On 5/30/20 6:58 PM, Joe Perches wrote:
> On Sat, 2020-05-30 at 17:35 +0300, Denis Efremov wrote:
>> array_size() is used in alloc calls to compute the allocation
>> size. Next, "raw" multiplication is used to compute the size
>> for copy_from_user(). The patch removes duplicated computation
>> by saving the size in a var. No security concerns, just a small
>> optimization.
>>
>> Signed-off-by: Denis Efremov <efremov@xxxxxxxxx>
>
> Perhaps use vmemdup_user?
vmemdup_user() uses kvmalloc internally. I think it will also require
changing vfree to kvfree.
>
>> diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
> []
>> @@ -184,14 +184,13 @@ int kvm_vcpu_ioctl_set_cpuid(struct kvm_vcpu *vcpu,
>> goto out;
>> r = -ENOMEM;
>> if (cpuid->nent) {
>> - cpuid_entries =
>> - vmalloc(array_size(sizeof(struct kvm_cpuid_entry),
>> - cpuid->nent));
>> + const size_t size = array_size(sizeof(struct kvm_cpuid_entry),
>> + cpuid->nent);
>> + cpuid_entries = vmalloc(size);
>> if (!cpuid_entries)
>> goto out;
>> r = -EFAULT;
>> - if (copy_from_user(cpuid_entries, entries,
>> - cpuid->nent * sizeof(struct kvm_cpuid_entry)))
>> + if (copy_from_user(cpuid_entries, entries, size))
>
> cpuid_entries = vmemdup_user(entries,
> array_size(sizeof(struct kvm_cpuid_entry), cpuid->nent));
> if (IS_ERR(cpuid_entries))
> ...
>
> etc...
>
