Commit 7114f51f authored by Linus Torvalds's avatar Linus Torvalds

Merge branch 'work.memdup_user' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

Pull memdup_user() conversions from Al Viro:
 "A fairly self-contained series - hunting down open-coded memdup_user()
  and memdup_user_nul() instances"

* 'work.memdup_user' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
  bpf: don't open-code memdup_user()
  kimage_file_prepare_segments(): don't open-code memdup_user()
  ethtool: don't open-code memdup_user()
  do_ip_setsockopt(): don't open-code memdup_user()
  do_ipv6_setsockopt(): don't open-code memdup_user()
  irda: don't open-code memdup_user()
  xfrm_user_policy(): don't open-code memdup_user()
  ima_write_policy(): don't open-code memdup_user_nul()
  sel_write_validatetrans(): don't open-code memdup_user_nul()
parents ea3b25e1 e4448ed8
...@@ -410,14 +410,11 @@ static int map_lookup_elem(union bpf_attr *attr) ...@@ -410,14 +410,11 @@ static int map_lookup_elem(union bpf_attr *attr)
if (IS_ERR(map)) if (IS_ERR(map))
return PTR_ERR(map); return PTR_ERR(map);
err = -ENOMEM; key = memdup_user(ukey, map->key_size);
key = kmalloc(map->key_size, GFP_USER); if (IS_ERR(key)) {
if (!key) err = PTR_ERR(key);
goto err_put; goto err_put;
}
err = -EFAULT;
if (copy_from_user(key, ukey, map->key_size) != 0)
goto free_key;
if (map->map_type == BPF_MAP_TYPE_PERCPU_HASH || if (map->map_type == BPF_MAP_TYPE_PERCPU_HASH ||
map->map_type == BPF_MAP_TYPE_LRU_PERCPU_HASH || map->map_type == BPF_MAP_TYPE_LRU_PERCPU_HASH ||
...@@ -493,14 +490,11 @@ static int map_update_elem(union bpf_attr *attr) ...@@ -493,14 +490,11 @@ static int map_update_elem(union bpf_attr *attr)
if (IS_ERR(map)) if (IS_ERR(map))
return PTR_ERR(map); return PTR_ERR(map);
err = -ENOMEM; key = memdup_user(ukey, map->key_size);
key = kmalloc(map->key_size, GFP_USER); if (IS_ERR(key)) {
if (!key) err = PTR_ERR(key);
goto err_put; goto err_put;
}
err = -EFAULT;
if (copy_from_user(key, ukey, map->key_size) != 0)
goto free_key;
if (map->map_type == BPF_MAP_TYPE_PERCPU_HASH || if (map->map_type == BPF_MAP_TYPE_PERCPU_HASH ||
map->map_type == BPF_MAP_TYPE_LRU_PERCPU_HASH || map->map_type == BPF_MAP_TYPE_LRU_PERCPU_HASH ||
...@@ -579,14 +573,11 @@ static int map_delete_elem(union bpf_attr *attr) ...@@ -579,14 +573,11 @@ static int map_delete_elem(union bpf_attr *attr)
if (IS_ERR(map)) if (IS_ERR(map))
return PTR_ERR(map); return PTR_ERR(map);
err = -ENOMEM; key = memdup_user(ukey, map->key_size);
key = kmalloc(map->key_size, GFP_USER); if (IS_ERR(key)) {
if (!key) err = PTR_ERR(key);
goto err_put; goto err_put;
}
err = -EFAULT;
if (copy_from_user(key, ukey, map->key_size) != 0)
goto free_key;
preempt_disable(); preempt_disable();
__this_cpu_inc(bpf_prog_active); __this_cpu_inc(bpf_prog_active);
...@@ -598,7 +589,6 @@ static int map_delete_elem(union bpf_attr *attr) ...@@ -598,7 +589,6 @@ static int map_delete_elem(union bpf_attr *attr)
if (!err) if (!err)
trace_bpf_map_delete_elem(map, ufd, key); trace_bpf_map_delete_elem(map, ufd, key);
free_key:
kfree(key); kfree(key);
err_put: err_put:
fdput(f); fdput(f);
...@@ -627,14 +617,11 @@ static int map_get_next_key(union bpf_attr *attr) ...@@ -627,14 +617,11 @@ static int map_get_next_key(union bpf_attr *attr)
return PTR_ERR(map); return PTR_ERR(map);
if (ukey) { if (ukey) {
err = -ENOMEM; key = memdup_user(ukey, map->key_size);
key = kmalloc(map->key_size, GFP_USER); if (IS_ERR(key)) {
if (!key) err = PTR_ERR(key);
goto err_put; goto err_put;
}
err = -EFAULT;
if (copy_from_user(key, ukey, map->key_size) != 0)
goto free_key;
} else { } else {
key = NULL; key = NULL;
} }
......
...@@ -162,16 +162,10 @@ kimage_file_prepare_segments(struct kimage *image, int kernel_fd, int initrd_fd, ...@@ -162,16 +162,10 @@ kimage_file_prepare_segments(struct kimage *image, int kernel_fd, int initrd_fd,
} }
if (cmdline_len) { if (cmdline_len) {
image->cmdline_buf = kzalloc(cmdline_len, GFP_KERNEL); image->cmdline_buf = memdup_user(cmdline_ptr, cmdline_len);
if (!image->cmdline_buf) { if (IS_ERR(image->cmdline_buf)) {
ret = -ENOMEM; ret = PTR_ERR(image->cmdline_buf);
goto out; image->cmdline_buf = NULL;
}
ret = copy_from_user(image->cmdline_buf, cmdline_ptr,
cmdline_len);
if (ret) {
ret = -EFAULT;
goto out; goto out;
} }
......
...@@ -2322,16 +2322,12 @@ static int ethtool_set_tunable(struct net_device *dev, void __user *useraddr) ...@@ -2322,16 +2322,12 @@ static int ethtool_set_tunable(struct net_device *dev, void __user *useraddr)
ret = ethtool_tunable_valid(&tuna); ret = ethtool_tunable_valid(&tuna);
if (ret) if (ret)
return ret; return ret;
data = kmalloc(tuna.len, GFP_USER);
if (!data)
return -ENOMEM;
useraddr += sizeof(tuna); useraddr += sizeof(tuna);
ret = -EFAULT; data = memdup_user(useraddr, tuna.len);
if (copy_from_user(data, useraddr, tuna.len)) if (IS_ERR(data))
goto out; return PTR_ERR(data);
ret = ops->set_tunable(dev, &tuna, data); ret = ops->set_tunable(dev, &tuna, data);
out:
kfree(data); kfree(data);
return ret; return ret;
} }
...@@ -2507,18 +2503,14 @@ static int set_phy_tunable(struct net_device *dev, void __user *useraddr) ...@@ -2507,18 +2503,14 @@ static int set_phy_tunable(struct net_device *dev, void __user *useraddr)
ret = ethtool_phy_tunable_valid(&tuna); ret = ethtool_phy_tunable_valid(&tuna);
if (ret) if (ret)
return ret; return ret;
data = kmalloc(tuna.len, GFP_USER);
if (!data)
return -ENOMEM;
useraddr += sizeof(tuna); useraddr += sizeof(tuna);
ret = -EFAULT; data = memdup_user(useraddr, tuna.len);
if (copy_from_user(data, useraddr, tuna.len)) if (IS_ERR(data))
goto out; return PTR_ERR(data);
mutex_lock(&phydev->lock); mutex_lock(&phydev->lock);
ret = phydev->drv->set_tunable(phydev, &tuna, data); ret = phydev->drv->set_tunable(phydev, &tuna, data);
mutex_unlock(&phydev->lock); mutex_unlock(&phydev->lock);
out:
kfree(data); kfree(data);
return ret; return ret;
} }
......
...@@ -934,14 +934,9 @@ static int do_ip_setsockopt(struct sock *sk, int level, ...@@ -934,14 +934,9 @@ static int do_ip_setsockopt(struct sock *sk, int level,
err = -ENOBUFS; err = -ENOBUFS;
break; break;
} }
msf = kmalloc(optlen, GFP_KERNEL); msf = memdup_user(optval, optlen);
if (!msf) { if (IS_ERR(msf)) {
err = -ENOBUFS; err = PTR_ERR(msf);
break;
}
err = -EFAULT;
if (copy_from_user(msf, optval, optlen)) {
kfree(msf);
break; break;
} }
/* numsrc >= (1G-4) overflow in 32 bits */ /* numsrc >= (1G-4) overflow in 32 bits */
...@@ -1090,14 +1085,11 @@ static int do_ip_setsockopt(struct sock *sk, int level, ...@@ -1090,14 +1085,11 @@ static int do_ip_setsockopt(struct sock *sk, int level,
err = -ENOBUFS; err = -ENOBUFS;
break; break;
} }
gsf = kmalloc(optlen, GFP_KERNEL); gsf = memdup_user(optval, optlen);
if (!gsf) { if (IS_ERR(gsf)) {
err = -ENOBUFS; err = PTR_ERR(gsf);
break; break;
} }
err = -EFAULT;
if (copy_from_user(gsf, optval, optlen))
goto mc_msf_out;
/* numsrc >= (4G-140)/128 overflow in 32 bits */ /* numsrc >= (4G-140)/128 overflow in 32 bits */
if (gsf->gf_numsrc >= 0x1ffffff || if (gsf->gf_numsrc >= 0x1ffffff ||
......
...@@ -735,14 +735,9 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname, ...@@ -735,14 +735,9 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
retv = -ENOBUFS; retv = -ENOBUFS;
break; break;
} }
gsf = kmalloc(optlen, GFP_KERNEL); gsf = memdup_user(optval, optlen);
if (!gsf) { if (IS_ERR(gsf)) {
retv = -ENOBUFS; retv = PTR_ERR(gsf);
break;
}
retv = -EFAULT;
if (copy_from_user(gsf, optval, optlen)) {
kfree(gsf);
break; break;
} }
/* numsrc >= (4G-140)/128 overflow in 32 bits */ /* numsrc >= (4G-140)/128 overflow in 32 bits */
......
...@@ -1901,16 +1901,10 @@ static int irda_setsockopt(struct socket *sock, int level, int optname, ...@@ -1901,16 +1901,10 @@ static int irda_setsockopt(struct socket *sock, int level, int optname,
goto out; goto out;
} }
ias_opt = kmalloc(sizeof(struct irda_ias_set), GFP_ATOMIC);
if (ias_opt == NULL) {
err = -ENOMEM;
goto out;
}
/* Copy query to the driver. */ /* Copy query to the driver. */
if (copy_from_user(ias_opt, optval, optlen)) { ias_opt = memdup_user(optval, optlen);
kfree(ias_opt); if (IS_ERR(ias_opt)) {
err = -EFAULT; err = PTR_ERR(ias_opt);
goto out; goto out;
} }
...@@ -2032,16 +2026,10 @@ static int irda_setsockopt(struct socket *sock, int level, int optname, ...@@ -2032,16 +2026,10 @@ static int irda_setsockopt(struct socket *sock, int level, int optname,
goto out; goto out;
} }
ias_opt = kmalloc(sizeof(struct irda_ias_set), GFP_ATOMIC);
if (ias_opt == NULL) {
err = -ENOMEM;
goto out;
}
/* Copy query to the driver. */ /* Copy query to the driver. */
if (copy_from_user(ias_opt, optval, optlen)) { ias_opt = memdup_user(optval, optlen);
kfree(ias_opt); if (IS_ERR(ias_opt)) {
err = -EFAULT; err = PTR_ERR(ias_opt);
goto out; goto out;
} }
...@@ -2317,16 +2305,10 @@ static int irda_getsockopt(struct socket *sock, int level, int optname, ...@@ -2317,16 +2305,10 @@ static int irda_getsockopt(struct socket *sock, int level, int optname,
goto out; goto out;
} }
ias_opt = kmalloc(sizeof(struct irda_ias_set), GFP_ATOMIC);
if (ias_opt == NULL) {
err = -ENOMEM;
goto out;
}
/* Copy query to the driver. */ /* Copy query to the driver. */
if (copy_from_user(ias_opt, optval, len)) { ias_opt = memdup_user(optval, len);
kfree(ias_opt); if (IS_ERR(ias_opt)) {
err = -EFAULT; err = PTR_ERR(ias_opt);
goto out; goto out;
} }
...@@ -2381,16 +2363,10 @@ static int irda_getsockopt(struct socket *sock, int level, int optname, ...@@ -2381,16 +2363,10 @@ static int irda_getsockopt(struct socket *sock, int level, int optname,
goto out; goto out;
} }
ias_opt = kmalloc(sizeof(struct irda_ias_set), GFP_ATOMIC);
if (ias_opt == NULL) {
err = -ENOMEM;
goto out;
}
/* Copy query to the driver. */ /* Copy query to the driver. */
if (copy_from_user(ias_opt, optval, len)) { ias_opt = memdup_user(optval, len);
kfree(ias_opt); if (IS_ERR(ias_opt)) {
err = -EFAULT; err = PTR_ERR(ias_opt);
goto out; goto out;
} }
......
...@@ -649,14 +649,12 @@ static ssize_t sel_write_validatetrans(struct file *file, ...@@ -649,14 +649,12 @@ static ssize_t sel_write_validatetrans(struct file *file,
if (*ppos != 0) if (*ppos != 0)
goto out; goto out;
rc = -ENOMEM; req = memdup_user_nul(buf, count);
req = kzalloc(count + 1, GFP_KERNEL); if (IS_ERR(req)) {
if (!req) rc = PTR_ERR(req);
goto out; req = NULL;
rc = -EFAULT;
if (copy_from_user(req, buf, count))
goto out; goto out;
}
rc = -ENOMEM; rc = -ENOMEM;
oldcon = kzalloc(count + 1, GFP_KERNEL); oldcon = kzalloc(count + 1, GFP_KERNEL);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment