Re: [PATCH] HID: hidraw: switch to using memdup_user
From: Benjamin Tissoires
Date: Thu Mar 17 2016 - 04:08:38 EST
On Mar 16 2016 or thereabouts, Dmitry Torokhov wrote:
> Instead of open-coding memory allocation and copying form user memory
> sequence let's use memdup_user().
>
> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@xxxxxxxxx>
> ---
Works for me:
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@xxxxxxxxxx>
Cheers,
Benjamin
> drivers/hid/hidraw.c | 13 ++++---------
> 1 file changed, 4 insertions(+), 9 deletions(-)
>
> diff --git a/drivers/hid/hidraw.c b/drivers/hid/hidraw.c
> index 9c2d7c2..b9a76e3 100644
> --- a/drivers/hid/hidraw.c
> +++ b/drivers/hid/hidraw.c
> @@ -34,6 +34,7 @@
> #include <linux/hid.h>
> #include <linux/mutex.h>
> #include <linux/sched.h>
> +#include <linux/string.h>
>
> #include <linux/hidraw.h>
>
> @@ -123,7 +124,6 @@ static ssize_t hidraw_send_report(struct file *file, const char __user *buffer,
>
> dev = hidraw_table[minor]->hid;
>
> -
> if (count > HID_MAX_BUFFER_SIZE) {
> hid_warn(dev, "pid %d passed too large report\n",
> task_pid_nr(current));
> @@ -138,17 +138,12 @@ static ssize_t hidraw_send_report(struct file *file, const char __user *buffer,
> goto out;
> }
>
> - buf = kmalloc(count * sizeof(__u8), GFP_KERNEL);
> - if (!buf) {
> - ret = -ENOMEM;
> + buf = memdup_user(buffer, count);
> + if (IS_ERR(buf)) {
> + ret = PTR_ERR(buf);
> goto out;
> }
>
> - if (copy_from_user(buf, buffer, count)) {
> - ret = -EFAULT;
> - goto out_free;
> - }
> -
> if ((report_type == HID_OUTPUT_REPORT) &&
> !(dev->quirks & HID_QUIRK_NO_OUTPUT_REPORTS_ON_INTR_EP)) {
> ret = hid_hw_output_report(dev, buf, count);
> --
> 2.7.0.rc3.207.g0ac5344
>
>
> --
> Dmitry