From: Andy Shevchenko Date: Sun, 4 Jun 2023 13:12:14 +0000 (+0300) Subject: pinctrl: Duplicate user memory in one go in pinmux_select() X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=0d8675e1dfa6253e92b6e42504094d42f27d3ca6;p=linux.git pinctrl: Duplicate user memory in one go in pinmux_select() Current code is suboptimal in three ways: 1) it explicitly terminates the string which is not needed; 2) it might provoke additional faults, because asked lenght might be bigger than the real one; 3) it consumes more than needed lines in the source. Instead of using kmalloc() + strncpy_from_user() + terminating, just utilize memdup_user_nul(). Signed-off-by: Andy Shevchenko Link: https://lore.kernel.org/r/20230604131215.78847-1-andriy.shevchenko@linux.intel.com Signed-off-by: Linus Walleij --- diff --git a/drivers/pinctrl/pinmux.c b/drivers/pinctrl/pinmux.c index 0213826326080..2d2f3bd164d54 100644 --- a/drivers/pinctrl/pinmux.c +++ b/drivers/pinctrl/pinmux.c @@ -692,14 +692,9 @@ static ssize_t pinmux_select(struct file *file, const char __user *user_buf, if (len > PINMUX_SELECT_MAX) return -ENOMEM; - buf = kzalloc(PINMUX_SELECT_MAX, GFP_KERNEL); - if (!buf) - return -ENOMEM; - - ret = strncpy_from_user(buf, user_buf, PINMUX_SELECT_MAX); - if (ret < 0) - goto exit_free_buf; - buf[len-1] = '\0'; + buf = memdup_user_nul(user_buf, len); + if (IS_ERR(buf)) + return PTR_ERR(buf); /* remove leading and trailing spaces of input buffer */ gname = strstrip(buf);