option than the combo of kmalloc()/copy_from_user(). Reported-by: kernel test robot <lkp@intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202310270805.2ArE52i5-lkp@intel.com/Acked-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
9ba8802c · Paul Moore · 41793202 · 9ba8802c
Commit 9ba8802c authored Nov 01, 2023 by Paul Moore
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 8 deletions

security/security.c security/security.c +3 -8

No files found.
--- a/security/security.c
+++ b/security/security.c
@@ -4011,14 +4011,9 @@ int security_setselfattr(unsigned int attr, struct lsm_ctx __user *uctx,
 	if (size > PAGE_SIZE)
 		return -E2BIG;

-	lctx = kmalloc(size, GFP_KERNEL);
-	if (lctx == NULL)
-		return -ENOMEM;
-
-	if (copy_from_user(lctx, uctx, size)) {
-		rc = -EFAULT;
-		goto free_out;
-	}
+	lctx = memdup_user(uctx, size);
+	if (IS_ERR(lctx))
+		return PTR_ERR(lctx);

 	if (size < lctx->len || size < lctx->ctx_len + sizeof(*lctx) ||
 	    lctx->len < lctx->ctx_len + sizeof(*lctx)) {