* Re: [PATCH -next] ide: Use memdup_user() as a cleanup
2020-04-22 2:59 [PATCH -next] ide: Use memdup_user() as a cleanup Zou Wei
@ 2020-04-22 2:58 ` Al Viro
0 siblings, 0 replies; 2+ messages in thread
From: Al Viro @ 2020-04-22 2:58 UTC (permalink / raw)
To: Zou Wei; +Cc: davem, linux-ide, linux-kernel
On Wed, Apr 22, 2020 at 10:59:41AM +0800, Zou Wei wrote:
> if (taskout) {
> int outtotal = tasksize;
> - outbuf = kzalloc(taskout, GFP_KERNEL);
> - if (outbuf == NULL) {
> - err = -ENOMEM;
> - goto abort;
> - }
> - if (copy_from_user(outbuf, buf + outtotal, taskout)) {
> - err = -EFAULT;
> - goto abort;
> - }
> + outbuf = memdup_user(buf + outtotal, taskout);
> + if (IS_ERR(outbuf))
> + return PTR_ERR(outbuf);
> }
>
> if (taskin) {
> int intotal = tasksize + taskout;
> - inbuf = kzalloc(taskin, GFP_KERNEL);
> - if (inbuf == NULL) {
> - err = -ENOMEM;
> - goto abort;
> - }
> - if (copy_from_user(inbuf, buf + intotal, taskin)) {
> - err = -EFAULT;
> - goto abort;
> - }
> + inbuf = memdup_user(buf + intotal, taskin);
> + if (IS_ERR(inbuf))
> + return PTR_ERR(inbuf);
That smells like a leak - what happens if both taskin and taskout are
non-zero at the same time? <looks> actually, both parts are leaking -
there's
req_task = memdup_user(buf, tasksize);
if (IS_ERR(req_task))
return PTR_ERR(req_task);
shortly prior to that, so both of your failure exits are leaking.
^ permalink raw reply [flat|nested] 2+ messages in thread
* [PATCH -next] ide: Use memdup_user() as a cleanup
@ 2020-04-22 2:59 Zou Wei
2020-04-22 2:58 ` Al Viro
0 siblings, 1 reply; 2+ messages in thread
From: Zou Wei @ 2020-04-22 2:59 UTC (permalink / raw)
To: davem; +Cc: linux-ide, linux-kernel, Zou Wei
Fix coccicheck warning which recommends to use memdup_user().
This patch fixes the following coccicheck warnings:
drivers/ide/ide-taskfile.c:492:11-18: WARNING opportunity for memdup_user
drivers/ide/ide-taskfile.c:505:10-17: WARNING opportunity for memdup_user
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Zou Wei <zou_wei@huawei.com>
---
drivers/ide/ide-taskfile.c | 24 ++++++------------------
1 file changed, 6 insertions(+), 18 deletions(-)
diff --git a/drivers/ide/ide-taskfile.c b/drivers/ide/ide-taskfile.c
index aab6a10..336b575 100644
--- a/drivers/ide/ide-taskfile.c
+++ b/drivers/ide/ide-taskfile.c
@@ -489,28 +489,16 @@ int ide_taskfile_ioctl(ide_drive_t *drive, unsigned long arg)
if (taskout) {
int outtotal = tasksize;
- outbuf = kzalloc(taskout, GFP_KERNEL);
- if (outbuf == NULL) {
- err = -ENOMEM;
- goto abort;
- }
- if (copy_from_user(outbuf, buf + outtotal, taskout)) {
- err = -EFAULT;
- goto abort;
- }
+ outbuf = memdup_user(buf + outtotal, taskout);
+ if (IS_ERR(outbuf))
+ return PTR_ERR(outbuf);
}
if (taskin) {
int intotal = tasksize + taskout;
- inbuf = kzalloc(taskin, GFP_KERNEL);
- if (inbuf == NULL) {
- err = -ENOMEM;
- goto abort;
- }
- if (copy_from_user(inbuf, buf + intotal, taskin)) {
- err = -EFAULT;
- goto abort;
- }
+ inbuf = memdup_user(buf + intotal, taskin);
+ if (IS_ERR(inbuf))
+ return PTR_ERR(inbuf);
}
memset(&cmd, 0, sizeof(cmd));
--
2.6.2
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-04-22 2:58 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-04-22 2:59 [PATCH -next] ide: Use memdup_user() as a cleanup Zou Wei
2020-04-22 2:58 ` Al Viro
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox