As part of the work to perform bounds checking on all memcpy() uses,
replace the open-coded a deserialization of bytes out of memory into a
trailing flexible array by using a flex_array.h helper to perform the
allocation, bounds checking, and copying.
Cc: Russell King <linux@xxxxxxxxxxxxxxx>
Cc: Christian Brauner <brauner@xxxxxxxxxx>
Cc: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
Cc: Muchun Song <songmuchun@xxxxxxxxxxxxx>
Cc: linux-arm-kernel@xxxxxxxxxxxxxxxxxxx
Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
---
arch/arm/kernel/atags_proc.c | 12 ++++--------
1 file changed, 4 insertions(+), 8 deletions(-)
diff --git a/arch/arm/kernel/atags_proc.c b/arch/arm/kernel/atags_proc.c
index 3ec2afe78423..638bbb616daa 100644
--- a/arch/arm/kernel/atags_proc.c
+++ b/arch/arm/kernel/atags_proc.c
@@ -6,8 +6,8 @@
#include <asm/page.h>
struct buffer {
- size_t size;
- char data[];
+ DECLARE_FLEX_ARRAY_ELEMENTS_COUNT(size_t, size);
+ DECLARE_FLEX_ARRAY_ELEMENTS(char, data);
};
static ssize_t atags_read(struct file *file, char __user *buf,
@@ -38,7 +38,7 @@ static int __init init_atags_procfs(void)
*/
struct proc_dir_entry *tags_entry;
struct tag *tag = (struct tag *)atags_copy;
- struct buffer *b;
+ struct buffer *b = NULL;
size_t size;
if (tag->hdr.tag != ATAG_CORE) {
@@ -54,13 +54,9 @@ static int __init init_atags_procfs(void)
WARN_ON(tag->hdr.tag != ATAG_NONE);
- b = kmalloc(sizeof(*b) + size, GFP_KERNEL);
- if (!b)
+ if (mem_to_flex_dup(&b, atags_copy, size, GFP_KERNEL))
goto nomem;
- b->size = size;
- memcpy(b->data, atags_copy, size);
-
tags_entry = proc_create_data("atags", 0400, NULL, &atags_proc_ops, b);
if (!tags_entry)
goto nomem;
--
2.32.0
