The patch titled Subject: fs/nilfs2: use standard array-copy-function has been added to the -mm mm-nonmm-unstable branch. Its filename is fs-nilfs2-use-standard-array-copy-function.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patches/fs-nilfs2-use-standard-array-copy-function.patch This patch will later appear in the mm-nonmm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Philipp Stanner <pstanner@xxxxxxxxxx> Subject: fs/nilfs2: use standard array-copy-function Date: Tue, 7 Nov 2023 07:44:16 +0900 ioctl.c utilizes memdup_user() to copy a userspace array. An overflow check is performed manually before the function's invocation. The new function memdup_array_user() standardizes copying userspace arrays, thus, improving readability by making it more clear that an array is being copied. Additionally, it also performs an overflow check. Remove the (now redundant) manual overflow-check and replace memdup_user() with memdup_array_user(). In addition, improve the grammar of the comment above memdup_array_user(). Link: https://lkml.kernel.org/r/20231106224416.3055-1-konishi.ryusuke@xxxxxxxxx Signed-off-by: Philipp Stanner <pstanner@xxxxxxxxxx> Link: https://lkml.kernel.org/r/20231103184831.99406-2-pstanner@xxxxxxxxxx Signed-off-by: Ryusuke Konishi <konishi.ryusuke@xxxxxxxxx> Suggested-by: Dave Airlie <airlied@xxxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> --- fs/nilfs2/ioctl.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) --- a/fs/nilfs2/ioctl.c~fs-nilfs2-use-standard-array-copy-function +++ a/fs/nilfs2/ioctl.c @@ -872,16 +872,14 @@ static int nilfs_ioctl_clean_segments(st nsegs = argv[4].v_nmembs; if (argv[4].v_size != argsz[4]) goto out; - if (nsegs > UINT_MAX / sizeof(__u64)) - goto out; /* * argv[4] points to segment numbers this ioctl cleans. We - * use kmalloc() for its buffer because memory used for the - * segment numbers is enough small. + * use kmalloc() for its buffer because the memory used for the + * segment numbers is small enough. */ - kbufs[4] = memdup_user((void __user *)(unsigned long)argv[4].v_base, - nsegs * sizeof(__u64)); + kbufs[4] = memdup_array_user((void __user *)(unsigned long)argv[4].v_base, + nsegs, sizeof(__u64)); if (IS_ERR(kbufs[4])) { ret = PTR_ERR(kbufs[4]); goto out; _ Patches currently in -mm which might be from pstanner@xxxxxxxxxx are fs-nilfs2-use-standard-array-copy-function.patch