From 6da2ec56059c3c7a7e5f729e6349e74ace1e5c57 Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Tue, 12 Jun 2018 13:55:00 -0700 Subject: treewide: kmalloc() -> kmalloc_array() The kmalloc() function has a 2-factor argument form, kmalloc_array(). This patch replaces cases of: kmalloc(a * b, gfp) with: kmalloc_array(a * b, gfp) as well as handling cases of: kmalloc(a * b * c, gfp) with: kmalloc(array3_size(a, b, c), gfp) as it's slightly less ugly than: kmalloc_array(array_size(a, b), c, gfp) This does, however, attempt to ignore constant size factors like: kmalloc(4 * 1024, gfp) though any constants defined via macros get caught up in the conversion. Any factors with a sizeof() of "unsigned char", "char", and "u8" were dropped, since they're redundant. The tools/ directory was manually excluded, since it has its own implementation of kmalloc(). The Coccinelle script used for this was: // Fix redundant parens around sizeof(). @@ type TYPE; expression THING, E; @@ ( kmalloc( - (sizeof(TYPE)) * E + sizeof(TYPE) * E , ...) | kmalloc( - (sizeof(THING)) * E + sizeof(THING) * E , ...) ) // Drop single-byte sizes and redundant parens. @@ expression COUNT; typedef u8; typedef __u8; @@ ( kmalloc( - sizeof(u8) * (COUNT) + COUNT , ...) | kmalloc( - sizeof(__u8) * (COUNT) + COUNT , ...) | kmalloc( - sizeof(char) * (COUNT) + COUNT , ...) | kmalloc( - sizeof(unsigned char) * (COUNT) + COUNT , ...) | kmalloc( - sizeof(u8) * COUNT + COUNT , ...) | kmalloc( - sizeof(__u8) * COUNT + COUNT , ...) | kmalloc( - sizeof(char) * COUNT + COUNT , ...) | kmalloc( - sizeof(unsigned char) * COUNT + COUNT , ...) ) // 2-factor product with sizeof(type/expression) and identifier or constant. @@ type TYPE; expression THING; identifier COUNT_ID; constant COUNT_CONST; @@ ( - kmalloc + kmalloc_array ( - sizeof(TYPE) * (COUNT_ID) + COUNT_ID, sizeof(TYPE) , ...) | - kmalloc + kmalloc_array ( - sizeof(TYPE) * COUNT_ID + COUNT_ID, sizeof(TYPE) , ...) | - kmalloc + kmalloc_array ( - sizeof(TYPE) * (COUNT_CONST) + COUNT_CONST, sizeof(TYPE) , ...) | - kmalloc + kmalloc_array ( - sizeof(TYPE) * COUNT_CONST + COUNT_CONST, sizeof(TYPE) , ...) | - kmalloc + kmalloc_array ( - sizeof(THING) * (COUNT_ID) + COUNT_ID, sizeof(THING) , ...) | - kmalloc + kmalloc_array ( - sizeof(THING) * COUNT_ID + COUNT_ID, sizeof(THING) , ...) | - kmalloc + kmalloc_array ( - sizeof(THING) * (COUNT_CONST) + COUNT_CONST, sizeof(THING) , ...) | - kmalloc + kmalloc_array ( - sizeof(THING) * COUNT_CONST + COUNT_CONST, sizeof(THING) , ...) ) // 2-factor product, only identifiers. @@ identifier SIZE, COUNT; @@ - kmalloc + kmalloc_array ( - SIZE * COUNT + COUNT, SIZE , ...) // 3-factor product with 1 sizeof(type) or sizeof(expression), with // redundant parens removed. @@ expression THING; identifier STRIDE, COUNT; type TYPE; @@ ( kmalloc( - sizeof(TYPE) * (COUNT) * (STRIDE) + array3_size(COUNT, STRIDE, sizeof(TYPE)) , ...) | kmalloc( - sizeof(TYPE) * (COUNT) * STRIDE + array3_size(COUNT, STRIDE, sizeof(TYPE)) , ...) | kmalloc( - sizeof(TYPE) * COUNT * (STRIDE) + array3_size(COUNT, STRIDE, sizeof(TYPE)) , ...) | kmalloc( - sizeof(TYPE) * COUNT * STRIDE + array3_size(COUNT, STRIDE, sizeof(TYPE)) , ...) | kmalloc( - sizeof(THING) * (COUNT) * (STRIDE) + array3_size(COUNT, STRIDE, sizeof(THING)) , ...) | kmalloc( - sizeof(THING) * (COUNT) * STRIDE + array3_size(COUNT, STRIDE, sizeof(THING)) , ...) | kmalloc( - sizeof(THING) * COUNT * (STRIDE) + array3_size(COUNT, STRIDE, sizeof(THING)) , ...) | kmalloc( - sizeof(THING) * COUNT * STRIDE + array3_size(COUNT, STRIDE, sizeof(THING)) , ...) ) // 3-factor product with 2 sizeof(variable), with redundant parens removed. @@ expression THING1, THING2; identifier COUNT; type TYPE1, TYPE2; @@ ( kmalloc( - sizeof(TYPE1) * sizeof(TYPE2) * COUNT + array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2)) , ...) | kmalloc( - sizeof(TYPE1) * sizeof(THING2) * (COUNT) + array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2)) , ...) | kmalloc( - sizeof(THING1) * sizeof(THING2) * COUNT + array3_size(COUNT, sizeof(THING1), sizeof(THING2)) , ...) | kmalloc( - sizeof(THING1) * sizeof(THING2) * (COUNT) + array3_size(COUNT, sizeof(THING1), sizeof(THING2)) , ...) | kmalloc( - sizeof(TYPE1) * sizeof(THING2) * COUNT + array3_size(COUNT, sizeof(TYPE1), sizeof(THING2)) , ...) | kmalloc( - sizeof(TYPE1) * sizeof(THING2) * (COUNT) + array3_size(COUNT, sizeof(TYPE1), sizeof(THING2)) , ...) ) // 3-factor product, only identifiers, with redundant parens removed. @@ identifier STRIDE, SIZE, COUNT; @@ ( kmalloc( - (COUNT) * STRIDE * SIZE + array3_size(COUNT, STRIDE, SIZE) , ...) | kmalloc( - COUNT * (STRIDE) * SIZE + array3_size(COUNT, STRIDE, SIZE) , ...) | kmalloc( - COUNT * STRIDE * (SIZE) + array3_size(COUNT, STRIDE, SIZE) , ...) | kmalloc( - (COUNT) * (STRIDE) * SIZE + array3_size(COUNT, STRIDE, SIZE) , ...) | kmalloc( - COUNT * (STRIDE) * (SIZE) + array3_size(COUNT, STRIDE, SIZE) , ...) | kmalloc( - (COUNT) * STRIDE * (SIZE) + array3_size(COUNT, STRIDE, SIZE) , ...) | kmalloc( - (COUNT) * (STRIDE) * (SIZE) + array3_size(COUNT, STRIDE, SIZE) , ...) | kmalloc( - COUNT * STRIDE * SIZE + array3_size(COUNT, STRIDE, SIZE) , ...) ) // Any remaining multi-factor products, first at least 3-factor products, // when they're not all constants... @@ expression E1, E2, E3; constant C1, C2, C3; @@ ( kmalloc(C1 * C2 * C3, ...) | kmalloc( - (E1) * E2 * E3 + array3_size(E1, E2, E3) , ...) | kmalloc( - (E1) * (E2) * E3 + array3_size(E1, E2, E3) , ...) | kmalloc( - (E1) * (E2) * (E3) + array3_size(E1, E2, E3) , ...) | kmalloc( - E1 * E2 * E3 + array3_size(E1, E2, E3) , ...) ) // And then all remaining 2 factors products when they're not all constants, // keeping sizeof() as the second factor argument. @@ expression THING, E1, E2; type TYPE; constant C1, C2, C3; @@ ( kmalloc(sizeof(THING) * C2, ...) | kmalloc(sizeof(TYPE) * C2, ...) | kmalloc(C1 * C2 * C3, ...) | kmalloc(C1 * C2, ...) | - kmalloc + kmalloc_array ( - sizeof(TYPE) * (E2) + E2, sizeof(TYPE) , ...) | - kmalloc + kmalloc_array ( - sizeof(TYPE) * E2 + E2, sizeof(TYPE) , ...) | - kmalloc + kmalloc_array ( - sizeof(THING) * (E2) + E2, sizeof(THING) , ...) | - kmalloc + kmalloc_array ( - sizeof(THING) * E2 + E2, sizeof(THING) , ...) | - kmalloc + kmalloc_array ( - (E1) * E2 + E1, E2 , ...) | - kmalloc + kmalloc_array ( - (E1) * (E2) + E1, E2 , ...) | - kmalloc + kmalloc_array ( - E1 * E2 + E1, E2 , ...) ) Signed-off-by: Kees Cook --- drivers/mtd/chips/cfi_cmdset_0001.c | 4 +++- drivers/mtd/chips/cfi_cmdset_0002.c | 5 +++-- drivers/mtd/chips/cfi_cmdset_0020.c | 5 +++-- drivers/mtd/ftl.c | 13 +++++++------ drivers/mtd/inftlmount.c | 6 ++++-- drivers/mtd/lpddr/lpddr_cmds.c | 2 +- drivers/mtd/maps/vmu-flash.c | 8 ++++---- drivers/mtd/mtdconcat.c | 5 +++-- drivers/mtd/mtdswap.c | 2 +- drivers/mtd/nand/raw/nand_bch.c | 2 +- drivers/mtd/nftlmount.c | 7 +++++-- drivers/mtd/sm_ftl.c | 2 +- drivers/mtd/ssfdc.c | 5 +++-- drivers/mtd/tests/stresstest.c | 2 +- drivers/mtd/ubi/eba.c | 14 ++++++++------ 15 files changed, 48 insertions(+), 34 deletions(-) (limited to 'drivers/mtd') diff --git a/drivers/mtd/chips/cfi_cmdset_0001.c b/drivers/mtd/chips/cfi_cmdset_0001.c index f5695be..5a81bd8 100644 --- a/drivers/mtd/chips/cfi_cmdset_0001.c +++ b/drivers/mtd/chips/cfi_cmdset_0001.c @@ -758,7 +758,9 @@ static int cfi_intelext_partition_fixup(struct mtd_info *mtd, newcfi = kmalloc(sizeof(struct cfi_private) + numvirtchips * sizeof(struct flchip), GFP_KERNEL); if (!newcfi) return -ENOMEM; - shared = kmalloc(sizeof(struct flchip_shared) * cfi->numchips, GFP_KERNEL); + shared = kmalloc_array(cfi->numchips, + sizeof(struct flchip_shared), + GFP_KERNEL); if (!shared) { kfree(newcfi); return -ENOMEM; diff --git a/drivers/mtd/chips/cfi_cmdset_0002.c b/drivers/mtd/chips/cfi_cmdset_0002.c index 7c889ec..22506d2 100644 --- a/drivers/mtd/chips/cfi_cmdset_0002.c +++ b/drivers/mtd/chips/cfi_cmdset_0002.c @@ -692,8 +692,9 @@ static struct mtd_info *cfi_amdstd_setup(struct mtd_info *mtd) mtd->size = devsize * cfi->numchips; mtd->numeraseregions = cfi->cfiq->NumEraseRegions * cfi->numchips; - mtd->eraseregions = kmalloc(sizeof(struct mtd_erase_region_info) - * mtd->numeraseregions, GFP_KERNEL); + mtd->eraseregions = kmalloc_array(mtd->numeraseregions, + sizeof(struct mtd_erase_region_info), + GFP_KERNEL); if (!mtd->eraseregions) goto setup_err; diff --git a/drivers/mtd/chips/cfi_cmdset_0020.c b/drivers/mtd/chips/cfi_cmdset_0020.c index 7b7658a..35aa72b 100644 --- a/drivers/mtd/chips/cfi_cmdset_0020.c +++ b/drivers/mtd/chips/cfi_cmdset_0020.c @@ -184,8 +184,9 @@ static struct mtd_info *cfi_staa_setup(struct map_info *map) mtd->size = devsize * cfi->numchips; mtd->numeraseregions = cfi->cfiq->NumEraseRegions * cfi->numchips; - mtd->eraseregions = kmalloc(sizeof(struct mtd_erase_region_info) - * mtd->numeraseregions, GFP_KERNEL); + mtd->eraseregions = kmalloc_array(mtd->numeraseregions, + sizeof(struct mtd_erase_region_info), + GFP_KERNEL); if (!mtd->eraseregions) { kfree(cfi->cmdset_priv); kfree(mtd); diff --git a/drivers/mtd/ftl.c b/drivers/mtd/ftl.c index ef6ad25..1f8063c 100644 --- a/drivers/mtd/ftl.c +++ b/drivers/mtd/ftl.c @@ -201,15 +201,16 @@ static int build_maps(partition_t *part) /* Set up erase unit maps */ part->DataUnits = le16_to_cpu(part->header.NumEraseUnits) - part->header.NumTransferUnits; - part->EUNInfo = kmalloc(part->DataUnits * sizeof(struct eun_info_t), - GFP_KERNEL); + part->EUNInfo = kmalloc_array(part->DataUnits, sizeof(struct eun_info_t), + GFP_KERNEL); if (!part->EUNInfo) goto out; for (i = 0; i < part->DataUnits; i++) part->EUNInfo[i].Offset = 0xffffffff; part->XferInfo = - kmalloc(part->header.NumTransferUnits * sizeof(struct xfer_info_t), - GFP_KERNEL); + kmalloc_array(part->header.NumTransferUnits, + sizeof(struct xfer_info_t), + GFP_KERNEL); if (!part->XferInfo) goto out_EUNInfo; @@ -269,8 +270,8 @@ static int build_maps(partition_t *part) memset(part->VirtualBlockMap, 0xff, blocks * sizeof(uint32_t)); part->BlocksPerUnit = (1 << header.EraseUnitSize) >> header.BlockSize; - part->bam_cache = kmalloc(part->BlocksPerUnit * sizeof(uint32_t), - GFP_KERNEL); + part->bam_cache = kmalloc_array(part->BlocksPerUnit, sizeof(uint32_t), + GFP_KERNEL); if (!part->bam_cache) goto out_VirtualBlockMap; diff --git a/drivers/mtd/inftlmount.c b/drivers/mtd/inftlmount.c index 2d59841..10d977e 100644 --- a/drivers/mtd/inftlmount.c +++ b/drivers/mtd/inftlmount.c @@ -270,7 +270,8 @@ static int find_boot_record(struct INFTLrecord *inftl) inftl->nb_blocks = ip->lastUnit + 1; /* Memory alloc */ - inftl->PUtable = kmalloc(inftl->nb_blocks * sizeof(u16), GFP_KERNEL); + inftl->PUtable = kmalloc_array(inftl->nb_blocks, sizeof(u16), + GFP_KERNEL); if (!inftl->PUtable) { printk(KERN_WARNING "INFTL: allocation of PUtable " "failed (%zd bytes)\n", @@ -278,7 +279,8 @@ static int find_boot_record(struct INFTLrecord *inftl) return -ENOMEM; } - inftl->VUtable = kmalloc(inftl->nb_blocks * sizeof(u16), GFP_KERNEL); + inftl->VUtable = kmalloc_array(inftl->nb_blocks, sizeof(u16), + GFP_KERNEL); if (!inftl->VUtable) { kfree(inftl->PUtable); printk(KERN_WARNING "INFTL: allocation of VUtable " diff --git a/drivers/mtd/lpddr/lpddr_cmds.c b/drivers/mtd/lpddr/lpddr_cmds.c index 5c5ba3c..b13557f 100644 --- a/drivers/mtd/lpddr/lpddr_cmds.c +++ b/drivers/mtd/lpddr/lpddr_cmds.c @@ -78,7 +78,7 @@ struct mtd_info *lpddr_cmdset(struct map_info *map) mtd->erasesize = 1 << lpddr->qinfo->UniformBlockSizeShift; mtd->writesize = 1 << lpddr->qinfo->BufSizeShift; - shared = kmalloc(sizeof(struct flchip_shared) * lpddr->numchips, + shared = kmalloc_array(lpddr->numchips, sizeof(struct flchip_shared), GFP_KERNEL); if (!shared) { kfree(lpddr); diff --git a/drivers/mtd/maps/vmu-flash.c b/drivers/mtd/maps/vmu-flash.c index 6b223cf..c5d4b65 100644 --- a/drivers/mtd/maps/vmu-flash.c +++ b/drivers/mtd/maps/vmu-flash.c @@ -629,15 +629,15 @@ static int vmu_connect(struct maple_device *mdev) * Not sure there are actually any multi-partition devices in the * real world, but the hardware supports them, so, so will we */ - card->parts = kmalloc(sizeof(struct vmupart) * card->partitions, - GFP_KERNEL); + card->parts = kmalloc_array(card->partitions, sizeof(struct vmupart), + GFP_KERNEL); if (!card->parts) { error = -ENOMEM; goto fail_partitions; } - card->mtd = kmalloc(sizeof(struct mtd_info) * card->partitions, - GFP_KERNEL); + card->mtd = kmalloc_array(card->partitions, sizeof(struct mtd_info), + GFP_KERNEL); if (!card->mtd) { error = -ENOMEM; goto fail_mtd_info; diff --git a/drivers/mtd/mtdconcat.c b/drivers/mtd/mtdconcat.c index 6b86d1a..cbc5925 100644 --- a/drivers/mtd/mtdconcat.c +++ b/drivers/mtd/mtdconcat.c @@ -778,8 +778,9 @@ struct mtd_info *mtd_concat_create(struct mtd_info *subdev[], /* subdevices to c concat->mtd.erasesize = max_erasesize; concat->mtd.numeraseregions = num_erase_region; concat->mtd.eraseregions = erase_region_p = - kmalloc(num_erase_region * - sizeof (struct mtd_erase_region_info), GFP_KERNEL); + kmalloc_array(num_erase_region, + sizeof(struct mtd_erase_region_info), + GFP_KERNEL); if (!erase_region_p) { kfree(concat); printk diff --git a/drivers/mtd/mtdswap.c b/drivers/mtd/mtdswap.c index 7161f8a..6593879 100644 --- a/drivers/mtd/mtdswap.c +++ b/drivers/mtd/mtdswap.c @@ -1340,7 +1340,7 @@ static int mtdswap_init(struct mtdswap_dev *d, unsigned int eblocks, if (!d->page_buf) goto page_buf_fail; - d->oob_buf = kmalloc(2 * mtd->oobavail, GFP_KERNEL); + d->oob_buf = kmalloc_array(2, mtd->oobavail, GFP_KERNEL); if (!d->oob_buf) goto oob_buf_fail; diff --git a/drivers/mtd/nand/raw/nand_bch.c b/drivers/mtd/nand/raw/nand_bch.c index 7f11b68..b7387ac 100644 --- a/drivers/mtd/nand/raw/nand_bch.c +++ b/drivers/mtd/nand/raw/nand_bch.c @@ -186,7 +186,7 @@ struct nand_bch_control *nand_bch_init(struct mtd_info *mtd) } nbc->eccmask = kmalloc(eccbytes, GFP_KERNEL); - nbc->errloc = kmalloc(t*sizeof(*nbc->errloc), GFP_KERNEL); + nbc->errloc = kmalloc_array(t, sizeof(*nbc->errloc), GFP_KERNEL); if (!nbc->eccmask || !nbc->errloc) goto fail; /* diff --git a/drivers/mtd/nftlmount.c b/drivers/mtd/nftlmount.c index 6281da3..27184e3 100644 --- a/drivers/mtd/nftlmount.c +++ b/drivers/mtd/nftlmount.c @@ -199,13 +199,16 @@ device is already correct. nftl->lastEUN = nftl->nb_blocks - 1; /* memory alloc */ - nftl->EUNtable = kmalloc(nftl->nb_blocks * sizeof(u16), GFP_KERNEL); + nftl->EUNtable = kmalloc_array(nftl->nb_blocks, sizeof(u16), + GFP_KERNEL); if (!nftl->EUNtable) { printk(KERN_NOTICE "NFTL: allocation of EUNtable failed\n"); return -ENOMEM; } - nftl->ReplUnitTable = kmalloc(nftl->nb_blocks * sizeof(u16), GFP_KERNEL); + nftl->ReplUnitTable = kmalloc_array(nftl->nb_blocks, + sizeof(u16), + GFP_KERNEL); if (!nftl->ReplUnitTable) { kfree(nftl->EUNtable); printk(KERN_NOTICE "NFTL: allocation of ReplUnitTable failed\n"); diff --git a/drivers/mtd/sm_ftl.c b/drivers/mtd/sm_ftl.c index 7963634..9d019ce 100644 --- a/drivers/mtd/sm_ftl.c +++ b/drivers/mtd/sm_ftl.c @@ -750,7 +750,7 @@ static int sm_init_zone(struct sm_ftl *ftl, int zone_num) dbg("initializing zone %d", zone_num); /* Allocate memory for FTL table */ - zone->lba_to_phys_table = kmalloc(ftl->max_lba * 2, GFP_KERNEL); + zone->lba_to_phys_table = kmalloc_array(ftl->max_lba, 2, GFP_KERNEL); if (!zone->lba_to_phys_table) return -ENOMEM; diff --git a/drivers/mtd/ssfdc.c b/drivers/mtd/ssfdc.c index 95f0bf9..7a1e545 100644 --- a/drivers/mtd/ssfdc.c +++ b/drivers/mtd/ssfdc.c @@ -332,8 +332,9 @@ static void ssfdcr_add_mtd(struct mtd_blktrans_ops *tr, struct mtd_info *mtd) (long)ssfdc->sectors; /* Allocate logical block map */ - ssfdc->logic_block_map = kmalloc(sizeof(ssfdc->logic_block_map[0]) * - ssfdc->map_len, GFP_KERNEL); + ssfdc->logic_block_map = + kmalloc_array(ssfdc->map_len, + sizeof(ssfdc->logic_block_map[0]), GFP_KERNEL); if (!ssfdc->logic_block_map) goto out_err; memset(ssfdc->logic_block_map, 0xff, sizeof(ssfdc->logic_block_map[0]) * diff --git a/drivers/mtd/tests/stresstest.c b/drivers/mtd/tests/stresstest.c index e509f8a..0fe1217 100644 --- a/drivers/mtd/tests/stresstest.c +++ b/drivers/mtd/tests/stresstest.c @@ -199,7 +199,7 @@ static int __init mtd_stresstest_init(void) err = -ENOMEM; readbuf = vmalloc(bufsize); writebuf = vmalloc(bufsize); - offsets = kmalloc(ebcnt * sizeof(int), GFP_KERNEL); + offsets = kmalloc_array(ebcnt, sizeof(int), GFP_KERNEL); if (!readbuf || !writebuf || !offsets) goto out; for (i = 0; i < ebcnt; i++) diff --git a/drivers/mtd/ubi/eba.c b/drivers/mtd/ubi/eba.c index edb1c83..b98481b 100644 --- a/drivers/mtd/ubi/eba.c +++ b/drivers/mtd/ubi/eba.c @@ -1536,11 +1536,11 @@ int self_check_eba(struct ubi_device *ubi, struct ubi_attach_info *ai_fastmap, num_volumes = ubi->vtbl_slots + UBI_INT_VOL_COUNT; - scan_eba = kmalloc(sizeof(*scan_eba) * num_volumes, GFP_KERNEL); + scan_eba = kmalloc_array(num_volumes, sizeof(*scan_eba), GFP_KERNEL); if (!scan_eba) return -ENOMEM; - fm_eba = kmalloc(sizeof(*fm_eba) * num_volumes, GFP_KERNEL); + fm_eba = kmalloc_array(num_volumes, sizeof(*fm_eba), GFP_KERNEL); if (!fm_eba) { kfree(scan_eba); return -ENOMEM; @@ -1551,15 +1551,17 @@ int self_check_eba(struct ubi_device *ubi, struct ubi_attach_info *ai_fastmap, if (!vol) continue; - scan_eba[i] = kmalloc(vol->reserved_pebs * sizeof(**scan_eba), - GFP_KERNEL); + scan_eba[i] = kmalloc_array(vol->reserved_pebs, + sizeof(**scan_eba), + GFP_KERNEL); if (!scan_eba[i]) { ret = -ENOMEM; goto out_free; } - fm_eba[i] = kmalloc(vol->reserved_pebs * sizeof(**fm_eba), - GFP_KERNEL); + fm_eba[i] = kmalloc_array(vol->reserved_pebs, + sizeof(**fm_eba), + GFP_KERNEL); if (!fm_eba[i]) { ret = -ENOMEM; goto out_free; -- cgit v1.1