diff options
| author | Kees Cook <kees@kernel.org> | 2026-02-20 23:49:23 -0800 |
|---|---|---|
| committer | Kees Cook <kees@kernel.org> | 2026-02-21 01:02:28 -0800 |
| commit | 69050f8d6d075dc01af7a5f2f550a8067510366f (patch) | |
| tree | bb265f94d9dfa7876c06a5d9f88673d496a15341 /drivers/vhost | |
| parent | d39a1d7486d98668dd34aaa6732aad7977c45f5a (diff) | |
treewide: Replace kmalloc with kmalloc_obj for non-scalar types
This is the result of running the Coccinelle script from
scripts/coccinelle/api/kmalloc_objs.cocci. The script is designed to
avoid scalar types (which need careful case-by-case checking), and
instead replace kmalloc-family calls that allocate struct or union
object instances:
Single allocations: kmalloc(sizeof(TYPE), ...)
are replaced with: kmalloc_obj(TYPE, ...)
Array allocations: kmalloc_array(COUNT, sizeof(TYPE), ...)
are replaced with: kmalloc_objs(TYPE, COUNT, ...)
Flex array allocations: kmalloc(struct_size(PTR, FAM, COUNT), ...)
are replaced with: kmalloc_flex(*PTR, FAM, COUNT, ...)
(where TYPE may also be *VAR)
The resulting allocations no longer return "void *", instead returning
"TYPE *".
Signed-off-by: Kees Cook <kees@kernel.org>
Diffstat (limited to 'drivers/vhost')
| -rw-r--r-- | drivers/vhost/iotlb.c | 4 | ||||
| -rw-r--r-- | drivers/vhost/net.c | 13 | ||||
| -rw-r--r-- | drivers/vhost/scsi.c | 52 | ||||
| -rw-r--r-- | drivers/vhost/test.c | 4 | ||||
| -rw-r--r-- | drivers/vhost/vdpa.c | 11 | ||||
| -rw-r--r-- | drivers/vhost/vhost.c | 18 | ||||
| -rw-r--r-- | drivers/vhost/vringh.c | 2 | ||||
| -rw-r--r-- | drivers/vhost/vsock.c | 4 |
8 files changed, 49 insertions, 59 deletions
diff --git a/drivers/vhost/iotlb.c b/drivers/vhost/iotlb.c index ea61330a3431..6528d084f42d 100644 --- a/drivers/vhost/iotlb.c +++ b/drivers/vhost/iotlb.c @@ -79,7 +79,7 @@ int vhost_iotlb_add_range_ctx(struct vhost_iotlb *iotlb, vhost_iotlb_map_free(iotlb, map); } - map = kmalloc(sizeof(*map), GFP_ATOMIC); + map = kmalloc_obj(*map, GFP_ATOMIC); if (!map) return -ENOMEM; @@ -151,7 +151,7 @@ EXPORT_SYMBOL_GPL(vhost_iotlb_init); */ struct vhost_iotlb *vhost_iotlb_alloc(unsigned int limit, unsigned int flags) { - struct vhost_iotlb *iotlb = kzalloc(sizeof(*iotlb), GFP_KERNEL); + struct vhost_iotlb *iotlb = kzalloc_obj(*iotlb, GFP_KERNEL); if (!iotlb) return NULL; diff --git a/drivers/vhost/net.c b/drivers/vhost/net.c index 7f886d3dba7d..440d959b6e24 100644 --- a/drivers/vhost/net.c +++ b/drivers/vhost/net.c @@ -240,7 +240,7 @@ vhost_net_ubuf_alloc(struct vhost_virtqueue *vq, bool zcopy) /* No zero copy backend? Nothing to count. */ if (!zcopy) return NULL; - ubufs = kmalloc(sizeof(*ubufs), GFP_KERNEL); + ubufs = kmalloc_obj(*ubufs, GFP_KERNEL); if (!ubufs) return ERR_PTR(-ENOMEM); atomic_set(&ubufs->refcount, 1); @@ -293,9 +293,8 @@ static int vhost_net_set_ubuf_info(struct vhost_net *n) if (!zcopy) continue; n->vqs[i].ubuf_info = - kmalloc_array(UIO_MAXIOV, - sizeof(*n->vqs[i].ubuf_info), - GFP_KERNEL); + kmalloc_objs(*n->vqs[i].ubuf_info, UIO_MAXIOV, + GFP_KERNEL); if (!n->vqs[i].ubuf_info) goto err; } @@ -1328,10 +1327,10 @@ static int vhost_net_open(struct inode *inode, struct file *f) struct xdp_buff *xdp; int i; - n = kvmalloc(sizeof *n, GFP_KERNEL | __GFP_RETRY_MAYFAIL); + n = kvmalloc_obj(*n, GFP_KERNEL | __GFP_RETRY_MAYFAIL); if (!n) return -ENOMEM; - vqs = kmalloc_array(VHOST_NET_VQ_MAX, sizeof(*vqs), GFP_KERNEL); + vqs = kmalloc_objs(*vqs, VHOST_NET_VQ_MAX, GFP_KERNEL); if (!vqs) { kvfree(n); return -ENOMEM; @@ -1346,7 +1345,7 @@ static int vhost_net_open(struct inode *inode, struct file *f) } n->vqs[VHOST_NET_VQ_RX].rxq.queue = queue; - xdp = kmalloc_array(VHOST_NET_BATCH, sizeof(*xdp), GFP_KERNEL); + xdp = kmalloc_objs(*xdp, VHOST_NET_BATCH, GFP_KERNEL); if (!xdp) { kfree(vqs); kvfree(n); diff --git a/drivers/vhost/scsi.c b/drivers/vhost/scsi.c index f43c1fe9fad9..36ed704562d7 100644 --- a/drivers/vhost/scsi.c +++ b/drivers/vhost/scsi.c @@ -382,9 +382,8 @@ static int vhost_scsi_copy_cmd_log(struct vhost_virtqueue *vq, unsigned int log_num) { if (!cmd->tvc_log) - cmd->tvc_log = kmalloc_array(vq->dev->iov_limit, - sizeof(*cmd->tvc_log), - GFP_KERNEL); + cmd->tvc_log = kmalloc_objs(*cmd->tvc_log, vq->dev->iov_limit, + GFP_KERNEL); if (unlikely(!cmd->tvc_log)) { vq_err(vq, "Failed to alloc tvc_log\n"); @@ -549,7 +548,7 @@ vhost_scsi_allocate_evt(struct vhost_scsi *vs, return NULL; } - evt = kzalloc(sizeof(*evt), GFP_KERNEL); + evt = kzalloc_obj(*evt, GFP_KERNEL); if (!evt) { vq_err(vq, "Failed to allocate vhost_scsi_evt\n"); vs->vs_events_missed = true; @@ -897,7 +896,7 @@ vhost_scsi_copy_iov_to_sgl(struct vhost_scsi_cmd *cmd, struct iov_iter *iter, int i, ret; if (data_dir == DMA_FROM_DEVICE) { - cmd->read_iter = kzalloc(sizeof(*cmd->read_iter), GFP_KERNEL); + cmd->read_iter = kzalloc_obj(*cmd->read_iter, GFP_KERNEL); if (!cmd->read_iter) return -ENOMEM; @@ -1264,8 +1263,7 @@ vhost_scsi_setup_resp_iovs(struct vhost_scsi_cmd *cmd, struct iovec *in_iovs, * iov per byte. */ cnt = min(VHOST_SCSI_MAX_RESP_IOVS, in_iovs_cnt); - cmd->tvc_resp_iovs = kcalloc(cnt, sizeof(struct iovec), - GFP_KERNEL); + cmd->tvc_resp_iovs = kzalloc_objs(struct iovec, cnt, GFP_KERNEL); if (!cmd->tvc_resp_iovs) return -ENOMEM; @@ -1603,7 +1601,7 @@ vhost_scsi_handle_tmf(struct vhost_scsi *vs, struct vhost_scsi_tpg *tpg, goto send_reject; } - tmf = kzalloc(sizeof(*tmf), GFP_KERNEL); + tmf = kzalloc_obj(*tmf, GFP_KERNEL); if (!tmf) goto send_reject; @@ -1617,8 +1615,7 @@ vhost_scsi_handle_tmf(struct vhost_scsi *vs, struct vhost_scsi_tpg *tpg, tmf->inflight = vhost_scsi_get_inflight(vq); if (unlikely(log && log_num)) { - tmf->tmf_log = kmalloc_array(log_num, sizeof(*tmf->tmf_log), - GFP_KERNEL); + tmf->tmf_log = kmalloc_objs(*tmf->tmf_log, log_num, GFP_KERNEL); if (tmf->tmf_log) { memcpy(tmf->tmf_log, log, sizeof(*tmf->tmf_log) * log_num); tmf->tmf_log_num = log_num; @@ -1936,14 +1933,14 @@ static int vhost_scsi_setup_vq_cmds(struct vhost_virtqueue *vq, int max_cmds) return -ENOMEM; svq->max_cmds = max_cmds; - svq->scsi_cmds = kcalloc(max_cmds, sizeof(*tv_cmd), GFP_KERNEL); + svq->scsi_cmds = kzalloc_objs(*tv_cmd, max_cmds, GFP_KERNEL); if (!svq->scsi_cmds) { sbitmap_free(&svq->scsi_tags); return -ENOMEM; } - svq->upages = kcalloc(VHOST_SCSI_PREALLOC_UPAGES, sizeof(struct page *), - GFP_KERNEL); + svq->upages = kzalloc_objs(struct page *, VHOST_SCSI_PREALLOC_UPAGES, + GFP_KERNEL); if (!svq->upages) goto out; @@ -1951,9 +1948,9 @@ static int vhost_scsi_setup_vq_cmds(struct vhost_virtqueue *vq, int max_cmds) tv_cmd = &svq->scsi_cmds[i]; if (vs->inline_sg_cnt) { - tv_cmd->sgl = kcalloc(vs->inline_sg_cnt, - sizeof(struct scatterlist), - GFP_KERNEL); + tv_cmd->sgl = kzalloc_objs(struct scatterlist, + vs->inline_sg_cnt, + GFP_KERNEL); if (!tv_cmd->sgl) { pr_err("Unable to allocate tv_cmd->sgl\n"); goto out; @@ -1962,9 +1959,9 @@ static int vhost_scsi_setup_vq_cmds(struct vhost_virtqueue *vq, int max_cmds) if (vhost_has_feature(vq, VIRTIO_SCSI_F_T10_PI) && vs->inline_sg_cnt) { - tv_cmd->prot_sgl = kcalloc(vs->inline_sg_cnt, - sizeof(struct scatterlist), - GFP_KERNEL); + tv_cmd->prot_sgl = kzalloc_objs(struct scatterlist, + vs->inline_sg_cnt, + GFP_KERNEL); if (!tv_cmd->prot_sgl) { pr_err("Unable to allocate tv_cmd->prot_sgl\n"); goto out; @@ -2282,7 +2279,7 @@ static int vhost_scsi_open(struct inode *inode, struct file *f) struct vhost_virtqueue **vqs; int r = -ENOMEM, i, nvqs = vhost_scsi_max_io_vqs; - vs = kvzalloc(sizeof(*vs), GFP_KERNEL); + vs = kvzalloc_obj(*vs, GFP_KERNEL); if (!vs) goto err_vs; vs->inline_sg_cnt = vhost_scsi_inline_sg_cnt; @@ -2297,17 +2294,16 @@ static int vhost_scsi_open(struct inode *inode, struct file *f) } nvqs += VHOST_SCSI_VQ_IO; - vs->old_inflight = kmalloc_array(nvqs, sizeof(*vs->old_inflight), - GFP_KERNEL | __GFP_ZERO); + vs->old_inflight = kmalloc_objs(*vs->old_inflight, nvqs, + GFP_KERNEL | __GFP_ZERO); if (!vs->old_inflight) goto err_inflight; - vs->vqs = kmalloc_array(nvqs, sizeof(*vs->vqs), - GFP_KERNEL | __GFP_ZERO); + vs->vqs = kmalloc_objs(*vs->vqs, nvqs, GFP_KERNEL | __GFP_ZERO); if (!vs->vqs) goto err_vqs; - vqs = kmalloc_array(nvqs, sizeof(*vqs), GFP_KERNEL); + vqs = kmalloc_objs(*vqs, nvqs, GFP_KERNEL); if (!vqs) goto err_local_vqs; @@ -2603,7 +2599,7 @@ static int vhost_scsi_make_nexus(struct vhost_scsi_tpg *tpg, return -EEXIST; } - tv_nexus = kzalloc(sizeof(*tv_nexus), GFP_KERNEL); + tv_nexus = kzalloc_obj(*tv_nexus, GFP_KERNEL); if (!tv_nexus) { mutex_unlock(&tpg->tv_tpg_mutex); pr_err("Unable to allocate struct vhost_scsi_nexus\n"); @@ -2798,7 +2794,7 @@ vhost_scsi_make_tpg(struct se_wwn *wwn, const char *name) if (kstrtou16(name + 5, 10, &tpgt) || tpgt >= VHOST_SCSI_MAX_TARGET) return ERR_PTR(-EINVAL); - tpg = kzalloc(sizeof(*tpg), GFP_KERNEL); + tpg = kzalloc_obj(*tpg, GFP_KERNEL); if (!tpg) { pr_err("Unable to allocate struct vhost_scsi_tpg"); return ERR_PTR(-ENOMEM); @@ -2852,7 +2848,7 @@ vhost_scsi_make_tport(struct target_fabric_configfs *tf, /* if (vhost_scsi_parse_wwn(name, &wwpn, 1) < 0) return ERR_PTR(-EINVAL); */ - tport = kzalloc(sizeof(*tport), GFP_KERNEL); + tport = kzalloc_obj(*tport, GFP_KERNEL); if (!tport) { pr_err("Unable to allocate struct vhost_scsi_tport"); return ERR_PTR(-ENOMEM); diff --git a/drivers/vhost/test.c b/drivers/vhost/test.c index 1e4e36edbcd2..fc11a048a620 100644 --- a/drivers/vhost/test.c +++ b/drivers/vhost/test.c @@ -110,13 +110,13 @@ static void handle_vq_kick(struct vhost_work *work) static int vhost_test_open(struct inode *inode, struct file *f) { - struct vhost_test *n = kmalloc(sizeof *n, GFP_KERNEL); + struct vhost_test *n = kmalloc_obj(*n, GFP_KERNEL); struct vhost_dev *dev; struct vhost_virtqueue **vqs; if (!n) return -ENOMEM; - vqs = kmalloc_array(VHOST_TEST_VQ_MAX, sizeof(*vqs), GFP_KERNEL); + vqs = kmalloc_objs(*vqs, VHOST_TEST_VQ_MAX, GFP_KERNEL); if (!vqs) { kfree(n); return -ENOMEM; diff --git a/drivers/vhost/vdpa.c b/drivers/vhost/vdpa.c index cdee8f320dca..a9f85f05874f 100644 --- a/drivers/vhost/vdpa.c +++ b/drivers/vhost/vdpa.c @@ -110,7 +110,7 @@ static struct vhost_vdpa_as *vhost_vdpa_alloc_as(struct vhost_vdpa *v, u32 asid) if (asid >= v->vdpa->nas) return NULL; - as = kmalloc(sizeof(*as), GFP_KERNEL); + as = kmalloc_obj(*as, GFP_KERNEL); if (!as) return NULL; @@ -1064,7 +1064,7 @@ static int vhost_vdpa_va_map(struct vhost_vdpa *v, !(vma->vm_flags & (VM_IO | VM_PFNMAP)))) goto next; - map_file = kzalloc(sizeof(*map_file), GFP_KERNEL); + map_file = kzalloc_obj(*map_file, GFP_KERNEL); if (!map_file) { ret = -ENOMEM; break; @@ -1420,7 +1420,7 @@ static int vhost_vdpa_open(struct inode *inode, struct file *filep) if (r) goto err; - vqs = kmalloc_array(nvqs, sizeof(*vqs), GFP_KERNEL); + vqs = kmalloc_objs(*vqs, nvqs, GFP_KERNEL); if (!vqs) { r = -ENOMEM; goto err; @@ -1572,7 +1572,7 @@ static int vhost_vdpa_probe(struct vdpa_device *vdpa) (vdpa->ngroups > 1 || vdpa->nas > 1)) return -EOPNOTSUPP; - v = kzalloc(sizeof(*v), GFP_KERNEL | __GFP_RETRY_MAYFAIL); + v = kzalloc_obj(*v, GFP_KERNEL | __GFP_RETRY_MAYFAIL); if (!v) return -ENOMEM; @@ -1593,8 +1593,7 @@ static int vhost_vdpa_probe(struct vdpa_device *vdpa) v->dev.release = vhost_vdpa_release_dev; v->dev.parent = &vdpa->dev; v->dev.devt = MKDEV(MAJOR(vhost_vdpa_major), minor); - v->vqs = kmalloc_array(v->nvqs, sizeof(struct vhost_virtqueue), - GFP_KERNEL); + v->vqs = kmalloc_objs(struct vhost_virtqueue, v->nvqs, GFP_KERNEL); if (!v->vqs) { r = -ENOMEM; goto err; diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c index fcf7f10adbbf..dafbc3dd3805 100644 --- a/drivers/vhost/vhost.c +++ b/drivers/vhost/vhost.c @@ -514,13 +514,10 @@ static long vhost_dev_alloc_iovecs(struct vhost_dev *dev) for (i = 0; i < dev->nvqs; ++i) { vq = dev->vqs[i]; - vq->indirect = kmalloc_array(UIO_MAXIOV, - sizeof(*vq->indirect), - GFP_KERNEL); - vq->log = kmalloc_array(dev->iov_limit, sizeof(*vq->log), - GFP_KERNEL); - vq->heads = kmalloc_array(dev->iov_limit, sizeof(*vq->heads), - GFP_KERNEL); + vq->indirect = kmalloc_objs(*vq->indirect, UIO_MAXIOV, + GFP_KERNEL); + vq->log = kmalloc_objs(*vq->log, dev->iov_limit, GFP_KERNEL); + vq->heads = kmalloc_objs(*vq->heads, dev->iov_limit, GFP_KERNEL); vq->nheads = kmalloc_array(dev->iov_limit, sizeof(*vq->nheads), GFP_KERNEL); if (!vq->indirect || !vq->log || !vq->heads || !vq->nheads) @@ -836,7 +833,7 @@ static struct vhost_worker *vhost_worker_create(struct vhost_dev *dev) const struct vhost_worker_ops *ops = dev->fork_owner ? &vhost_task_ops : &kthread_ops; - worker = kzalloc(sizeof(*worker), GFP_KERNEL_ACCOUNT); + worker = kzalloc_obj(*worker, GFP_KERNEL_ACCOUNT); if (!worker) return NULL; @@ -1982,8 +1979,7 @@ static long vhost_set_memory(struct vhost_dev *d, struct vhost_memory __user *m) return -EOPNOTSUPP; if (mem.nregions > max_mem_regions) return -E2BIG; - newmem = kvzalloc(struct_size(newmem, regions, mem.nregions), - GFP_KERNEL); + newmem = kvzalloc_flex(*newmem, regions, mem.nregions, GFP_KERNEL); if (!newmem) return -ENOMEM; @@ -3272,7 +3268,7 @@ EXPORT_SYMBOL_GPL(vhost_disable_notify); struct vhost_msg_node *vhost_new_msg(struct vhost_virtqueue *vq, int type) { /* Make sure all padding within the structure is initialized. */ - struct vhost_msg_node *node = kzalloc(sizeof(*node), GFP_KERNEL); + struct vhost_msg_node *node = kzalloc_obj(*node, GFP_KERNEL); if (!node) return NULL; diff --git a/drivers/vhost/vringh.c b/drivers/vhost/vringh.c index 925858cc6096..9066f9f12ba1 100644 --- a/drivers/vhost/vringh.c +++ b/drivers/vhost/vringh.c @@ -227,7 +227,7 @@ static int resize_iovec(struct vringh_kiov *iov, gfp_t gfp) if (flag) new = krealloc_array(iov->iov, new_num, sizeof(*new), gfp); else { - new = kmalloc_array(new_num, sizeof(*new), gfp); + new = kmalloc_objs(*new, new_num, gfp); if (new) { memcpy(new, iov->iov, iov->max_num * sizeof(struct iovec)); diff --git a/drivers/vhost/vsock.c b/drivers/vhost/vsock.c index 488d7fa6e4ec..0bb4e3fdc71c 100644 --- a/drivers/vhost/vsock.c +++ b/drivers/vhost/vsock.c @@ -676,11 +676,11 @@ static int vhost_vsock_dev_open(struct inode *inode, struct file *file) /* This struct is large and allocation could fail, fall back to vmalloc * if there is no other way. */ - vsock = kvmalloc(sizeof(*vsock), GFP_KERNEL | __GFP_RETRY_MAYFAIL); + vsock = kvmalloc_obj(*vsock, GFP_KERNEL | __GFP_RETRY_MAYFAIL); if (!vsock) return -ENOMEM; - vqs = kmalloc_array(ARRAY_SIZE(vsock->vqs), sizeof(*vqs), GFP_KERNEL); + vqs = kmalloc_objs(*vqs, ARRAY_SIZE(vsock->vqs), GFP_KERNEL); if (!vqs) { ret = -ENOMEM; goto out; |