The patch titled
Subject: fs/nilfs2: use standard array-copy-function
has been added to the -mm mm-nonmm-unstable branch. Its filename is
fs-nilfs2-use-standard-array-copy-function.patch
This patch will shortly appear at
https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patches/fs-nilfs2-use-standard-array-copy-function.patch
This patch will later appear in the mm-nonmm-unstable branch at
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via the mm-everything
branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there every 2-3 working days
------------------------------------------------------
From: Philipp Stanner <pstanner@xxxxxxxxxx>
Subject: fs/nilfs2: use standard array-copy-function
Date: Tue, 7 Nov 2023 07:44:16 +0900
ioctl.c utilizes memdup_user() to copy a userspace array. An overflow
check is performed manually before the function's invocation.
The new function memdup_array_user() standardizes copying userspace
arrays, thus, improving readability by making it more clear that an array
is being copied. Additionally, it also performs an overflow check.
Remove the (now redundant) manual overflow-check and replace memdup_user()
with memdup_array_user().
In addition, improve the grammar of the comment above
memdup_array_user().
Link: https://lkml.kernel.org/r/20231106224416.3055-1-konishi.ryusuke@xxxxxxxxx
Signed-off-by: Philipp Stanner <pstanner@xxxxxxxxxx>
Link: https://lkml.kernel.org/r/20231103184831.99406-2-pstanner@xxxxxxxxxx
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@xxxxxxxxx>
Suggested-by: Dave Airlie <airlied@xxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
fs/nilfs2/ioctl.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
--- a/fs/nilfs2/ioctl.c~fs-nilfs2-use-standard-array-copy-function
+++ a/fs/nilfs2/ioctl.c
@@ -872,16 +872,14 @@ static int nilfs_ioctl_clean_segments(st
nsegs = argv[4].v_nmembs;
if (argv[4].v_size != argsz[4])
goto out;
- if (nsegs > UINT_MAX / sizeof(__u64))
- goto out;
/*
* argv[4] points to segment numbers this ioctl cleans. We
- * use kmalloc() for its buffer because memory used for the
- * segment numbers is enough small.
+ * use kmalloc() for its buffer because the memory used for the
+ * segment numbers is small enough.
*/
- kbufs[4] = memdup_user((void __user *)(unsigned long)argv[4].v_base,
- nsegs * sizeof(__u64));
+ kbufs[4] = memdup_array_user((void __user *)(unsigned long)argv[4].v_base,
+ nsegs, sizeof(__u64));
if (IS_ERR(kbufs[4])) {
ret = PTR_ERR(kbufs[4]);
goto out;
_
Patches currently in -mm which might be from pstanner@xxxxxxxxxx are
fs-nilfs2-use-standard-array-copy-function.patch
