drivers/comedi: use standard array-copy-function

comedi_fops.c utilizes memdup_user() to copy a userspace array.

The new function memdup_array_user() provides a standardized way to copy
userspace-arrays. It makes it easier to see that an array is being
copied and, additionally, performs a generic overflow-check which might
help make the code more robust in case of changes in the future.

Replace memdup_user() with memdup_array_user().

Suggested-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Philipp Stanner <pstanner@redhat.com>
Reviewed-by: Ian Abbott <abbotti@mev.co.uk>
Link: https://lore.kernel.org/r/20231103112932.75795-2-pstanner@redhat.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/comedi/comedi_fops.c b/drivers/comedi/comedi_fops.c
index 1548dea15df140967d7c321834134d9ac43d0017..1b481731df964ed67e1e8909ee084ed7292941b7 100644 (file)
--- a/drivers/comedi/comedi_fops.c
+++ b/drivers/comedi/comedi_fops.c
@@ -1714,8 +1714,8 @@ static int __comedi_get_user_chanlist(struct comedi_device *dev,
 
        lockdep_assert_held(&dev->mutex);
        cmd->chanlist = NULL;
-       chanlist = memdup_user(user_chanlist,
-                              cmd->chanlist_len * sizeof(unsigned int));
+       chanlist = memdup_array_user(user_chanlist,
+                                    cmd->chanlist_len, sizeof(unsigned int));
        if (IS_ERR(chanlist))
                return PTR_ERR(chanlist);