xen/gntalloc: Replace UAPI 1-element array

Without changing the structure size (since it is UAPI), add a proper flexible array member, and reference it in the kernel so that it will not be trip the array-bounds sanitizer[1]. Link: https://github.com/KSPP/linux/issues/113 [1] Cc: Juergen Gross <[email protected]> Cc: Stefano Stabellini <[email protected]> Cc: Oleksandr Tyshchenko <[email protected]> Cc: Gustavo A. R. Silva <[email protected]> Cc: [email protected] Signed-off-by: Kees Cook <[email protected]> Reviewed-by: Gustavo A. R. Silva <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Juergen Gross <[email protected]>
author: Kees Cook <[email protected]> 2024-02-06 17:03:24 +0000
committer: Juergen Gross <[email protected]> 2024-02-13 08:06:48 +0000
commit: bf5802238dc181b1f7375d358af1d01cd72d1c11 (patch)
tree: 82870de17d881908450fe5d78509b1dea56c8874 /drivers/xen/gntalloc.c
parent: xen: balloon: make balloon_subsys const (diff)
download: kernel-bf5802238dc181b1f7375d358af1d01cd72d1c11.tar.gz
kernel-bf5802238dc181b1f7375d358af1d01cd72d1c11.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/xen/gntalloc.c b/drivers/xen/gntalloc.c
index 26ffb8755ffb..f93f73ecefee 100644
--- a/drivers/xen/gntalloc.c
+++ b/drivers/xen/gntalloc.c
@@ -317,7 +317,7 @@ static long gntalloc_ioctl_alloc(struct gntalloc_file_private_data *priv,
 		rc = -EFAULT;
 		goto out_free;
 	}
-	if (copy_to_user(arg->gref_ids, gref_ids,
+	if (copy_to_user(arg->gref_ids_flex, gref_ids,
 			sizeof(gref_ids[0]) * op.count)) {
 		rc = -EFAULT;
 		goto out_free;
author	Kees Cook <[email protected]>	2024-02-06 17:03:24 +0000
committer	Juergen Gross <[email protected]>	2024-02-13 08:06:48 +0000
commit	bf5802238dc181b1f7375d358af1d01cd72d1c11 (patch)
tree	82870de17d881908450fe5d78509b1dea56c8874 /drivers/xen/gntalloc.c
parent	xen: balloon: make balloon_subsys const (diff)
download	kernel-bf5802238dc181b1f7375d358af1d01cd72d1c11.tar.gz kernel-bf5802238dc181b1f7375d358af1d01cd72d1c11.zip