On Mon, Feb 15, 2021 at 05:45:33PM -0800, Ben Widawsky wrote:
> + if (cmd->info.size_in) {
> + mbox_cmd.payload_in = kvzalloc(cmd->info.size_in, GFP_KERNEL);
> + if (!mbox_cmd.payload_in) {
> + rc = -ENOMEM;
> + goto out;
> + }
> +
> + if (copy_from_user(mbox_cmd.payload_in,
> + u64_to_user_ptr(in_payload),
> + cmd->info.size_in)) {
> + rc = -EFAULT;
> + goto out;
> + }
Umm... Do you need to open-code vmemdup_user()? The only difference is
GFP_KERNEL allocation instead of GFP_USER one, and the latter is arguably
saner here... Zeroing is definitely pointless - you either overwrite
the entire buffer with copy_from_user(), or you fail and free the damn
thing.
