Commit bf11d71a authored by Gustavo A. R. Silva's avatar Gustavo A. R. Silva Committed by Michael S. Tsirkin

vhost: Use flex_array_size() helper in copy_from_user()

Make use of the flex_array_size() helper to calculate the size of a
flexible array member within an enclosing structure.

This helper offers defense-in-depth against potential integer
overflows, while at the same time makes it explicitly clear that
we are dealing with a flexible array member.
Signed-off-by: default avatarGustavo A. R. Silva <gustavoars@kernel.org>
Link: https://lore.kernel.org/r/20200731130956.GA30525@embeddedorSigned-off-by: default avatarMichael S. Tsirkin <mst@redhat.com>
parent 0ea9ee43
...@@ -1405,7 +1405,7 @@ static long vhost_set_memory(struct vhost_dev *d, struct vhost_memory __user *m) ...@@ -1405,7 +1405,7 @@ static long vhost_set_memory(struct vhost_dev *d, struct vhost_memory __user *m)
memcpy(newmem, &mem, size); memcpy(newmem, &mem, size);
if (copy_from_user(newmem->regions, m->regions, if (copy_from_user(newmem->regions, m->regions,
mem.nregions * sizeof *m->regions)) { flex_array_size(newmem, regions, mem.nregions))) {
kvfree(newmem); kvfree(newmem);
return -EFAULT; return -EFAULT;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment