From: Yu Jiaoliang <yujiaoliang@vivo.com>
Date: Wed, 21 Aug 2024 07:37:08 +0000 (+0800)
Subject: bpf: Use kmemdup_array instead of kmemdup for multiple allocation
X-Git-Tag: v6.12-rc1~112^2~82
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b6ab50902724a27f1fc7136927c27d29f9ba01c6;p=thirdparty%2Fkernel%2Flinux.git

bpf: Use kmemdup_array instead of kmemdup for multiple allocation

Let the kmemdup_array() take care about multiplication and possible
overflows.

Signed-off-by: Yu Jiaoliang <yujiaoliang@vivo.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20240821073709.4067177-1-yujiaoliang@vivo.com
---

diff --git a/net/core/filter.c b/net/core/filter.c
index 78a6f746ea0ba..ecf2ddf633bfc 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -1265,8 +1265,8 @@ static struct bpf_prog *bpf_migrate_filter(struct bpf_prog *fp)
 	 * so we need to keep the user BPF around until the 2nd
 	 * pass. At this time, the user BPF is stored in fp->insns.
 	 */
-	old_prog = kmemdup(fp->insns, old_len * sizeof(struct sock_filter),
-			   GFP_KERNEL | __GFP_NOWARN);
+	old_prog = kmemdup_array(fp->insns, old_len, sizeof(struct sock_filter),
+				 GFP_KERNEL | __GFP_NOWARN);
 	if (!old_prog) {
 		err = -ENOMEM;
 		goto out_err;