summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2018-06-12 18:28:00 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2018-06-12 18:28:00 -0700
commitb08fc5277aaa1d8ea15470d38bf36f19dfb0e125 (patch)
tree1910dc474cb1ede95581dd9faa81a3bebeded0dc /lib
parent4597fcff07044d89c646d0c5d8b42cd976d966a1 (diff)
parent9d2a789c1db75d0f55b14fa57bec548d94332ad8 (diff)
Merge tag 'overflow-v4.18-rc1-part2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
Pull more overflow updates from Kees Cook: "The rest of the overflow changes for v4.18-rc1. This includes the explicit overflow fixes from Silvio, further struct_size() conversions from Matthew, and a bug fix from Dan. But the bulk of it is the treewide conversions to use either the 2-factor argument allocators (e.g. kmalloc(a * b, ...) into kmalloc_array(a, b, ...) or the array_size() macros (e.g. vmalloc(a * b) into vmalloc(array_size(a, b)). Coccinelle was fighting me on several fronts, so I've done a bunch of manual whitespace updates in the patches as well. Summary: - Error path bug fix for overflow tests (Dan) - Additional struct_size() conversions (Matthew, Kees) - Explicitly reported overflow fixes (Silvio, Kees) - Add missing kvcalloc() function (Kees) - Treewide conversions of allocators to use either 2-factor argument variant when available, or array_size() and array3_size() as needed (Kees)" * tag 'overflow-v4.18-rc1-part2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: (26 commits) treewide: Use array_size in f2fs_kvzalloc() treewide: Use array_size() in f2fs_kzalloc() treewide: Use array_size() in f2fs_kmalloc() treewide: Use array_size() in sock_kmalloc() treewide: Use array_size() in kvzalloc_node() treewide: Use array_size() in vzalloc_node() treewide: Use array_size() in vzalloc() treewide: Use array_size() in vmalloc() treewide: devm_kzalloc() -> devm_kcalloc() treewide: devm_kmalloc() -> devm_kmalloc_array() treewide: kvzalloc() -> kvcalloc() treewide: kvmalloc() -> kvmalloc_array() treewide: kzalloc_node() -> kcalloc_node() treewide: kzalloc() -> kcalloc() treewide: kmalloc() -> kmalloc_array() mm: Introduce kvcalloc() video: uvesafb: Fix integer overflow in allocation UBIFS: Fix potential integer overflow in allocation leds: Use struct_size() in allocation Convert intel uncore to struct_size ...
Diffstat (limited to 'lib')
-rw-r--r--lib/argv_split.c2
-rw-r--r--lib/interval_tree_test.c5
-rw-r--r--lib/kfifo.c2
-rw-r--r--lib/lru_cache.c2
-rw-r--r--lib/mpi/mpiutil.c4
-rw-r--r--lib/rbtree_test.c2
-rw-r--r--lib/reed_solomon/reed_solomon.c6
-rw-r--r--lib/sbitmap.c2
-rw-r--r--lib/scatterlist.c3
-rw-r--r--lib/test_firmware.c10
-rw-r--r--lib/test_kmod.c5
-rw-r--r--lib/test_overflow.c2
-rw-r--r--lib/test_rhashtable.c13
13 files changed, 33 insertions, 25 deletions
diff --git a/lib/argv_split.c b/lib/argv_split.c
index 5c35752a9414..1a19a0a93dc1 100644
--- a/lib/argv_split.c
+++ b/lib/argv_split.c
@@ -69,7 +69,7 @@ char **argv_split(gfp_t gfp, const char *str, int *argcp)
return NULL;
argc = count_argc(argv_str);
- argv = kmalloc(sizeof(*argv) * (argc + 2), gfp);
+ argv = kmalloc_array(argc + 2, sizeof(*argv), gfp);
if (!argv) {
kfree(argv_str);
return NULL;
diff --git a/lib/interval_tree_test.c b/lib/interval_tree_test.c
index 835242e74aaa..75509a1511a3 100644
--- a/lib/interval_tree_test.c
+++ b/lib/interval_tree_test.c
@@ -64,11 +64,12 @@ static int interval_tree_test_init(void)
unsigned long results;
cycles_t time1, time2, time;
- nodes = kmalloc(nnodes * sizeof(struct interval_tree_node), GFP_KERNEL);
+ nodes = kmalloc_array(nnodes, sizeof(struct interval_tree_node),
+ GFP_KERNEL);
if (!nodes)
return -ENOMEM;
- queries = kmalloc(nsearches * sizeof(int), GFP_KERNEL);
+ queries = kmalloc_array(nsearches, sizeof(int), GFP_KERNEL);
if (!queries) {
kfree(nodes);
return -ENOMEM;
diff --git a/lib/kfifo.c b/lib/kfifo.c
index b0f757bf7213..015656aa8182 100644
--- a/lib/kfifo.c
+++ b/lib/kfifo.c
@@ -54,7 +54,7 @@ int __kfifo_alloc(struct __kfifo *fifo, unsigned int size,
return -EINVAL;
}
- fifo->data = kmalloc(size * esize, gfp_mask);
+ fifo->data = kmalloc_array(esize, size, gfp_mask);
if (!fifo->data) {
fifo->mask = 0;
diff --git a/lib/lru_cache.c b/lib/lru_cache.c
index 28ba40b99337..2b10a4024c35 100644
--- a/lib/lru_cache.c
+++ b/lib/lru_cache.c
@@ -119,7 +119,7 @@ struct lru_cache *lc_create(const char *name, struct kmem_cache *cache,
slot = kcalloc(e_count, sizeof(struct hlist_head), GFP_KERNEL);
if (!slot)
goto out_fail;
- element = kzalloc(e_count * sizeof(struct lc_element *), GFP_KERNEL);
+ element = kcalloc(e_count, sizeof(struct lc_element *), GFP_KERNEL);
if (!element)
goto out_fail;
diff --git a/lib/mpi/mpiutil.c b/lib/mpi/mpiutil.c
index 314f4dfa603e..20ed0f766787 100644
--- a/lib/mpi/mpiutil.c
+++ b/lib/mpi/mpiutil.c
@@ -91,14 +91,14 @@ int mpi_resize(MPI a, unsigned nlimbs)
return 0; /* no need to do it */
if (a->d) {
- p = kmalloc(nlimbs * sizeof(mpi_limb_t), GFP_KERNEL);
+ p = kmalloc_array(nlimbs, sizeof(mpi_limb_t), GFP_KERNEL);
if (!p)
return -ENOMEM;
memcpy(p, a->d, a->alloced * sizeof(mpi_limb_t));
kzfree(a->d);
a->d = p;
} else {
- a->d = kzalloc(nlimbs * sizeof(mpi_limb_t), GFP_KERNEL);
+ a->d = kcalloc(nlimbs, sizeof(mpi_limb_t), GFP_KERNEL);
if (!a->d)
return -ENOMEM;
}
diff --git a/lib/rbtree_test.c b/lib/rbtree_test.c
index 7d36c1e27ff6..b7055b2a07d3 100644
--- a/lib/rbtree_test.c
+++ b/lib/rbtree_test.c
@@ -247,7 +247,7 @@ static int __init rbtree_test_init(void)
cycles_t time1, time2, time;
struct rb_node *node;
- nodes = kmalloc(nnodes * sizeof(*nodes), GFP_KERNEL);
+ nodes = kmalloc_array(nnodes, sizeof(*nodes), GFP_KERNEL);
if (!nodes)
return -ENOMEM;
diff --git a/lib/reed_solomon/reed_solomon.c b/lib/reed_solomon/reed_solomon.c
index dfcf54242fb9..d8bb1a1eba72 100644
--- a/lib/reed_solomon/reed_solomon.c
+++ b/lib/reed_solomon/reed_solomon.c
@@ -88,15 +88,15 @@ static struct rs_codec *codec_init(int symsize, int gfpoly, int (*gffunc)(int),
rs->gffunc = gffunc;
/* Allocate the arrays */
- rs->alpha_to = kmalloc(sizeof(uint16_t) * (rs->nn + 1), gfp);
+ rs->alpha_to = kmalloc_array(rs->nn + 1, sizeof(uint16_t), gfp);
if (rs->alpha_to == NULL)
goto err;
- rs->index_of = kmalloc(sizeof(uint16_t) * (rs->nn + 1), gfp);
+ rs->index_of = kmalloc_array(rs->nn + 1, sizeof(uint16_t), gfp);
if (rs->index_of == NULL)
goto err;
- rs->genpoly = kmalloc(sizeof(uint16_t) * (rs->nroots + 1), gfp);
+ rs->genpoly = kmalloc_array(rs->nroots + 1, sizeof(uint16_t), gfp);
if(rs->genpoly == NULL)
goto err;
diff --git a/lib/sbitmap.c b/lib/sbitmap.c
index 6fdc6267f4a8..fdd1b8aa8ac6 100644
--- a/lib/sbitmap.c
+++ b/lib/sbitmap.c
@@ -52,7 +52,7 @@ int sbitmap_init_node(struct sbitmap *sb, unsigned int depth, int shift,
return 0;
}
- sb->map = kzalloc_node(sb->map_nr * sizeof(*sb->map), flags, node);
+ sb->map = kcalloc_node(sb->map_nr, sizeof(*sb->map), flags, node);
if (!sb->map)
return -ENOMEM;
diff --git a/lib/scatterlist.c b/lib/scatterlist.c
index 06dad7a072fd..1642fd507a96 100644
--- a/lib/scatterlist.c
+++ b/lib/scatterlist.c
@@ -170,7 +170,8 @@ static struct scatterlist *sg_kmalloc(unsigned int nents, gfp_t gfp_mask)
kmemleak_alloc(ptr, PAGE_SIZE, 1, gfp_mask);
return ptr;
} else
- return kmalloc(nents * sizeof(struct scatterlist), gfp_mask);
+ return kmalloc_array(nents, sizeof(struct scatterlist),
+ gfp_mask);
}
static void sg_kfree(struct scatterlist *sg, unsigned int nents)
diff --git a/lib/test_firmware.c b/lib/test_firmware.c
index cee000ac54d8..b984806d7d7b 100644
--- a/lib/test_firmware.c
+++ b/lib/test_firmware.c
@@ -618,8 +618,9 @@ static ssize_t trigger_batched_requests_store(struct device *dev,
mutex_lock(&test_fw_mutex);
- test_fw_config->reqs = vzalloc(sizeof(struct test_batched_req) *
- test_fw_config->num_requests * 2);
+ test_fw_config->reqs =
+ vzalloc(array3_size(sizeof(struct test_batched_req),
+ test_fw_config->num_requests, 2));
if (!test_fw_config->reqs) {
rc = -ENOMEM;
goto out_unlock;
@@ -720,8 +721,9 @@ ssize_t trigger_batched_requests_async_store(struct device *dev,
mutex_lock(&test_fw_mutex);
- test_fw_config->reqs = vzalloc(sizeof(struct test_batched_req) *
- test_fw_config->num_requests * 2);
+ test_fw_config->reqs =
+ vzalloc(array3_size(sizeof(struct test_batched_req),
+ test_fw_config->num_requests, 2));
if (!test_fw_config->reqs) {
rc = -ENOMEM;
goto out;
diff --git a/lib/test_kmod.c b/lib/test_kmod.c
index 0e5b7a61460b..e3ddd836491f 100644
--- a/lib/test_kmod.c
+++ b/lib/test_kmod.c
@@ -779,8 +779,9 @@ static int kmod_config_sync_info(struct kmod_test_device *test_dev)
struct test_config *config = &test_dev->config;
free_test_dev_info(test_dev);
- test_dev->info = vzalloc(config->num_threads *
- sizeof(struct kmod_test_device_info));
+ test_dev->info =
+ vzalloc(array_size(sizeof(struct kmod_test_device_info),
+ config->num_threads));
if (!test_dev->info)
return -ENOMEM;
diff --git a/lib/test_overflow.c b/lib/test_overflow.c
index aecbbb217305..2278fe05a1b0 100644
--- a/lib/test_overflow.c
+++ b/lib/test_overflow.c
@@ -367,7 +367,7 @@ static int __init test_overflow_allocation(void)
/* Create dummy device for devm_kmalloc()-family tests. */
dev = root_device_register(device_name);
- if (!dev) {
+ if (IS_ERR(dev)) {
pr_warn("Cannot register test device\n");
return 1;
}
diff --git a/lib/test_rhashtable.c b/lib/test_rhashtable.c
index f4000c137dbe..fb6968109113 100644
--- a/lib/test_rhashtable.c
+++ b/lib/test_rhashtable.c
@@ -285,12 +285,14 @@ static int __init test_rhltable(unsigned int entries)
if (entries == 0)
entries = 1;
- rhl_test_objects = vzalloc(sizeof(*rhl_test_objects) * entries);
+ rhl_test_objects = vzalloc(array_size(entries,
+ sizeof(*rhl_test_objects)));
if (!rhl_test_objects)
return -ENOMEM;
ret = -ENOMEM;
- obj_in_table = vzalloc(BITS_TO_LONGS(entries) * sizeof(unsigned long));
+ obj_in_table = vzalloc(array_size(sizeof(unsigned long),
+ BITS_TO_LONGS(entries)));
if (!obj_in_table)
goto out_free;
@@ -706,7 +708,8 @@ static int __init test_rht_init(void)
test_rht_params.max_size = max_size ? : roundup_pow_of_two(entries);
test_rht_params.nelem_hint = size;
- objs = vzalloc((test_rht_params.max_size + 1) * sizeof(struct test_obj));
+ objs = vzalloc(array_size(sizeof(struct test_obj),
+ test_rht_params.max_size + 1));
if (!objs)
return -ENOMEM;
@@ -753,10 +756,10 @@ static int __init test_rht_init(void)
pr_info("Testing concurrent rhashtable access from %d threads\n",
tcount);
sema_init(&prestart_sem, 1 - tcount);
- tdata = vzalloc(tcount * sizeof(struct thread_data));
+ tdata = vzalloc(array_size(tcount, sizeof(struct thread_data)));
if (!tdata)
return -ENOMEM;
- objs = vzalloc(tcount * entries * sizeof(struct test_obj));
+ objs = vzalloc(array3_size(sizeof(struct test_obj), tcount, entries));
if (!objs) {
vfree(tdata);
return -ENOMEM;