On Sat, 2020-05-30 at 17:35 +0300, Denis Efremov wrote:
> array_size() is used in alloc calls to compute the allocation
> size. Next, "raw" multiplication is used to compute the size
> for copy_from_user(). The patch removes duplicated computation
> by saving the size in a var. No security concerns, just a small
> optimization.
>
> Signed-off-by: Denis Efremov <efremov@xxxxxxxxx>
Perhaps use vmemdup_user?
> diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
[]
> @@ -184,14 +184,13 @@ int kvm_vcpu_ioctl_set_cpuid(struct kvm_vcpu *vcpu,
> goto out;
> r = -ENOMEM;
> if (cpuid->nent) {
> - cpuid_entries =
> - vmalloc(array_size(sizeof(struct kvm_cpuid_entry),
> - cpuid->nent));
> + const size_t size = array_size(sizeof(struct kvm_cpuid_entry),
> + cpuid->nent);
> + cpuid_entries = vmalloc(size);
> if (!cpuid_entries)
> goto out;
> r = -EFAULT;
> - if (copy_from_user(cpuid_entries, entries,
> - cpuid->nent * sizeof(struct kvm_cpuid_entry)))
> + if (copy_from_user(cpuid_entries, entries, size))
cpuid_entries = vmemdup_user(entries,
array_size(sizeof(struct kvm_cpuid_entry), cpuid->nent));
if (IS_ERR(cpuid_entries))
...
etc...
