Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp28498imm;
        Thu, 31 May 2018 17:46:01 -0700 (PDT)
X-Google-Smtp-Source: ADUXVKIIyOXd38NCM9hdFrp3WTdxycnd4QvjMbL9tcXWY83f56TmujN6ohoArtRgFLUQBF3NawH0
X-Received: by 2002:a17:902:8685:: with SMTP id g5-v6mr8787480plo.302.1527813960980;
        Thu, 31 May 2018 17:46:00 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1527813960; cv=none;
        d=google.com; s=arc-20160816;
        b=U/ZP1XNilC0J8Kf+TqkKjrESgzWLGSlPnO4v/f1zW3633+WCYfT7Oad/2qlwqi3m6A
         Tg2zkW8c+lEBjSRZhzH4RoAd/EvfCGeIiiXMalABODzvkYba4jpSNp1khtMXTA2S2Xov
         14jHvJYOzTgcVO5vxh/TXE6/WSM0lvyIypWYLX+YbT001Z06ZCIzu/AYvbazXKTNEDZ2
         +5mqzY0Mther2BIuWjI8AaEVph1Gv5pLZCRhfIQ8Rj6KwKS7PFUUaQxLPotyxHn18Ku9
         4f+jbB96SAneaQDEbUmXXo9ITKyFIwS2Fw/Q7w4mFAvsa7Md1Id7HTfJ1l+qlvxjPJ3E
         ZS5g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:references:in-reply-to:message-id:date
         :subject:cc:to:from:dkim-signature:arc-authentication-results;
        bh=PPeI6Fc1WIiUv3CI2eKARVZpHUloUTnaY/Tk9c6TzH0=;
        b=RGPX8TMJ0lziRDEPfNOW3R/wQs4H6hPiee5GBqL6EiDVNL50gTGpfYRLHtPm7HpkeT
         bWjr1n9hzl6GAVK10oMNmv3GRFrJVwIcV4wWmiSulSKQdmTH/FlvyrXzSu/uoFGAdpJo
         JTQqad1IM11nj5khs89h3UjRQKAXEq76xh8Ybruf/KnTOUnCt7MIN6g47sYifRqQfuQR
         9nzxe2of2H12DTalBkgAngbucaTcO2janJ9VdC4Q1obEOGPIXEsGya5hRtfe5CEJsT48
         nier7VGrFrEOxmuBbbCNKIXDGLWwosZqFrMZxZ+FpT10Z7HB/jJK+hTg9w5kKdXwmigV
         DEJg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@chromium.org header.s=google header.b=YPLBQvsI;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id u4-v6si16291835plj.43.2018.05.31.17.45.46;
        Thu, 31 May 2018 17:46:00 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@chromium.org header.s=google header.b=YPLBQvsI;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751668AbeFAApF (ORCPT <rfc822;brice.berna@gmail.com>
        + 99 others); Thu, 31 May 2018 20:45:05 -0400
Received: from mail-pg0-f67.google.com ([74.125.83.67]:45656 "EHLO
        mail-pg0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751425AbeFAAnv (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 31 May 2018 20:43:51 -0400
Received: by mail-pg0-f67.google.com with SMTP id z1-v6so3526579pgv.12
        for <linux-kernel@vger.kernel.org>; Thu, 31 May 2018 17:43:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=from:to:cc:subject:date:message-id:in-reply-to:references;
        bh=PPeI6Fc1WIiUv3CI2eKARVZpHUloUTnaY/Tk9c6TzH0=;
        b=YPLBQvsIedsEzQUz3dNwDzhBI3aYQkAyJbwJV6Dl/5v8Ifr8L+hZRvWnJK6cDIZHNZ
         KJV2UfpluAqs1syomAVjtjzN6iK7KJJz9cItRtqaWrNST6LVO5yATzBqNTyo67qUABct
         nLS6Afr9gXshsQTVDqgcT9+GTusKiza3KlNAE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references;
        bh=PPeI6Fc1WIiUv3CI2eKARVZpHUloUTnaY/Tk9c6TzH0=;
        b=tDxSqfILkK/TkxjsT6jheg2JdYghAErS5F6b89wb0qaUvBjLRKVvb3Bqai4P4uPz3T
         kA0XEHoK53Zi6xvM8EKgesWS3x6mHBio7VsboydBv0DP4iorYNYeA092FMcn2W5qWV53
         YhQPovuz08GI7XjdPzjYOagffdbElXJeTgd7lb/WA5w0y/HgQI3Y9Bxak4Elsqxu9V+3
         QgxWY4B7I4fxjOsEgU2Wd/Z6koP/XzaSV7Mqfa7YRTDV07/H277wn0DI9OISbq6UUTjo
         6pQS9bJT3gZ7lobuekXLZF08GrmAV8RoMAz2Z103mJyLH0BVssmdUybaViIAjLSkZ2TV
         31jw==
X-Gm-Message-State: ALKqPwfmtwRX7DgTTeQwHarpiUNerOYJo9J7AV1RuDIyBerPeBxw2zzV
        qExmeE32LMcUI8PG308MqYb5ew==
X-Received: by 2002:aa7:8084:: with SMTP id v4-v6mr8744516pff.105.1527813830338;
        Thu, 31 May 2018 17:43:50 -0700 (PDT)
Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133])
        by smtp.gmail.com with ESMTPSA id t17-v6sm6067290pfj.75.2018.05.31.17.43.44
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Thu, 31 May 2018 17:43:46 -0700 (PDT)
From:   Kees Cook <keescook@chromium.org>
To:     Matthew Wilcox <mawilcox@microsoft.com>
Cc:     Kees Cook <keescook@chromium.org>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Rasmus Villemoes <linux@rasmusvillemoes.dk>,
        Matthew Wilcox <willy@infradead.org>,
        LKML <linux-kernel@vger.kernel.org>,
        Linux-MM <linux-mm@kvack.org>,
        Kernel Hardening <kernel-hardening@lists.openwall.com>
Subject: [PATCH v3 10/16] treewide: Use struct_size() for vmalloc()-family
Date:   Thu, 31 May 2018 17:42:27 -0700
Message-Id: <20180601004233.37822-11-keescook@chromium.org>
X-Mailer: git-send-email 2.17.0
In-Reply-To: <20180601004233.37822-1-keescook@chromium.org>
References: <20180601004233.37822-1-keescook@chromium.org>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

This only finds one hit in the entire tree, but here's the Coccinelle:

// Directly refer to structure's field
@@
identifier alloc =~ "vmalloc|vzalloc";
identifier VAR, ELEMENT;
expression COUNT;
@@

- alloc(sizeof(*VAR) + COUNT * sizeof(*VAR->ELEMENT))
+ alloc(struct_size(VAR, ELEMENT, COUNT))

// mr = kzalloc(sizeof(*mr) + m * sizeof(mr->map[0]), GFP_KERNEL);
@@
identifier alloc =~ "vmalloc|vzalloc";
identifier VAR, ELEMENT;
expression COUNT;
@@

- alloc(sizeof(*VAR) + COUNT * sizeof(VAR->ELEMENT[0]))
+ alloc(struct_size(VAR, ELEMENT, COUNT))

// Same pattern, but can't trivially locate the trailing element name,
// or variable name.
@@
identifier alloc =~ "vmalloc|vzalloc";
expression SOMETHING, COUNT, ELEMENT;
@@

- alloc(sizeof(SOMETHING) + COUNT * sizeof(ELEMENT))
+ alloc(CHECKME_struct_size(&SOMETHING, ELEMENT, COUNT))

Signed-off-by: Kees Cook <keescook@chromium.org>
---
 drivers/gpu/drm/nouveau/nvkm/core/ramht.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/drivers/gpu/drm/nouveau/nvkm/core/ramht.c b/drivers/gpu/drm/nouveau/nvkm/core/ramht.c
index ccba4ae73cc5..8162e3d2359c 100644
--- a/drivers/gpu/drm/nouveau/nvkm/core/ramht.c
+++ b/drivers/gpu/drm/nouveau/nvkm/core/ramht.c
@@ -144,8 +144,7 @@ nvkm_ramht_new(struct nvkm_device *device, u32 size, u32 align,
 	struct nvkm_ramht *ramht;
 	int ret, i;
 
-	if (!(ramht = *pramht = vzalloc(sizeof(*ramht) +
-					(size >> 3) * sizeof(*ramht->data))))
+	if (!(ramht = *pramht = vzalloc(struct_size(ramht, data, (size >> 3)))))
 		return -ENOMEM;
 
 	ramht->device = device;
-- 
2.17.0