Commit bf11d71a authored by Gustavo A. R. Silva's avatar Gustavo A. R. Silva Committed by Michael S. Tsirkin
Browse files

vhost: Use flex_array_size() helper in copy_from_user() 



Make use of the flex_array_size() helper to calculate the size of a
flexible array member within an enclosing structure.

This helper offers defense-in-depth against potential integer
overflows, while at the same time makes it explicitly clear that
we are dealing with a flexible array member.

Signed-off-by: default avatarGustavo A. R. Silva <gustavoars@kernel.org>
Link: https://lore.kernel.org/r/20200731130956.GA30525@embeddedor


Signed-off-by: default avatarMichael S. Tsirkin <mst@redhat.com>
parent 0ea9ee43

drivers/vhost/vhost.c

+1 −1
Original line number Diff line number Diff line
@@ -1405,7 +1405,7 @@ static long vhost_set_memory(struct vhost_dev *d, struct vhost_memory __user *m) 


	memcpy(newmem, &mem, size);

	if (copy_from_user(newmem->regions, m->regions,

			   mem.nregions * sizeof *m->regions)) {

			   flex_array_size(newmem, regions, mem.nregions))) {

		kvfree(newmem);

		return -EFAULT;

	}

CRA Git | Maintained and supported by SUSTech CRA and CCSE