diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2018-06-12 18:28:00 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2018-06-12 18:28:00 -0700 |
| commit | b08fc5277aaa1d8ea15470d38bf36f19dfb0e125 (patch) | |
| tree | 1910dc474cb1ede95581dd9faa81a3bebeded0dc /fs/cifs | |
| parent | 4597fcff07044d89c646d0c5d8b42cd976d966a1 (diff) | |
| parent | 9d2a789c1db75d0f55b14fa57bec548d94332ad8 (diff) | |
| download | op-kernel-dev-b08fc5277aaa1d8ea15470d38bf36f19dfb0e125.zip op-kernel-dev-b08fc5277aaa1d8ea15470d38bf36f19dfb0e125.tar.gz | |
Merge tag 'overflow-v4.18-rc1-part2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
Pull more overflow updates from Kees Cook:
"The rest of the overflow changes for v4.18-rc1.
This includes the explicit overflow fixes from Silvio, further
struct_size() conversions from Matthew, and a bug fix from Dan.
But the bulk of it is the treewide conversions to use either the
2-factor argument allocators (e.g. kmalloc(a * b, ...) into
kmalloc_array(a, b, ...) or the array_size() macros (e.g. vmalloc(a *
b) into vmalloc(array_size(a, b)).
Coccinelle was fighting me on several fronts, so I've done a bunch of
manual whitespace updates in the patches as well.
Summary:
- Error path bug fix for overflow tests (Dan)
- Additional struct_size() conversions (Matthew, Kees)
- Explicitly reported overflow fixes (Silvio, Kees)
- Add missing kvcalloc() function (Kees)
- Treewide conversions of allocators to use either 2-factor argument
variant when available, or array_size() and array3_size() as needed
(Kees)"
* tag 'overflow-v4.18-rc1-part2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: (26 commits)
treewide: Use array_size in f2fs_kvzalloc()
treewide: Use array_size() in f2fs_kzalloc()
treewide: Use array_size() in f2fs_kmalloc()
treewide: Use array_size() in sock_kmalloc()
treewide: Use array_size() in kvzalloc_node()
treewide: Use array_size() in vzalloc_node()
treewide: Use array_size() in vzalloc()
treewide: Use array_size() in vmalloc()
treewide: devm_kzalloc() -> devm_kcalloc()
treewide: devm_kmalloc() -> devm_kmalloc_array()
treewide: kvzalloc() -> kvcalloc()
treewide: kvmalloc() -> kvmalloc_array()
treewide: kzalloc_node() -> kcalloc_node()
treewide: kzalloc() -> kcalloc()
treewide: kmalloc() -> kmalloc_array()
mm: Introduce kvcalloc()
video: uvesafb: Fix integer overflow in allocation
UBIFS: Fix potential integer overflow in allocation
leds: Use struct_size() in allocation
Convert intel uncore to struct_size
...
Diffstat (limited to 'fs/cifs')
| -rw-r--r-- | fs/cifs/asn1.c | 2 | ||||
| -rw-r--r-- | fs/cifs/cifsacl.c | 4 | ||||
| -rw-r--r-- | fs/cifs/cifssmb.c | 2 | ||||
| -rw-r--r-- | fs/cifs/file.c | 2 | ||||
| -rw-r--r-- | fs/cifs/inode.c | 2 | ||||
| -rw-r--r-- | fs/cifs/misc.c | 4 | ||||
| -rw-r--r-- | fs/cifs/smb2pdu.c | 6 | ||||
| -rw-r--r-- | fs/cifs/transport.c | 8 |
8 files changed, 15 insertions, 15 deletions
diff --git a/fs/cifs/asn1.c b/fs/cifs/asn1.c index a3b5654..3d19595 100644 --- a/fs/cifs/asn1.c +++ b/fs/cifs/asn1.c @@ -428,7 +428,7 @@ asn1_oid_decode(struct asn1_ctx *ctx, if (size < 2 || size > UINT_MAX/sizeof(unsigned long)) return 0; - *oid = kmalloc(size * sizeof(unsigned long), GFP_ATOMIC); + *oid = kmalloc_array(size, sizeof(unsigned long), GFP_ATOMIC); if (*oid == NULL) return 0; diff --git a/fs/cifs/cifsacl.c b/fs/cifs/cifsacl.c index 13a8a77..1d377b7 100644 --- a/fs/cifs/cifsacl.c +++ b/fs/cifs/cifsacl.c @@ -747,8 +747,8 @@ static void parse_dacl(struct cifs_acl *pdacl, char *end_of_acl, if (num_aces > ULONG_MAX / sizeof(struct cifs_ace *)) return; - ppace = kmalloc(num_aces * sizeof(struct cifs_ace *), - GFP_KERNEL); + ppace = kmalloc_array(num_aces, sizeof(struct cifs_ace *), + GFP_KERNEL); if (!ppace) return; diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c index 5aca336..42329b2 100644 --- a/fs/cifs/cifssmb.c +++ b/fs/cifs/cifssmb.c @@ -2077,7 +2077,7 @@ struct cifs_writedata * cifs_writedata_alloc(unsigned int nr_pages, work_func_t complete) { struct page **pages = - kzalloc(sizeof(struct page *) * nr_pages, GFP_NOFS); + kcalloc(nr_pages, sizeof(struct page *), GFP_NOFS); if (pages) return cifs_writedata_direct_alloc(pages, complete); diff --git a/fs/cifs/file.c b/fs/cifs/file.c index 87eece6..8d41ca7 100644 --- a/fs/cifs/file.c +++ b/fs/cifs/file.c @@ -2900,7 +2900,7 @@ static struct cifs_readdata * cifs_readdata_alloc(unsigned int nr_pages, work_func_t complete) { struct page **pages = - kzalloc(sizeof(struct page *) * nr_pages, GFP_KERNEL); + kcalloc(nr_pages, sizeof(struct page *), GFP_KERNEL); struct cifs_readdata *ret = NULL; if (pages) { diff --git a/fs/cifs/inode.c b/fs/cifs/inode.c index 745fd7f..a94071c 100644 --- a/fs/cifs/inode.c +++ b/fs/cifs/inode.c @@ -1792,7 +1792,7 @@ cifs_rename2(struct inode *source_dir, struct dentry *source_dentry, * with unix extensions enabled. */ info_buf_source = - kmalloc(2 * sizeof(FILE_UNIX_BASIC_INFO), + kmalloc_array(2, sizeof(FILE_UNIX_BASIC_INFO), GFP_KERNEL); if (info_buf_source == NULL) { rc = -ENOMEM; diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c index f90d4ad..af29ade1 100644 --- a/fs/cifs/misc.c +++ b/fs/cifs/misc.c @@ -789,7 +789,7 @@ setup_aio_ctx_iter(struct cifs_aio_ctx *ctx, struct iov_iter *iter, int rw) GFP_KERNEL); if (!bv) { - bv = vmalloc(max_pages * sizeof(struct bio_vec)); + bv = vmalloc(array_size(max_pages, sizeof(struct bio_vec))); if (!bv) return -ENOMEM; } @@ -799,7 +799,7 @@ setup_aio_ctx_iter(struct cifs_aio_ctx *ctx, struct iov_iter *iter, int rw) GFP_KERNEL); if (!pages) { - pages = vmalloc(max_pages * sizeof(struct page *)); + pages = vmalloc(array_size(max_pages, sizeof(struct page *))); if (!pages) { kvfree(bv); return -ENOMEM; diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c index 48e2004..af032e1 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -3471,7 +3471,7 @@ send_set_info(const unsigned int xid, struct cifs_tcon *tcon, if (!num) return -EINVAL; - iov = kmalloc(sizeof(struct kvec) * num, GFP_KERNEL); + iov = kmalloc_array(num, sizeof(struct kvec), GFP_KERNEL); if (!iov) return -ENOMEM; @@ -3535,7 +3535,7 @@ SMB2_rename(const unsigned int xid, struct cifs_tcon *tcon, int rc; int len = (2 * UniStrnlen((wchar_t *)target_file, PATH_MAX)); - data = kmalloc(sizeof(void *) * 2, GFP_KERNEL); + data = kmalloc_array(2, sizeof(void *), GFP_KERNEL); if (!data) return -ENOMEM; @@ -3583,7 +3583,7 @@ SMB2_set_hardlink(const unsigned int xid, struct cifs_tcon *tcon, int rc; int len = (2 * UniStrnlen((wchar_t *)target_file, PATH_MAX)); - data = kmalloc(sizeof(void *) * 2, GFP_KERNEL); + data = kmalloc_array(2, sizeof(void *), GFP_KERNEL); if (!data) return -ENOMEM; diff --git a/fs/cifs/transport.c b/fs/cifs/transport.c index 24887a0..1f1a68f 100644 --- a/fs/cifs/transport.c +++ b/fs/cifs/transport.c @@ -844,8 +844,8 @@ SendReceive2(const unsigned int xid, struct cifs_ses *ses, int rc; if (n_vec + 1 > CIFS_MAX_IOV_SIZE) { - new_iov = kmalloc(sizeof(struct kvec) * (n_vec + 1), - GFP_KERNEL); + new_iov = kmalloc_array(n_vec + 1, sizeof(struct kvec), + GFP_KERNEL); if (!new_iov) { /* otherwise cifs_send_recv below sets resp_buf_type */ *resp_buf_type = CIFS_NO_BUFFER; @@ -886,8 +886,8 @@ smb2_send_recv(const unsigned int xid, struct cifs_ses *ses, __be32 rfc1002_marker; if (n_vec + 1 > CIFS_MAX_IOV_SIZE) { - new_iov = kmalloc(sizeof(struct kvec) * (n_vec + 1), - GFP_KERNEL); + new_iov = kmalloc_array(n_vec + 1, sizeof(struct kvec), + GFP_KERNEL); if (!new_iov) return -ENOMEM; } else |
