Use memdup_user when user data is immediately copied into the allocated
region.  Elimination of the variable ads, which is no longer useful.

The semantic patch that makes this change is as follows:
(http://coccinelle.lip6.fr/)

// <smpl>
@@
expression from,to,size,flag;
position p;
identifier l1,l2;
@@

-  to = \(kmalloc@p\|kzalloc@p\)(size,flag);
+  to = memdup_user(from,size);
   if (
-      to==NULL
+      IS_ERR(to)
                 || ...) {
   <+... when != goto l1;
-  -ENOMEM
+  PTR_ERR(to)
   ...+>
   }
-  if (copy_from_user(to, from, size) != 0) {
-    <+... when != goto l2;
-    -EFAULT
-    ...+>
-  }
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>
Cc: Ian Kent <raven@themaw.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
Julia Lawall 2010-05-26 14:42:13 -07:00 коммит произвёл Linus Torvalds
Родитель b81d67a50c
Коммит 7ca5ca60cb
1 изменённых файлов: 2 добавлений и 11 удалений

Просмотреть файл

@ -95,7 +95,7 @@ static int check_dev_ioctl_version(int cmd, struct autofs_dev_ioctl *param)
*/ */
static struct autofs_dev_ioctl *copy_dev_ioctl(struct autofs_dev_ioctl __user *in) static struct autofs_dev_ioctl *copy_dev_ioctl(struct autofs_dev_ioctl __user *in)
{ {
struct autofs_dev_ioctl tmp, *ads; struct autofs_dev_ioctl tmp;
if (copy_from_user(&tmp, in, sizeof(tmp))) if (copy_from_user(&tmp, in, sizeof(tmp)))
return ERR_PTR(-EFAULT); return ERR_PTR(-EFAULT);
@ -103,16 +103,7 @@ static struct autofs_dev_ioctl *copy_dev_ioctl(struct autofs_dev_ioctl __user *i
if (tmp.size < sizeof(tmp)) if (tmp.size < sizeof(tmp))
return ERR_PTR(-EINVAL); return ERR_PTR(-EINVAL);
ads = kmalloc(tmp.size, GFP_KERNEL); return memdup_user(in, tmp.size);
if (!ads)
return ERR_PTR(-ENOMEM);
if (copy_from_user(ads, in, tmp.size)) {
kfree(ads);
return ERR_PTR(-EFAULT);
}
return ads;
} }
static inline void free_dev_ioctl(struct autofs_dev_ioctl *param) static inline void free_dev_ioctl(struct autofs_dev_ioctl *param)