Re: [PATCH v2] fs/nilfs2: use standard array-copy-function

Ryusuke Konishi <konishi.ryusuke@xxxxxxxxx> · Sat, 4 Nov 2023 12:57:24 +0900

On Sat, Nov 4, 2023 at 3:49 AM Philipp Stanner wrote:
>
> ioctl.c utilizes memdup_user() to copy a userspace array. An overflow
> check is performed manually before the function's invocation.
>
> The new function memdup_array_user() standardizes copying userspace
> arrays, thus, improving readability by making it more clear that an
> array is being copied. Additionally, it also performs an overflow check.
>
> Remove the (now redundant) manual overflow-check and replace
> memdup_user() with memdup_array_user().
>
> In addition, improve the grammar of the comment above
> memdup_array_user().
>
> Suggested-by: Dave Airlie <airlied@xxxxxxxxxx>
> Signed-off-by: Philipp Stanner <pstanner@xxxxxxxxxx>
> ---
> Changes in v2:
> - Rename + rephrase commit so that it's clear that this is a
>   cleanup-patch.
> - Mention the grammar improvement of the comment in the commit message.
> - Remove the preceding manual overflow-check, since that is now
>   redundant.
> ---
>  fs/nilfs2/ioctl.c | 10 ++++------
>  1 file changed, 4 insertions(+), 6 deletions(-)
>
> diff --git a/fs/nilfs2/ioctl.c b/fs/nilfs2/ioctl.c
> index 40ffade49f38..cfb6aca5ec38 100644
> --- a/fs/nilfs2/ioctl.c
> +++ b/fs/nilfs2/ioctl.c
> @@ -872,16 +872,14 @@ static int nilfs_ioctl_clean_segments(struct inode *inode, struct file *filp,
>         nsegs = argv[4].v_nmembs;
>         if (argv[4].v_size != argsz[4])
>                 goto out;
> -       if (nsegs > UINT_MAX / sizeof(__u64))
> -               goto out;
>
>         /*
>          * argv[4] points to segment numbers this ioctl cleans.  We
> -        * use kmalloc() for its buffer because memory used for the
> -        * segment numbers is enough small.
> +        * use kmalloc() for its buffer because the memory used for the
> +        * segment numbers is small enough.
>          */
> -       kbufs[4] = memdup_user((void __user *)(unsigned long)argv[4].v_base,
> -                              nsegs * sizeof(__u64));
> +       kbufs[4] = memdup_array_user((void __user *)(unsigned long)argv[4].v_base,
> +                                    nsegs, sizeof(__u64));
>         if (IS_ERR(kbufs[4])) {
>                 ret = PTR_ERR(kbufs[4]);
>                 goto out;
> --
> 2.41.0
>

Looks good.  Also, thank you for your detailed changelog.
As mentioned earlier, I will handle this for the next cycle.

Thanks,
Ryusuke Konishi