Commit 024cb8a6 authored by Julia Lawall's avatar Julia Lawall Committed by David S. Miller

drivers/isdn: Use memdup_user

Use memdup_user when user data is immediately copied into the
allocated region.

The semantic patch that makes this change is as follows:
(http://coccinelle.lip6.fr/)

// <smpl>
@@
expression from,to,size,flag;
position p;
identifier l1,l2;
@@

-  to = \(kmalloc@p\|kzalloc@p\)(size,flag);
+  to = memdup_user(from,size);
   if (
-      to==NULL
+      IS_ERR(to)
                 || ...) {
   <+... when != goto l1;
-  -ENOMEM
+  PTR_ERR(to)
   ...+>
   }
-  if (copy_from_user(to, from, size) != 0) {
-    <+... when != goto l2;
-    -EFAULT
-    ...+>
-  }
// </smpl>
Signed-off-by: default avatarJulia Lawall <julia@diku.dk>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 7d889504
...@@ -449,14 +449,9 @@ static int get_filter(void __user *arg, struct sock_filter **p) ...@@ -449,14 +449,9 @@ static int get_filter(void __user *arg, struct sock_filter **p)
/* uprog.len is unsigned short, so no overflow here */ /* uprog.len is unsigned short, so no overflow here */
len = uprog.len * sizeof(struct sock_filter); len = uprog.len * sizeof(struct sock_filter);
code = kmalloc(len, GFP_KERNEL); code = memdup_user(uprog.filter, len);
if (code == NULL) if (IS_ERR(code))
return -ENOMEM; return PTR_ERR(code);
if (copy_from_user(code, uprog.filter, len)) {
kfree(code);
return -EFAULT;
}
err = sk_chk_filter(code, uprog.len); err = sk_chk_filter(code, uprog.len);
if (err) { if (err) {
......
...@@ -411,14 +411,10 @@ static int pcbit_writecmd(const u_char __user *buf, int len, int driver, int cha ...@@ -411,14 +411,10 @@ static int pcbit_writecmd(const u_char __user *buf, int len, int driver, int cha
return -EINVAL; return -EINVAL;
} }
cbuf = kmalloc(len, GFP_KERNEL); cbuf = memdup_user(buf, len);
if (!cbuf) if (IS_ERR(cbuf))
return -ENOMEM; return PTR_ERR(cbuf);
if (copy_from_user(cbuf, buf, len)) {
kfree(cbuf);
return -EFAULT;
}
memcpy_toio(dev->sh_mem, cbuf, len); memcpy_toio(dev->sh_mem, cbuf, len);
kfree(cbuf); kfree(cbuf);
return len; return len;
......
...@@ -215,19 +215,13 @@ int sc_ioctl(int card, scs_ioctl *data) ...@@ -215,19 +215,13 @@ int sc_ioctl(int card, scs_ioctl *data)
pr_debug("%s: DCBIOSETSPID: ioctl received\n", pr_debug("%s: DCBIOSETSPID: ioctl received\n",
sc_adapter[card]->devicename); sc_adapter[card]->devicename);
spid = kmalloc(SCIOC_SPIDSIZE, GFP_KERNEL);
if(!spid) {
kfree(rcvmsg);
return -ENOMEM;
}
/* /*
* Get the spid from user space * Get the spid from user space
*/ */
if (copy_from_user(spid, data->dataptr, SCIOC_SPIDSIZE)) { spid = memdup_user(data->dataptr, SCIOC_SPIDSIZE);
if (IS_ERR(spid)) {
kfree(rcvmsg); kfree(rcvmsg);
kfree(spid); return PTR_ERR(spid);
return -EFAULT;
} }
pr_debug("%s: SCIOCSETSPID: setting channel %d spid to %s\n", pr_debug("%s: SCIOCSETSPID: setting channel %d spid to %s\n",
...@@ -296,18 +290,13 @@ int sc_ioctl(int card, scs_ioctl *data) ...@@ -296,18 +290,13 @@ int sc_ioctl(int card, scs_ioctl *data)
pr_debug("%s: SCIOSETDN: ioctl received\n", pr_debug("%s: SCIOSETDN: ioctl received\n",
sc_adapter[card]->devicename); sc_adapter[card]->devicename);
dn = kmalloc(SCIOC_DNSIZE, GFP_KERNEL);
if (!dn) {
kfree(rcvmsg);
return -ENOMEM;
}
/* /*
* Get the spid from user space * Get the spid from user space
*/ */
if (copy_from_user(dn, data->dataptr, SCIOC_DNSIZE)) { dn = memdup_user(data->dataptr, SCIOC_DNSIZE);
if (IS_ERR(dn)) {
kfree(rcvmsg); kfree(rcvmsg);
kfree(dn); return PTR_ERR(dn);
return -EFAULT;
} }
pr_debug("%s: SCIOCSETDN: setting channel %d dn to %s\n", pr_debug("%s: SCIOCSETDN: setting channel %d dn to %s\n",
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment