[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAKFNMona2dYnMpEoQMPatEJrPW2qkkdCnnsRzvNcwsxrakyPOQ@mail.gmail.com>
Date: Sat, 4 Nov 2023 12:57:24 +0900
From: Ryusuke Konishi <konishi.ryusuke@...il.com>
To: Philipp Stanner <pstanner@...hat.com>
Cc: linux-nilfs@...r.kernel.org, linux-kernel@...r.kernel.org,
Dave Airlie <airlied@...hat.com>
Subject: Re: [PATCH v2] fs/nilfs2: use standard array-copy-function
On Sat, Nov 4, 2023 at 3:49 AM Philipp Stanner wrote:
>
> ioctl.c utilizes memdup_user() to copy a userspace array. An overflow
> check is performed manually before the function's invocation.
>
> The new function memdup_array_user() standardizes copying userspace
> arrays, thus, improving readability by making it more clear that an
> array is being copied. Additionally, it also performs an overflow check.
>
> Remove the (now redundant) manual overflow-check and replace
> memdup_user() with memdup_array_user().
>
> In addition, improve the grammar of the comment above
> memdup_array_user().
>
> Suggested-by: Dave Airlie <airlied@...hat.com>
> Signed-off-by: Philipp Stanner <pstanner@...hat.com>
> ---
> Changes in v2:
> - Rename + rephrase commit so that it's clear that this is a
> cleanup-patch.
> - Mention the grammar improvement of the comment in the commit message.
> - Remove the preceding manual overflow-check, since that is now
> redundant.
> ---
> fs/nilfs2/ioctl.c | 10 ++++------
> 1 file changed, 4 insertions(+), 6 deletions(-)
>
> diff --git a/fs/nilfs2/ioctl.c b/fs/nilfs2/ioctl.c
> index 40ffade49f38..cfb6aca5ec38 100644
> --- a/fs/nilfs2/ioctl.c
> +++ b/fs/nilfs2/ioctl.c
> @@ -872,16 +872,14 @@ static int nilfs_ioctl_clean_segments(struct inode *inode, struct file *filp,
> nsegs = argv[4].v_nmembs;
> if (argv[4].v_size != argsz[4])
> goto out;
> - if (nsegs > UINT_MAX / sizeof(__u64))
> - goto out;
>
> /*
> * argv[4] points to segment numbers this ioctl cleans. We
> - * use kmalloc() for its buffer because memory used for the
> - * segment numbers is enough small.
> + * use kmalloc() for its buffer because the memory used for the
> + * segment numbers is small enough.
> */
> - kbufs[4] = memdup_user((void __user *)(unsigned long)argv[4].v_base,
> - nsegs * sizeof(__u64));
> + kbufs[4] = memdup_array_user((void __user *)(unsigned long)argv[4].v_base,
> + nsegs, sizeof(__u64));
> if (IS_ERR(kbufs[4])) {
> ret = PTR_ERR(kbufs[4]);
> goto out;
> --
> 2.41.0
>
Looks good. Also, thank you for your detailed changelog.
As mentioned earlier, I will handle this for the next cycle.
Thanks,
Ryusuke Konishi
Powered by blists - more mailing lists