drivers/tty/vt: use standard array-copy-functions

tty/vt currently uses memdup_user() and vmemdup_array_user() to copy
userspace arrays.

Whereas there is no danger of overflowing, the call to vmemdup_user()
currently utilizes array_size() to calculate the array size
nevertheless. This is not useful because array_size() would return
SIZE_MAX and pass it to vmemdup_user() in case of (the impossible)
overflow.

string.h from the core-API now provides the wrappers memdup_array_user()
and vmemdup_array_user() to copy userspace arrays in a standardized
manner. Additionally, they also perform generic overflow-checks.

Use these wrappers to make it more obvious and readable that arrays are
being copied.

As we are at it, remove two unnecessary empty lines.

Suggested-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Philipp Stanner <pstanner@redhat.com>
Link: https://lore.kernel.org/r/20231103111207.74621-2-pstanner@redhat.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/tty/vt/consolemap.c b/drivers/tty/vt/consolemap.c
index 5e39a4f430ee5cbcbdcf05f80819a6289b1d5b1c..82d70083fead062c77b8cfb097c3d86dc2b56279 100644 (file)
--- a/drivers/tty/vt/consolemap.c
+++ b/drivers/tty/vt/consolemap.c
@@ -644,7 +644,7 @@ int con_set_unimap(struct vc_data *vc, ushort ct, struct unipair __user *list)
        if (!ct)
                return 0;
 
-       unilist = vmemdup_user(list, array_size(sizeof(*unilist), ct));
+       unilist = vmemdup_array_user(list, ct, sizeof(*unilist));
        if (IS_ERR(unilist))
                return PTR_ERR(unilist);
 

diff --git a/drivers/tty/vt/keyboard.c b/drivers/tty/vt/keyboard.c
index 12a192e1196b3ddfe9cdc09d0d579b0139317ac0..a2116e135a82d48e353ea2857e8bafb9e2b0687e 100644 (file)
--- a/drivers/tty/vt/keyboard.c
+++ b/drivers/tty/vt/keyboard.c
@@ -1772,12 +1772,10 @@ int vt_do_diacrit(unsigned int cmd, void __user *udp, int perm)
                        return -EINVAL;
 
                if (ct) {
-
-                       dia = memdup_user(a->kbdiacr,
-                                       sizeof(struct kbdiacr) * ct);
+                       dia = memdup_array_user(a->kbdiacr,
+                                               ct, sizeof(struct kbdiacr));
                        if (IS_ERR(dia))
                                return PTR_ERR(dia);
-
                }
 
                spin_lock_irqsave(&kbd_event_lock, flags);
@@ -1811,8 +1809,8 @@ int vt_do_diacrit(unsigned int cmd, void __user *udp, int perm)
                        return -EINVAL;
 
                if (ct) {
-                       buf = memdup_user(a->kbdiacruc,
-                                         ct * sizeof(struct kbdiacruc));
+                       buf = memdup_array_user(a->kbdiacruc,
+                                               ct, sizeof(struct kbdiacruc));
                        if (IS_ERR(buf))
                                return PTR_ERR(buf);
                }