scsi: smartpqi: Replace kmalloc() + copy_from_user() with memdup_user()

Replace kmalloc() followed by copy_from_user() with memdup_user() to
simplify and improve pqi_passthru_ioctl().

Since memdup_user() already allocates memory, use kzalloc() in the else
branch instead of manually zeroing 'kernel_buffer' using memset(0).

Return early if an error occurs.  No functional changes intended.

Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
Acked-by: Don Brace <don.brace@microchip.com>
Message-Id: <20250922201832.1697874-2-thorsten.blum@linux.dev>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

diff --git a/drivers/scsi/smartpqi/smartpqi_init.c b/drivers/scsi/smartpqi/smartpqi_init.c
index 125944941601e683e9aa9d4fc6a346230bef904b..03c97e60d36f630140f9cfcac431d48767dcb8b3 100644 (file)
--- a/drivers/scsi/smartpqi/smartpqi_init.c
+++ b/drivers/scsi/smartpqi/smartpqi_init.c
@@ -20,6 +20,7 @@
 #include <linux/reboot.h>
 #include <linux/cciss_ioctl.h>
 #include <linux/crash_dump.h>
+#include <linux/string.h>
 #include <scsi/scsi_host.h>
 #include <scsi/scsi_cmnd.h>
 #include <scsi/scsi_device.h>
@@ -6774,17 +6775,15 @@ static int pqi_passthru_ioctl(struct pqi_ctrl_info *ctrl_info, void __user *arg)
        }
 
        if (iocommand.buf_size > 0) {
-               kernel_buffer = kmalloc(iocommand.buf_size, GFP_KERNEL);
-               if (!kernel_buffer)
-                       return -ENOMEM;
                if (iocommand.Request.Type.Direction & XFER_WRITE) {
-                       if (copy_from_user(kernel_buffer, iocommand.buf,
-                               iocommand.buf_size)) {
-                               rc = -EFAULT;
-                               goto out;
-                       }
+                       kernel_buffer = memdup_user(iocommand.buf,
+                                                   iocommand.buf_size);
+                       if (IS_ERR(kernel_buffer))
+                               return PTR_ERR(kernel_buffer);
                } else {
-                       memset(kernel_buffer, 0, iocommand.buf_size);
+                       kernel_buffer = kzalloc(iocommand.buf_size, GFP_KERNEL);
+                       if (!kernel_buffer)
+                               return -ENOMEM;
                }
        }