Received: by 10.192.165.148 with SMTP id m20csp4929408imm;
        Tue, 8 May 2018 17:49:26 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZrvAyKz/M4aAZFSX/ft8/EEJ24n6bJwRd/E6xTcg6M+vNa38yIO96haj6LTTJjV0vNCHS+O
X-Received: by 10.98.223.205 with SMTP id d74mr42083090pfl.114.1525826966574;
        Tue, 08 May 2018 17:49:26 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1525826966; cv=none;
        d=google.com; s=arc-20160816;
        b=r9OSGwdJtAS9yTphbXSzNTu4w1pTKq22mNsWHT48uR3CEVve9l3CIdsnhF3AFZQTLv
         OAKsOZ4aZwqlOltH7jkchoGOo2YxNDGb4iOig0Sg3DPz8XnhZojDQgMc7MHN/OEfoySw
         hCFZFwJ6WbtU+IBf83mrVTYpq8XtC3Wra6ACex7S+gdsdzBy6mEwXlr8u0T6vr/3arZ9
         giOewO503+2i6sOwjLHAkyZfGl/8arLhHFz+AdpjrkXwhtEYoj6wwoWQmVE5VqLI9ZGU
         IgGEpTIxariBS+HGkbg5UVyC3o086SAOfckq65I5NLNlV7Qya9HNt1UqvH+1Z1MetFxj
         JIbA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:references:in-reply-to:message-id:date
         :subject:cc:to:from:dkim-signature:arc-authentication-results;
        bh=PPeI6Fc1WIiUv3CI2eKARVZpHUloUTnaY/Tk9c6TzH0=;
        b=X6imMHXaXkFGMFMXXZXGcBd3Ofn+GXelXAmp4HmayaTXCdTYYuyMPrP8vlqg9dGdDq
         aBP/C+cqcycvHAKKcAVsv5U+HFB8/SurPyVYu+bb60CF9cNWBaJLGpBrhMdPw0K9Tweu
         kwWbGt60/E2owj8FjK+ONGTInwja2Ka3gSlFEoJAA++aXRCa0+AStP1+2hNsoS4E6NXF
         Irk1oouO+4/gqEt/znW1Ahepa1mxW0F7/sazTYUOARdvyMoMCmWVWKcXIXatw72X2DgN
         tL9nQq3r53XPl4I4D0G1+jXA4Eg41hkfv8RQToP0dO6AhQDkvKuzh71/Ds03WHiywJPV
         JB7w==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@chromium.org header.s=google header.b=Ti3M4KhF;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 64si25226487pfl.309.2018.05.08.17.49.12;
        Tue, 08 May 2018 17:49:26 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@chromium.org header.s=google header.b=Ti3M4KhF;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S933404AbeEIArI (ORCPT <rfc822;mailist1go@gmail.com> + 99 others);
        Tue, 8 May 2018 20:47:08 -0400
Received: from mail-pl0-f68.google.com ([209.85.160.68]:42190 "EHLO
        mail-pl0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S933134AbeEIAmp (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 8 May 2018 20:42:45 -0400
Received: by mail-pl0-f68.google.com with SMTP id u6-v6so3221467pls.9
        for <linux-kernel@vger.kernel.org>; Tue, 08 May 2018 17:42:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=from:to:cc:subject:date:message-id:in-reply-to:references;
        bh=PPeI6Fc1WIiUv3CI2eKARVZpHUloUTnaY/Tk9c6TzH0=;
        b=Ti3M4KhF8uBei+5fApihTwmQe/yaG8eyb6/Tt0dLmJsP0iqKp6AionjXWz46yB0cfJ
         XDx+0VVKV3kPkjM089dvRQ07dECcMqUGPU8dVHrYG75VDd8X2Aw5F19W60mEu51dXq8K
         5PjbSkp9b4UdkoBMyGxkwFCfrqwMV1BsgcqLs=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references;
        bh=PPeI6Fc1WIiUv3CI2eKARVZpHUloUTnaY/Tk9c6TzH0=;
        b=Ux98vSNpNYkM7YVIbpOlPyPV3NsNp2wbImODM984524vNxRusGd7XIJfkOJeqX5Pzz
         SCansYbxGIP036X/sUIbv4Va3D2eLPufzYntghWBb+QJUdYjbi6byOa8EwBX90sRPTme
         UjwO3NlE8fR9YdNCO2JllJfofFYfgnGoahVvd/+Vu4CDX0hIgr3lBMDQPhrLFrHvUESN
         G+u1zmU1tPLdXC7j1iY/cz4mlP//qx8gzKjFqyse6N1mGtOt1AFQC/fzd3o9sLiAKCjT
         IhWGFal2qDL3WPCQEOGEcVi4she048bZrbsDsh6qTQR+RhVazKQlNJlmWNnaxGHQRi/l
         +ghw==
X-Gm-Message-State: ALQs6tCAsK1JqqgM/3YxMD+uedm+LP8SAyigJV+xbCUpiq5Quqd0f2LS
        vJd4eiH4rPXayRchgRBYyDwv9g==
X-Received: by 2002:a17:902:d808:: with SMTP id a8-v6mr43744255plz.177.1525826565494;
        Tue, 08 May 2018 17:42:45 -0700 (PDT)
Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133])
        by smtp.gmail.com with ESMTPSA id p126-v6sm41302157pga.28.2018.05.08.17.42.41
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Tue, 08 May 2018 17:42:43 -0700 (PDT)
From:   Kees Cook <keescook@chromium.org>
To:     Matthew Wilcox <mawilcox@microsoft.com>
Cc:     Kees Cook <keescook@chromium.org>,
        Rasmus Villemoes <linux@rasmusvillemoes.dk>,
        linux-kernel@vger.kernel.org, linux-mm@kvack.org,
        kernel-hardening@lists.openwall.com
Subject: [PATCH 07/13] treewide: Use struct_size() for vmalloc()-family
Date:   Tue,  8 May 2018 17:42:23 -0700
Message-Id: <20180509004229.36341-8-keescook@chromium.org>
X-Mailer: git-send-email 2.17.0
In-Reply-To: <20180509004229.36341-1-keescook@chromium.org>
References: <20180509004229.36341-1-keescook@chromium.org>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

This only finds one hit in the entire tree, but here's the Coccinelle:

// Directly refer to structure's field
@@
identifier alloc =~ "vmalloc|vzalloc";
identifier VAR, ELEMENT;
expression COUNT;
@@

- alloc(sizeof(*VAR) + COUNT * sizeof(*VAR->ELEMENT))
+ alloc(struct_size(VAR, ELEMENT, COUNT))

// mr = kzalloc(sizeof(*mr) + m * sizeof(mr->map[0]), GFP_KERNEL);
@@
identifier alloc =~ "vmalloc|vzalloc";
identifier VAR, ELEMENT;
expression COUNT;
@@

- alloc(sizeof(*VAR) + COUNT * sizeof(VAR->ELEMENT[0]))
+ alloc(struct_size(VAR, ELEMENT, COUNT))

// Same pattern, but can't trivially locate the trailing element name,
// or variable name.
@@
identifier alloc =~ "vmalloc|vzalloc";
expression SOMETHING, COUNT, ELEMENT;
@@

- alloc(sizeof(SOMETHING) + COUNT * sizeof(ELEMENT))
+ alloc(CHECKME_struct_size(&SOMETHING, ELEMENT, COUNT))

Signed-off-by: Kees Cook <keescook@chromium.org>
---
 drivers/gpu/drm/nouveau/nvkm/core/ramht.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/drivers/gpu/drm/nouveau/nvkm/core/ramht.c b/drivers/gpu/drm/nouveau/nvkm/core/ramht.c
index ccba4ae73cc5..8162e3d2359c 100644
--- a/drivers/gpu/drm/nouveau/nvkm/core/ramht.c
+++ b/drivers/gpu/drm/nouveau/nvkm/core/ramht.c
@@ -144,8 +144,7 @@ nvkm_ramht_new(struct nvkm_device *device, u32 size, u32 align,
 	struct nvkm_ramht *ramht;
 	int ret, i;
 
-	if (!(ramht = *pramht = vzalloc(sizeof(*ramht) +
-					(size >> 3) * sizeof(*ramht->data))))
+	if (!(ramht = *pramht = vzalloc(struct_size(ramht, data, (size >> 3)))))
 		return -ENOMEM;
 
 	ramht->device = device;
-- 
2.17.0