Switching to memdup_user() overwrites the allocated memory only once,
whereas kzalloc() followed by copy_from_user() initializes the allocated
memory to zero and then immediately overwrites it.
Fixes the following Coccinelle/coccicheck warning reported by
memdup_user.cocci:
WARNING opportunity for memdup_user
Signed-off-by: Thorsten Blum <thorsten.blum@xxxxxxxxxx>
Acked-by: Arnd Bergmann <arnd@xxxxxxxx>
---
Changes in v2:
- Use u64_to_user_ptr() as suggested by Arnd Bergmann (thanks!)
- Preserve Acked-by: tag
---
drivers/misc/fastrpc.c | 11 +++--------
1 file changed, 3 insertions(+), 8 deletions(-)
diff --git a/drivers/misc/fastrpc.c b/drivers/misc/fastrpc.c
index 4c67e2c5a82e..694fc083b1bd 100644
--- a/drivers/misc/fastrpc.c
+++ b/drivers/misc/fastrpc.c
@@ -1259,17 +1259,12 @@ static int fastrpc_init_create_static_process(struct fastrpc_user *fl,
goto err;
}
- name = kzalloc(init.namelen, GFP_KERNEL);
- if (!name) {
- err = -ENOMEM;
+ name = memdup_user(u64_to_user_ptr(init.name), init.namelen);
+ if (IS_ERR(name)) {
+ err = PTR_ERR(name);
goto err;
}
- if (copy_from_user(name, (void __user *)(uintptr_t)init.name, init.namelen)) {
- err = -EFAULT;
- goto err_name;
- }
-
if (!fl->cctx->remote_heap) {
err = fastrpc_remote_heap_alloc(fl, fl->sctx->dev, init.memlen,
&fl->cctx->remote_heap);
--
2.45.1
