diff options
author | Gustavo A. R. Silva <gustavoars@kernel.org> | 2020-07-31 16:09:56 +0300 |
---|---|---|
committer | Michael S. Tsirkin <mst@redhat.com> | 2020-08-05 18:08:42 +0300 |
commit | bf11d71a0a919c32158dd89891d95f6f91a323b2 (patch) | |
tree | 9f8a34181ca94615eaea97bb51251be65a3ae315 | |
parent | 0ea9ee430e74b16c6b17e70757d1c26d8d140e1f (diff) | |
download | linux-bf11d71a0a919c32158dd89891d95f6f91a323b2.tar.xz |
vhost: Use flex_array_size() helper in copy_from_user()
Make use of the flex_array_size() helper to calculate the size of a
flexible array member within an enclosing structure.
This helper offers defense-in-depth against potential integer
overflows, while at the same time makes it explicitly clear that
we are dealing with a flexible array member.
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Link: https://lore.kernel.org/r/20200731130956.GA30525@embeddedor
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-rw-r--r-- | drivers/vhost/vhost.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c index d7b8df3edffc..39183ed738a1 100644 --- a/drivers/vhost/vhost.c +++ b/drivers/vhost/vhost.c @@ -1405,7 +1405,7 @@ static long vhost_set_memory(struct vhost_dev *d, struct vhost_memory __user *m) memcpy(newmem, &mem, size); if (copy_from_user(newmem->regions, m->regions, - mem.nregions * sizeof *m->regions)) { + flex_array_size(newmem, regions, mem.nregions))) { kvfree(newmem); return -EFAULT; } |