bpf: Use kmemdup_array instead of kmemdup for multiple allocation

Let the kmemdup_array() take care about multiplication and possible
overflows.

Signed-off-by: Yu Jiaoliang <yujiaoliang@vivo.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20240821073709.4067177-1-yujiaoliang@vivo.com

diff --git a/net/core/filter.c b/net/core/filter.c
index 78a6f746ea0ba045773a11d07645e6c4140fee04..ecf2ddf633bfc5f19b63cb87af05da97ca79b896 100644 (file)
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -1265,8 +1265,8 @@ static struct bpf_prog *bpf_migrate_filter(struct bpf_prog *fp)
         * so we need to keep the user BPF around until the 2nd
         * pass. At this time, the user BPF is stored in fp->insns.
         */
-       old_prog = kmemdup(fp->insns, old_len * sizeof(struct sock_filter),
-                          GFP_KERNEL | __GFP_NOWARN);
+       old_prog = kmemdup_array(fp->insns, old_len, sizeof(struct sock_filter),
+                                GFP_KERNEL | __GFP_NOWARN);
        if (!old_prog) {
                err = -ENOMEM;
                goto out_err;