On Wed, 11 May 2022 03:10:31 +0700 Ammar Faizi <ammarfaizi2@xxxxxxxxxxx> wrote:
> On 5/8/22 4:27 PM, cgel.zte@xxxxxxxxx wrote:
> > +static ssize_t ksm_force_write(struct file *file, const char __user *buf,
> > + size_t count, loff_t *ppos)
> > +{
> > + struct task_struct *task;
> > + struct mm_struct *mm;
> > + char buffer[PROC_NUMBUF];
> > + int force;
> > + int err = 0;
> > +
> > + memset(buffer, 0, sizeof(buffer));
> > + if (count > sizeof(buffer) - 1)
> > + count = sizeof(buffer) - 1;
> > + if (copy_from_user(buffer, buf, count)) {
> > + err = -EFAULT;
> > + goto out_return;
> > + }
>
> This one looks like over-zeroing to me. You don't need to zero
> all elements in the array. You're going to overwrite it with
> `copy_from_user()` anyway.
>
> Just zero the last potentially useful element by using @count
> as the index. It can be like this:
>
> ```
> char buffer[PROC_NUMBUF];
>
> if (count > sizeof(buffer) - 1)
> count = sizeof(buffer) - 1;
> if (copy_from_user(buffer, buf, count))
> return -EFAULT;
> buffer[count] = '\0';
> ```
Use strncpy_from_user()?
Can this code use proc_dointvec_minmax() or similar?
