Staging: bcm: Use memdup_user rather than duplicating its implementation

This is a little bit restricted to reduce false positives

The semantic patch that makes this change is available
in scripts/coccinelle/api/memdup_user.cocci.

More information about semantic patching is available at
http://coccinelle.lip6.fr/

Signed-off-by: Thomas Meyer <thomas@m3y3r.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/staging/bcm/Bcmchar.c b/drivers/staging/bcm/Bcmchar.c
index 8bf3f575160ff845304b1bd5eb8d3849abaeedaa..cf3059216958e6cdfe5d7ce589549cc5c223978d 100644 (file)
--- a/drivers/staging/bcm/Bcmchar.c
+++ b/drivers/staging/bcm/Bcmchar.c
@@ -728,14 +728,10 @@ static long bcm_char_ioctl(struct file *filp, UINT cmd, ULONG arg)
                if (IoBuffer.InputLength > MAX_CNTL_PKT_SIZE)
                        return -EINVAL;
 
-               pvBuffer = kmalloc(IoBuffer.InputLength, GFP_KERNEL);
-               if (!pvBuffer)
-                       return -ENOMEM;
-
-               if (copy_from_user(pvBuffer, IoBuffer.InputBuffer, IoBuffer.InputLength)) {
-                       kfree(pvBuffer);
-                       return -EFAULT;
-               }
+               pvBuffer = memdup_user(IoBuffer.InputBuffer,
+                                      IoBuffer.InputLength);
+               if (IS_ERR(pvBuffer))
+                       return PTR_ERR(pvBuffer);
 
                down(&Adapter->LowPowerModeSync);
                Status = wait_event_interruptible_timeout(Adapter->lowpower_mode_wait_queue,
@@ -1140,15 +1136,10 @@ cntrlEnd:
                if (IoBuffer.InputLength < sizeof(ULONG) * 2)
                        return -EINVAL;
 
-               pvBuffer = kmalloc(IoBuffer.InputLength, GFP_KERNEL);
-               if (!pvBuffer)
-                       return -ENOMEM;
-
-               /* Get WrmBuffer structure */
-               if (copy_from_user(pvBuffer, IoBuffer.InputBuffer, IoBuffer.InputLength)) {
-                       kfree(pvBuffer);
-                       return -EFAULT;
-               }
+               pvBuffer = memdup_user(IoBuffer.InputBuffer,
+                                      IoBuffer.InputLength);
+               if (IS_ERR(pvBuffer))
+                       return PTR_ERR(pvBuffer);
 
                pBulkBuffer = (PBULKWRM_BUFFER)pvBuffer;
 
@@ -1310,14 +1301,10 @@ cntrlEnd:
                        return STATUS_FAILURE;
                }
 
-               pReadData = kzalloc(stNVMReadWrite.uiNumBytes, GFP_KERNEL);
-               if (!pReadData)
-                       return -ENOMEM;
-
-               if (copy_from_user(pReadData, stNVMReadWrite.pBuffer, stNVMReadWrite.uiNumBytes)) {
-                       kfree(pReadData);
-                       return -EFAULT;
-               }
+               pReadData = memdup_user(stNVMReadWrite.pBuffer,
+                                       stNVMReadWrite.uiNumBytes);
+               if (IS_ERR(pReadData))
+                       return PTR_ERR(pReadData);
 
                do_gettimeofday(&tv0);
                if (IOCTL_BCM_NVM_READ == cmd) {