| Message ID | 20231102192612.54066-2-pstanner@redhat.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:8f47:0:b0:403:3b70:6f57 with SMTP id j7csp590187vqu;
Thu, 2 Nov 2023 12:27:51 -0700 (PDT)
X-Google-Smtp-Source:
AGHT+IG0TeggGrBBaTHbn08OXTw/NVV5NpJhhkiv7+gcJeDVlDr6BEf5Tl7OvzD4ydHuboT60jG0
X-Received: by 2002:a17:902:e812:b0:1cc:332f:9e4b with SMTP id
u18-20020a170902e81200b001cc332f9e4bmr961574plg.1.1698953270698;
Thu, 02 Nov 2023 12:27:50 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1698953270; cv=none;
d=google.com; s=arc-20160816;
b=Ow5cEIj53Vrudcceb13UDPsl5Ks7xaUCVhnYKtAgMOA1tvuVHuxDP0MZ1rQ17BbfMf
seZxfhugWIUZtDcttpwgxergTOHZd8v/wDY095wl4oHUjHJ2JBQdVaXN7q2kY5BQejDb
oRgo4pa3Bf9LbxsrhkG+m4RgB1w5TVm7oCsIJkm5wxFSrvGd/dGjFpvLGyVZ9njuQZR7
QP9owZR0Rw1gqu38sfNxXLnjtqMvwlQYl59C9qHrq1LNH4hb9SQL2/Dd8uMx5BM0r4kG
cHD/z87ePR9kF6TTtnRQ6LZ0hlDDp5COFzU2qlj0uzCWJNLSh7Ju1prjj/WkQBANF5VN
8Diw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:message-id:date:subject:cc:to:from:dkim-signature;
bh=8OfooQG8j7Zpd8EVU9D70gAoqy9uUumAdTwJG3fzo9g=;
fh=ic0BOMrhJJMELc6Trv6tQWuvAh5hWpuA3cL5zhZL+Hc=;
b=sXHh5XB3O17oYlrNyyaGchrHLnB35eRxyY4eSvrW8iE4jLD2GOzeNfwscPgwX8hR59
T7ThMjsv3dFuzBMNq09z/2gVOf5fprJdfzUTEIThsBiUaiGxsuKa5vlhOcqoTi29OcfK
Doj3MwdYvx28wi4yibUg4NfdJvqg5pxMi2LkTymYzvYZumbEz2TaALDUP8M7U/vrChOA
jja0wIvMP8Pjq0n+QjmeT7qfsVHXKQfx6M4dJffTtV5gOyNkO3bpdycTgcoatelzqYCM
10jiPwKoplZvs5K5pS8/PMz8h5tlNAU0jJnB7AfbJLHO81fFAsvEKF3BTemdt6c3/QS6
alZw==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@redhat.com header.s=mimecast20190719
header.b=aCRyhZy8;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 23.128.96.35 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: from groat.vger.email (groat.vger.email. [23.128.96.35])
by mx.google.com with ESMTPS id
n17-20020a170903111100b001bc2fd76db1si165837plh.65.2023.11.02.12.27.50
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Thu, 02 Nov 2023 12:27:50 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 23.128.96.35 as permitted sender) client-ip=23.128.96.35;
Authentication-Results: mx.google.com;
dkim=pass header.i=@redhat.com header.s=mimecast20190719
header.b=aCRyhZy8;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 23.128.96.35 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
by groat.vger.email (Postfix) with ESMTP id 7A13C8108BE7;
Thu, 2 Nov 2023 12:27:48 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S229736AbjKBT1h (ORCPT <rfc822;heyuhang3455@gmail.com>
+ 35 others); Thu, 2 Nov 2023 15:27:37 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48152 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S229459AbjKBT1g (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Thu, 2 Nov 2023 15:27:36 -0400
Received: from us-smtp-delivery-124.mimecast.com
(us-smtp-delivery-124.mimecast.com [170.10.129.124])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AF51F12D
for <linux-kernel@vger.kernel.org>;
Thu, 2 Nov 2023 12:26:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
s=mimecast20190719; t=1698953206;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:cc:mime-version:mime-version:
content-transfer-encoding:content-transfer-encoding;
bh=8OfooQG8j7Zpd8EVU9D70gAoqy9uUumAdTwJG3fzo9g=;
b=aCRyhZy8KvPHxCSY2h5XsTXlh1wcyEvLckIny6cZAYuFTcWcsneVlFABEfvfB7OQjSyKmC
d1YuYg+yuinWKXyuaYCBNpfz8UvwNa92qc1wYYj1bI2mhZtYBauq4mvm37HoUbdlaK4syn
zJ4g7BkNd2tCf/ZnJ9UiD8/i5aGiYxc=
Received: from mail-wm1-f71.google.com (mail-wm1-f71.google.com
[209.85.128.71]) by relay.mimecast.com with ESMTP with STARTTLS
(version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
us-mta-263-uPoBGDnAPWeh5XcQipFnKQ-1; Thu, 02 Nov 2023 15:26:44 -0400
X-MC-Unique: uPoBGDnAPWeh5XcQipFnKQ-1
Received: by mail-wm1-f71.google.com with SMTP id
5b1f17b1804b1-4083e371a18so1511895e9.0
for <linux-kernel@vger.kernel.org>;
Thu, 02 Nov 2023 12:26:44 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1698953203; x=1699558003;
h=content-transfer-encoding:mime-version:message-id:date:subject:cc
:to:from:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=8OfooQG8j7Zpd8EVU9D70gAoqy9uUumAdTwJG3fzo9g=;
b=w0/ar79PKnKJPns4mmXGwfNlaSAuTmHAuZHJwx6GYQ+fIrQ2I6C2czctrvMSl3rjcG
M+Ruu7uB00wTNJqBy81WdRIlWYDZ5vsqnyJnbR9k9EKgOxebjCCXWd7gzfbk55ceNw/y
VkJ/dEH8Ph5Jl+SJQHPcs/+KwHN5f7RQJwt1mI8ALxGvxHn+eBTkKpA2b+RMkMaQrmmC
sIvdVSkDRBrPAKRyGRJWKsW6NE4Ri5lmCh8Vjq4RhBBSbzJGoDiFPbFTFcc8Nz11W0eh
CztWqrxScotB/YPi+rhO+A8Opgk/3LNjuE8G19jj2PjnXpO4uiy1MUz76Bboo8eC52Tf
+8xg==
X-Gm-Message-State: AOJu0Yx0WAoIjxzrLM3UcFQxdTol++0yUJLWDPagCNXRFMKTpRoyfKGS
7VBb4sbPT9T+pkYoZAZx9NKSymm/1VhNGisj54gB7dcreczAcvpn6G+QQidpiXSCQvRssrrOzup
Nz5e5+RLk8BLcccCW1u4FyZJEKOQwyK0VPX0=
X-Received: by 2002:a05:600c:3d95:b0:408:3ea2:1220 with SMTP id
bi21-20020a05600c3d9500b004083ea21220mr15802752wmb.1.1698953203488;
Thu, 02 Nov 2023 12:26:43 -0700 (PDT)
X-Received: by 2002:a05:600c:3d95:b0:408:3ea2:1220 with SMTP id
bi21-20020a05600c3d9500b004083ea21220mr15802739wmb.1.1698953203134;
Thu, 02 Nov 2023 12:26:43 -0700 (PDT)
Received: from pstanner-thinkpadt14sgen1.remote.csb
([2001:9e8:32c5:d600:227b:d2ff:fe26:2a7a])
by smtp.gmail.com with ESMTPSA id
r22-20020a05600c35d600b003fee567235bsm117354wmq.1.2023.11.02.12.26.42
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Thu, 02 Nov 2023 12:26:42 -0700 (PDT)
From: Philipp Stanner <pstanner@redhat.com>
To: Wolfram Sang <wsa@kernel.org>
Cc: linux-i2c@vger.kernel.org, linux-kernel@vger.kernel.org,
Philipp Stanner <pstanner@redhat.com>,
Dave Airlie <airlied@redhat.com>
Subject: [PATCH] drivers/i2c: copy userspace array safely
Date: Thu, 2 Nov 2023 20:26:13 +0100
Message-ID: <20231102192612.54066-2-pstanner@redhat.com>
X-Mailer: git-send-email 2.41.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE
autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test,
not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]);
Thu, 02 Nov 2023 12:27:48 -0700 (PDT)
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1781481624794803157
X-GMAIL-MSGID: 1781481624794803157
|
| Series |
drivers/i2c: copy userspace array safely
|
|
Commit Message
Philipp Stanner
Nov. 2, 2023, 7:26 p.m. UTC
i2c-dev.c utilizes memdup_user() to copy a userspace array. This is done
without an overflow check.
Use the new wrapper memdup_array_user() to copy the array more safely.
Suggested-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Philipp Stanner <pstanner@redhat.com>
---
drivers/i2c/i2c-dev.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
Comments
On Thu, Nov 02, 2023 at 08:26:13PM +0100, Philipp Stanner wrote: > i2c-dev.c utilizes memdup_user() to copy a userspace array. This is done > without an overflow check. > > Use the new wrapper memdup_array_user() to copy the array more safely. > > Suggested-by: Dave Airlie <airlied@redhat.com> > Signed-off-by: Philipp Stanner <pstanner@redhat.com> Applied to for-current, thanks!
diff --git a/drivers/i2c/i2c-dev.c b/drivers/i2c/i2c-dev.c index a01b59e3599b..7d337380a05d 100644 --- a/drivers/i2c/i2c-dev.c +++ b/drivers/i2c/i2c-dev.c @@ -450,8 +450,8 @@ static long i2cdev_ioctl(struct file *file, unsigned int cmd, unsigned long arg) if (rdwr_arg.nmsgs > I2C_RDWR_IOCTL_MAX_MSGS) return -EINVAL; - rdwr_pa = memdup_user(rdwr_arg.msgs, - rdwr_arg.nmsgs * sizeof(struct i2c_msg)); + rdwr_pa = memdup_array_user(rdwr_arg.msgs, + rdwr_arg.nmsgs, sizeof(struct i2c_msg)); if (IS_ERR(rdwr_pa)) return PTR_ERR(rdwr_pa);