Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp28498imm; Thu, 31 May 2018 17:46:01 -0700 (PDT) X-Google-Smtp-Source: ADUXVKIIyOXd38NCM9hdFrp3WTdxycnd4QvjMbL9tcXWY83f56TmujN6ohoArtRgFLUQBF3NawH0 X-Received: by 2002:a17:902:8685:: with SMTP id g5-v6mr8787480plo.302.1527813960980; Thu, 31 May 2018 17:46:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527813960; cv=none; d=google.com; s=arc-20160816; b=U/ZP1XNilC0J8Kf+TqkKjrESgzWLGSlPnO4v/f1zW3633+WCYfT7Oad/2qlwqi3m6A Tg2zkW8c+lEBjSRZhzH4RoAd/EvfCGeIiiXMalABODzvkYba4jpSNp1khtMXTA2S2Xov 14jHvJYOzTgcVO5vxh/TXE6/WSM0lvyIypWYLX+YbT001Z06ZCIzu/AYvbazXKTNEDZ2 +5mqzY0Mther2BIuWjI8AaEVph1Gv5pLZCRhfIQ8Rj6KwKS7PFUUaQxLPotyxHn18Ku9 4f+jbB96SAneaQDEbUmXXo9ITKyFIwS2Fw/Q7w4mFAvsa7Md1Id7HTfJ1l+qlvxjPJ3E ZS5g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=PPeI6Fc1WIiUv3CI2eKARVZpHUloUTnaY/Tk9c6TzH0=; b=RGPX8TMJ0lziRDEPfNOW3R/wQs4H6hPiee5GBqL6EiDVNL50gTGpfYRLHtPm7HpkeT bWjr1n9hzl6GAVK10oMNmv3GRFrJVwIcV4wWmiSulSKQdmTH/FlvyrXzSu/uoFGAdpJo JTQqad1IM11nj5khs89h3UjRQKAXEq76xh8Ybruf/KnTOUnCt7MIN6g47sYifRqQfuQR 9nzxe2of2H12DTalBkgAngbucaTcO2janJ9VdC4Q1obEOGPIXEsGya5hRtfe5CEJsT48 nier7VGrFrEOxmuBbbCNKIXDGLWwosZqFrMZxZ+FpT10Z7HB/jJK+hTg9w5kKdXwmigV DEJg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=YPLBQvsI; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u4-v6si16291835plj.43.2018.05.31.17.45.46; Thu, 31 May 2018 17:46:00 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=YPLBQvsI; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751668AbeFAApF (ORCPT + 99 others); Thu, 31 May 2018 20:45:05 -0400 Received: from mail-pg0-f67.google.com ([74.125.83.67]:45656 "EHLO mail-pg0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751425AbeFAAnv (ORCPT ); Thu, 31 May 2018 20:43:51 -0400 Received: by mail-pg0-f67.google.com with SMTP id z1-v6so3526579pgv.12 for ; Thu, 31 May 2018 17:43:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=PPeI6Fc1WIiUv3CI2eKARVZpHUloUTnaY/Tk9c6TzH0=; b=YPLBQvsIedsEzQUz3dNwDzhBI3aYQkAyJbwJV6Dl/5v8Ifr8L+hZRvWnJK6cDIZHNZ KJV2UfpluAqs1syomAVjtjzN6iK7KJJz9cItRtqaWrNST6LVO5yATzBqNTyo67qUABct nLS6Afr9gXshsQTVDqgcT9+GTusKiza3KlNAE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=PPeI6Fc1WIiUv3CI2eKARVZpHUloUTnaY/Tk9c6TzH0=; b=tDxSqfILkK/TkxjsT6jheg2JdYghAErS5F6b89wb0qaUvBjLRKVvb3Bqai4P4uPz3T kA0XEHoK53Zi6xvM8EKgesWS3x6mHBio7VsboydBv0DP4iorYNYeA092FMcn2W5qWV53 YhQPovuz08GI7XjdPzjYOagffdbElXJeTgd7lb/WA5w0y/HgQI3Y9Bxak4Elsqxu9V+3 QgxWY4B7I4fxjOsEgU2Wd/Z6koP/XzaSV7Mqfa7YRTDV07/H277wn0DI9OISbq6UUTjo 6pQS9bJT3gZ7lobuekXLZF08GrmAV8RoMAz2Z103mJyLH0BVssmdUybaViIAjLSkZ2TV 31jw== X-Gm-Message-State: ALKqPwfmtwRX7DgTTeQwHarpiUNerOYJo9J7AV1RuDIyBerPeBxw2zzV qExmeE32LMcUI8PG308MqYb5ew== X-Received: by 2002:aa7:8084:: with SMTP id v4-v6mr8744516pff.105.1527813830338; Thu, 31 May 2018 17:43:50 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id t17-v6sm6067290pfj.75.2018.05.31.17.43.44 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 31 May 2018 17:43:46 -0700 (PDT) From: Kees Cook To: Matthew Wilcox Cc: Kees Cook , Linus Torvalds , Rasmus Villemoes , Matthew Wilcox , LKML , Linux-MM , Kernel Hardening Subject: [PATCH v3 10/16] treewide: Use struct_size() for vmalloc()-family Date: Thu, 31 May 2018 17:42:27 -0700 Message-Id: <20180601004233.37822-11-keescook@chromium.org> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180601004233.37822-1-keescook@chromium.org> References: <20180601004233.37822-1-keescook@chromium.org> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This only finds one hit in the entire tree, but here's the Coccinelle: // Directly refer to structure's field @@ identifier alloc =~ "vmalloc|vzalloc"; identifier VAR, ELEMENT; expression COUNT; @@ - alloc(sizeof(*VAR) + COUNT * sizeof(*VAR->ELEMENT)) + alloc(struct_size(VAR, ELEMENT, COUNT)) // mr = kzalloc(sizeof(*mr) + m * sizeof(mr->map[0]), GFP_KERNEL); @@ identifier alloc =~ "vmalloc|vzalloc"; identifier VAR, ELEMENT; expression COUNT; @@ - alloc(sizeof(*VAR) + COUNT * sizeof(VAR->ELEMENT[0])) + alloc(struct_size(VAR, ELEMENT, COUNT)) // Same pattern, but can't trivially locate the trailing element name, // or variable name. @@ identifier alloc =~ "vmalloc|vzalloc"; expression SOMETHING, COUNT, ELEMENT; @@ - alloc(sizeof(SOMETHING) + COUNT * sizeof(ELEMENT)) + alloc(CHECKME_struct_size(&SOMETHING, ELEMENT, COUNT)) Signed-off-by: Kees Cook --- drivers/gpu/drm/nouveau/nvkm/core/ramht.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/gpu/drm/nouveau/nvkm/core/ramht.c b/drivers/gpu/drm/nouveau/nvkm/core/ramht.c index ccba4ae73cc5..8162e3d2359c 100644 --- a/drivers/gpu/drm/nouveau/nvkm/core/ramht.c +++ b/drivers/gpu/drm/nouveau/nvkm/core/ramht.c @@ -144,8 +144,7 @@ nvkm_ramht_new(struct nvkm_device *device, u32 size, u32 align, struct nvkm_ramht *ramht; int ret, i; - if (!(ramht = *pramht = vzalloc(sizeof(*ramht) + - (size >> 3) * sizeof(*ramht->data)))) + if (!(ramht = *pramht = vzalloc(struct_size(ramht, data, (size >> 3))))) return -ENOMEM; ramht->device = device; -- 2.17.0