vhost: Use flex_array_size() helper in copy_from_user()

Make use of the flex_array_size() helper to calculate the size of a flexible array member within an enclosing structure. This helper offers defense-in-depth against potential integer overflows, while at the same time makes it explicitly clear that we are dealing with a flexible array member. Signed-off-by: N Gustavo A. R. Silva <gustavoars@kernel.org> Link: https://lore.kernel.org/r/20200731130956.GA30525@embeddedorSigned-off-by: N Michael S. Tsirkin <mst@redhat.com>

vhost: Use flex_array_size() helper in copy_from_user()
Make use of the flex_array_size() helper to calculate the size of a flexible array member within an enclosing structure. This helper offers defense-in-depth against potential integer overflows, while at the same time makes it explicitly clear that we are dealing with a flexible array member. Signed-off-by: N Gustavo A. R. Silva <gustavoars@kernel.org> Link: https://lore.kernel.org/r/20200731130956.GA30525@embeddedorSigned-off-by: N Michael S. Tsirkin <mst@redhat.com>
bf11d71a · Gustavo A. R. Silva · Michael S. Tsirkin · 0ea9ee43 · bf11d71a
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

drivers/vhost/vhost.c drivers/vhost/vhost.c +1 -1

未找到文件。
--- a/drivers/vhost/vhost.c
+++ b/drivers/vhost/vhost.c
@@ -1405,7 +1405,7 @@ static long vhost_set_memory(struct vhost_dev *d, struct vhost_memory __user *m)
 	memcpy(newmem, &mem, size);
 	if (copy_from_user(newmem->regions, m->regions,
-			   mem.nregions * sizeof *m->regions)) {
+			   flex_array_size(newmem, regions, mem.nregions))) {
 		kvfree(newmem);
 		return -EFAULT;
 	}