As part of the work to perform bounds checking on all memcpy() uses, replace the open-coded a deserialization of bytes out of memory into a trailing flexible array by using a flex_array.h helper to perform the allocation, bounds checking, and copying. Cc: Russell King <linux@xxxxxxxxxxxxxxx> Cc: Christian Brauner <brauner@xxxxxxxxxx> Cc: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> Cc: Muchun Song <songmuchun@xxxxxxxxxxxxx> Cc: linux-arm-kernel@xxxxxxxxxxxxxxxxxxx Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> --- arch/arm/kernel/atags_proc.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/arch/arm/kernel/atags_proc.c b/arch/arm/kernel/atags_proc.c index 3ec2afe78423..638bbb616daa 100644 --- a/arch/arm/kernel/atags_proc.c +++ b/arch/arm/kernel/atags_proc.c @@ -6,8 +6,8 @@ #include <asm/page.h> struct buffer { - size_t size; - char data[]; + DECLARE_FLEX_ARRAY_ELEMENTS_COUNT(size_t, size); + DECLARE_FLEX_ARRAY_ELEMENTS(char, data); }; static ssize_t atags_read(struct file *file, char __user *buf, @@ -38,7 +38,7 @@ static int __init init_atags_procfs(void) */ struct proc_dir_entry *tags_entry; struct tag *tag = (struct tag *)atags_copy; - struct buffer *b; + struct buffer *b = NULL; size_t size; if (tag->hdr.tag != ATAG_CORE) { @@ -54,13 +54,9 @@ static int __init init_atags_procfs(void) WARN_ON(tag->hdr.tag != ATAG_NONE); - b = kmalloc(sizeof(*b) + size, GFP_KERNEL); - if (!b) + if (mem_to_flex_dup(&b, atags_copy, size, GFP_KERNEL)) goto nomem; - b->size = size; - memcpy(b->data, atags_copy, size); - tags_entry = proc_create_data("atags", 0400, NULL, &atags_proc_ops, b); if (!tags_entry) goto nomem; -- 2.32.0