Commit b08fc527 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'overflow-v4.18-rc1-part2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

Pull more overflow updates from Kees Cook:
 "The rest of the overflow changes for v4.18-rc1.

  This includes the explicit overflow fixes from Silvio, further
  struct_size() conversions from Matthew, and a bug fix from Dan.

  But the bulk of it is the treewide conversions to use either the
  2-factor argument allocators (e.g. kmalloc(a * b, ...) into
  kmalloc_array(a, b, ...) or the array_size() macros (e.g. vmalloc(a *
  b) into vmalloc(array_size(a, b)).

  Coccinelle was fighting me on several fronts, so I've done a bunch of
  manual whitespace updates in the patches as well.

  Summary:

   - Error path bug fix for overflow tests (Dan)

   - Additional struct_size() conversions (Matthew, Kees)

   - Explicitly reported overflow fixes (Silvio, Kees)

   - Add missing kvcalloc() function (Kees)

   - Treewide conversions of allocators to use either 2-factor argument
     variant when available, or array_size() and array3_size() as needed
     (Kees)"

* tag 'overflow-v4.18-rc1-part2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: (26 commits)
  treewide: Use array_size in f2fs_kvzalloc()
  treewide: Use array_size() in f2fs_kzalloc()
  treewide: Use array_size() in f2fs_kmalloc()
  treewide: Use array_size() in sock_kmalloc()
  treewide: Use array_size() in kvzalloc_node()
  treewide: Use array_size() in vzalloc_node()
  treewide: Use array_size() in vzalloc()
  treewide: Use array_size() in vmalloc()
  treewide: devm_kzalloc() -> devm_kcalloc()
  treewide: devm_kmalloc() -> devm_kmalloc_array()
  treewide: kvzalloc() -> kvcalloc()
  treewide: kvmalloc() -> kvmalloc_array()
  treewide: kzalloc_node() -> kcalloc_node()
  treewide: kzalloc() -> kcalloc()
  treewide: kmalloc() -> kmalloc_array()
  mm: Introduce kvcalloc()
  video: uvesafb: Fix integer overflow in allocation
  UBIFS: Fix potential integer overflow in allocation
  leds: Use struct_size() in allocation
  Convert intel uncore to struct_size
  ...
parents 4597fcff 9d2a789c
......@@ -286,7 +286,7 @@ asmlinkage long sys_oabi_epoll_wait(int epfd,
return -EINVAL;
if (!access_ok(VERIFY_WRITE, events, sizeof(*events) * maxevents))
return -EFAULT;
kbuf = kmalloc(sizeof(*kbuf) * maxevents, GFP_KERNEL);
kbuf = kmalloc_array(maxevents, sizeof(*kbuf), GFP_KERNEL);
if (!kbuf)
return -ENOMEM;
fs = get_fs();
......@@ -324,7 +324,7 @@ asmlinkage long sys_oabi_semtimedop(int semid,
return -EINVAL;
if (!access_ok(VERIFY_READ, tsops, sizeof(*tsops) * nsops))
return -EFAULT;
sops = kmalloc(sizeof(*sops) * nsops, GFP_KERNEL);
sops = kmalloc_array(nsops, sizeof(*sops), GFP_KERNEL);
if (!sops)
return -ENOMEM;
err = 0;
......
......@@ -252,7 +252,7 @@ int __init dc21285_setup(int nr, struct pci_sys_data *sys)
if (nr || !footbridge_cfn_mode())
return 0;
res = kzalloc(sizeof(struct resource) * 2, GFP_KERNEL);
res = kcalloc(2, sizeof(struct resource), GFP_KERNEL);
if (!res) {
printk("out of memory for root bus resources");
return 0;
......
......@@ -421,7 +421,7 @@ int ixp4xx_setup(int nr, struct pci_sys_data *sys)
if (nr >= 1)
return 0;
res = kzalloc(sizeof(*res) * 2, GFP_KERNEL);
res = kcalloc(2, sizeof(*res), GFP_KERNEL);
if (res == NULL) {
/*
* If we're out of memory this early, something is wrong,
......
......@@ -389,7 +389,7 @@ static void omap_mcbsp_register_board_cfg(struct resource *res, int res_count,
{
int i;
omap_mcbsp_devices = kzalloc(size * sizeof(struct platform_device *),
omap_mcbsp_devices = kcalloc(size, sizeof(struct platform_device *),
GFP_KERNEL);
if (!omap_mcbsp_devices) {
printk(KERN_ERR "Could not register McBSP devices\n");
......
......@@ -34,7 +34,7 @@ static int __init omap_hsmmc_pdata_init(struct omap2_hsmmc_info *c,
{
char *hc_name;
hc_name = kzalloc(sizeof(char) * (HSMMC_NAME_LEN + 1), GFP_KERNEL);
hc_name = kzalloc(HSMMC_NAME_LEN + 1, GFP_KERNEL);
if (!hc_name) {
kfree(hc_name);
return -ENOMEM;
......
......@@ -162,7 +162,7 @@ static int omap_device_build_from_dt(struct platform_device *pdev)
!omap_hwmod_parse_module_range(NULL, node, &res))
return -ENODEV;
hwmods = kzalloc(sizeof(struct omap_hwmod *) * oh_cnt, GFP_KERNEL);
hwmods = kcalloc(oh_cnt, sizeof(struct omap_hwmod *), GFP_KERNEL);
if (!hwmods) {
ret = -ENOMEM;
goto odbfd_exit;
......@@ -413,7 +413,7 @@ omap_device_copy_resources(struct omap_hwmod *oh,
goto error;
}
res = kzalloc(sizeof(*res) * 2, GFP_KERNEL);
res = kcalloc(2, sizeof(*res), GFP_KERNEL);
if (!res)
return -ENOMEM;
......
......@@ -285,10 +285,11 @@ int omap_prcm_register_chain_handler(struct omap_prcm_irq_setup *irq_setup)
prcm_irq_setup = irq_setup;
prcm_irq_chips = kzalloc(sizeof(void *) * nr_regs, GFP_KERNEL);
prcm_irq_setup->saved_mask = kzalloc(sizeof(u32) * nr_regs, GFP_KERNEL);
prcm_irq_setup->priority_mask = kzalloc(sizeof(u32) * nr_regs,
GFP_KERNEL);
prcm_irq_chips = kcalloc(nr_regs, sizeof(void *), GFP_KERNEL);
prcm_irq_setup->saved_mask = kcalloc(nr_regs, sizeof(u32),
GFP_KERNEL);
prcm_irq_setup->priority_mask = kcalloc(nr_regs, sizeof(u32),
GFP_KERNEL);
if (!prcm_irq_chips || !prcm_irq_setup->saved_mask ||
!prcm_irq_setup->priority_mask)
......
......@@ -403,7 +403,7 @@ static int ve_spc_populate_opps(uint32_t cluster)
uint32_t data = 0, off, ret, idx;
struct ve_spc_opp *opps;
opps = kzalloc(sizeof(*opps) * MAX_OPPS, GFP_KERNEL);
opps = kcalloc(MAX_OPPS, sizeof(*opps), GFP_KERNEL);
if (!opps)
return -ENOMEM;
......
......@@ -2162,8 +2162,8 @@ arm_iommu_create_mapping(struct bus_type *bus, dma_addr_t base, u64 size)
goto err;
mapping->bitmap_size = bitmap_size;
mapping->bitmaps = kzalloc(extensions * sizeof(unsigned long *),
GFP_KERNEL);
mapping->bitmaps = kcalloc(extensions, sizeof(unsigned long *),
GFP_KERNEL);
if (!mapping->bitmaps)
goto err2;
......
......@@ -20,7 +20,7 @@
#include "mm.h"
#ifdef CONFIG_ARM_LPAE
#define __pgd_alloc() kmalloc(PTRS_PER_PGD * sizeof(pgd_t), GFP_KERNEL)
#define __pgd_alloc() kmalloc_array(PTRS_PER_PGD, sizeof(pgd_t), GFP_KERNEL)
#define __pgd_free(pgd) kfree(pgd)
#else
#define __pgd_alloc() (pgd_t *)__get_free_pages(GFP_KERNEL, 2)
......
......@@ -766,8 +766,9 @@ static int coverage_start_fn(const struct decode_header *h, void *args)
static int coverage_start(const union decode_item *table)
{
coverage.base = kmalloc(MAX_COVERAGE_ENTRIES *
sizeof(struct coverage_entry), GFP_KERNEL);
coverage.base = kmalloc_array(MAX_COVERAGE_ENTRIES,
sizeof(struct coverage_entry),
GFP_KERNEL);
coverage.num_entries = 0;
coverage.nesting = 0;
return table_iter(table, coverage_start_fn, &coverage);
......
......@@ -234,8 +234,8 @@ static void __init register_insn_emulation_sysctl(void)
struct insn_emulation *insn;
struct ctl_table *insns_sysctl, *sysctl;
insns_sysctl = kzalloc(sizeof(*sysctl) * (nr_insn_emulated + 1),
GFP_KERNEL);
insns_sysctl = kcalloc(nr_insn_emulated + 1, sizeof(*sysctl),
GFP_KERNEL);
raw_spin_lock_irqsave(&insn_emulation_lock, flags);
list_for_each_entry(insn, &insn_emulation, node) {
......
......@@ -263,7 +263,7 @@ static int asids_init(void)
*/
WARN_ON(NUM_USER_ASIDS - 1 <= num_possible_cpus());
atomic64_set(&asid_generation, ASID_FIRST_VERSION);
asid_map = kzalloc(BITS_TO_LONGS(NUM_USER_ASIDS) * sizeof(*asid_map),
asid_map = kcalloc(BITS_TO_LONGS(NUM_USER_ASIDS), sizeof(*asid_map),
GFP_KERNEL);
if (!asid_map)
panic("Failed to allocate bitmap for %lu ASIDs\n",
......
......@@ -350,7 +350,8 @@ init_record_index_pools(void)
/* - 3 - */
slidx_pool.max_idx = (rec_max_size/sect_min_size) * 2 + 1;
slidx_pool.buffer =
kmalloc(slidx_pool.max_idx * sizeof(slidx_list_t), GFP_KERNEL);
kmalloc_array(slidx_pool.max_idx, sizeof(slidx_list_t),
GFP_KERNEL);
return slidx_pool.buffer ? 0 : -ENOMEM;
}
......
......@@ -85,7 +85,7 @@ static int __init topology_init(void)
}
#endif
sysfs_cpus = kzalloc(sizeof(struct ia64_cpu) * NR_CPUS, GFP_KERNEL);
sysfs_cpus = kcalloc(NR_CPUS, sizeof(struct ia64_cpu), GFP_KERNEL);
if (!sysfs_cpus)
panic("kzalloc in topology_init failed - NR_CPUS too big?");
......@@ -319,8 +319,8 @@ static int cpu_cache_sysfs_init(unsigned int cpu)
return -1;
}
this_cache=kzalloc(sizeof(struct cache_info)*unique_caches,
GFP_KERNEL);
this_cache=kcalloc(unique_caches, sizeof(struct cache_info),
GFP_KERNEL);
if (this_cache == NULL)
return -ENOMEM;
......
......@@ -430,8 +430,9 @@ int ia64_itr_entry(u64 target_mask, u64 va, u64 pte, u64 log_size)
int cpu = smp_processor_id();
if (!ia64_idtrs[cpu]) {
ia64_idtrs[cpu] = kmalloc(2 * IA64_TR_ALLOC_MAX *
sizeof (struct ia64_tr_entry), GFP_KERNEL);
ia64_idtrs[cpu] = kmalloc_array(2 * IA64_TR_ALLOC_MAX,
sizeof(struct ia64_tr_entry),
GFP_KERNEL);
if (!ia64_idtrs[cpu])
return -ENOMEM;
}
......
......@@ -132,7 +132,7 @@ static s64 sn_device_fixup_war(u64 nasid, u64 widget, int device,
printk_once(KERN_WARNING
"PROM version < 4.50 -- implementing old PROM flush WAR\n");
war_list = kzalloc(DEV_PER_WIDGET * sizeof(*war_list), GFP_KERNEL);
war_list = kcalloc(DEV_PER_WIDGET, sizeof(*war_list), GFP_KERNEL);
BUG_ON(!war_list);
SAL_CALL_NOLOCK(isrv, SN_SAL_IOIF_GET_WIDGET_DMAFLUSH_LIST,
......
......@@ -474,7 +474,8 @@ void __init sn_irq_lh_init(void)
{
int i;
sn_irq_lh = kmalloc(sizeof(struct list_head *) * NR_IRQS, GFP_KERNEL);
sn_irq_lh = kmalloc_array(NR_IRQS, sizeof(struct list_head *),
GFP_KERNEL);
if (!sn_irq_lh)
panic("SN PCI INIT: Failed to allocate memory for PCI init\n");
......
......@@ -184,7 +184,7 @@ pcibr_bus_fixup(struct pcibus_bussoft *prom_bussoft, struct pci_controller *cont
/* Setup the PMU ATE map */
soft->pbi_int_ate_resource.lowest_free_index = 0;
soft->pbi_int_ate_resource.ate =
kzalloc(soft->pbi_int_ate_size * sizeof(u64), GFP_KERNEL);
kcalloc(soft->pbi_int_ate_size, sizeof(u64), GFP_KERNEL);
if (!soft->pbi_int_ate_resource.ate) {
kfree(soft);
......
......@@ -985,7 +985,7 @@ static int __init alchemy_clk_setup_imux(int ctype)
return -ENODEV;
}
a = kzalloc((sizeof(*a)) * 6, GFP_KERNEL);
a = kcalloc(6, sizeof(*a), GFP_KERNEL);
if (!a)
return -ENOMEM;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment