diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2018-06-13 04:28:00 +0300 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2018-06-13 04:28:00 +0300 |
| commit | b08fc5277aaa1d8ea15470d38bf36f19dfb0e125 (patch) | |
| tree | 1910dc474cb1ede95581dd9faa81a3bebeded0dc /drivers/xen | |
| parent | 4597fcff07044d89c646d0c5d8b42cd976d966a1 (diff) | |
| parent | 9d2a789c1db75d0f55b14fa57bec548d94332ad8 (diff) | |
| download | linux-b08fc5277aaa1d8ea15470d38bf36f19dfb0e125.tar.xz | |
Merge tag 'overflow-v4.18-rc1-part2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
Pull more overflow updates from Kees Cook:
"The rest of the overflow changes for v4.18-rc1.
This includes the explicit overflow fixes from Silvio, further
struct_size() conversions from Matthew, and a bug fix from Dan.
But the bulk of it is the treewide conversions to use either the
2-factor argument allocators (e.g. kmalloc(a * b, ...) into
kmalloc_array(a, b, ...) or the array_size() macros (e.g. vmalloc(a *
b) into vmalloc(array_size(a, b)).
Coccinelle was fighting me on several fronts, so I've done a bunch of
manual whitespace updates in the patches as well.
Summary:
- Error path bug fix for overflow tests (Dan)
- Additional struct_size() conversions (Matthew, Kees)
- Explicitly reported overflow fixes (Silvio, Kees)
- Add missing kvcalloc() function (Kees)
- Treewide conversions of allocators to use either 2-factor argument
variant when available, or array_size() and array3_size() as needed
(Kees)"
* tag 'overflow-v4.18-rc1-part2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: (26 commits)
treewide: Use array_size in f2fs_kvzalloc()
treewide: Use array_size() in f2fs_kzalloc()
treewide: Use array_size() in f2fs_kmalloc()
treewide: Use array_size() in sock_kmalloc()
treewide: Use array_size() in kvzalloc_node()
treewide: Use array_size() in vzalloc_node()
treewide: Use array_size() in vzalloc()
treewide: Use array_size() in vmalloc()
treewide: devm_kzalloc() -> devm_kcalloc()
treewide: devm_kmalloc() -> devm_kmalloc_array()
treewide: kvzalloc() -> kvcalloc()
treewide: kvmalloc() -> kvmalloc_array()
treewide: kzalloc_node() -> kcalloc_node()
treewide: kzalloc() -> kcalloc()
treewide: kmalloc() -> kmalloc_array()
mm: Introduce kvcalloc()
video: uvesafb: Fix integer overflow in allocation
UBIFS: Fix potential integer overflow in allocation
leds: Use struct_size() in allocation
Convert intel uncore to struct_size
...
Diffstat (limited to 'drivers/xen')
| -rw-r--r-- | drivers/xen/arm-device.c | 6 | ||||
| -rw-r--r-- | drivers/xen/evtchn.c | 2 | ||||
| -rw-r--r-- | drivers/xen/grant-table.c | 7 | ||||
| -rw-r--r-- | drivers/xen/xen-pciback/pciback_ops.c | 2 |
4 files changed, 9 insertions, 8 deletions
diff --git a/drivers/xen/arm-device.c b/drivers/xen/arm-device.c index 85dd20e05726..3e789c77f568 100644 --- a/drivers/xen/arm-device.c +++ b/drivers/xen/arm-device.c @@ -70,9 +70,9 @@ static int xen_map_device_mmio(const struct resource *resources, if ((resource_type(r) != IORESOURCE_MEM) || (nr == 0)) continue; - gpfns = kzalloc(sizeof(xen_pfn_t) * nr, GFP_KERNEL); - idxs = kzalloc(sizeof(xen_ulong_t) * nr, GFP_KERNEL); - errs = kzalloc(sizeof(int) * nr, GFP_KERNEL); + gpfns = kcalloc(nr, sizeof(xen_pfn_t), GFP_KERNEL); + idxs = kcalloc(nr, sizeof(xen_ulong_t), GFP_KERNEL); + errs = kcalloc(nr, sizeof(int), GFP_KERNEL); if (!gpfns || !idxs || !errs) { kfree(gpfns); kfree(idxs); diff --git a/drivers/xen/evtchn.c b/drivers/xen/evtchn.c index 8cac07ab60ab..6d1a5e58968f 100644 --- a/drivers/xen/evtchn.c +++ b/drivers/xen/evtchn.c @@ -322,7 +322,7 @@ static int evtchn_resize_ring(struct per_user_data *u) else new_size = 2 * u->ring_size; - new_ring = kvmalloc(new_size * sizeof(*new_ring), GFP_KERNEL); + new_ring = kvmalloc_array(new_size, sizeof(*new_ring), GFP_KERNEL); if (!new_ring) return -ENOMEM; diff --git a/drivers/xen/grant-table.c b/drivers/xen/grant-table.c index 27be107d6480..2473b0a9e6e4 100644 --- a/drivers/xen/grant-table.c +++ b/drivers/xen/grant-table.c @@ -1137,7 +1137,7 @@ static int gnttab_map(unsigned int start_idx, unsigned int end_idx) /* No need for kzalloc as it is initialized in following hypercall * GNTTABOP_setup_table. */ - frames = kmalloc(nr_gframes * sizeof(unsigned long), GFP_ATOMIC); + frames = kmalloc_array(nr_gframes, sizeof(unsigned long), GFP_ATOMIC); if (!frames) return -ENOMEM; @@ -1300,8 +1300,9 @@ int gnttab_init(void) max_nr_glist_frames = (max_nr_grant_frames * gnttab_interface->grefs_per_grant_frame / RPP); - gnttab_list = kmalloc(max_nr_glist_frames * sizeof(grant_ref_t *), - GFP_KERNEL); + gnttab_list = kmalloc_array(max_nr_glist_frames, + sizeof(grant_ref_t *), + GFP_KERNEL); if (gnttab_list == NULL) return -ENOMEM; diff --git a/drivers/xen/xen-pciback/pciback_ops.c b/drivers/xen/xen-pciback/pciback_ops.c index ee2c891b55c6..ea4a08b83fa0 100644 --- a/drivers/xen/xen-pciback/pciback_ops.c +++ b/drivers/xen/xen-pciback/pciback_ops.c @@ -234,7 +234,7 @@ int xen_pcibk_enable_msix(struct xen_pcibk_device *pdev, if (dev->msi_enabled || !(cmd & PCI_COMMAND_MEMORY)) return -ENXIO; - entries = kmalloc(op->value * sizeof(*entries), GFP_KERNEL); + entries = kmalloc_array(op->value, sizeof(*entries), GFP_KERNEL); if (entries == NULL) return -ENOMEM; |