On Tue, May 7, 2024, at 22:12, Thorsten Blum wrote:
> Switching to memdup_user() overwrites the allocated memory only once,
> whereas kzalloc() followed by copy_from_user() initializes the allocated
> memory to zero and then immediately overwrites it.
>
> Fixes the following Coccinelle/coccicheck warning reported by
> memdup_user.cocci:
>
> WARNING opportunity for memdup_user
>
> Signed-off-by: Thorsten Blum <thorsten.blum@xxxxxxxxxx>
The patch looks correct to me.
> ---
> drivers/misc/fastrpc.c | 11 +++--------
> 1 file changed, 3 insertions(+), 8 deletions(-)
>
> diff --git a/drivers/misc/fastrpc.c b/drivers/misc/fastrpc.c
> index 4c67e2c5a82e..2857cddaf812 100644
> --- a/drivers/misc/fastrpc.c
> +++ b/drivers/misc/fastrpc.c
> @@ -1259,17 +1259,12 @@ static int
> fastrpc_init_create_static_process(struct fastrpc_user *fl,
> goto err;
> }
>
> - name = kzalloc(init.namelen, GFP_KERNEL);
> - if (!name) {
> - err = -ENOMEM;
> + name = memdup_user((void __user *)(uintptr_t)init.name, init.namelen);
> + if (IS_ERR(name)) {
> + err = PTR_ERR(name);
> goto err;
> }
There is also a chance to simplify this further using u64_to_user_ptr()
instead of the double cast if you want.
Acked-by: Arnd Bergmann <arnd@xxxxxxxx>
Arnd
