aboutsummaryrefslogtreecommitdiffstats
path: root/kernel/watch_queue.c
diff options
context:
space:
mode:
authorPhilipp Stanner <pstanner@redhat.com>2023-09-20 14:36:11 +0200
committerDave Airlie <airlied@redhat.com>2023-10-09 16:59:48 +1000
commitca0776571d3163bd03b3e8c9e3da936abfaecbf6 (patch)
treee9badd886152b006c499a64c601b31743802e4c3 /kernel/watch_queue.c
parent569c8d82f95eb5993c84fb61a649a9c4ddd208b3 (diff)
downloadlinux-ca0776571d3163bd03b3e8c9e3da936abfaecbf6.tar.gz
kernel: watch_queue: copy user-array safely
Currently, there is no overflow-check with memdup_user(). Use the new function memdup_array_user() instead of memdup_user() for duplicating the user-space array safely. Suggested-by: David Airlie <airlied@redhat.com> Signed-off-by: Philipp Stanner <pstanner@redhat.com> Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: Zack Rusin <zackr@vmware.com> Signed-off-by: Dave Airlie <airlied@redhat.com> Link: https://patchwork.freedesktop.org/patch/msgid/20230920123612.16914-5-pstanner@redhat.com
Diffstat (limited to 'kernel/watch_queue.c')
-rw-r--r--kernel/watch_queue.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/watch_queue.c b/kernel/watch_queue.c
index d0b6b390ee423..778b4056700ff 100644
--- a/kernel/watch_queue.c
+++ b/kernel/watch_queue.c
@@ -331,7 +331,7 @@ long watch_queue_set_filter(struct pipe_inode_info *pipe,
filter.__reserved != 0)
return -EINVAL;
- tf = memdup_user(_filter->filters, filter.nr_filters * sizeof(*tf));
+ tf = memdup_array_user(_filter->filters, filter.nr_filters, sizeof(*tf));
if (IS_ERR(tf))
return PTR_ERR(tf);
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-19 20:53:23 +0000