projects / GitHub / LineageOS / android_kernel_motorola_exynos9610.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7e935c7)
convert a bunch of open-coded instances of memdup_user_nul()
authorAl Viro <viro@zeniv.linux.org.uk>
Thu, 24 Dec 2015 05:06:05 +0000 (00:06 -0500)
committerAl Viro <viro@zeniv.linux.org.uk>
Mon, 4 Jan 2016 15:26:58 +0000 (10:26 -0500)
A _lot_ of ->write() instances were open-coding it; some are
converted to memdup_user_nul(), a lot more remain...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
12 files changed:
arch/xtensa/platforms/iss/simdisk.c patch | blob | blame | history
drivers/net/wireless/ath/wil6210/debugfs.c patch | blob | blame | history
drivers/s390/char/vmcp.c patch | blob | blame | history
drivers/sbus/char/openprom.c patch | blob | blame | history
fs/afs/proc.c patch | blob | blame | history
fs/cachefiles/daemon.c patch | blob | blame | history
fs/dlm/user.c patch | blob | blame | history
kernel/trace/blktrace.c patch | blob | blame | history
lib/dynamic_debug.c patch | blob | blame | history
net/rxrpc/ar-key.c patch | blob | blame | history
security/smack/smackfs.c patch | blob | blame | history
security/tomoyo/securityfs_if.c patch | blob | blame | history

diff --git a/arch/xtensa/platforms/iss/simdisk.c b/arch/xtensa/platforms/iss/simdisk.c
index 3c3ace2c46b613522ddccbd6ee7c357507b65ea4..f58a4e6472cbc5fd9988d8bfb73d3a80e4806bfd 100644 (file)
--- a/arch/xtensa/platforms/iss/simdisk.c
+++ b/arch/xtensa/platforms/iss/simdisk.c
@@ -227,16 +227,12 @@ static ssize_t proc_read_simdisk(struct file *file, char __user *buf,
 static ssize_t proc_write_simdisk(struct file *file, const char __user *buf,
                        size_t count, loff_t *ppos)
 {
-       char *tmp = kmalloc(count + 1, GFP_KERNEL);
+       char *tmp = memdup_user_nul(buf, count);
        struct simdisk *dev = PDE_DATA(file_inode(file));
        int err;
 
-       if (tmp == NULL)
-               return -ENOMEM;
-       if (copy_from_user(tmp, buf, count)) {
-               err = -EFAULT;
-               goto out_free;
-       }
+       if (IS_ERR(tmp))
+               return PTR_ERR(tmp);
 
        err = simdisk_detach(dev);
        if (err != 0)
@@ -244,8 +240,6 @@ static ssize_t proc_write_simdisk(struct file *file, const char __user *buf,
 
        if (count > 0 && tmp[count - 1] == '\n')
                tmp[count - 1] = 0;
-       else
-               tmp[count] = 0;
 
        if (tmp[0])
                err = simdisk_attach(dev, tmp);
diff --git a/drivers/net/wireless/ath/wil6210/debugfs.c b/drivers/net/wireless/ath/wil6210/debugfs.c
index 97bc186f9728247a0048476065d17fe0021a3573..a1d10b85989f7bfec11be8a7352b5a58247daacb 100644 (file)
--- a/drivers/net/wireless/ath/wil6210/debugfs.c
+++ b/drivers/net/wireless/ath/wil6210/debugfs.c
@@ -580,16 +580,10 @@ static ssize_t wil_write_file_rxon(struct file *file, const char __user *buf,
        long channel;
        bool on;
 
-       char *kbuf = kmalloc(len + 1, GFP_KERNEL);
-
-       if (!kbuf)
-               return -ENOMEM;
-       if (copy_from_user(kbuf, buf, len)) {
-               kfree(kbuf);
-               return -EIO;
-       }
+       char *kbuf = memdup_user_nul(buf, len);
 
-       kbuf[len] = '\0';
+       if (IS_ERR(kbuf))
+               return PTR_ERR(kbuf);
        rc = kstrtol(kbuf, 0, &channel);
        kfree(kbuf);
        if (rc)
diff --git a/drivers/s390/char/vmcp.c b/drivers/s390/char/vmcp.c
index 0fdedadff7bc845f7700c43b1e830542f7948fcf..2a67b496a9e28869dd9443aa5b823be6003b900f 100644 (file)
--- a/drivers/s390/char/vmcp.c
+++ b/drivers/s390/char/vmcp.c
@@ -88,14 +88,9 @@ vmcp_write(struct file *file, const char __user *buff, size_t count,
 
        if (count > 240)
                return -EINVAL;
-       cmd = kmalloc(count + 1, GFP_KERNEL);
-       if (!cmd)
-               return -ENOMEM;
-       if (copy_from_user(cmd, buff, count)) {
-               kfree(cmd);
-               return -EFAULT;
-       }
-       cmd[count] = '\0';
+       cmd = memdup_user_nul(buff, count);
+       if (IS_ERR(cmd))
+               return PTR_ERR(cmd);
        session = file->private_data;
        if (mutex_lock_interruptible(&session->mutex)) {
                kfree(cmd);
diff --git a/drivers/sbus/char/openprom.c b/drivers/sbus/char/openprom.c
index 5843288f64bc00c8e5666a499767aee995795820..e077ebd8931985a7cb6ef6b440a654a635085e7d 100644 (file)
--- a/drivers/sbus/char/openprom.c
+++ b/drivers/sbus/char/openprom.c
@@ -390,16 +390,9 @@ static int copyin_string(char __user *user, size_t len, char **ptr)
        if ((ssize_t)len < 0 || (ssize_t)(len + 1) < 0)
                return -EINVAL;
 
-       tmp = kmalloc(len + 1, GFP_KERNEL);
-       if (!tmp)
-               return -ENOMEM;
-
-       if (copy_from_user(tmp, user, len)) {
-               kfree(tmp);
-               return -EFAULT;
-       }
-
-       tmp[len] = '\0';
+       tmp = memdup_user_nul(user, len);
+       if (IS_ERR(tmp))
+               return PTR_ERR(tmp);
 
        *ptr = tmp;
 
diff --git a/fs/afs/proc.c b/fs/afs/proc.c
index 24a905b076fd77268c74978053afef93ba4ef5d9..2853b40953442c44be94c3795caea497606872e4 100644 (file)
--- a/fs/afs/proc.c
+++ b/fs/afs/proc.c
@@ -230,14 +230,9 @@ static ssize_t afs_proc_cells_write(struct file *file, const char __user *buf,
        if (size <= 1 || size >= PAGE_SIZE)
                return -EINVAL;
 
-       kbuf = kmalloc(size + 1, GFP_KERNEL);
-       if (!kbuf)
-               return -ENOMEM;
-
-       ret = -EFAULT;
-       if (copy_from_user(kbuf, buf, size) != 0)
-               goto done;
-       kbuf[size] = 0;
+       kbuf = memdup_user_nul(buf, size);
+       if (IS_ERR(kbuf))
+               return PTR_ERR(kbuf);
 
        /* trim to first NL */
        name = memchr(kbuf, '\n', size);
@@ -315,15 +310,9 @@ static ssize_t afs_proc_rootcell_write(struct file *file,
        if (size <= 1 || size >= PAGE_SIZE)
                return -EINVAL;
 
-       ret = -ENOMEM;
-       kbuf = kmalloc(size + 1, GFP_KERNEL);
-       if (!kbuf)
-               goto nomem;
-
-       ret = -EFAULT;
-       if (copy_from_user(kbuf, buf, size) != 0)
-               goto infault;
-       kbuf[size] = 0;
+       kbuf = memdup_user_nul(buf, size);
+       if (IS_ERR(kbuf))
+               return PTR_ERR(kbuf);
 
        /* trim to first NL */
        s = memchr(kbuf, '\n', size);
@@ -337,9 +326,7 @@ static ssize_t afs_proc_rootcell_write(struct file *file,
        if (ret >= 0)
                ret = size;     /* consume everything, always */
 
-infault:
        kfree(kbuf);
-nomem:
        _leave(" = %d", ret);
        return ret;
 }
diff --git a/fs/cachefiles/daemon.c b/fs/cachefiles/daemon.c
index f601def05bdf00663f5b1666514e1810068e1b19..452e98dd756053363a092a456ede5de373d9361f 100644 (file)
--- a/fs/cachefiles/daemon.c
+++ b/fs/cachefiles/daemon.c
@@ -226,15 +226,9 @@ static ssize_t cachefiles_daemon_write(struct file *file,
                return -EOPNOTSUPP;
 
        /* drag the command string into the kernel so we can parse it */
-       data = kmalloc(datalen + 1, GFP_KERNEL);
-       if (!data)
-               return -ENOMEM;
-
-       ret = -EFAULT;
-       if (copy_from_user(data, _data, datalen) != 0)
-               goto error;
-
-       data[datalen] = '\0';
+       data = memdup_user_nul(_data, datalen);
+       if (IS_ERR(data))
+               return PTR_ERR(data);
 
        ret = -EINVAL;
        if (memchr(data, '\0', datalen))
diff --git a/fs/dlm/user.c b/fs/dlm/user.c
index 173b3873a4f4ee94a42c9ffa821e6d64ce902d07..1925d6d222b87f635b9925e05003a3c7c41d7580 100644 (file)
--- a/fs/dlm/user.c
+++ b/fs/dlm/user.c
@@ -515,14 +515,9 @@ static ssize_t device_write(struct file *file, const char __user *buf,
        if (count > sizeof(struct dlm_write_request) + DLM_RESNAME_MAXLEN)
                return -EINVAL;
 
-       kbuf = kzalloc(count + 1, GFP_NOFS);
-       if (!kbuf)
-               return -ENOMEM;
-
-       if (copy_from_user(kbuf, buf, count)) {
-               error = -EFAULT;
-               goto out_free;
-       }
+       kbuf = memdup_user_nul(buf, count);
+       if (!IS_ERR(kbuf))
+               return PTR_ERR(kbuf);
 
        if (check_version(kbuf)) {
                error = -EBADE;
diff --git a/kernel/trace/blktrace.c b/kernel/trace/blktrace.c
index a990824c86044779c089156daea170412cc84e8e..2aeb6ffc0a1e8799570723d2619b49da084b2b17 100644 (file)
--- a/kernel/trace/blktrace.c
+++ b/kernel/trace/blktrace.c
@@ -349,16 +349,10 @@ static ssize_t blk_msg_write(struct file *filp, const char __user *buffer,
        if (count >= BLK_TN_MAX_MSG)
                return -EINVAL;
 
-       msg = kmalloc(count + 1, GFP_KERNEL);
-       if (msg == NULL)
-               return -ENOMEM;
-
-       if (copy_from_user(msg, buffer, count)) {
-               kfree(msg);
-               return -EFAULT;
-       }
+       msg = memdup_user_nul(buffer, count);
+       if (IS_ERR(msg))
+               return PTR_ERR(msg);
 
-       msg[count] = '\0';
        bt = filp->private_data;
        __trace_note_message(bt, "%s", msg);
        kfree(msg);
diff --git a/lib/dynamic_debug.c b/lib/dynamic_debug.c
index e3952e9c8ec04256e656ada5ca39ccdd62843093..fe42b6ec3f0ce4913d70e298e624caa89fbf1903 100644 (file)
--- a/lib/dynamic_debug.c
+++ b/lib/dynamic_debug.c
@@ -657,14 +657,9 @@ static ssize_t ddebug_proc_write(struct file *file, const char __user *ubuf,
                pr_warn("expected <%d bytes into control\n", USER_BUF_PAGE);
                return -E2BIG;
        }
-       tmpbuf = kmalloc(len + 1, GFP_KERNEL);
-       if (!tmpbuf)
-               return -ENOMEM;
-       if (copy_from_user(tmpbuf, ubuf, len)) {
-               kfree(tmpbuf);
-               return -EFAULT;
-       }
-       tmpbuf[len] = '\0';
+       tmpbuf = memdup_user_nul(ubuf, len);
+       if (IS_ERR(tmpbuf))
+               return PTR_ERR(tmpbuf);
        vpr_info("read %d bytes from userspace\n", (int)len);
 
        ret = ddebug_exec_queries(tmpbuf, NULL);
diff --git a/net/rxrpc/ar-key.c b/net/rxrpc/ar-key.c
index da3cc09f683e982a43269d166acfad0e05575020..3f6571651d32ebf9890ec0e6d28228e62655b71e 100644 (file)
--- a/net/rxrpc/ar-key.c
+++ b/net/rxrpc/ar-key.c
@@ -896,15 +896,9 @@ int rxrpc_request_key(struct rxrpc_sock *rx, char __user *optval, int optlen)
        if (optlen <= 0 || optlen > PAGE_SIZE - 1)
                return -EINVAL;
 
-       description = kmalloc(optlen + 1, GFP_KERNEL);
-       if (!description)
-               return -ENOMEM;
-
-       if (copy_from_user(description, optval, optlen)) {
-               kfree(description);
-               return -EFAULT;
-       }
-       description[optlen] = 0;
+       description = memdup_user_nul(optval, optlen);
+       if (IS_ERR(description))
+               return PTR_ERR(description);
 
        key = request_key(&key_type_rxrpc, description, NULL);
        if (IS_ERR(key)) {
@@ -933,15 +927,9 @@ int rxrpc_server_keyring(struct rxrpc_sock *rx, char __user *optval,
        if (optlen <= 0 || optlen > PAGE_SIZE - 1)
                return -EINVAL;
 
-       description = kmalloc(optlen + 1, GFP_KERNEL);
-       if (!description)
-               return -ENOMEM;
-
-       if (copy_from_user(description, optval, optlen)) {
-               kfree(description);
-               return -EFAULT;
-       }
-       description[optlen] = 0;
+       description = memdup_user_nul(optval, optlen);
+       if (IS_ERR(description))
+               return PTR_ERR(description);
 
        key = request_key(&key_type_keyring, description, NULL);
        if (IS_ERR(key)) {
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index 94bd9e41c9ecb39ce3d432f9c3734a5db7e1b353..e249a66db53393ccf9e1e0c34bd27b4f529b800b 100644 (file)
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -497,14 +497,9 @@ static ssize_t smk_write_rules_list(struct file *file, const char __user *buf,
                }
        }
 
-       data = kmalloc(count + 1, GFP_KERNEL);
-       if (data == NULL)
-               return -ENOMEM;
-
-       if (copy_from_user(data, buf, count) != 0) {
-               rc = -EFAULT;
-               goto out;
-       }
+       data = memdup_user_nul(buf, count);
+       if (IS_ERR(data))
+               return PTR_ERR(data);
 
        /*
         * In case of parsing only part of user buf,
@@ -884,16 +879,10 @@ static ssize_t smk_set_cipso(struct file *file, const char __user *buf,
            (count < SMK_CIPSOMIN || count > SMK_CIPSOMAX))
                return -EINVAL;
 
-       data = kzalloc(count + 1, GFP_KERNEL);
-       if (data == NULL)
-               return -ENOMEM;
-
-       if (copy_from_user(data, buf, count) != 0) {
-               rc = -EFAULT;
-               goto unlockedout;
-       }
+       data = memdup_user_nul(buf, count);
+       if (IS_ERR(data))
+               return PTR_ERR(data);
 
-       data[count] = '\0';
        rule = data;
        /*
         * Only allow one writer at a time. Writes should be
@@ -946,7 +935,6 @@ static ssize_t smk_set_cipso(struct file *file, const char __user *buf,
 
 out:
        mutex_unlock(&smack_cipso_lock);
-unlockedout:
        kfree(data);
        return rc;
 }
@@ -1187,14 +1175,9 @@ static ssize_t smk_write_net4addr(struct file *file, const char __user *buf,
        if (count < SMK_NETLBLADDRMIN)
                return -EINVAL;
 
-       data = kzalloc(count + 1, GFP_KERNEL);
-       if (data == NULL)
-               return -ENOMEM;
-
-       if (copy_from_user(data, buf, count) != 0) {
-               rc = -EFAULT;
-               goto free_data_out;
-       }
+       data = memdup_user_nul(buf, count);
+       if (IS_ERR(data))
+               return PTR_ERR(data);
 
        smack = kzalloc(count + 1, GFP_KERNEL);
        if (smack == NULL) {
@@ -1202,8 +1185,6 @@ static ssize_t smk_write_net4addr(struct file *file, const char __user *buf,
                goto free_data_out;
        }
 
-       data[count] = '\0';
-
        rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd/%u %s",
                &host[0], &host[1], &host[2], &host[3], &masks, smack);
        if (rc != 6) {
@@ -1454,14 +1435,9 @@ static ssize_t smk_write_net6addr(struct file *file, const char __user *buf,
        if (count < SMK_NETLBLADDRMIN)
                return -EINVAL;
 
-       data = kzalloc(count + 1, GFP_KERNEL);
-       if (data == NULL)
-               return -ENOMEM;
-
-       if (copy_from_user(data, buf, count) != 0) {
-               rc = -EFAULT;
-               goto free_data_out;
-       }
+       data = memdup_user_nul(buf, count);
+       if (IS_ERR(data))
+               return PTR_ERR(data);
 
        smack = kzalloc(count + 1, GFP_KERNEL);
        if (smack == NULL) {
@@ -1469,8 +1445,6 @@ static ssize_t smk_write_net6addr(struct file *file, const char __user *buf,
                goto free_data_out;
        }
 
-       data[count] = '\0';
-
        i = sscanf(data, "%x:%x:%x:%x:%x:%x:%x:%x/%u %s",
                        &scanned[0], &scanned[1], &scanned[2], &scanned[3],
                        &scanned[4], &scanned[5], &scanned[6], &scanned[7],
@@ -1865,14 +1839,9 @@ static ssize_t smk_write_ambient(struct file *file, const char __user *buf,
        if (!smack_privileged(CAP_MAC_ADMIN))
                return -EPERM;
 
-       data = kzalloc(count + 1, GFP_KERNEL);
-       if (data == NULL)
-               return -ENOMEM;
-
-       if (copy_from_user(data, buf, count) != 0) {
-               rc = -EFAULT;
-               goto out;
-       }
+       data = memdup_user_nul(buf, count);
+       if (IS_ERR(data))
+               return PTR_ERR(data);
 
        skp = smk_import_entry(data, count);
        if (IS_ERR(skp)) {
@@ -2041,14 +2010,9 @@ static ssize_t smk_write_onlycap(struct file *file, const char __user *buf,
        if (!smack_privileged(CAP_MAC_ADMIN))
                return -EPERM;
 
-       data = kzalloc(count + 1, GFP_KERNEL);
-       if (data == NULL)
-               return -ENOMEM;
-
-       if (copy_from_user(data, buf, count) != 0) {
-               kfree(data);
-               return -EFAULT;
-       }
+       data = memdup_user_nul(buf, count);
+       if (IS_ERR(data))
+               return PTR_ERR(data);
 
        rc = smk_parse_label_list(data, &list_tmp);
        kfree(data);
@@ -2133,14 +2097,9 @@ static ssize_t smk_write_unconfined(struct file *file, const char __user *buf,
        if (!smack_privileged(CAP_MAC_ADMIN))
                return -EPERM;
 
-       data = kzalloc(count + 1, GFP_KERNEL);
-       if (data == NULL)
-               return -ENOMEM;
-
-       if (copy_from_user(data, buf, count) != 0) {
-               rc = -EFAULT;
-               goto freeout;
-       }
+       data = memdup_user_nul(buf, count);
+       if (IS_ERR(data))
+               return PTR_ERR(data);
 
        /*
         * Clear the smack_unconfined on invalid label errors. This means
@@ -2696,19 +2655,15 @@ static ssize_t smk_write_syslog(struct file *file, const char __user *buf,
        if (!smack_privileged(CAP_MAC_ADMIN))
                return -EPERM;
 
-       data = kzalloc(count + 1, GFP_KERNEL);
-       if (data == NULL)
-               return -ENOMEM;
+       data = memdup_user_nul(buf, count);
+       if (IS_ERR(data))
+               return PTR_ERR(data);
 
-       if (copy_from_user(data, buf, count) != 0)
-               rc = -EFAULT;
-       else {
-               skp = smk_import_entry(data, count);
-               if (IS_ERR(skp))
-                       rc = PTR_ERR(skp);
-               else
-                       smack_syslog_label = skp;
-       }
+       skp = smk_import_entry(data, count);
+       if (IS_ERR(skp))
+               rc = PTR_ERR(skp);
+       else
+               smack_syslog_label = skp;
 
        kfree(data);
        return rc;
@@ -2798,14 +2753,9 @@ static ssize_t smk_write_relabel_self(struct file *file, const char __user *buf,
        if (*ppos != 0)
                return -EINVAL;
 
-       data = kzalloc(count + 1, GFP_KERNEL);
-       if (data == NULL)
-               return -ENOMEM;
-
-       if (copy_from_user(data, buf, count) != 0) {
-               kfree(data);
-               return -EFAULT;
-       }
+       data = memdup_user_nul(buf, count);
+       if (IS_ERR(data))
+               return PTR_ERR(data);
 
        rc = smk_parse_label_list(data, &list_tmp);
        kfree(data);
diff --git a/security/tomoyo/securityfs_if.c b/security/tomoyo/securityfs_if.c
index 179a955b319df9f3952ee6d5e4ff22af13b7d76d..06ab41b1ff286ad4de93e996d15d1b180c48c830 100644 (file)
--- a/security/tomoyo/securityfs_if.c
+++ b/security/tomoyo/securityfs_if.c
@@ -43,13 +43,9 @@ static ssize_t tomoyo_write_self(struct file *file, const char __user *buf,
        int error;
        if (!count || count >= TOMOYO_EXEC_TMPSIZE - 10)
                return -ENOMEM;
-       data = kzalloc(count + 1, GFP_NOFS);
-       if (!data)
-               return -ENOMEM;
-       if (copy_from_user(data, buf, count)) {
-               error = -EFAULT;
-               goto out;
-       }
+       data = memdup_user_nul(buf, count);
+       if (IS_ERR(data))
+               return PTR_ERR(data);
        tomoyo_normalize_line(data);
        if (tomoyo_correct_domain(data)) {
                const int idx = tomoyo_read_lock();
@@ -87,7 +83,6 @@ static ssize_t tomoyo_write_self(struct file *file, const char __user *buf,
                tomoyo_read_unlock(idx);
        } else
                error = -EINVAL;
-out:
        kfree(data);
        return error ? error : count;
 }