diff options
| author | Philipp Stanner <[email protected]> | 2023-11-14 11:19:02 +0000 |
|---|---|---|
| committer | Xu Yilun <[email protected]> | 2023-11-17 08:34:26 +0000 |
| commit | 5496fb8eedd637e1e9d87655f86dc816afd5ad68 (patch) | |
| tree | 7d7fe0b1aeaccd5f7e0e0130366e520e92ef3abc /drivers/fpga/altera-fpga2sdram.c | |
| parent | Linux 6.7-rc1 (diff) | |
| download | kernel-5496fb8eedd637e1e9d87655f86dc816afd5ad68.tar.gz kernel-5496fb8eedd637e1e9d87655f86dc816afd5ad68.zip | |
drivers/fpga: use standard array-copy function
dfl.c utilizes memdup_user() and array_size() to copy a userspace array.
array_size() will likely never trigger thanks to the preceding check.
Nevertheless, in the theoretical event that it would, it would return
SIZE_MAX to memdup_user(), resulting in an attempt to allocate huge
amounts of memory.
string.h from the core-api now provides memdup_array_user() which also
performs an overflow check and returns an error-pointer with -EOVERFLOW
to the caller.
As an additional advantage it standardizes how userspace-arrays are
being copied and, thus, makes it more obvious to readers that an array
is being copied.
Replace memdup_user() with memdup_array_user().
Suggested-by: Dave Airlie <[email protected]>
Signed-off-by: Philipp Stanner <[email protected]>
Acked-by: Xu Yilun <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Xu Yilun <[email protected]>
Diffstat (limited to 'drivers/fpga/altera-fpga2sdram.c')
0 files changed, 0 insertions, 0 deletions