tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

nilfs2: replace vmalloc + copy_from_user with vmemdup_user

Replace vmalloc() followed by copy_from_user() with vmemdup_user() to
improve nilfs_ioctl_clean_segments() and nilfs_ioctl_set_suinfo(). Use
kvfree() to free the buffers created by vmemdup_user().

Use u64_to_user_ptr() instead of manually casting the pointers and
remove the obsolete 'out_free' label.

No functional changes intended.

Link: https://lkml.kernel.org/r/20251030154700.7444-1-konishi.ryusuke@gmail.com
Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

authored by

Thorsten Blum and committed by
Andrew Morton 3e4b89e9 ded7d974

+10 -25
+10 -25
fs/nilfs2/ioctl.c
··· 49 49 void *, size_t, size_t)) 50 50 { 51 51 void *buf; 52 - void __user *base = (void __user *)(unsigned long)argv->v_base; 52 + void __user *base = u64_to_user_ptr(argv->v_base); 53 53 size_t maxmembs, total, n; 54 54 ssize_t nr; 55 55 int ret, i; ··· 836 836 sizeof(struct nilfs_bdesc), 837 837 sizeof(__u64), 838 838 }; 839 - void __user *base; 840 839 void *kbufs[5]; 841 840 struct the_nilfs *nilfs; 842 841 size_t len, nsegs; ··· 862 863 * use kmalloc() for its buffer because the memory used for the 863 864 * segment numbers is small enough. 864 865 */ 865 - kbufs[4] = memdup_array_user((void __user *)(unsigned long)argv[4].v_base, 866 + kbufs[4] = memdup_array_user(u64_to_user_ptr(argv[4].v_base), 866 867 nsegs, sizeof(__u64)); 867 868 if (IS_ERR(kbufs[4])) { 868 869 ret = PTR_ERR(kbufs[4]); ··· 882 883 goto out_free; 883 884 884 885 len = argv[n].v_size * argv[n].v_nmembs; 885 - base = (void __user *)(unsigned long)argv[n].v_base; 886 886 if (len == 0) { 887 887 kbufs[n] = NULL; 888 888 continue; 889 889 } 890 890 891 - kbufs[n] = vmalloc(len); 892 - if (!kbufs[n]) { 893 - ret = -ENOMEM; 894 - goto out_free; 895 - } 896 - if (copy_from_user(kbufs[n], base, len)) { 897 - ret = -EFAULT; 898 - vfree(kbufs[n]); 891 + kbufs[n] = vmemdup_user(u64_to_user_ptr(argv[n].v_base), len); 892 + if (IS_ERR(kbufs[n])) { 893 + ret = PTR_ERR(kbufs[n]); 899 894 goto out_free; 900 895 } 901 896 } ··· 921 928 922 929 out_free: 923 930 while (--n >= 0) 924 - vfree(kbufs[n]); 931 + kvfree(kbufs[n]); 925 932 kfree(kbufs[4]); 926 933 out: 927 934 mnt_drop_write_file(filp); ··· 1174 1181 struct nilfs_transaction_info ti; 1175 1182 struct nilfs_argv argv; 1176 1183 size_t len; 1177 - void __user *base; 1178 1184 void *kbuf; 1179 1185 int ret; 1180 1186 ··· 1204 1212 goto out; 1205 1213 } 1206 1214 1207 - base = (void __user *)(unsigned long)argv.v_base; 1208 - kbuf = vmalloc(len); 1209 - if (!kbuf) { 1210 - ret = -ENOMEM; 1215 + kbuf = vmemdup_user(u64_to_user_ptr(argv.v_base), len); 1216 + if (IS_ERR(kbuf)) { 1217 + ret = PTR_ERR(kbuf); 1211 1218 goto out; 1212 - } 1213 - 1214 - if (copy_from_user(kbuf, base, len)) { 1215 - ret = -EFAULT; 1216 - goto out_free; 1217 1219 } 1218 1220 1219 1221 nilfs_transaction_begin(inode->i_sb, &ti, 0); ··· 1218 1232 else 1219 1233 nilfs_transaction_commit(inode->i_sb); /* never fails */ 1220 1234 1221 - out_free: 1222 - vfree(kbuf); 1235 + kvfree(kbuf); 1223 1236 out: 1224 1237 mnt_drop_write_file(filp); 1225 1238 return ret;