Commit 28576760 authored by Linus Torvalds's avatar Linus Torvalds

Merge tag 'overflow-v4.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

Pull overflow updates from Kees Cook:
 "This adds the new overflow checking helpers and adds them to the
  2-factor argument allocators. And this adds the saturating size
  helpers and does a treewide replacement for the struct_size() usage.
  Additionally this adds the overflow testing modules to make sure
  everything works.

  I'm still working on the treewide replacements for allocators with
  "simple" multiplied arguments:

     *alloc(a * b, ...) -> *alloc_array(a, b, ...)

  and

     *zalloc(a * b, ...) -> *calloc(a, b, ...)

  as well as the more complex cases, but that's separable from this
  portion of the series. I expect to have the rest sent before -rc1
  closes; there are a lot of messy cases to clean up.

  Summary:

   - Introduce arithmetic overflow test helper functions (Rasmus)

   - Use overflow helpers in 2-factor allocators (Kees, Rasmus)

   - Introduce overflow test module (Rasmus, Kees)

   - Introduce saturating size helper functions (Matthew, Kees)

   - Treewide use of struct_size() for allocators (Kees)"

* tag 'overflow-v4.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
  treewide: Use struct_size() for devm_kmalloc() and friends
  treewide: Use struct_size() for vmalloc()-family
  treewide: Use struct_size() for kmalloc()-family
  device: Use overflow helpers for devm_kmalloc()
  mm: Use overflow helpers in kvmalloc()
  mm: Use overflow helpers in kmalloc_array*()
  test_overflow: Add memory allocation overflow tests
  overflow.h: Add allocation size calculation helpers
  test_overflow: Report test failures
  test_overflow: macrofy some more, do more tests for free
  lib: add runtime test of check_*_overflow functions
  compiler.h: enable builtin overflow checkers and add fallback code
parents 5eb6eed7 0ed2dd03
...@@ -500,8 +500,8 @@ int af_alg_alloc_tsgl(struct sock *sk) ...@@ -500,8 +500,8 @@ int af_alg_alloc_tsgl(struct sock *sk)
sg = sgl->sg; sg = sgl->sg;
if (!sg || sgl->cur >= MAX_SGL_ENTS) { if (!sg || sgl->cur >= MAX_SGL_ENTS) {
sgl = sock_kmalloc(sk, sizeof(*sgl) + sgl = sock_kmalloc(sk,
sizeof(sgl->sg[0]) * (MAX_SGL_ENTS + 1), struct_size(sgl, sg, (MAX_SGL_ENTS + 1)),
GFP_KERNEL); GFP_KERNEL);
if (!sgl) if (!sgl)
return -ENOMEM; return -ENOMEM;
......
...@@ -84,9 +84,14 @@ static struct devres_group * node_to_group(struct devres_node *node) ...@@ -84,9 +84,14 @@ static struct devres_group * node_to_group(struct devres_node *node)
static __always_inline struct devres * alloc_dr(dr_release_t release, static __always_inline struct devres * alloc_dr(dr_release_t release,
size_t size, gfp_t gfp, int nid) size_t size, gfp_t gfp, int nid)
{ {
size_t tot_size = sizeof(struct devres) + size; size_t tot_size;
struct devres *dr; struct devres *dr;
/* We must catch any near-SIZE_MAX cases that could overflow. */
if (unlikely(check_add_overflow(sizeof(struct devres), size,
&tot_size)))
return NULL;
dr = kmalloc_node_track_caller(tot_size, gfp, nid); dr = kmalloc_node_track_caller(tot_size, gfp, nid);
if (unlikely(!dr)) if (unlikely(!dr))
return NULL; return NULL;
......
...@@ -40,8 +40,10 @@ static int bcm2835_aux_clk_probe(struct platform_device *pdev) ...@@ -40,8 +40,10 @@ static int bcm2835_aux_clk_probe(struct platform_device *pdev)
if (IS_ERR(reg)) if (IS_ERR(reg))
return PTR_ERR(reg); return PTR_ERR(reg);
onecell = devm_kmalloc(dev, sizeof(*onecell) + sizeof(*onecell->hws) * onecell = devm_kmalloc(dev,
BCM2835_AUX_CLOCK_COUNT, GFP_KERNEL); struct_size(onecell, hws,
BCM2835_AUX_CLOCK_COUNT),
GFP_KERNEL);
if (!onecell) if (!onecell)
return -ENOMEM; return -ENOMEM;
onecell->num = BCM2835_AUX_CLOCK_COUNT; onecell->num = BCM2835_AUX_CLOCK_COUNT;
......
...@@ -2147,8 +2147,8 @@ static int bcm2835_clk_probe(struct platform_device *pdev) ...@@ -2147,8 +2147,8 @@ static int bcm2835_clk_probe(struct platform_device *pdev)
size_t i; size_t i;
int ret; int ret;
cprman = devm_kzalloc(dev, sizeof(*cprman) + cprman = devm_kzalloc(dev,
sizeof(*cprman->onecell.hws) * asize, struct_size(cprman, onecell.hws, asize),
GFP_KERNEL); GFP_KERNEL);
if (!cprman) if (!cprman)
return -ENOMEM; return -ENOMEM;
......
...@@ -197,8 +197,8 @@ void __init iproc_asiu_setup(struct device_node *node, ...@@ -197,8 +197,8 @@ void __init iproc_asiu_setup(struct device_node *node,
if (WARN_ON(!asiu)) if (WARN_ON(!asiu))
return; return;
asiu->clk_data = kzalloc(sizeof(*asiu->clk_data->hws) * num_clks + asiu->clk_data = kzalloc(struct_size(asiu->clk_data, hws, num_clks),
sizeof(*asiu->clk_data), GFP_KERNEL); GFP_KERNEL);
if (WARN_ON(!asiu->clk_data)) if (WARN_ON(!asiu->clk_data))
goto err_clks; goto err_clks;
asiu->clk_data->num = num_clks; asiu->clk_data->num = num_clks;
......
...@@ -744,8 +744,7 @@ void iproc_pll_clk_setup(struct device_node *node, ...@@ -744,8 +744,7 @@ void iproc_pll_clk_setup(struct device_node *node,
if (WARN_ON(!pll)) if (WARN_ON(!pll))
return; return;
clk_data = kzalloc(sizeof(*clk_data->hws) * num_clks + clk_data = kzalloc(struct_size(clk_data, hws, num_clks), GFP_KERNEL);
sizeof(*clk_data), GFP_KERNEL);
if (WARN_ON(!clk_data)) if (WARN_ON(!clk_data))
goto err_clk_data; goto err_clk_data;
clk_data->num = num_clks; clk_data->num = num_clks;
......
...@@ -509,8 +509,7 @@ static void __init berlin2_clock_setup(struct device_node *np) ...@@ -509,8 +509,7 @@ static void __init berlin2_clock_setup(struct device_node *np)
u8 avpll_flags = 0; u8 avpll_flags = 0;
int n, ret; int n, ret;
clk_data = kzalloc(sizeof(*clk_data) + clk_data = kzalloc(struct_size(clk_data, hws, MAX_CLKS), GFP_KERNEL);
sizeof(*clk_data->hws) * MAX_CLKS, GFP_KERNEL);
if (!clk_data) if (!clk_data)
return; return;
clk_data->num = MAX_CLKS; clk_data->num = MAX_CLKS;
......
...@@ -295,8 +295,7 @@ static void __init berlin2q_clock_setup(struct device_node *np) ...@@ -295,8 +295,7 @@ static void __init berlin2q_clock_setup(struct device_node *np)
struct clk_hw **hws; struct clk_hw **hws;
int n, ret; int n, ret;
clk_data = kzalloc(sizeof(*clk_data) + clk_data = kzalloc(struct_size(clk_data, hws, MAX_CLKS), GFP_KERNEL);
sizeof(*clk_data->hws) * MAX_CLKS, GFP_KERNEL);
if (!clk_data) if (!clk_data)
return; return;
clk_data->num = MAX_CLKS; clk_data->num = MAX_CLKS;
......
...@@ -273,8 +273,7 @@ static void __init asm9260_acc_init(struct device_node *np) ...@@ -273,8 +273,7 @@ static void __init asm9260_acc_init(struct device_node *np)
int n; int n;
u32 accuracy = 0; u32 accuracy = 0;
clk_data = kzalloc(sizeof(*clk_data) + clk_data = kzalloc(struct_size(clk_data, hws, MAX_CLKS), GFP_KERNEL);
sizeof(*clk_data->hws) * MAX_CLKS, GFP_KERNEL);
if (!clk_data) if (!clk_data)
return; return;
clk_data->num = MAX_CLKS; clk_data->num = MAX_CLKS;
......
...@@ -627,9 +627,9 @@ static void __init aspeed_cc_init(struct device_node *np) ...@@ -627,9 +627,9 @@ static void __init aspeed_cc_init(struct device_node *np)
if (!scu_base) if (!scu_base)
return; return;
aspeed_clk_data = kzalloc(sizeof(*aspeed_clk_data) + aspeed_clk_data = kzalloc(struct_size(aspeed_clk_data, hws,
sizeof(*aspeed_clk_data->hws) * ASPEED_NUM_CLKS, ASPEED_NUM_CLKS),
GFP_KERNEL); GFP_KERNEL);
if (!aspeed_clk_data) if (!aspeed_clk_data)
return; return;
......
...@@ -54,9 +54,9 @@ static struct clps711x_clk * __init _clps711x_clk_init(void __iomem *base, ...@@ -54,9 +54,9 @@ static struct clps711x_clk * __init _clps711x_clk_init(void __iomem *base,
if (!base) if (!base)
return ERR_PTR(-ENOMEM); return ERR_PTR(-ENOMEM);
clps711x_clk = kzalloc(sizeof(*clps711x_clk) + clps711x_clk = kzalloc(struct_size(clps711x_clk, clk_data.hws,
sizeof(*clps711x_clk->clk_data.hws) * CLPS711X_CLK_MAX, CLPS711X_CLK_MAX),
GFP_KERNEL); GFP_KERNEL);
if (!clps711x_clk) if (!clps711x_clk)
return ERR_PTR(-ENOMEM); return ERR_PTR(-ENOMEM);
......
...@@ -25,8 +25,8 @@ static void __init efm32gg_cmu_init(struct device_node *np) ...@@ -25,8 +25,8 @@ static void __init efm32gg_cmu_init(struct device_node *np)
void __iomem *base; void __iomem *base;
struct clk_hw **hws; struct clk_hw **hws;
clk_data = kzalloc(sizeof(*clk_data) + clk_data = kzalloc(struct_size(clk_data, hws, CMU_MAX_CLKS),
sizeof(*clk_data->hws) * CMU_MAX_CLKS, GFP_KERNEL); GFP_KERNEL);
if (!clk_data) if (!clk_data)
return; return;
......
...@@ -399,9 +399,9 @@ static void __init gemini_cc_init(struct device_node *np) ...@@ -399,9 +399,9 @@ static void __init gemini_cc_init(struct device_node *np)
int ret; int ret;
int i; int i;
gemini_clk_data = kzalloc(sizeof(*gemini_clk_data) + gemini_clk_data = kzalloc(struct_size(gemini_clk_data, hws,
sizeof(*gemini_clk_data->hws) * GEMINI_NUM_CLKS, GEMINI_NUM_CLKS),
GFP_KERNEL); GFP_KERNEL);
if (!gemini_clk_data) if (!gemini_clk_data)
return; return;
......
...@@ -147,8 +147,8 @@ static int s2mps11_clk_probe(struct platform_device *pdev) ...@@ -147,8 +147,8 @@ static int s2mps11_clk_probe(struct platform_device *pdev)
if (!s2mps11_clks) if (!s2mps11_clks)
return -ENOMEM; return -ENOMEM;
clk_data = devm_kzalloc(&pdev->dev, sizeof(*clk_data) + clk_data = devm_kzalloc(&pdev->dev,
sizeof(*clk_data->hws) * S2MPS11_CLKS_NUM, struct_size(clk_data, hws, S2MPS11_CLKS_NUM),
GFP_KERNEL); GFP_KERNEL);
if (!clk_data) if (!clk_data)
return -ENOMEM; return -ENOMEM;
......
...@@ -137,8 +137,8 @@ static int scmi_clocks_probe(struct scmi_device *sdev) ...@@ -137,8 +137,8 @@ static int scmi_clocks_probe(struct scmi_device *sdev)
return -EINVAL; return -EINVAL;
} }
clk_data = devm_kzalloc(dev, sizeof(*clk_data) + clk_data = devm_kzalloc(dev, struct_size(clk_data, hws, count),
sizeof(*clk_data->hws) * count, GFP_KERNEL); GFP_KERNEL);
if (!clk_data) if (!clk_data)
return -ENOMEM; return -ENOMEM;
......
...@@ -1201,9 +1201,8 @@ static void __init stm32h7_rcc_init(struct device_node *np) ...@@ -1201,9 +1201,8 @@ static void __init stm32h7_rcc_init(struct device_node *np)
const char *hse_clk, *lse_clk, *i2s_clk; const char *hse_clk, *lse_clk, *i2s_clk;
struct regmap *pdrm; struct regmap *pdrm;
clk_data = kzalloc(sizeof(*clk_data) + clk_data = kzalloc(struct_size(clk_data, hws, STM32H7_MAX_CLKS),
sizeof(*clk_data->hws) * STM32H7_MAX_CLKS, GFP_KERNEL);
GFP_KERNEL);
if (!clk_data) if (!clk_data)
return; return;
......
...@@ -2060,9 +2060,8 @@ static int stm32_rcc_init(struct device_node *np, ...@@ -2060,9 +2060,8 @@ static int stm32_rcc_init(struct device_node *np,
max_binding = data->maxbinding; max_binding = data->maxbinding;
clk_data = kzalloc(sizeof(*clk_data) + clk_data = kzalloc(struct_size(clk_data, hws, max_binding),
sizeof(*clk_data->hws) * max_binding, GFP_KERNEL);
GFP_KERNEL);
if (!clk_data) if (!clk_data)
return -ENOMEM; return -ENOMEM;
......
...@@ -650,8 +650,8 @@ static int of_da8xx_usb_phy_clk_init(struct device *dev, struct regmap *regmap) ...@@ -650,8 +650,8 @@ static int of_da8xx_usb_phy_clk_init(struct device *dev, struct regmap *regmap)
struct da8xx_usb0_clk48 *usb0; struct da8xx_usb0_clk48 *usb0;
struct da8xx_usb1_clk48 *usb1; struct da8xx_usb1_clk48 *usb1;
clk_data = devm_kzalloc(dev, sizeof(*clk_data) + 2 * clk_data = devm_kzalloc(dev, struct_size(clk_data, hws, 2),
sizeof(*clk_data->hws), GFP_KERNEL); GFP_KERNEL);
if (!clk_data) if (!clk_data)
return -ENOMEM; return -ENOMEM;
......
...@@ -667,9 +667,10 @@ static int armada_3700_periph_clock_probe(struct platform_device *pdev) ...@@ -667,9 +667,10 @@ static int armada_3700_periph_clock_probe(struct platform_device *pdev)
if (!driver_data) if (!driver_data)
return -ENOMEM; return -ENOMEM;
driver_data->hw_data = devm_kzalloc(dev, sizeof(*driver_data->hw_data) + driver_data->hw_data = devm_kzalloc(dev,
sizeof(*driver_data->hw_data->hws) * num_periph, struct_size(driver_data->hw_data,
GFP_KERNEL); hws, num_periph),
GFP_KERNEL);
if (!driver_data->hw_data) if (!driver_data->hw_data)
return -ENOMEM; return -ENOMEM;
driver_data->hw_data->num = num_periph; driver_data->hw_data->num = num_periph;
......
...@@ -91,8 +91,8 @@ static int armada_3700_tbg_clock_probe(struct platform_device *pdev) ...@@ -91,8 +91,8 @@ static int armada_3700_tbg_clock_probe(struct platform_device *pdev)
void __iomem *reg; void __iomem *reg;
int i, ret; int i, ret;
hw_tbg_data = devm_kzalloc(&pdev->dev, sizeof(*hw_tbg_data) hw_tbg_data = devm_kzalloc(&pdev->dev,
+ sizeof(*hw_tbg_data->hws) * NUM_TBG, struct_size(hw_tbg_data, hws, NUM_TBG),
GFP_KERNEL); GFP_KERNEL);
if (!hw_tbg_data) if (!hw_tbg_data)
return -ENOMEM; return -ENOMEM;
......
...@@ -239,8 +239,7 @@ static int spmi_pmic_clkdiv_probe(struct platform_device *pdev) ...@@ -239,8 +239,7 @@ static int spmi_pmic_clkdiv_probe(struct platform_device *pdev)
if (!nclks) if (!nclks)
return -EINVAL; return -EINVAL;
cc = devm_kzalloc(dev, sizeof(*cc) + sizeof(*cc->clks) * nclks, cc = devm_kzalloc(dev, struct_size(cc, clks, nclks), GFP_KERNEL);
GFP_KERNEL);
if (!cc) if (!cc)
return -ENOMEM; return -ENOMEM;
cc->nclks = nclks; cc->nclks = nclks;
......
...@@ -149,8 +149,8 @@ static int exynos_audss_clk_probe(struct platform_device *pdev) ...@@ -149,8 +149,8 @@ static int exynos_audss_clk_probe(struct platform_device *pdev)
epll = ERR_PTR(-ENODEV); epll = ERR_PTR(-ENODEV);
clk_data = devm_kzalloc(dev, clk_data = devm_kzalloc(dev,
sizeof(*clk_data) + struct_size(clk_data, hws,
sizeof(*clk_data->hws) * EXYNOS_AUDSS_MAX_CLKS, EXYNOS_AUDSS_MAX_CLKS),
GFP_KERNEL); GFP_KERNEL);
if (!clk_data) if (!clk_data)
return -ENOMEM; return -ENOMEM;
......
...@@ -61,8 +61,7 @@ static void __init exynos_clkout_init(struct device_node *node, u32 mux_mask) ...@@ -61,8 +61,7 @@ static void __init exynos_clkout_init(struct device_node *node, u32 mux_mask)
int ret; int ret;
int i; int i;
clkout = kzalloc(sizeof(*clkout) + clkout = kzalloc(struct_size(clkout, data.hws, EXYNOS_CLKOUT_NR_CLKS),
sizeof(*clkout->data.hws) * EXYNOS_CLKOUT_NR_CLKS,
GFP_KERNEL); GFP_KERNEL);
if (!clkout) if (!clkout)
return; return;
......
...@@ -5505,8 +5505,8 @@ static int __init exynos5433_cmu_probe(struct platform_device *pdev) ...@@ -5505,8 +5505,8 @@ static int __init exynos5433_cmu_probe(struct platform_device *pdev)
info = of_device_get_match_data(dev); info = of_device_get_match_data(dev);
data = devm_kzalloc(dev, sizeof(*data) + data = devm_kzalloc(dev,
sizeof(*data->ctx.clk_data.hws) * info->nr_clk_ids, struct_size(data, ctx.clk_data.hws, info->nr_clk_ids),
GFP_KERNEL); GFP_KERNEL);
if (!data) if (!data)
return -ENOMEM; return -ENOMEM;
......
...@@ -247,9 +247,10 @@ static int s3c24xx_dclk_probe(struct platform_device *pdev) ...@@ -247,9 +247,10 @@ static int s3c24xx_dclk_probe(struct platform_device *pdev)
struct clk_hw **clk_table; struct clk_hw **clk_table;
int ret, i; int ret, i;
s3c24xx_dclk = devm_kzalloc(&pdev->dev, sizeof(*s3c24xx_dclk) + s3c24xx_dclk = devm_kzalloc(&pdev->dev,
sizeof(*s3c24xx_dclk->clk_data.hws) * DCLK_MAX_CLKS, struct_size(s3c24xx_dclk, clk_data.hws,
GFP_KERNEL); DCLK_MAX_CLKS),
GFP_KERNEL);
if (!s3c24xx_dclk) if (!s3c24xx_dclk)
return -ENOMEM; return -ENOMEM;
......
...@@ -81,8 +81,7 @@ static int s5pv210_audss_clk_probe(struct platform_device *pdev) ...@@ -81,8 +81,7 @@ static int s5pv210_audss_clk_probe(struct platform_device *pdev)
} }
clk_data = devm_kzalloc(&pdev->dev, clk_data = devm_kzalloc(&pdev->dev,
sizeof(*clk_data) + struct_size(clk_data, hws, AUDSS_MAX_CLKS),
sizeof(*clk_data->hws) * AUDSS_MAX_CLKS,
GFP_KERNEL); GFP_KERNEL);
if (!clk_data) if (!clk_data)
......
...@@ -594,7 +594,7 @@ struct dev_dax *devm_create_dev_dax(struct dax_region *dax_region, ...@@ -594,7 +594,7 @@ struct dev_dax *devm_create_dev_dax(struct dax_region *dax_region,
if (!count) if (!count)
return ERR_PTR(-EINVAL); return ERR_PTR(-EINVAL);
dev_dax = kzalloc(sizeof(*dev_dax) + sizeof(*res) * count, GFP_KERNEL); dev_dax = kzalloc(struct_size(dev_dax, res, count), GFP_KERNEL);
if (!dev_dax) if (!dev_dax)
return ERR_PTR(-ENOMEM); return ERR_PTR(-ENOMEM);
......
...@@ -1499,9 +1499,8 @@ static int sba_prealloc_channel_resources(struct sba_device *sba) ...@@ -1499,9 +1499,8 @@ static int sba_prealloc_channel_resources(struct sba_device *sba)
for (i = 0; i < sba->max_req; i++) { for (i = 0; i < sba->max_req; i++) {
req = devm_kzalloc(sba->dev, req = devm_kzalloc(sba->dev,
sizeof(*req) + struct_size(req, cmds, sba->max_cmd_per_req),
sba->max_cmd_per_req * sizeof(req->cmds[0]), GFP_KERNEL);
GFP_KERNEL);
if (!req) { if (!req) {
ret = -ENOMEM; ret = -ENOMEM;
goto fail_free_cmds_pool; goto fail_free_cmds_pool;
......
...@@ -1074,8 +1074,7 @@ static struct dma_async_tx_descriptor *edma_prep_slave_sg( ...@@ -1074,8 +1074,7 @@ static struct dma_async_tx_descriptor *edma_prep_slave_sg(
return NULL; return NULL;
} }
edesc = kzalloc(sizeof(*edesc) + sg_len * sizeof(edesc->pset[0]), edesc = kzalloc(struct_size(edesc, pset, sg_len), GFP_ATOMIC);
GFP_ATOMIC);
if (!edesc) if (!edesc)
return NULL; return NULL;
...@@ -1192,8 +1191,7 @@ static struct dma_async_tx_descriptor *edma_prep_dma_memcpy( ...@@ -1192,8 +1191,7 @@ static struct dma_async_tx_descriptor *edma_prep_dma_memcpy(
nslots = 2; nslots = 2;
} }
edesc = kzalloc(sizeof(*edesc) + nslots * sizeof(edesc->pset[0]), edesc = kzalloc(struct_size(edesc, pset, nslots), GFP_ATOMIC);
GFP_ATOMIC);
if (!edesc) if (!edesc)
return NULL; return NULL;
...@@ -1315,8 +1313,7 @@ static struct dma_async_tx_descriptor *edma_prep_dma_cyclic( ...@@ -1315,8 +1313,7 @@ static struct dma_async_tx_descriptor *edma_prep_dma_cyclic(
} }
} }
edesc = kzalloc(sizeof(*edesc) + nslots * sizeof(edesc->pset[0]), edesc = kzalloc(struct_size(edesc, pset, nslots), GFP_ATOMIC);
GFP_ATOMIC);
if (!edesc) if (!edesc)
return NULL; return NULL;
......
...@@ -309,7 +309,7 @@ static struct dma_async_tx_descriptor *moxart_prep_slave_sg( ...@@ -309,7 +309,7 @@ static struct dma_async_tx_descriptor *moxart_prep_slave_sg(
return NULL; return NULL;
} }
d = kzalloc(sizeof(*d) + sg_len * sizeof(d->sg[0]), GFP_ATOMIC); d = kzalloc(struct_size(d, sg, sg_len), GFP_ATOMIC);
if (!d) if (!d)
return NULL; return NULL;
......
...@@ -1305,8 +1305,8 @@ static int nbpf_probe(struct platform_device *pdev) ...@@ -1305,8 +1305,8 @@ static int nbpf_probe(struct platform_device *pdev)
cfg = of_device_get_match_data(dev); cfg = of_device_get_match_data(dev);
num_channels = cfg->num_channels; num_channels = cfg->num_channels;
nbpf = devm_kzalloc(dev, sizeof(*nbpf) + num_channels * nbpf = devm_kzalloc(dev, struct_size(nbpf, chan, num_channels),
sizeof(nbpf->chan[0]), GFP_KERNEL); GFP_KERNEL);
if (!nbpf) if (!nbpf)
return -ENOMEM; return -ENOMEM;
......
...@@ -917,7 +917,7 @@ static struct dma_async_tx_descriptor *omap_dma_prep_slave_sg( ...@@ -917,7 +917,7 @@ static struct dma_async_tx_descriptor *omap_dma_prep_slave_sg(
} }
/* Now allocate and setup the descriptor. */ /* Now allocate and setup the descriptor. */
d = kzalloc(sizeof(*d) + sglen * sizeof(d->sg[0]), GFP_ATOMIC); d = kzalloc(struct_size(d, sg, sglen), GFP_ATOMIC);
if (!d) if (!d)
return NULL; return NULL;
......
...@@ -557,7 +557,7 @@ static struct dma_async_tx_descriptor *sa11x0_dma_prep_slave_sg( ...@@ -557,7 +557,7 @@ static struct dma_async_tx_descriptor *sa11x0_dma_prep_slave_sg(
} }
} }
txd = kzalloc(sizeof(*txd) + j * sizeof(txd->sg[0]), GFP_ATOMIC); txd = kzalloc(struct_size(txd, sg, j), GFP_ATOMIC);
if (!txd) { if (!txd) {
dev_dbg(chan->device->dev, "vchan %p: kzalloc failed\n", &c->vc); dev_dbg(chan->device->dev, "vchan %p: kzalloc failed\n", &c->vc);
return NULL; return NULL;
...@@ -627,7 +627,7 @@ static struct dma_async_tx_descriptor *sa11x0_dma_prep_dma_cyclic( ...@@ -627,7 +627,7 @@ static struct dma_async_tx_descriptor *sa11x0_dma_prep_dma_cyclic(
if (sglen == 0) if (sglen == 0)
return NULL; return NULL;
txd = kzalloc(sizeof(*txd) + sglen * sizeof(txd->sg[0]), GFP_ATOMIC); txd = kzalloc(struct_size(txd, sg, sglen), GFP_ATOMIC);
if (!txd) { if (!txd) {
dev_dbg(chan->device->dev, "vchan %p: kzalloc failed\n", &c->vc); dev_dbg(chan->device->dev, "vchan %p: kzalloc failed\n", &c->vc);
return NULL; return NULL;
......
...@@ -269,7 +269,7 @@ static int usb_dmac_desc_alloc(struct usb_dmac_chan *chan, unsigned int sg_len, ...@@ -269,7 +269,7 @@ static int usb_dmac_desc_alloc(struct usb_dmac_chan *chan, unsigned int sg_len,
struct usb_dmac_desc *desc; struct usb_dmac_desc *desc;
unsigned long flags; unsigned long flags;
desc = kzalloc(sizeof(*desc) + sg_len * sizeof(desc->sg[0]), gfp); desc = kzalloc(struct_size(desc, sg, sg_len), gfp);
if (!desc) if (!desc)
return -ENOMEM; return -ENOMEM;
......
...@@ -805,8 +805,8 @@ static int sprd_dma_probe(struct platform_device *pdev) ...@@ -805,8 +805,8 @@ static int sprd_dma_probe(struct platform_device *pdev)
return ret; return ret;
} }
sdev = devm_kzalloc(&pdev->dev, sizeof(*sdev) + sdev = devm_kzalloc(&pdev->dev,
sizeof(*dma_chn) * chn_count, struct_size(sdev, channels, chn_count),
GFP_KERNEL); GFP_KERNEL);
if (!sdev) if (!sdev)
return -ENOMEM; return -ENOMEM;
......
...@@ -112,8 +112,7 @@ static struct fw_node *fw_node_create(u32 sid, int port_count, int color) ...@@ -112,8 +112,7 @@ static struct fw_node *fw_node_create(u32 sid, int port_count, int color)
{ {
struct fw_node *node; struct fw_node *node;
node = kzalloc(sizeof(*node) + port_count * sizeof(node->ports[0]), node = kzalloc(struct_size(node, ports, port_count), GFP_ATOMIC);
GFP_ATOMIC);
if (node == NULL) if (node == NULL)
return NULL; return NULL;
......
...@@ -371,8 +371,7 @@ static int uniphier_gpio_probe(struct platform_device *pdev) ...@@ -371,8 +371,7 @@ static int uniphier_gpio_probe(struct platform_device *pdev)
return ret; return ret;
nregs = uniphier_gpio_get_nbanks(ngpios) * 2 + 3; nregs = uniphier_gpio_get_nbanks(ngpios) * 2 + 3;
priv = devm_kzalloc(dev, priv = devm_kzalloc(dev, struct_size(priv, saved_vals, nregs),
sizeof(*priv) + sizeof(priv->saved_vals[0]) * nregs,
GFP_KERNEL); GFP_KERNEL);
if (!priv) if (!priv)
return -ENOMEM; return -ENOMEM;
......
...@@ -4023,8 +4023,7 @@ struct gpio_descs *__must_check gpiod_get_array(struct device *dev, ...@@ -4023,8 +4023,7 @@ struct gpio_descs *__must_check gpiod_get_array(struct device *dev,
if (count < 0) if (count < 0)
return ERR_PTR(count); return ERR_PTR(count);
descs = kzalloc(sizeof(*descs) + sizeof(descs->desc[0]) * count, descs = kzalloc(struct_size(descs, desc, count), GFP_KERNEL);
GFP_KERNEL);
if (!descs) if (!descs)
return ERR_PTR(-ENOMEM); return ERR_PTR(-ENOMEM);
......
...@@ -144,8 +144,7 @@ nvkm_ramht_new(struct nvkm_device *device, u32 size, u32 align, ...@@ -144,8 +144,7 @@ nvkm_ramht_new(struct nvkm_device *device, u32 size, u32 align,