This is a note to let you know that I've just added the patch titled
netdevsim: switch to memdup_user_nul()
to the 5.10-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
netdevsim-switch-to-memdup_user_nul.patch
and it can be found in the queue-5.10 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
commit 0605daccaf3b7e1a742c248a36d4c8fbce8797e2
Author: Wei Yongjun <weiyongjun1@xxxxxxxxxx>
Date: Wed Mar 24 14:42:20 2021 +0000
netdevsim: switch to memdup_user_nul()
[ Upstream commit 20fd4f421cf4c21ab37a8bf31db50c69f1b49355 ]
Use memdup_user_nul() helper instead of open-coding to
simplify the code.
Reported-by: Hulk Robot <hulkci@xxxxxxxxxx>
Signed-off-by: Wei Yongjun <weiyongjun1@xxxxxxxxxx>
Reviewed-by: Jakub Kicinski <kuba@xxxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Stable-dep-of: ee76746387f6 ("netdevsim: prevent bad user input in nsim_dev_health_break_write()")
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
diff --git a/drivers/net/netdevsim/health.c b/drivers/net/netdevsim/health.c
index 21e2974660e7..04aebdf85747 100644
--- a/drivers/net/netdevsim/health.c
+++ b/drivers/net/netdevsim/health.c
@@ -235,15 +235,10 @@ static ssize_t nsim_dev_health_break_write(struct file *file,
char *break_msg;
int err;
- break_msg = kmalloc(count + 1, GFP_KERNEL);
- if (!break_msg)
- return -ENOMEM;
+ break_msg = memdup_user_nul(data, count);
+ if (IS_ERR(break_msg))
+ return PTR_ERR(break_msg);
- if (copy_from_user(break_msg, data, count)) {
- err = -EFAULT;
- goto out;
- }
- break_msg[count] = '\0';
if (break_msg[count - 1] == '\n')
break_msg[count - 1] = '\0';
