The functions vmalloc_array and vcalloc were introduced in
commit a8749a35c399 ("mm: vmalloc: introduce array allocation functions")
but are not used much yet. This series introduces uses of
these functions, to protect against multiplication overflows.
The changes were done using the following Coccinelle semantic
patch.
@initialize:ocaml@
@@
let rename alloc =
match alloc with
"vmalloc" -> "vmalloc_array"
| "vzalloc" -> "vcalloc"
| _ -> failwith "unknown"
@@
size_t e1,e2;
constant C1, C2;
expression E1, E2, COUNT, x1, x2, x3;
typedef u8;
typedef __u8;
type t = {u8,__u8,char,unsigned char};
identifier alloc = {vmalloc,vzalloc};
fresh identifier realloc = script:ocaml(alloc) { rename alloc };
@@
(
alloc(x1*x2*x3)
|
alloc(C1 * C2)
|
alloc((sizeof(t)) * (COUNT), ...)
|
- alloc((e1) * (e2))
+ realloc(e1, e2)
|
- alloc((e1) * (COUNT))
+ realloc(COUNT, e1)
|
- alloc((E1) * (E2))
+ realloc(E1, E2)
)
v2: This series uses vmalloc_array and vcalloc instead of
array_size. It also leaves a multiplication of a constant by a
sizeof as is. Two patches are thus dropped from the series.
---
arch/x86/kernel/cpu/sgx/main.c | 2 +-
drivers/accel/habanalabs/common/device.c | 3 ++-
drivers/accel/habanalabs/common/state_dump.c | 7 ++++---
drivers/bus/mhi/host/init.c | 2 +-
drivers/comedi/comedi_buf.c | 4 ++--
drivers/dma-buf/heaps/system_heap.c | 2 +-
drivers/gpu/drm/gud/gud_pipe.c | 2 +-
drivers/gpu/drm/i915/gvt/gtt.c | 6 ++++--
drivers/infiniband/hw/bnxt_re/qplib_res.c | 4 ++--
drivers/infiniband/hw/erdma/erdma_verbs.c | 4 ++--
drivers/infiniband/sw/siw/siw_qp.c | 4 ++--
drivers/infiniband/sw/siw/siw_verbs.c | 6 +++---
drivers/iommu/tegra-gart.c | 4 ++--
drivers/net/ethernet/amd/pds_core/core.c | 4 ++--
drivers/net/ethernet/freescale/enetc/enetc.c | 4 ++--
drivers/net/ethernet/google/gve/gve_tx.c | 2 +-
drivers/net/ethernet/marvell/octeon_ep/octep_rx.c | 2 +-
drivers/net/ethernet/microsoft/mana/hw_channel.c | 2 +-
drivers/net/ethernet/pensando/ionic/ionic_lif.c | 4 ++--
drivers/scsi/fnic/fnic_trace.c | 2 +-
drivers/scsi/qla2xxx/qla_init.c | 4 ++--
drivers/vdpa/vdpa_user/iova_domain.c | 4 ++--
drivers/virtio/virtio_mem.c | 6 +++---
fs/btrfs/zoned.c | 4 ++--
kernel/kcov.c | 2 +-
lib/test_vmalloc.c | 9 +++++----
26 files changed, 52 insertions(+), 47 deletions(-)
Use vmalloc_array and vcalloc to protect against
multiplication overflows.
The changes were done using the following Coccinelle
semantic patch:
// <smpl>
@initialize:ocaml@
@@
let rename alloc =
match alloc with
"vmalloc" -> "vmalloc_array"
| "vzalloc" -> "vcalloc"
| _ -> failwith "unknown"
@@
size_t e1,e2;
constant C1, C2;
expression E1, E2, COUNT, x1, x2, x3;
typedef u8;
typedef __u8;
type t = {u8,__u8,char,unsigned char};
identifier alloc = {vmalloc,vzalloc};
fresh identifier realloc = script:ocaml(alloc) { rename alloc };
@@
(
alloc(x1*x2*x3)
|
alloc(C1 * C2)
|
alloc((sizeof(t)) * (COUNT), ...)
|
- alloc((e1) * (e2))
+ realloc(e1, e2)
|
- alloc((e1) * (COUNT))
+ realloc(COUNT, e1)
|
- alloc((E1) * (E2))
+ realloc(E1, E2)
)
// </smpl>
Signed-off-by: Julia Lawall <[email protected]>
---
v2: Use vmalloc_array and vcalloc instead of array_size.
This also leaves a multiplication of a constant by a sizeof
as is. Two patches are thus dropped from the series.
drivers/net/ethernet/freescale/enetc/enetc.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff -u -p a/drivers/net/ethernet/freescale/enetc/enetc.c b/drivers/net/ethernet/freescale/enetc/enetc.c
--- a/drivers/net/ethernet/freescale/enetc/enetc.c
+++ b/drivers/net/ethernet/freescale/enetc/enetc.c
@@ -1789,7 +1789,7 @@ static int enetc_alloc_tx_resource(struc
res->bd_count = bd_count;
res->bd_size = sizeof(union enetc_tx_bd);
- res->tx_swbd = vzalloc(bd_count * sizeof(*res->tx_swbd));
+ res->tx_swbd = vcalloc(bd_count, sizeof(*res->tx_swbd));
if (!res->tx_swbd)
return -ENOMEM;
@@ -1877,7 +1877,7 @@ static int enetc_alloc_rx_resource(struc
if (extended)
res->bd_size *= 2;
- res->rx_swbd = vzalloc(bd_count * sizeof(struct enetc_rx_swbd));
+ res->rx_swbd = vcalloc(bd_count, sizeof(struct enetc_rx_swbd));
if (!res->rx_swbd)
return -ENOMEM;
Use vmalloc_array and vcalloc to protect against
multiplication overflows.
The changes were done using the following Coccinelle
semantic patch:
// <smpl>
@initialize:ocaml@
@@
let rename alloc =
match alloc with
"vmalloc" -> "vmalloc_array"
| "vzalloc" -> "vcalloc"
| _ -> failwith "unknown"
@@
size_t e1,e2;
constant C1, C2;
expression E1, E2, COUNT, x1, x2, x3;
typedef u8;
typedef __u8;
type t = {u8,__u8,char,unsigned char};
identifier alloc = {vmalloc,vzalloc};
fresh identifier realloc = script:ocaml(alloc) { rename alloc };
@@
(
alloc(x1*x2*x3)
|
alloc(C1 * C2)
|
alloc((sizeof(t)) * (COUNT), ...)
|
- alloc((e1) * (e2))
+ realloc(e1, e2)
|
- alloc((e1) * (COUNT))
+ realloc(COUNT, e1)
|
- alloc((E1) * (E2))
+ realloc(E1, E2)
)
// </smpl>
Signed-off-by: Julia Lawall <[email protected]>
---
v2: Use vmalloc_array and vcalloc instead of array_size.
This also leaves a multiplication of a constant by a sizeof
as is. Two patches are thus dropped from the series.
drivers/net/ethernet/amd/pds_core/core.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff -u -p a/drivers/net/ethernet/amd/pds_core/core.c b/drivers/net/ethernet/amd/pds_core/core.c
--- a/drivers/net/ethernet/amd/pds_core/core.c
+++ b/drivers/net/ethernet/amd/pds_core/core.c
@@ -196,7 +196,7 @@ int pdsc_qcq_alloc(struct pdsc *pdsc, un
dma_addr_t q_base_pa;
int err;
- qcq->q.info = vzalloc(num_descs * sizeof(*qcq->q.info));
+ qcq->q.info = vcalloc(num_descs, sizeof(*qcq->q.info));
if (!qcq->q.info) {
err = -ENOMEM;
goto err_out;
@@ -219,7 +219,7 @@ int pdsc_qcq_alloc(struct pdsc *pdsc, un
if (err)
goto err_out_free_q_info;
- qcq->cq.info = vzalloc(num_descs * sizeof(*qcq->cq.info));
+ qcq->cq.info = vcalloc(num_descs, sizeof(*qcq->cq.info));
if (!qcq->cq.info) {
err = -ENOMEM;
goto err_out_free_irq;
Use vmalloc_array and vcalloc to protect against
multiplication overflows.
The changes were done using the following Coccinelle
semantic patch:
// <smpl>
@initialize:ocaml@
@@
let rename alloc =
match alloc with
"vmalloc" -> "vmalloc_array"
| "vzalloc" -> "vcalloc"
| _ -> failwith "unknown"
@@
size_t e1,e2;
constant C1, C2;
expression E1, E2, COUNT, x1, x2, x3;
typedef u8;
typedef __u8;
type t = {u8,__u8,char,unsigned char};
identifier alloc = {vmalloc,vzalloc};
fresh identifier realloc = script:ocaml(alloc) { rename alloc };
@@
(
alloc(x1*x2*x3)
|
alloc(C1 * C2)
|
alloc((sizeof(t)) * (COUNT), ...)
|
- alloc((e1) * (e2))
+ realloc(e1, e2)
|
- alloc((e1) * (COUNT))
+ realloc(COUNT, e1)
|
- alloc((E1) * (E2))
+ realloc(E1, E2)
)
// </smpl>
Signed-off-by: Julia Lawall <[email protected]>
---
v2: Use vmalloc_array and vcalloc instead of array_size.
This also leaves a multiplication of a constant by a sizeof
as is. Two patches are thus dropped from the series.
drivers/virtio/virtio_mem.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff -u -p a/drivers/virtio/virtio_mem.c b/drivers/virtio/virtio_mem.c
--- a/drivers/virtio/virtio_mem.c
+++ b/drivers/virtio/virtio_mem.c
@@ -399,7 +399,7 @@ static int virtio_mem_bbm_bb_states_prep
if (vm->bbm.bb_states && old_pages == new_pages)
return 0;
- new_array = vzalloc(new_pages * PAGE_SIZE);
+ new_array = vcalloc(new_pages, PAGE_SIZE);
if (!new_array)
return -ENOMEM;
@@ -465,7 +465,7 @@ static int virtio_mem_sbm_mb_states_prep
if (vm->sbm.mb_states && old_pages == new_pages)
return 0;
- new_array = vzalloc(new_pages * PAGE_SIZE);
+ new_array = vcalloc(new_pages, PAGE_SIZE);
if (!new_array)
return -ENOMEM;
@@ -588,7 +588,7 @@ static int virtio_mem_sbm_sb_states_prep
if (vm->sbm.sb_states && old_pages == new_pages)
return 0;
- new_bitmap = vzalloc(new_pages * PAGE_SIZE);
+ new_bitmap = vcalloc(new_pages, PAGE_SIZE);
if (!new_bitmap)
return -ENOMEM;
Use vmalloc_array and vcalloc to protect against
multiplication overflows.
The changes were done using the following Coccinelle
semantic patch:
// <smpl>
@initialize:ocaml@
@@
let rename alloc =
match alloc with
"vmalloc" -> "vmalloc_array"
| "vzalloc" -> "vcalloc"
| _ -> failwith "unknown"
@@
size_t e1,e2;
constant C1, C2;
expression E1, E2, COUNT, x1, x2, x3;
typedef u8;
typedef __u8;
type t = {u8,__u8,char,unsigned char};
identifier alloc = {vmalloc,vzalloc};
fresh identifier realloc = script:ocaml(alloc) { rename alloc };
@@
(
alloc(x1*x2*x3)
|
alloc(C1 * C2)
|
alloc((sizeof(t)) * (COUNT), ...)
|
- alloc((e1) * (e2))
+ realloc(e1, e2)
|
- alloc((e1) * (COUNT))
+ realloc(COUNT, e1)
|
- alloc((E1) * (E2))
+ realloc(E1, E2)
)
// </smpl>
Signed-off-by: Julia Lawall <[email protected]>
---
v2: Use vmalloc_array and vcalloc instead of array_size.
This also leaves a multiplication of a constant by a sizeof
as is. Two patches are thus dropped from the series.
lib/test_vmalloc.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff -u -p a/lib/test_vmalloc.c b/lib/test_vmalloc.c
--- a/lib/test_vmalloc.c
+++ b/lib/test_vmalloc.c
@@ -156,7 +156,7 @@ static int random_size_alloc_test(void)
for (i = 0; i < test_loop_count; i++) {
n = get_random_u32_inclusive(1, 100);
- p = vmalloc(n * PAGE_SIZE);
+ p = vmalloc_array(n, PAGE_SIZE);
if (!p)
return -1;
@@ -221,11 +221,11 @@ static int full_fit_alloc_test(void)
junk_length = fls(num_online_cpus());
junk_length *= (32 * 1024 * 1024 / PAGE_SIZE);
- ptr = vmalloc(sizeof(void *) * junk_length);
+ ptr = vmalloc_array(junk_length, sizeof(void *));
if (!ptr)
return rv;
- junk_ptr = vmalloc(sizeof(void *) * junk_length);
+ junk_ptr = vmalloc_array(junk_length, sizeof(void *));
if (!junk_ptr) {
vfree(ptr);
return rv;
@@ -271,7 +271,8 @@ static int fix_size_alloc_test(void)
if (use_huge)
ptr = vmalloc_huge((nr_pages > 0 ? nr_pages:1) * PAGE_SIZE, GFP_KERNEL);
else
- ptr = vmalloc((nr_pages > 0 ? nr_pages:1) * PAGE_SIZE);
+ ptr = vmalloc_array(nr_pages > 0 ? nr_pages : 1,
+ PAGE_SIZE);
if (!ptr)
return -1;
Use vmalloc_array and vcalloc to protect against
multiplication overflows.
The changes were done using the following Coccinelle
semantic patch:
// <smpl>
@initialize:ocaml@
@@
let rename alloc =
match alloc with
"vmalloc" -> "vmalloc_array"
| "vzalloc" -> "vcalloc"
| _ -> failwith "unknown"
@@
size_t e1,e2;
constant C1, C2;
expression E1, E2, COUNT, x1, x2, x3;
typedef u8;
typedef __u8;
type t = {u8,__u8,char,unsigned char};
identifier alloc = {vmalloc,vzalloc};
fresh identifier realloc = script:ocaml(alloc) { rename alloc };
@@
(
alloc(x1*x2*x3)
|
alloc(C1 * C2)
|
alloc((sizeof(t)) * (COUNT), ...)
|
- alloc((e1) * (e2))
+ realloc(e1, e2)
|
- alloc((e1) * (COUNT))
+ realloc(COUNT, e1)
|
- alloc((E1) * (E2))
+ realloc(E1, E2)
)
// </smpl>
Signed-off-by: Julia Lawall <[email protected]>
---
v2: Use vmalloc_array and vcalloc instead of array_size.
This also leaves a multiplication of a constant by a sizeof
as is. Two patches are thus dropped from the series.
drivers/gpu/drm/gud/gud_pipe.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff -u -p a/drivers/gpu/drm/gud/gud_pipe.c b/drivers/gpu/drm/gud/gud_pipe.c
--- a/drivers/gpu/drm/gud/gud_pipe.c
+++ b/drivers/gpu/drm/gud/gud_pipe.c
@@ -390,7 +390,7 @@ static int gud_fb_queue_damage(struct gu
mutex_lock(&gdrm->damage_lock);
if (!gdrm->shadow_buf) {
- gdrm->shadow_buf = vzalloc(fb->pitches[0] * fb->height);
+ gdrm->shadow_buf = vcalloc(fb->pitches[0], fb->height);
if (!gdrm->shadow_buf) {
mutex_unlock(&gdrm->damage_lock);
return -ENOMEM;
Use vmalloc_array and vcalloc to protect against
multiplication overflows.
The changes were done using the following Coccinelle
semantic patch:
// <smpl>
@initialize:ocaml@
@@
let rename alloc =
match alloc with
"vmalloc" -> "vmalloc_array"
| "vzalloc" -> "vcalloc"
| _ -> failwith "unknown"
@@
size_t e1,e2;
constant C1, C2;
expression E1, E2, COUNT, x1, x2, x3;
typedef u8;
typedef __u8;
type t = {u8,__u8,char,unsigned char};
identifier alloc = {vmalloc,vzalloc};
fresh identifier realloc = script:ocaml(alloc) { rename alloc };
@@
(
alloc(x1*x2*x3)
|
alloc(C1 * C2)
|
alloc((sizeof(t)) * (COUNT), ...)
|
- alloc((e1) * (e2))
+ realloc(e1, e2)
|
- alloc((e1) * (COUNT))
+ realloc(COUNT, e1)
|
- alloc((E1) * (E2))
+ realloc(E1, E2)
)
// </smpl>
Signed-off-by: Julia Lawall <[email protected]>
---
v2: Use vmalloc_array and vcalloc instead of array_size.
This also leaves a multiplication of a constant by a sizeof
as is. Two patches are thus dropped from the series.
drivers/scsi/qla2xxx/qla_init.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff -u -p a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c
--- a/drivers/scsi/qla2xxx/qla_init.c
+++ b/drivers/scsi/qla2xxx/qla_init.c
@@ -8434,7 +8434,7 @@ qla24xx_load_risc_flash(scsi_qla_host_t
ql_dbg(ql_dbg_init, vha, 0x0163,
"-> fwdt%u template allocate template %#x words...\n",
j, risc_size);
- fwdt->template = vmalloc(risc_size * sizeof(*dcode));
+ fwdt->template = vmalloc_array(risc_size, sizeof(*dcode));
if (!fwdt->template) {
ql_log(ql_log_warn, vha, 0x0164,
"-> fwdt%u failed allocate template.\n", j);
@@ -8689,7 +8689,7 @@ qla24xx_load_risc_blob(scsi_qla_host_t *
ql_dbg(ql_dbg_init, vha, 0x0173,
"-> fwdt%u template allocate template %#x words...\n",
j, risc_size);
- fwdt->template = vmalloc(risc_size * sizeof(*dcode));
+ fwdt->template = vmalloc_array(risc_size, sizeof(*dcode));
if (!fwdt->template) {
ql_log(ql_log_warn, vha, 0x0174,
"-> fwdt%u failed allocate template.\n", j);
Hello:
This series was applied to netdev/net-next.git (main)
by Jakub Kicinski <[email protected]>:
On Tue, 27 Jun 2023 16:43:15 +0200 you wrote:
> The functions vmalloc_array and vcalloc were introduced in
>
> commit a8749a35c399 ("mm: vmalloc: introduce array allocation functions")
>
> but are not used much yet. This series introduces uses of
> these functions, to protect against multiplication overflows.
>
> [...]
Here is the summary with links:
- [v2,02/24] octeon_ep: use vmalloc_array and vcalloc
https://git.kernel.org/netdev/net-next/c/32d462a5c3e5
- [v2,04/24] gve: use vmalloc_array and vcalloc
https://git.kernel.org/netdev/net-next/c/a13de901e8d5
- [v2,09/24] pds_core: use vmalloc_array and vcalloc
https://git.kernel.org/netdev/net-next/c/906a76cc7645
- [v2,11/24] ionic: use vmalloc_array and vcalloc
https://git.kernel.org/netdev/net-next/c/f712c8297e0a
- [v2,18/24] net: enetc: use vmalloc_array and vcalloc
https://git.kernel.org/netdev/net-next/c/fa87c54693ae
- [v2,22/24] net: mana: use vmalloc_array and vcalloc
https://git.kernel.org/netdev/net-next/c/e9c74f8b8a31
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
Am 27.06.23 um 16:43 schrieb Julia Lawall:
> Use vmalloc_array and vcalloc to protect against
> multiplication overflows.
>
> The changes were done using the following Coccinelle
> semantic patch:
>
> // <smpl>
> @initialize:ocaml@
> @@
>
> let rename alloc =
> match alloc with
> "vmalloc" -> "vmalloc_array"
> | "vzalloc" -> "vcalloc"
> | _ -> failwith "unknown"
>
> @@
> size_t e1,e2;
> constant C1, C2;
> expression E1, E2, COUNT, x1, x2, x3;
> typedef u8;
> typedef __u8;
> type t = {u8,__u8,char,unsigned char};
> identifier alloc = {vmalloc,vzalloc};
> fresh identifier realloc = script:ocaml(alloc) { rename alloc };
> @@
>
> (
> alloc(x1*x2*x3)
> |
> alloc(C1 * C2)
> |
> alloc((sizeof(t)) * (COUNT), ...)
> |
> - alloc((e1) * (e2))
> + realloc(e1, e2)
> |
> - alloc((e1) * (COUNT))
> + realloc(COUNT, e1)
> |
> - alloc((E1) * (E2))
> + realloc(E1, E2)
> )
> // </smpl>
>
> Signed-off-by: Julia Lawall <[email protected]>
Reviewed-by: Thomas Zimmermann <[email protected]>
>
> ---
> v2: Use vmalloc_array and vcalloc instead of array_size.
> This also leaves a multiplication of a constant by a sizeof
> as is. Two patches are thus dropped from the series.
>
> drivers/gpu/drm/gud/gud_pipe.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff -u -p a/drivers/gpu/drm/gud/gud_pipe.c b/drivers/gpu/drm/gud/gud_pipe.c
> --- a/drivers/gpu/drm/gud/gud_pipe.c
> +++ b/drivers/gpu/drm/gud/gud_pipe.c
> @@ -390,7 +390,7 @@ static int gud_fb_queue_damage(struct gu
> mutex_lock(&gdrm->damage_lock);
>
> if (!gdrm->shadow_buf) {
> - gdrm->shadow_buf = vzalloc(fb->pitches[0] * fb->height);
> + gdrm->shadow_buf = vcalloc(fb->pitches[0], fb->height);
> if (!gdrm->shadow_buf) {
> mutex_unlock(&gdrm->damage_lock);
> return -ENOMEM;
>
--
Thomas Zimmermann
Graphics Driver Developer
SUSE Software Solutions Germany GmbH
Frankenstrasse 146, 90461 Nuernberg, Germany
GF: Ivo Totev, Andrew Myers, Andrew McDonald, Boudien Moerman
HRB 36809 (AG Nuernberg)
Julia,
> The functions vmalloc_array and vcalloc were introduced in
>
> commit a8749a35c399 ("mm: vmalloc: introduce array allocation functions")
>
> but are not used much yet. This series introduces uses of
> these functions, to protect against multiplication overflows.
Applied #7 and #24 to 6.5/scsi-staging, thanks!
--
Martin K. Petersen Oracle Linux Engineering
On Tue, 27 Jun 2023 16:43:15 +0200, Julia Lawall wrote:
> The functions vmalloc_array and vcalloc were introduced in
>
> commit a8749a35c399 ("mm: vmalloc: introduce array allocation functions")
>
> but are not used much yet. This series introduces uses of
> these functions, to protect against multiplication overflows.
>
> [...]
Applied to 6.5/scsi-fixes, thanks!
[07/24] scsi: fnic: use vmalloc_array and vcalloc
https://git.kernel.org/mkp/scsi/c/b34c7dcaf311
[24/24] scsi: qla2xxx: use vmalloc_array and vcalloc
https://git.kernel.org/mkp/scsi/c/04d91b783acf
--
Martin K. Petersen Oracle Linux Engineering