fad953ce0b
The vzalloc() function has no 2-factor argument form, so multiplication factors need to be wrapped in array_size(). This patch replaces cases of: vzalloc(a * b) with: vzalloc(array_size(a, b)) as well as handling cases of: vzalloc(a * b * c) with: vzalloc(array3_size(a, b, c)) This does, however, attempt to ignore constant size factors like: vzalloc(4 * 1024) though any constants defined via macros get caught up in the conversion. Any factors with a sizeof() of "unsigned char", "char", and "u8" were dropped, since they're redundant. The Coccinelle script used for this was: // Fix redundant parens around sizeof(). @@ type TYPE; expression THING, E; @@ ( vzalloc( - (sizeof(TYPE)) * E + sizeof(TYPE) * E , ...) | vzalloc( - (sizeof(THING)) * E + sizeof(THING) * E , ...) ) // Drop single-byte sizes and redundant parens. @@ expression COUNT; typedef u8; typedef __u8; @@ ( vzalloc( - sizeof(u8) * (COUNT) + COUNT , ...) | vzalloc( - sizeof(__u8) * (COUNT) + COUNT , ...) | vzalloc( - sizeof(char) * (COUNT) + COUNT , ...) | vzalloc( - sizeof(unsigned char) * (COUNT) + COUNT , ...) | vzalloc( - sizeof(u8) * COUNT + COUNT , ...) | vzalloc( - sizeof(__u8) * COUNT + COUNT , ...) | vzalloc( - sizeof(char) * COUNT + COUNT , ...) | vzalloc( - sizeof(unsigned char) * COUNT + COUNT , ...) ) // 2-factor product with sizeof(type/expression) and identifier or constant. @@ type TYPE; expression THING; identifier COUNT_ID; constant COUNT_CONST; @@ ( vzalloc( - sizeof(TYPE) * (COUNT_ID) + array_size(COUNT_ID, sizeof(TYPE)) , ...) | vzalloc( - sizeof(TYPE) * COUNT_ID + array_size(COUNT_ID, sizeof(TYPE)) , ...) | vzalloc( - sizeof(TYPE) * (COUNT_CONST) + array_size(COUNT_CONST, sizeof(TYPE)) , ...) | vzalloc( - sizeof(TYPE) * COUNT_CONST + array_size(COUNT_CONST, sizeof(TYPE)) , ...) | vzalloc( - sizeof(THING) * (COUNT_ID) + array_size(COUNT_ID, sizeof(THING)) , ...) | vzalloc( - sizeof(THING) * COUNT_ID + array_size(COUNT_ID, sizeof(THING)) , ...) | vzalloc( - sizeof(THING) * (COUNT_CONST) + array_size(COUNT_CONST, sizeof(THING)) , ...) | vzalloc( - sizeof(THING) * COUNT_CONST + array_size(COUNT_CONST, sizeof(THING)) , ...) ) // 2-factor product, only identifiers. @@ identifier SIZE, COUNT; @@ vzalloc( - SIZE * COUNT + array_size(COUNT, SIZE) , ...) // 3-factor product with 1 sizeof(type) or sizeof(expression), with // redundant parens removed. @@ expression THING; identifier STRIDE, COUNT; type TYPE; @@ ( vzalloc( - sizeof(TYPE) * (COUNT) * (STRIDE) + array3_size(COUNT, STRIDE, sizeof(TYPE)) , ...) | vzalloc( - sizeof(TYPE) * (COUNT) * STRIDE + array3_size(COUNT, STRIDE, sizeof(TYPE)) , ...) | vzalloc( - sizeof(TYPE) * COUNT * (STRIDE) + array3_size(COUNT, STRIDE, sizeof(TYPE)) , ...) | vzalloc( - sizeof(TYPE) * COUNT * STRIDE + array3_size(COUNT, STRIDE, sizeof(TYPE)) , ...) | vzalloc( - sizeof(THING) * (COUNT) * (STRIDE) + array3_size(COUNT, STRIDE, sizeof(THING)) , ...) | vzalloc( - sizeof(THING) * (COUNT) * STRIDE + array3_size(COUNT, STRIDE, sizeof(THING)) , ...) | vzalloc( - sizeof(THING) * COUNT * (STRIDE) + array3_size(COUNT, STRIDE, sizeof(THING)) , ...) | vzalloc( - sizeof(THING) * COUNT * STRIDE + array3_size(COUNT, STRIDE, sizeof(THING)) , ...) ) // 3-factor product with 2 sizeof(variable), with redundant parens removed. @@ expression THING1, THING2; identifier COUNT; type TYPE1, TYPE2; @@ ( vzalloc( - sizeof(TYPE1) * sizeof(TYPE2) * COUNT + array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2)) , ...) | vzalloc( - sizeof(TYPE1) * sizeof(THING2) * (COUNT) + array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2)) , ...) | vzalloc( - sizeof(THING1) * sizeof(THING2) * COUNT + array3_size(COUNT, sizeof(THING1), sizeof(THING2)) , ...) | vzalloc( - sizeof(THING1) * sizeof(THING2) * (COUNT) + array3_size(COUNT, sizeof(THING1), sizeof(THING2)) , ...) | vzalloc( - sizeof(TYPE1) * sizeof(THING2) * COUNT + array3_size(COUNT, sizeof(TYPE1), sizeof(THING2)) , ...) | vzalloc( - sizeof(TYPE1) * sizeof(THING2) * (COUNT) + array3_size(COUNT, sizeof(TYPE1), sizeof(THING2)) , ...) ) // 3-factor product, only identifiers, with redundant parens removed. @@ identifier STRIDE, SIZE, COUNT; @@ ( vzalloc( - (COUNT) * STRIDE * SIZE + array3_size(COUNT, STRIDE, SIZE) , ...) | vzalloc( - COUNT * (STRIDE) * SIZE + array3_size(COUNT, STRIDE, SIZE) , ...) | vzalloc( - COUNT * STRIDE * (SIZE) + array3_size(COUNT, STRIDE, SIZE) , ...) | vzalloc( - (COUNT) * (STRIDE) * SIZE + array3_size(COUNT, STRIDE, SIZE) , ...) | vzalloc( - COUNT * (STRIDE) * (SIZE) + array3_size(COUNT, STRIDE, SIZE) , ...) | vzalloc( - (COUNT) * STRIDE * (SIZE) + array3_size(COUNT, STRIDE, SIZE) , ...) | vzalloc( - (COUNT) * (STRIDE) * (SIZE) + array3_size(COUNT, STRIDE, SIZE) , ...) | vzalloc( - COUNT * STRIDE * SIZE + array3_size(COUNT, STRIDE, SIZE) , ...) ) // Any remaining multi-factor products, first at least 3-factor products // when they're not all constants... @@ expression E1, E2, E3; constant C1, C2, C3; @@ ( vzalloc(C1 * C2 * C3, ...) | vzalloc( - E1 * E2 * E3 + array3_size(E1, E2, E3) , ...) ) // And then all remaining 2 factors products when they're not all constants. @@ expression E1, E2; constant C1, C2; @@ ( vzalloc(C1 * C2, ...) | vzalloc( - E1 * E2 + array_size(E1, E2) , ...) ) Signed-off-by: Kees Cook <keescook@chromium.org> |
||
---|---|---|
.. | ||
842 | ||
fonts | ||
lz4 | ||
lzo | ||
mpi | ||
raid6 | ||
reed_solomon | ||
xz | ||
zlib_deflate | ||
zlib_inflate | ||
zstd | ||
.gitignore | ||
argv_split.c | ||
ashldi3.c | ||
ashrdi3.c | ||
asn1_decoder.c | ||
assoc_array.c | ||
atomic64_test.c | ||
atomic64.c | ||
audit.c | ||
bcd.c | ||
bch.c | ||
bitmap.c | ||
bitrev.c | ||
bsearch.c | ||
btree.c | ||
bucket_locks.c | ||
bug.c | ||
build_OID_registry | ||
bust_spinlocks.c | ||
chacha20.c | ||
check_signature.c | ||
checksum.c | ||
clz_ctz.c | ||
clz_tab.c | ||
cmdline.c | ||
cmpdi2.c | ||
compat_audit.c | ||
cordic.c | ||
cpu_rmap.c | ||
cpumask.c | ||
crc4.c | ||
crc7.c | ||
crc8.c | ||
crc16.c | ||
crc32.c | ||
crc32defs.h | ||
crc32test.c | ||
crc-ccitt.c | ||
crc-itu-t.c | ||
crc-t10dif.c | ||
ctype.c | ||
debug_info.c | ||
debug_locks.c | ||
debugobjects.c | ||
dec_and_lock.c | ||
decompress_bunzip2.c | ||
decompress_inflate.c | ||
decompress_unlz4.c | ||
decompress_unlzma.c | ||
decompress_unlzo.c | ||
decompress_unxz.c | ||
decompress.c | ||
devres.c | ||
digsig.c | ||
div64.c | ||
dma-debug.c | ||
dma-direct.c | ||
dma-noncoherent.c | ||
dma-virt.c | ||
dump_stack.c | ||
dynamic_debug.c | ||
dynamic_queue_limits.c | ||
earlycpio.c | ||
error-inject.c | ||
errseq.c | ||
extable.c | ||
fault-inject.c | ||
fdt_empty_tree.c | ||
fdt_ro.c | ||
fdt_rw.c | ||
fdt_strerror.c | ||
fdt_sw.c | ||
fdt_wip.c | ||
fdt.c | ||
find_bit_benchmark.c | ||
find_bit.c | ||
flex_array.c | ||
flex_proportions.c | ||
gcd.c | ||
gen_crc32table.c | ||
genalloc.c | ||
glob.c | ||
globtest.c | ||
hexdump.c | ||
hweight.c | ||
idr.c | ||
inflate.c | ||
int_sqrt.c | ||
interval_tree_test.c | ||
interval_tree.c | ||
iomap_copy.c | ||
iomap.c | ||
iommu-helper.c | ||
ioremap.c | ||
iov_iter.c | ||
irq_poll.c | ||
irq_regs.c | ||
is_single_threaded.c | ||
jedec_ddr_data.c | ||
kasprintf.c | ||
Kconfig | ||
Kconfig.debug | ||
Kconfig.kasan | ||
Kconfig.kgdb | ||
Kconfig.ubsan | ||
kfifo.c | ||
klist.c | ||
kobject_uevent.c | ||
kobject.c | ||
kstrtox.c | ||
kstrtox.h | ||
lcm.c | ||
libcrc32c.c | ||
list_debug.c | ||
list_sort.c | ||
llist.c | ||
locking-selftest-hardirq.h | ||
locking-selftest-mutex.h | ||
locking-selftest-rlock-hardirq.h | ||
locking-selftest-rlock-softirq.h | ||
locking-selftest-rlock.h | ||
locking-selftest-rsem.h | ||
locking-selftest-rtmutex.h | ||
locking-selftest-softirq.h | ||
locking-selftest-spin-hardirq.h | ||
locking-selftest-spin-softirq.h | ||
locking-selftest-spin.h | ||
locking-selftest-wlock-hardirq.h | ||
locking-selftest-wlock-softirq.h | ||
locking-selftest-wlock.h | ||
locking-selftest-wsem.h | ||
locking-selftest.c | ||
lockref.c | ||
logic_pio.c | ||
lru_cache.c | ||
lshrdi3.c | ||
Makefile | ||
memory-notifier-error-inject.c | ||
memweight.c | ||
muldi3.c | ||
net_utils.c | ||
netdev-notifier-error-inject.c | ||
nlattr.c | ||
nmi_backtrace.c | ||
nodemask.c | ||
notifier-error-inject.c | ||
notifier-error-inject.h | ||
of-reconfig-notifier-error-inject.c | ||
oid_registry.c | ||
once.c | ||
parman.c | ||
parser.c | ||
pci_iomap.c | ||
percpu_counter.c | ||
percpu_ida.c | ||
percpu_test.c | ||
percpu-refcount.c | ||
plist.c | ||
pm-notifier-error-inject.c | ||
prime_numbers.c | ||
radix-tree.c | ||
random32.c | ||
ratelimit.c | ||
rational.c | ||
rbtree_test.c | ||
rbtree.c | ||
reciprocal_div.c | ||
refcount.c | ||
rhashtable.c | ||
sbitmap.c | ||
scatterlist.c | ||
seq_buf.c | ||
sg_pool.c | ||
sg_split.c | ||
sha1.c | ||
sha256.c | ||
show_mem.c | ||
siphash.c | ||
smp_processor_id.c | ||
sort.c | ||
stackdepot.c | ||
stmp_device.c | ||
string_helpers.c | ||
string.c | ||
strncpy_from_user.c | ||
strnlen_user.c | ||
swiotlb.c | ||
syscall.c | ||
test_bitmap.c | ||
test_bpf.c | ||
test_debug_virtual.c | ||
test_firmware.c | ||
test_hash.c | ||
test_hexdump.c | ||
test_kasan.c | ||
test_kmod.c | ||
test_list_sort.c | ||
test_module.c | ||
test_overflow.c | ||
test_parman.c | ||
test_printf.c | ||
test_rhashtable.c | ||
test_siphash.c | ||
test_sort.c | ||
test_static_key_base.c | ||
test_static_keys.c | ||
test_string.c | ||
test_sysctl.c | ||
test_ubsan.c | ||
test_user_copy.c | ||
test_uuid.c | ||
test-kstrtox.c | ||
test-string_helpers.c | ||
textsearch.c | ||
timerqueue.c | ||
ts_bm.c | ||
ts_fsm.c | ||
ts_kmp.c | ||
ubsan.c | ||
ubsan.h | ||
ucmpdi2.c | ||
ucs2_string.c | ||
usercopy.c | ||
uuid.c | ||
vsprintf.c | ||
win_minmax.c | ||
xxhash.c |