On Thu, 2 Nov 2023 19:15:25 +0100 Philipp Stanner <pstanner@xxxxxxxxxx> wrote: > guestdbg.c utilizes memdup_user() to copy a userspace array. This, > currently, does not check for an overflow. > > Use the new wrapper memdup_array_user() to copy the array more safely. > > Suggested-by: Dave Airlie <airlied@xxxxxxxxxx> > Signed-off-by: Philipp Stanner <pstanner@xxxxxxxxxx> Acked-by: Claudio Imbrenda <imbrenda@xxxxxxxxxxxxx> > --- > arch/s390/kvm/guestdbg.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/arch/s390/kvm/guestdbg.c b/arch/s390/kvm/guestdbg.c > index 3765c4223bf9..80879fc73c90 100644 > --- a/arch/s390/kvm/guestdbg.c > +++ b/arch/s390/kvm/guestdbg.c > @@ -213,8 +213,8 @@ int kvm_s390_import_bp_data(struct kvm_vcpu *vcpu, > else if (dbg->arch.nr_hw_bp > MAX_BP_COUNT) > return -EINVAL; > > - bp_data = memdup_user(dbg->arch.hw_bp, > - sizeof(*bp_data) * dbg->arch.nr_hw_bp); > + bp_data = memdup_array_user(dbg->arch.hw_bp, dbg->arch.nr_hw_bp, > + sizeof(*bp_data)); > if (IS_ERR(bp_data)) > return PTR_ERR(bp_data); >
