summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKees Cook <keescook@chromium.org>2018-05-08 15:56:34 -0700
committerKees Cook <keescook@chromium.org>2018-06-06 11:15:43 -0700
commitb4b06db115bbbc10252287ae2d326fb5ecefaf18 (patch)
tree708187c4aea456a9546f7c1ab30061882d839789
parentacafe7e30216166a17e6e226aadc3ecb63993242 (diff)
treewide: Use struct_size() for vmalloc()-family
This only finds one hit in the entire tree, but here's the Coccinelle: // Directly refer to structure's field @@ identifier alloc =~ "vmalloc|vzalloc"; identifier VAR, ELEMENT; expression COUNT; @@ - alloc(sizeof(*VAR) + COUNT * sizeof(*VAR->ELEMENT)) + alloc(struct_size(VAR, ELEMENT, COUNT)) // mr = kzalloc(sizeof(*mr) + m * sizeof(mr->map[0]), GFP_KERNEL); @@ identifier alloc =~ "vmalloc|vzalloc"; identifier VAR, ELEMENT; expression COUNT; @@ - alloc(sizeof(*VAR) + COUNT * sizeof(VAR->ELEMENT[0])) + alloc(struct_size(VAR, ELEMENT, COUNT)) // Same pattern, but can't trivially locate the trailing element name, // or variable name. @@ identifier alloc =~ "vmalloc|vzalloc"; expression SOMETHING, COUNT, ELEMENT; @@ - alloc(sizeof(SOMETHING) + COUNT * sizeof(ELEMENT)) + alloc(CHECKME_struct_size(&SOMETHING, ELEMENT, COUNT)) Signed-off-by: Kees Cook <keescook@chromium.org>
-rw-r--r--drivers/gpu/drm/nouveau/nvkm/core/ramht.c3
1 files changed, 1 insertions, 2 deletions
diff --git a/drivers/gpu/drm/nouveau/nvkm/core/ramht.c b/drivers/gpu/drm/nouveau/nvkm/core/ramht.c
index ccba4ae73cc5..8162e3d2359c 100644
--- a/drivers/gpu/drm/nouveau/nvkm/core/ramht.c
+++ b/drivers/gpu/drm/nouveau/nvkm/core/ramht.c
@@ -144,8 +144,7 @@ nvkm_ramht_new(struct nvkm_device *device, u32 size, u32 align,
struct nvkm_ramht *ramht;
int ret, i;
- if (!(ramht = *pramht = vzalloc(sizeof(*ramht) +
- (size >> 3) * sizeof(*ramht->data))))
+ if (!(ramht = *pramht = vzalloc(struct_size(ramht, data, (size >> 3)))))
return -ENOMEM;
ramht->device = device;