Re: [PATCH v2] s390/pkey: Use memdup_user() rather than duplicating its implementation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 07.11.19 11:06, Markus Elfring wrote:
> From: Markus Elfring <elfring@xxxxxxxxxxxxxxxxxxxxx>
> Date: Thu, 7 Nov 2019 10:40:18 +0100
> 
> Reuse existing functionality from memdup_user() instead of keeping
> duplicate source code.
> 
> Generated by: scripts/coccinelle/api/memdup_user.cocci
> 
> Delete local variables which became unnecessary with this refactoring
> in two function implementations.
> 
> Fixes: f2bbc96e7cfad3891b7bf9bd3e566b9b7ab4553d ("s390/pkey: add CCA AES cipher key support")

With that patch description, the Fixes tag is wrong...but (see below)

> Signed-off-by: Markus Elfring <elfring@xxxxxxxxxxxxxxxxxxxxx>
> ---
> 
> v2:
> Further changes were requested by Joe Perches.
> https://lore.kernel.org/r/6137855bb4170c438c7436cbdb7dfd21639a8855.camel@xxxxxxxxxxx/
> 
> * The proposed usage of two conditional operators was replaced by
>   an other code structure.
> 
> * A sanity check was adjusted for the function “_copy_apqns_from_user”.
> 
> 
>  drivers/s390/crypto/pkey_api.c | 26 ++++----------------------
>  1 file changed, 4 insertions(+), 22 deletions(-)
> 
> diff --git a/drivers/s390/crypto/pkey_api.c b/drivers/s390/crypto/pkey_api.c
> index 9de3d46b3253..ac99fd97569d 100644
> --- a/drivers/s390/crypto/pkey_api.c
> +++ b/drivers/s390/crypto/pkey_api.c
> @@ -715,36 +715,18 @@ static int pkey_apqns4keytype(enum pkey_key_type ktype,
> 
>  static void *_copy_key_from_user(void __user *ukey, size_t keylen)
>  {
> -	void *kkey;
> -
>  	if (!ukey || keylen < MINKEYBLOBSIZE || keylen > KEYBLOBBUFSIZE)
>  		return ERR_PTR(-EINVAL);
> -	kkey = kmalloc(keylen, GFP_KERNEL);
> -	if (!kkey)
> -		return ERR_PTR(-ENOMEM);
> -	if (copy_from_user(kkey, ukey, keylen)) {
> -		kfree(kkey);
> -		return ERR_PTR(-EFAULT);
> -	}
> 
> -	return kkey;
> +	return memdup_user(ukey, keylen);

This part looks good

>  }
> 
>  static void *_copy_apqns_from_user(void __user *uapqns, size_t nr_apqns)
>  {

This part below is not an equivalent replacement. In fact you are fixing a bug here...

> -	void *kapqns = NULL;
> -	size_t nbytes;
> -
> -	if (uapqns && nr_apqns > 0) {
> -		nbytes = nr_apqns * sizeof(struct pkey_apqn);
> -		kapqns = kmalloc(nbytes, GFP_KERNEL);
> -		if (!kapqns)
> -			return ERR_PTR(-ENOMEM);
> -		if (copy_from_user(kapqns, uapqns, nbytes))

	.... here we would need to kfree kapqns, but we do not. So this is
a memory leak. Isnt it?

So indeed this is fixing something. But please rework your the patch 
description accordingly.


> -			return ERR_PTR(-EFAULT);
> -	}


> +	if (!uapqns || nr_apqns <= 0)
> +		return NULL;
> 
> -	return kapqns;
> +	return memdup_user(uapqns, nr_apqns * sizeof(struct pkey_apqn));
>  }
> 
>  static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd,
> --
> 2.24.0
> 




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Kernel Development]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Info]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Linux Media]     [Device Mapper]

  Powered by Linux