diff options
| author | Kees Cook <kees@kernel.org> | 2026-02-20 23:49:23 -0800 |
|---|---|---|
| committer | Kees Cook <kees@kernel.org> | 2026-02-21 01:02:28 -0800 |
| commit | 69050f8d6d075dc01af7a5f2f550a8067510366f (patch) | |
| tree | bb265f94d9dfa7876c06a5d9f88673d496a15341 /security | |
| parent | d39a1d7486d98668dd34aaa6732aad7977c45f5a (diff) | |
treewide: Replace kmalloc with kmalloc_obj for non-scalar types
This is the result of running the Coccinelle script from
scripts/coccinelle/api/kmalloc_objs.cocci. The script is designed to
avoid scalar types (which need careful case-by-case checking), and
instead replace kmalloc-family calls that allocate struct or union
object instances:
Single allocations: kmalloc(sizeof(TYPE), ...)
are replaced with: kmalloc_obj(TYPE, ...)
Array allocations: kmalloc_array(COUNT, sizeof(TYPE), ...)
are replaced with: kmalloc_objs(TYPE, COUNT, ...)
Flex array allocations: kmalloc(struct_size(PTR, FAM, COUNT), ...)
are replaced with: kmalloc_flex(*PTR, FAM, COUNT, ...)
(where TYPE may also be *VAR)
The resulting allocations no longer return "void *", instead returning
"TYPE *".
Signed-off-by: Kees Cook <kees@kernel.org>
Diffstat (limited to 'security')
59 files changed, 166 insertions, 168 deletions
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c index 5a848c1be056..283e622a7ccc 100644 --- a/security/apparmor/apparmorfs.c +++ b/security/apparmor/apparmorfs.c @@ -570,7 +570,7 @@ static ssize_t ns_revision_read(struct file *file, char __user *buf, static int ns_revision_open(struct inode *inode, struct file *file) { - struct aa_revision *rev = kzalloc(sizeof(*rev), GFP_KERNEL); + struct aa_revision *rev = kzalloc_obj(*rev, GFP_KERNEL); if (!rev) return -ENOMEM; diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c index ac89602aa2d9..4a60b6fda75f 100644 --- a/security/apparmor/audit.c +++ b/security/apparmor/audit.c @@ -230,7 +230,7 @@ int aa_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule, gfp_t gfp return -EINVAL; } - rule = kzalloc(sizeof(struct aa_audit_rule), gfp); + rule = kzalloc_obj(struct aa_audit_rule, gfp); if (!rule) return -ENOMEM; diff --git a/security/apparmor/label.c b/security/apparmor/label.c index 03a92a52acf9..e478283bc514 100644 --- a/security/apparmor/label.c +++ b/security/apparmor/label.c @@ -61,7 +61,7 @@ struct aa_proxy *aa_alloc_proxy(struct aa_label *label, gfp_t gfp) { struct aa_proxy *new; - new = kzalloc(sizeof(struct aa_proxy), gfp); + new = kzalloc_obj(struct aa_proxy, gfp); if (new) { kref_init(&new->count); rcu_assign_pointer(new->label, aa_get_label(label)); @@ -434,7 +434,7 @@ struct aa_label *aa_label_alloc(int size, struct aa_proxy *proxy, gfp_t gfp) AA_BUG(size < 1); /* + 1 for null terminator entry on vec */ - new = kzalloc(struct_size(new, vec, size + 1), gfp); + new = kzalloc_flex(*new, vec, size + 1, gfp); AA_DEBUG(DEBUG_LABEL, "%s (%p)\n", __func__, new); if (!new) goto fail; diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c index d0b82771df01..e41ff57798b2 100644 --- a/security/apparmor/lib.c +++ b/security/apparmor/lib.c @@ -125,7 +125,7 @@ bool aa_resize_str_table(struct aa_str_table *t, int newsize, gfp_t gfp) if (t->size == newsize) return true; - n = kcalloc(newsize, sizeof(*n), gfp); + n = kzalloc_objs(*n, newsize, gfp); if (!n) return false; for (i = 0; i < min(t->size, newsize); i++) @@ -235,7 +235,7 @@ __counted char *aa_str_alloc(int size, gfp_t gfp) { struct counted_str *str; - str = kmalloc(struct_size(str, name, size), gfp); + str = kmalloc_flex(*str, name, size, gfp); if (!str) return NULL; diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index dcd066e04d2b..92ea1bc7b9e0 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -2468,7 +2468,7 @@ static int __init aa_setup_dfa_engine(void) goto fail; } nullpdb->dfa = aa_get_dfa(nulldfa); - nullpdb->perms = kcalloc(2, sizeof(struct aa_perms), GFP_KERNEL); + nullpdb->perms = kzalloc_objs(struct aa_perms, 2, GFP_KERNEL); if (!nullpdb->perms) goto fail; nullpdb->size = 2; diff --git a/security/apparmor/match.c b/security/apparmor/match.c index bbeb3be68572..5ee25d4016e0 100644 --- a/security/apparmor/match.c +++ b/security/apparmor/match.c @@ -301,7 +301,7 @@ struct aa_dfa *aa_dfa_unpack(void *blob, size_t size, int flags) int error = -ENOMEM; char *data = blob; struct table_header *table = NULL; - struct aa_dfa *dfa = kzalloc(sizeof(struct aa_dfa), GFP_KERNEL); + struct aa_dfa *dfa = kzalloc_obj(struct aa_dfa, GFP_KERNEL); if (!dfa) goto fail; diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c index a64cfd24cedc..9108d74c6b46 100644 --- a/security/apparmor/policy.c +++ b/security/apparmor/policy.c @@ -131,7 +131,7 @@ void aa_pdb_free_kref(struct kref *kref) struct aa_policydb *aa_alloc_pdb(gfp_t gfp) { - struct aa_policydb *pdb = kzalloc(sizeof(struct aa_policydb), gfp); + struct aa_policydb *pdb = kzalloc_obj(struct aa_policydb, gfp); if (!pdb) return NULL; @@ -275,7 +275,7 @@ struct aa_ruleset *aa_alloc_ruleset(gfp_t gfp) { struct aa_ruleset *rules; - rules = kzalloc(sizeof(*rules), gfp); + rules = kzalloc_obj(*rules, gfp); return rules; } @@ -349,7 +349,7 @@ struct aa_profile *aa_alloc_profile(const char *hname, struct aa_proxy *proxy, * this adds space for a single ruleset in the rules section of the * label */ - profile = kzalloc(struct_size(profile, label.rules, 1), gfp); + profile = kzalloc_flex(*profile, label.rules, 1, gfp); if (!profile) return NULL; diff --git a/security/apparmor/policy_compat.c b/security/apparmor/policy_compat.c index c863fc10a6f7..928dbb10cec1 100644 --- a/security/apparmor/policy_compat.c +++ b/security/apparmor/policy_compat.c @@ -158,7 +158,7 @@ static struct aa_perms *compute_fperms(struct aa_dfa *dfa, state_count = dfa->tables[YYTD_ID_BASE]->td_lolen; /* DFAs are restricted from having a state_count of less than 2 */ - table = kvcalloc(state_count * 2, sizeof(struct aa_perms), GFP_KERNEL); + table = kvzalloc_objs(struct aa_perms, state_count * 2, GFP_KERNEL); if (!table) return NULL; *size = state_count * 2; @@ -182,7 +182,7 @@ static struct aa_perms *compute_xmatch_perms(struct aa_dfa *xmatch, state_count = xmatch->tables[YYTD_ID_BASE]->td_lolen; /* DFAs are restricted from having a state_count of less than 2 */ - perms = kvcalloc(state_count, sizeof(struct aa_perms), GFP_KERNEL); + perms = kvzalloc_objs(struct aa_perms, state_count, GFP_KERNEL); if (!perms) return NULL; *size = state_count; @@ -257,7 +257,7 @@ static struct aa_perms *compute_perms(struct aa_dfa *dfa, u32 version, state_count = dfa->tables[YYTD_ID_BASE]->td_lolen; /* DFAs are restricted from having a state_count of less than 2 */ - table = kvcalloc(state_count, sizeof(struct aa_perms), GFP_KERNEL); + table = kvzalloc_objs(struct aa_perms, state_count, GFP_KERNEL); if (!table) return NULL; *size = state_count; diff --git a/security/apparmor/policy_ns.c b/security/apparmor/policy_ns.c index 64783ca3b0f2..099b71957ccb 100644 --- a/security/apparmor/policy_ns.c +++ b/security/apparmor/policy_ns.c @@ -106,7 +106,7 @@ static struct aa_ns *alloc_ns(const char *prefix, const char *name) { struct aa_ns *ns; - ns = kzalloc(sizeof(*ns), GFP_KERNEL); + ns = kzalloc_obj(*ns, GFP_KERNEL); AA_DEBUG(DEBUG_POLICY, "%s(%p)\n", __func__, ns); if (!ns) return NULL; diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c index dc908e1f5a88..9001c6ebc235 100644 --- a/security/apparmor/policy_unpack.c +++ b/security/apparmor/policy_unpack.c @@ -145,7 +145,7 @@ struct aa_loaddata *aa_loaddata_alloc(size_t size) { struct aa_loaddata *d; - d = kzalloc(sizeof(*d), GFP_KERNEL); + d = kzalloc_obj(*d, GFP_KERNEL); if (d == NULL) return ERR_PTR(-ENOMEM); d->data = kvzalloc(size, GFP_KERNEL); @@ -528,8 +528,7 @@ static int unpack_strs_table(struct aa_ext *e, const char *name, bool multi, * for size check here */ goto fail; - table = kcalloc(size, sizeof(struct aa_str_table_ent), - GFP_KERNEL); + table = kzalloc_objs(struct aa_str_table_ent, size, GFP_KERNEL); if (!table) { error = -ENOMEM; goto fail; @@ -612,8 +611,8 @@ static bool unpack_secmark(struct aa_ext *e, struct aa_ruleset *rules) if (!aa_unpack_array(e, NULL, &size)) goto fail; - rules->secmark = kcalloc(size, sizeof(struct aa_secmark), - GFP_KERNEL); + rules->secmark = kzalloc_objs(struct aa_secmark, size, + GFP_KERNEL); if (!rules->secmark) goto fail; @@ -810,7 +809,7 @@ static int unpack_tag_headers(struct aa_ext *e, struct aa_tags_struct *tags) if (!aa_unpack_array(e, "hdrs", &size)) goto fail_reset; - hdrs = kcalloc(size, sizeof(struct aa_tags_header), GFP_KERNEL); + hdrs = kzalloc_objs(struct aa_tags_header, size, GFP_KERNEL); if (!hdrs) { error = -ENOMEM; goto fail_reset; @@ -923,7 +922,7 @@ static ssize_t unpack_perms_table(struct aa_ext *e, struct aa_perms **perms) goto fail_reset; if (!aa_unpack_array(e, NULL, &size)) goto fail_reset; - *perms = kcalloc(size, sizeof(struct aa_perms), GFP_KERNEL); + *perms = kzalloc_objs(struct aa_perms, size, GFP_KERNEL); if (!*perms) { e->pos = pos; return -ENOMEM; @@ -1321,7 +1320,7 @@ static struct aa_profile *unpack_profile(struct aa_ext *e, char **ns_name) error = -EPROTO; if (aa_unpack_nameX(e, AA_STRUCT, "data")) { info = "out of memory"; - profile->data = kzalloc(sizeof(*profile->data), GFP_KERNEL); + profile->data = kzalloc_obj(*profile->data, GFP_KERNEL); if (!profile->data) { error = -ENOMEM; goto fail; @@ -1339,7 +1338,7 @@ static struct aa_profile *unpack_profile(struct aa_ext *e, char **ns_name) } while (aa_unpack_strdup(e, &key, NULL)) { - data = kzalloc(sizeof(*data), GFP_KERNEL); + data = kzalloc_obj(*data, GFP_KERNEL); if (!data) { kfree_sensitive(key); error = -ENOMEM; @@ -1584,7 +1583,7 @@ void aa_load_ent_free(struct aa_load_ent *ent) struct aa_load_ent *aa_load_ent_alloc(void) { - struct aa_load_ent *ent = kzalloc(sizeof(*ent), GFP_KERNEL); + struct aa_load_ent *ent = kzalloc_obj(*ent, GFP_KERNEL); if (ent) INIT_LIST_HEAD(&ent->list); return ent; diff --git a/security/device_cgroup.c b/security/device_cgroup.c index 7fec575d32d6..27610fa31b61 100644 --- a/security/device_cgroup.c +++ b/security/device_cgroup.c @@ -223,7 +223,7 @@ devcgroup_css_alloc(struct cgroup_subsys_state *parent_css) { struct dev_cgroup *dev_cgroup; - dev_cgroup = kzalloc(sizeof(*dev_cgroup), GFP_KERNEL); + dev_cgroup = kzalloc_obj(*dev_cgroup, GFP_KERNEL); if (!dev_cgroup) return ERR_PTR(-ENOMEM); INIT_LIST_HEAD(&dev_cgroup->exceptions); diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c index 45c3e5dda355..aec350abad86 100644 --- a/security/integrity/digsig.c +++ b/security/integrity/digsig.c @@ -141,7 +141,7 @@ int __init integrity_init_keyring(const unsigned int id) if (!IS_ENABLED(CONFIG_INTEGRITY_TRUSTED_KEYRING)) return 0; - restriction = kzalloc(sizeof(struct key_restriction), GFP_KERNEL); + restriction = kzalloc_obj(struct key_restriction, GFP_KERNEL); if (!restriction) return -ENOMEM; diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c index 73d500a375cb..41b053c900f2 100644 --- a/security/integrity/evm/evm_main.c +++ b/security/integrity/evm/evm_main.c @@ -1045,7 +1045,7 @@ int evm_inode_init_security(struct inode *inode, struct inode *dir, "%s: xattrs terminator is not the first non-filled slot\n", __func__); - xattr_data = kzalloc(sizeof(*xattr_data), GFP_NOFS); + xattr_data = kzalloc_obj(*xattr_data, GFP_NOFS); if (!xattr_data) return -ENOMEM; diff --git a/security/integrity/evm/evm_secfs.c b/security/integrity/evm/evm_secfs.c index c26724690cec..a8893b90a0fa 100644 --- a/security/integrity/evm/evm_secfs.c +++ b/security/integrity/evm/evm_secfs.c @@ -199,7 +199,7 @@ static ssize_t evm_write_xattrs(struct file *file, const char __user *buf, if (!ab && IS_ENABLED(CONFIG_AUDIT)) return -ENOMEM; - xattr = kmalloc(sizeof(struct xattr_list), GFP_KERNEL); + xattr = kmalloc_obj(struct xattr_list, GFP_KERNEL); if (!xattr) { err = -ENOMEM; goto out; diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index c6d1c7be8a3e..d15becc8c640 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -48,13 +48,14 @@ int ima_alloc_init_template(struct ima_event_data *event_data, else template_desc = ima_template_desc_current(); - *entry = kzalloc(struct_size(*entry, template_data, - template_desc->num_fields), GFP_NOFS); + *entry = kzalloc_flex(**entry, template_data, template_desc->num_fields, + GFP_NOFS); if (!*entry) return -ENOMEM; - digests = kcalloc(NR_BANKS(ima_tpm_chip) + ima_extra_slots, - sizeof(*digests), GFP_NOFS); + digests = kzalloc_objs(*digests, + NR_BANKS(ima_tpm_chip) + ima_extra_slots, + GFP_NOFS); if (!digests) { kfree(*entry); *entry = NULL; diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c index 6f5696d999d0..d4af5f0e7d6c 100644 --- a/security/integrity/ima/ima_crypto.c +++ b/security/integrity/ima/ima_crypto.c @@ -138,8 +138,9 @@ int __init ima_init_crypto(void) if (ima_hash_algo_idx < 0) ima_hash_algo_idx = NR_BANKS(ima_tpm_chip) + ima_extra_slots++; - ima_algo_array = kcalloc(NR_BANKS(ima_tpm_chip) + ima_extra_slots, - sizeof(*ima_algo_array), GFP_KERNEL); + ima_algo_array = kzalloc_objs(*ima_algo_array, + NR_BANKS(ima_tpm_chip) + ima_extra_slots, + GFP_KERNEL); if (!ima_algo_array) { rc = -ENOMEM; goto out; diff --git a/security/integrity/ima/ima_modsig.c b/security/integrity/ima/ima_modsig.c index 3265d744d5ce..daeeddae3878 100644 --- a/security/integrity/ima/ima_modsig.c +++ b/security/integrity/ima/ima_modsig.c @@ -65,7 +65,7 @@ int ima_read_modsig(enum ima_hooks func, const void *buf, loff_t buf_len, buf_len -= sig_len + sizeof(*sig); /* Allocate sig_len additional bytes to hold the raw PKCS#7 data. */ - hdr = kzalloc(struct_size(hdr, raw_pkcs7, sig_len), GFP_KERNEL); + hdr = kzalloc_flex(*hdr, raw_pkcs7, sig_len, GFP_KERNEL); if (!hdr) return -ENOMEM; diff --git a/security/integrity/ima/ima_mok.c b/security/integrity/ima/ima_mok.c index 95cc31525c57..c647f4fd114d 100644 --- a/security/integrity/ima/ima_mok.c +++ b/security/integrity/ima/ima_mok.c @@ -27,7 +27,7 @@ static __init int ima_mok_init(void) pr_notice("Allocating IMA blacklist keyring.\n"); - restriction = kzalloc(sizeof(struct key_restriction), GFP_KERNEL); + restriction = kzalloc_obj(struct key_restriction, GFP_KERNEL); if (!restriction) panic("Can't allocate IMA blacklist restriction."); diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 8fbd8755f5bc..c99f52458cd5 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -342,7 +342,7 @@ static struct ima_rule_opt_list *ima_alloc_rule_opt_list(const substring_t *src) return ERR_PTR(-EINVAL); } - opt_list = kzalloc(struct_size(opt_list, items, count), GFP_KERNEL); + opt_list = kzalloc_flex(*opt_list, items, count, GFP_KERNEL); if (!opt_list) { kfree(src_copy); return ERR_PTR(-ENOMEM); @@ -921,8 +921,8 @@ static int __init ima_init_arch_policy(void) for (rules = arch_rules; *rules != NULL; rules++) arch_entries++; - arch_policy_entry = kcalloc(arch_entries + 1, - sizeof(*arch_policy_entry), GFP_KERNEL); + arch_policy_entry = kzalloc_objs(*arch_policy_entry, arch_entries + 1, + GFP_KERNEL); if (!arch_policy_entry) return 0; @@ -1976,7 +1976,7 @@ ssize_t ima_parse_add_rule(char *rule) if (*p == '#' || *p == '\0') return len; - entry = kzalloc(sizeof(*entry), GFP_KERNEL); + entry = kzalloc_obj(*entry, GFP_KERNEL); if (!entry) { integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL, NULL, op, "-ENOMEM", -ENOMEM, audit_info); diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c index 590637e81ad1..859c83ab5a2b 100644 --- a/security/integrity/ima/ima_queue.c +++ b/security/integrity/ima/ima_queue.c @@ -103,7 +103,7 @@ static int ima_add_digest_entry(struct ima_template_entry *entry, struct ima_queue_entry *qe; unsigned int key; - qe = kmalloc(sizeof(*qe), GFP_KERNEL); + qe = kmalloc_obj(*qe, GFP_KERNEL); if (qe == NULL) { pr_err("OUT OF MEMORY ERROR creating queue entry\n"); return -ENOMEM; @@ -269,8 +269,8 @@ int __init ima_init_digests(void) if (!ima_tpm_chip) return 0; - digests = kcalloc(ima_tpm_chip->nr_allocated_banks, sizeof(*digests), - GFP_NOFS); + digests = kzalloc_objs(*digests, ima_tpm_chip->nr_allocated_banks, + GFP_NOFS); if (!digests) return -ENOMEM; diff --git a/security/integrity/ima/ima_queue_keys.c b/security/integrity/ima/ima_queue_keys.c index 4f0aea155bf9..da29e5b8f6df 100644 --- a/security/integrity/ima/ima_queue_keys.c +++ b/security/integrity/ima/ima_queue_keys.c @@ -72,7 +72,7 @@ static struct ima_key_entry *ima_alloc_key_entry(struct key *keyring, const char *audit_cause = "ENOMEM"; struct ima_key_entry *entry; - entry = kzalloc(sizeof(*entry), GFP_KERNEL); + entry = kzalloc_obj(*entry, GFP_KERNEL); if (entry) { entry->payload = kmemdup(payload, payload_len, GFP_KERNEL); entry->keyring_name = kstrdup(keyring->description, diff --git a/security/integrity/ima/ima_template.c b/security/integrity/ima/ima_template.c index 04c49f05cb74..9712eb6b4b88 100644 --- a/security/integrity/ima/ima_template.c +++ b/security/integrity/ima/ima_template.c @@ -245,7 +245,7 @@ int template_desc_init_fields(const char *template_fmt, } if (fields && num_fields) { - *fields = kmalloc_array(i, sizeof(**fields), GFP_KERNEL); + *fields = kmalloc_objs(**fields, i, GFP_KERNEL); if (*fields == NULL) return -ENOMEM; @@ -334,7 +334,7 @@ static struct ima_template_desc *restore_template_fmt(char *template_name) goto out; } - template_desc = kzalloc(sizeof(*template_desc), GFP_KERNEL); + template_desc = kzalloc_obj(*template_desc, GFP_KERNEL); if (!template_desc) goto out; @@ -362,13 +362,14 @@ static int ima_restore_template_data(struct ima_template_desc *template_desc, int ret = 0; int i; - *entry = kzalloc(struct_size(*entry, template_data, - template_desc->num_fields), GFP_NOFS); + *entry = kzalloc_flex(**entry, template_data, template_desc->num_fields, + GFP_NOFS); if (!*entry) return -ENOMEM; - digests = kcalloc(NR_BANKS(ima_tpm_chip) + ima_extra_slots, - sizeof(*digests), GFP_NOFS); + digests = kzalloc_objs(*digests, + NR_BANKS(ima_tpm_chip) + ima_extra_slots, + GFP_NOFS); if (!digests) { kfree(*entry); return -ENOMEM; diff --git a/security/ipe/digest.c b/security/ipe/digest.c index 5006366837ba..747768ba0e52 100644 --- a/security/ipe/digest.c +++ b/security/ipe/digest.c @@ -29,7 +29,7 @@ struct digest_info *ipe_digest_parse(const char *valstr) char *alg = NULL; int rc = 0; - info = kzalloc(sizeof(*info), GFP_KERNEL); + info = kzalloc_obj(*info, GFP_KERNEL); if (!info) return ERR_PTR(-ENOMEM); diff --git a/security/ipe/hooks.c b/security/ipe/hooks.c index 603abdc9ce3b..b8d677f87845 100644 --- a/security/ipe/hooks.c +++ b/security/ipe/hooks.c @@ -287,7 +287,7 @@ int ipe_bdev_setintegrity(struct block_device *bdev, enum lsm_integrity_type typ } digest = value; - info = kzalloc(sizeof(*info), GFP_KERNEL); + info = kzalloc_obj(*info, GFP_KERNEL); if (!info) return -ENOMEM; diff --git a/security/ipe/policy.c b/security/ipe/policy.c index 1c58c29886e8..c2ff142aed37 100644 --- a/security/ipe/policy.c +++ b/security/ipe/policy.c @@ -162,7 +162,7 @@ struct ipe_policy *ipe_new_policy(const char *text, size_t textlen, struct ipe_policy *new = NULL; int rc = 0; - new = kzalloc(sizeof(*new), GFP_KERNEL); + new = kzalloc_obj(*new, GFP_KERNEL); if (!new) return ERR_PTR(-ENOMEM); diff --git a/security/ipe/policy_parser.c b/security/ipe/policy_parser.c index 7f27e39931d6..180de3e5f200 100644 --- a/security/ipe/policy_parser.c +++ b/security/ipe/policy_parser.c @@ -30,7 +30,7 @@ static struct ipe_parsed_policy *new_parsed_policy(void) struct ipe_op_table *t = NULL; size_t i = 0; - p = kzalloc(sizeof(*p), GFP_KERNEL); + p = kzalloc_obj(*p, GFP_KERNEL); if (!p) return ERR_PTR(-ENOMEM); @@ -305,7 +305,7 @@ static int parse_property(char *t, struct ipe_rule *r) int token; char *dup = NULL; - p = kzalloc(sizeof(*p), GFP_KERNEL); + p = kzalloc_obj(*p, GFP_KERNEL); if (!p) return -ENOMEM; @@ -373,7 +373,7 @@ static int parse_rule(char *line, struct ipe_parsed_policy *p) if (IS_ERR_OR_NULL(line)) return -EBADMSG; - r = kzalloc(sizeof(*r), GFP_KERNEL); + r = kzalloc_obj(*r, GFP_KERNEL); if (!r) return -ENOMEM; diff --git a/security/keys/key.c b/security/keys/key.c index 3bbdde778631..8ca0777f22d3 100644 --- a/security/keys/key.c +++ b/security/keys/key.c @@ -77,7 +77,7 @@ try_again: spin_unlock(&key_user_lock); user = NULL; - candidate = kmalloc(sizeof(struct key_user), GFP_KERNEL); + candidate = kmalloc_obj(struct key_user, GFP_KERNEL); if (unlikely(!candidate)) goto out; diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index ab927a142f51..7d8a0de7c7c4 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c @@ -1796,13 +1796,13 @@ long keyctl_watch_key(key_serial_t id, int watch_queue_fd, int watch_id) if (watch_id >= 0) { ret = -ENOMEM; if (!key->watchers) { - wlist = kzalloc(sizeof(*wlist), GFP_KERNEL); + wlist = kzalloc_obj(*wlist, GFP_KERNEL); if (!wlist) goto err_wqueue; init_watch_list(wlist, NULL); } - watch = kzalloc(sizeof(*watch), GFP_KERNEL); + watch = kzalloc_obj(*watch, GFP_KERNEL); if (!watch) goto err_wlist; diff --git a/security/keys/keyring.c b/security/keys/keyring.c index f331725d5a37..9a1685035be5 100644 --- a/security/keys/keyring.c +++ b/security/keys/keyring.c @@ -977,7 +977,7 @@ static struct key_restriction *keyring_restriction_alloc( key_restrict_link_func_t check) { struct key_restriction *keyres = - kzalloc(sizeof(struct key_restriction), GFP_KERNEL); + kzalloc_obj(struct key_restriction, GFP_KERNEL); if (!keyres) return ERR_PTR(-ENOMEM); diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c index 8f33cd170e42..f0de3e9d9743 100644 --- a/security/keys/request_key_auth.c +++ b/security/keys/request_key_auth.c @@ -171,7 +171,7 @@ struct key *request_key_auth_new(struct key *target, const char *op, kenter("%d,", target->serial); /* allocate a auth record */ - rka = kzalloc(sizeof(*rka), GFP_KERNEL); + rka = kzalloc_obj(*rka, GFP_KERNEL); if (!rka) goto error; rka->callout_info = kmemdup(callout_info, callout_len, GFP_KERNEL); diff --git a/security/keys/trusted-keys/trusted_core.c b/security/keys/trusted-keys/trusted_core.c index 9046123d94de..fb9ff3d18292 100644 --- a/security/keys/trusted-keys/trusted_core.c +++ b/security/keys/trusted-keys/trusted_core.c @@ -134,7 +134,7 @@ static struct trusted_key_payload *trusted_payload_alloc(struct key *key) ret = key_payload_reserve(key, sizeof(*p)); if (ret < 0) goto err; - p = kzalloc(sizeof(*p), GFP_KERNEL); + p = kzalloc_obj(*p, GFP_KERNEL); if (!p) goto err; diff --git a/security/keys/trusted-keys/trusted_pkwm.c b/security/keys/trusted-keys/trusted_pkwm.c index 4f391b77a907..aab8fbc49280 100644 --- a/security/keys/trusted-keys/trusted_pkwm.c +++ b/security/keys/trusted-keys/trusted_pkwm.c @@ -62,10 +62,10 @@ static struct trusted_key_options *trusted_options_alloc(void) struct trusted_key_options *options; struct trusted_pkwm_options *pkwm; - options = kzalloc(sizeof(*options), GFP_KERNEL); + options = kzalloc_obj(*options, GFP_KERNEL); if (options) { - pkwm = kzalloc(sizeof(*pkwm), GFP_KERNEL); + pkwm = kzalloc_obj(*pkwm, GFP_KERNEL); if (!pkwm) { kfree_sensitive(options); diff --git a/security/keys/trusted-keys/trusted_tpm1.c b/security/keys/trusted-keys/trusted_tpm1.c index c865c97aa1b4..ce9b26dd846e 100644 --- a/security/keys/trusted-keys/trusted_tpm1.c +++ b/security/keys/trusted-keys/trusted_tpm1.c @@ -440,7 +440,7 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype, int i; /* alloc some work space for all the hashes */ - td = kmalloc(sizeof *td, GFP_KERNEL); + td = kmalloc_obj(*td, GFP_KERNEL); if (!td) return -ENOMEM; @@ -838,7 +838,7 @@ static struct trusted_key_options *trusted_options_alloc(void) if (tpm2 < 0) return NULL; - options = kzalloc(sizeof *options, GFP_KERNEL); + options = kzalloc_obj(*options, GFP_KERNEL); if (options) { /* set any non-zero defaults */ options->keytype = SRK_keytype; @@ -946,8 +946,7 @@ static int __init init_digests(void) { int i; - digests = kcalloc(chip->nr_allocated_banks, sizeof(*digests), - GFP_KERNEL); + digests = kzalloc_objs(*digests, chip->nr_allocated_banks, GFP_KERNEL); if (!digests) return -ENOMEM; diff --git a/security/landlock/domain.c b/security/landlock/domain.c index 79cb3bbdf4c5..29a0f9789eee 100644 --- a/security/landlock/domain.c +++ b/security/landlock/domain.c @@ -95,7 +95,7 @@ static struct landlock_details *get_current_details(void) * caller. */ details = - kzalloc(struct_size(details, exe_path, path_size), GFP_KERNEL); + kzalloc_flex(*details, exe_path, path_size, GFP_KERNEL); if (!details) return ERR_PTR(-ENOMEM); diff --git a/security/landlock/object.c b/security/landlock/object.c index 1f50612f0185..0d6e159ef8b5 100644 --- a/security/landlock/object.c +++ b/security/landlock/object.c @@ -25,7 +25,7 @@ landlock_create_object(const struct landlock_object_underops *const underops, if (WARN_ON_ONCE(!underops || !underobj)) return ERR_PTR(-ENOENT); - new_object = kzalloc(sizeof(*new_object), GFP_KERNEL_ACCOUNT); + new_object = kzalloc_obj(*new_object, GFP_KERNEL_ACCOUNT); if (!new_object) return ERR_PTR(-ENOMEM); refcount_set(&new_object->usage, 1); diff --git a/security/landlock/ruleset.c b/security/landlock/ruleset.c index 419b237de635..319873586385 100644 --- a/security/landlock/ruleset.c +++ b/security/landlock/ruleset.c @@ -33,8 +33,8 @@ static struct landlock_ruleset *create_ruleset(const u32 num_layers) struct landlock_ruleset *new_ruleset; new_ruleset = - kzalloc(struct_size(new_ruleset, access_masks, num_layers), - GFP_KERNEL_ACCOUNT); + kzalloc_flex(*new_ruleset, access_masks, num_layers, + GFP_KERNEL_ACCOUNT); if (!new_ruleset) return ERR_PTR(-ENOMEM); refcount_set(&new_ruleset->usage, 1); @@ -123,8 +123,8 @@ create_rule(const struct landlock_id id, } else { new_num_layers = num_layers; } - new_rule = kzalloc(struct_size(new_rule, layers, new_num_layers), - GFP_KERNEL_ACCOUNT); + new_rule = kzalloc_flex(*new_rule, layers, new_num_layers, + GFP_KERNEL_ACCOUNT); if (!new_rule) return ERR_PTR(-ENOMEM); RB_CLEAR_NODE(&new_rule->node); @@ -559,8 +559,8 @@ landlock_merge_ruleset(struct landlock_ruleset *const parent, if (IS_ERR(new_dom)) return new_dom; - new_dom->hierarchy = - kzalloc(sizeof(*new_dom->hierarchy), GFP_KERNEL_ACCOUNT); + new_dom->hierarchy = kzalloc_obj(*new_dom->hierarchy, + GFP_KERNEL_ACCOUNT); if (!new_dom->hierarchy) return ERR_PTR(-ENOMEM); diff --git a/security/landlock/tsync.c b/security/landlock/tsync.c index 0d2b9c646030..de01aa899751 100644 --- a/security/landlock/tsync.c +++ b/security/landlock/tsync.c @@ -237,7 +237,7 @@ static int tsync_works_grow_by(struct tsync_works *s, size_t n, gfp_t flags) s->works = works; for (i = s->capacity; i < new_capacity; i++) { - work = kzalloc(sizeof(*work), flags); + work = kzalloc_obj(*work, flags); if (!work) { /* * Leave the object in a consistent state, diff --git a/security/loadpin/loadpin.c b/security/loadpin/loadpin.c index 6d5f3208f9ca..62b9ee7caefb 100644 --- a/security/loadpin/loadpin.c +++ b/security/loadpin/loadpin.c @@ -327,7 +327,7 @@ static int read_trusted_verity_root_digests(unsigned int fd) len /= 2; - trd = kzalloc(struct_size(trd, data, len), GFP_KERNEL); + trd = kzalloc_flex(*trd, data, len, GFP_KERNEL); if (!trd) { rc = -ENOMEM; goto err; diff --git a/security/safesetid/securityfs.c b/security/safesetid/securityfs.c index ece259f75b0d..8cc2bcb07324 100644 --- a/security/safesetid/securityfs.c +++ b/security/safesetid/securityfs.c @@ -118,7 +118,7 @@ static int verify_ruleset(struct setid_ruleset *pol) res = -EINVAL; /* fix it up */ - nrule = kmalloc(sizeof(struct setid_rule), GFP_KERNEL); + nrule = kmalloc_obj(struct setid_rule, GFP_KERNEL); if (!nrule) return -ENOMEM; if (pol->type == UID){ @@ -146,7 +146,7 @@ static ssize_t handle_policy_update(struct file *file, if (len >= KMALLOC_MAX_SIZE) return -EINVAL; - pol = kmalloc(sizeof(struct setid_ruleset), GFP_KERNEL); + pol = kmalloc_obj(struct setid_ruleset, GFP_KERNEL); if (!pol) return -ENOMEM; pol->policy_str = NULL; @@ -175,7 +175,7 @@ static ssize_t handle_policy_update(struct file *file, } *end = '\0'; - rule = kmalloc(sizeof(struct setid_rule), GFP_KERNEL); + rule = kmalloc_obj(struct setid_rule, GFP_KERNEL); if (!rule) { err = -ENOMEM; goto out_free_buf; diff --git a/security/selinux/avc.c b/security/selinux/avc.c index 8f77b9a732e1..584b1d6bdff1 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c @@ -794,7 +794,7 @@ int __init avc_add_callback(int (*callback)(u32 event), u32 events) struct avc_callback_node *c; int rc = 0; - c = kmalloc(sizeof(*c), GFP_KERNEL); + c = kmalloc_obj(*c, GFP_KERNEL); if (!c) { rc = -ENOMEM; goto out; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index feda34b18d83..58ce110272ef 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -1030,7 +1030,7 @@ static int selinux_add_opt(int token, const char *s, void **mnt_opts) } if (!opts) { - opts = kzalloc(sizeof(*opts), GFP_KERNEL); + opts = kzalloc_obj(*opts, GFP_KERNEL); if (!opts) return -ENOMEM; *mnt_opts = opts; @@ -2822,7 +2822,7 @@ static int selinux_fs_context_submount(struct fs_context *fc, if (!(sbsec->flags & (FSCONTEXT_MNT|CONTEXT_MNT|DEFCONTEXT_MNT))) return 0; - opts = kzalloc(sizeof(*opts), GFP_KERNEL); + opts = kzalloc_obj(*opts, GFP_KERNEL); if (!opts) return -ENOMEM; diff --git a/security/selinux/ibpkey.c b/security/selinux/ibpkey.c index ea1d9b2c7d2b..93a5637fbcd8 100644 --- a/security/selinux/ibpkey.c +++ b/security/selinux/ibpkey.c @@ -147,7 +147,7 @@ static int sel_ib_pkey_sid_slow(u64 subnet_prefix, u16 pkey_num, u32 *sid) if (ret) goto out; - new = kmalloc(sizeof(*new), GFP_ATOMIC); + new = kmalloc_obj(*new, GFP_ATOMIC); if (!new) { /* If this memory allocation fails still return 0. The SID * is valid, it just won't be added to the cache. diff --git a/security/selinux/netif.c b/security/selinux/netif.c index e24b2cba28ea..fa6d24a37c39 100644 --- a/security/selinux/netif.c +++ b/security/selinux/netif.c @@ -161,7 +161,7 @@ static int sel_netif_sid_slow(struct net *ns, int ifindex, u32 *sid) /* If this memory allocation fails still return 0. The SID * is valid, it just won't be added to the cache. */ - new = kmalloc(sizeof(*new), GFP_ATOMIC); + new = kmalloc_obj(*new, GFP_ATOMIC); if (new) { new->nsec.ns = ns; new->nsec.ifindex = ifindex; diff --git a/security/selinux/netnode.c b/security/selinux/netnode.c index 9b3da5ce8d39..adb93003b8c4 100644 --- a/security/selinux/netnode.c +++ b/security/selinux/netnode.c @@ -205,7 +205,7 @@ static int sel_netnode_sid_slow(const void *addr, u16 family, u32 *sid) /* If this memory allocation fails still return 0. The SID * is valid, it just won't be added to the cache. */ - new = kmalloc(sizeof(*new), GFP_ATOMIC); + new = kmalloc_obj(*new, GFP_ATOMIC); switch (family) { case PF_INET: ret = security_node_sid(PF_INET, diff --git a/security/selinux/netport.c b/security/selinux/netport.c index 9e62f7285e81..006a6ec71319 100644 --- a/security/selinux/netport.c +++ b/security/selinux/netport.c @@ -150,7 +150,7 @@ static int sel_netport_sid_slow(u8 protocol, u16 pnum, u32 *sid) /* If this memory allocation fails still return 0. The SID * is valid, it just won't be added to the cache. */ - new = kmalloc(sizeof(*new), GFP_ATOMIC); + new = kmalloc_obj(*new, GFP_ATOMIC); if (new) { new->psec.port = pnum; new->psec.protocol = protocol; diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 4d58c7ad1a23..010499520d38 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -85,7 +85,7 @@ static int selinux_fs_info_create(struct super_block *sb) { struct selinux_fs_info *fsi; - fsi = kzalloc(sizeof(*fsi), GFP_KERNEL); + fsi = kzalloc_obj(*fsi, GFP_KERNEL); if (!fsi) return -ENOMEM; @@ -380,7 +380,7 @@ static int sel_open_policy(struct inode *inode, struct file *filp) goto err; rc = -ENOMEM; - plm = kzalloc(sizeof(*plm), GFP_KERNEL); + plm = kzalloc_obj(*plm, GFP_KERNEL); if (!plm) goto err; diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c index 1bebfcb9c6a1..b238fa9756cf 100644 --- a/security/selinux/ss/conditional.c +++ b/security/selinux/ss/conditional.c @@ -165,8 +165,8 @@ void cond_policydb_destroy(struct policydb *p) int cond_init_bool_indexes(struct policydb *p) { kfree(p->bool_val_to_struct); - p->bool_val_to_struct = kmalloc_array( - p->p_bools.nprim, sizeof(*p->bool_val_to_struct), GFP_KERNEL); + p->bool_val_to_struct = kmalloc_objs(*p->bool_val_to_struct, + p->p_bools.nprim, GFP_KERNEL); if (!p->bool_val_to_struct) return -ENOMEM; @@ -214,7 +214,7 @@ int cond_read_bool(struct policydb *p, struct symtab *s, struct policy_file *fp) u32 len; int rc; - booldatum = kzalloc(sizeof(*booldatum), GFP_KERNEL); + booldatum = kzalloc_obj(*booldatum, GFP_KERNEL); if (!booldatum) return -ENOMEM; @@ -334,7 +334,7 @@ static int cond_read_av_list(struct policydb *p, struct policy_file *fp, if (len == 0) return 0; - list->nodes = kcalloc(len, sizeof(*list->nodes), GFP_KERNEL); + list->nodes = kzalloc_objs(*list->nodes, len, GFP_KERNEL); if (!list->nodes) return -ENOMEM; @@ -383,7 +383,7 @@ static int cond_read_node(struct policydb *p, struct cond_node *node, struct pol /* expr */ len = le32_to_cpu(buf[1]); - node->expr.nodes = kcalloc(len, sizeof(*node->expr.nodes), GFP_KERNEL); + node->expr.nodes = kzalloc_objs(*node->expr.nodes, len, GFP_KERNEL); if (!node->expr.nodes) return -ENOMEM; @@ -421,7 +421,7 @@ int cond_read_list(struct policydb *p, struct policy_file *fp) len = le32_to_cpu(buf[0]); - p->cond_list = kcalloc(len, sizeof(*p->cond_list), GFP_KERNEL); + p->cond_list = kzalloc_objs(*p->cond_list, len, GFP_KERNEL); if (!p->cond_list) return -ENOMEM; @@ -605,7 +605,7 @@ static int cond_dup_av_list(struct cond_av_list *new, memset(new, 0, sizeof(*new)); - new->nodes = kcalloc(orig->len, sizeof(*new->nodes), GFP_KERNEL); + new->nodes = kzalloc_objs(*new->nodes, orig->len, GFP_KERNEL); if (!new->nodes) return -ENOMEM; @@ -631,8 +631,8 @@ static int duplicate_policydb_cond_list(struct policydb *newp, return rc; newp->cond_list_len = 0; - newp->cond_list = kcalloc(origp->cond_list_len, - sizeof(*newp->cond_list), GFP_KERNEL); + newp->cond_list = kzalloc_objs(*newp->cond_list, origp->cond_list_len, + GFP_KERNEL); if (!newp->cond_list) goto error; @@ -710,9 +710,8 @@ static int duplicate_policydb_bools(struct policydb *newdb, struct cond_bool_datum **cond_bool_array; int rc; - cond_bool_array = kmalloc_array(orig->p_bools.nprim, - sizeof(*orig->bool_val_to_struct), - GFP_KERNEL); + cond_bool_array = kmalloc_objs(*orig->bool_val_to_struct, + orig->p_bools.nprim, GFP_KERNEL); if (!cond_bool_array) return -ENOMEM; diff --git a/security/selinux/ss/hashtab.c b/security/selinux/ss/hashtab.c index 1382eb3bfde1..1eb542725c94 100644 --- a/security/selinux/ss/hashtab.c +++ b/security/selinux/ss/hashtab.c @@ -40,8 +40,8 @@ int hashtab_init(struct hashtab *h, u32 nel_hint) h->htable = NULL; if (size) { - h->htable = kcalloc(size, sizeof(*h->htable), - GFP_KERNEL | __GFP_NOWARN); + h->htable = kzalloc_objs(*h->htable, size, + GFP_KERNEL | __GFP_NOWARN); if (!h->htable) return -ENOMEM; h->size = size; @@ -149,7 +149,7 @@ int hashtab_duplicate(struct hashtab *new, const struct hashtab *orig, memset(new, 0, sizeof(*new)); - new->htable = kcalloc(orig->size, sizeof(*new->htable), GFP_KERNEL); + new->htable = kzalloc_objs(*new->htable, orig->size, GFP_KERNEL); if (!new->htable) return -ENOMEM; diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index 91df3db6a88c..a96c671d0d51 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c @@ -390,7 +390,7 @@ static int roles_init(struct policydb *p) int rc; struct role_datum *role; - role = kzalloc(sizeof(*role), GFP_KERNEL); + role = kzalloc_obj(*role, GFP_KERNEL); if (!role) return -ENOMEM; @@ -738,24 +738,23 @@ static int policydb_index(struct policydb *p) avtab_hash_eval(&p->te_avtab, "rules"); symtab_hash_eval(p->symtab); - p->class_val_to_struct = kcalloc(p->p_classes.nprim, - sizeof(*p->class_val_to_struct), - GFP_KERNEL); + p->class_val_to_struct = kzalloc_objs(*p->class_val_to_struct, + p->p_classes.nprim, GFP_KERNEL); if (!p->class_val_to_struct) return -ENOMEM; - p->role_val_to_struct = kcalloc( - p->p_roles.nprim, sizeof(*p->role_val_to_struct), GFP_KERNEL); + p->role_val_to_struct = kzalloc_objs(*p->role_val_to_struct, + p->p_roles.nprim, GFP_KERNEL); if (!p->role_val_to_struct) return -ENOMEM; - p->user_val_to_struct = kcalloc( - p->p_users.nprim, sizeof(*p->user_val_to_struct), GFP_KERNEL); + p->user_val_to_struct = kzalloc_objs(*p->user_val_to_struct, + p->p_users.nprim, GFP_KERNEL); if (!p->user_val_to_struct) return -ENOMEM; - p->type_val_to_struct = kvcalloc( - p->p_types.nprim, sizeof(*p->type_val_to_struct), GFP_KERNEL); + p->type_val_to_struct = kvzalloc_objs(*p->type_val_to_struct, + p->p_types.nprim, GFP_KERNEL); if (!p->type_val_to_struct) return -ENOMEM; @@ -1131,7 +1130,7 @@ static int perm_read(struct policydb *p, struct symtab *s, struct policy_file *f __le32 buf[2]; u32 len; - perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL); + perdatum = kzalloc_obj(*perdatum, GFP_KERNEL); if (!perdatum) return -ENOMEM; @@ -1164,7 +1163,7 @@ static int common_read(struct policydb *p, struct symtab *s, struct policy_file u32 i, len, nel; int rc; - comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL); + comdatum = kzalloc_obj(*comdatum, GFP_KERNEL); if (!comdatum) return -ENOMEM; @@ -1237,7 +1236,7 @@ static int read_cons_helper(struct policydb *p, struct constraint_node **nodep, lc = NULL; for (i = 0; i < ncons; i++) { - c = kzalloc(sizeof(*c), GFP_KERNEL); + c = kzalloc_obj(*c, GFP_KERNEL); if (!c) return -ENOMEM; @@ -1254,7 +1253,7 @@ static int read_cons_helper(struct policydb *p, struct constraint_node **nodep, le = NULL; depth = -1; for (j = 0; j < nexpr; j++) { - e = kzalloc(sizeof(*e), GFP_KERNEL); + e = kzalloc_obj(*e, GFP_KERNEL); if (!e) return -ENOMEM; @@ -1297,9 +1296,8 @@ static int read_cons_helper(struct policydb *p, struct constraint_node **nodep, return rc; if (p->policyvers >= POLICYDB_VERSION_CONSTRAINT_NAMES) { - e->type_names = - kzalloc(sizeof(*e->type_names), - GFP_KERNEL); + e->type_names = kzalloc_obj(*e->type_names, + GFP_KERNEL); if (!e->type_names) return -ENOMEM; type_set_init(e->type_names); @@ -1329,7 +1327,7 @@ static int class_read(struct policydb *p, struct symtab *s, struct policy_file * u32 i, len, len2, ncons, nel; int rc; - cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL); + cladatum = kzalloc_obj(*cladatum, GFP_KERNEL); if (!cladatum) return -ENOMEM; @@ -1427,7 +1425,7 @@ static int role_read(struct policydb *p, struct symtab *s, struct policy_file *f __le32 buf[3]; u32 len; - role = kzalloc(sizeof(*role), GFP_KERNEL); + role = kzalloc_obj(*role, GFP_KERNEL); if (!role) return -ENOMEM; @@ -1484,7 +1482,7 @@ static int type_read(struct policydb *p, struct symtab *s, struct policy_file *f __le32 buf[4]; u32 len; - typdatum = kzalloc(sizeof(*typdatum), GFP_KERNEL); + typdatum = kzalloc_obj(*typdatum, GFP_KERNEL); if (!typdatum) return -ENOMEM; @@ -1558,7 +1556,7 @@ static int user_read(struct policydb *p, struct symtab *s, struct policy_file *f __le32 buf[3]; u32 len; - usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL); + usrdatum = kzalloc_obj(*usrdatum, GFP_KERNEL); if (!usrdatum) return -ENOMEM; @@ -1608,7 +1606,7 @@ static int sens_read(struct policydb *p, struct symtab *s, struct policy_file *f __le32 buf[2]; u32 len; - levdatum = kzalloc(sizeof(*levdatum), GFP_KERNEL); + levdatum = kzalloc_obj(*levdatum, GFP_KERNEL); if (!levdatum) return -ENOMEM; @@ -1644,7 +1642,7 @@ static int cat_read(struct policydb *p, struct symtab *s, struct policy_file *fp __le32 buf[3]; u32 len; - catdatum = kzalloc(sizeof(*catdatum), GFP_KERNEL); + catdatum = kzalloc_obj(*catdatum, GFP_KERNEL); if (!catdatum) return -ENOMEM; @@ -1864,7 +1862,7 @@ static int range_read(struct policydb *p, struct policy_file *fp) for (i = 0; i < nel; i++) { rc = -ENOMEM; - rt = kzalloc(sizeof(*rt), GFP_KERNEL); + rt = kzalloc_obj(*rt, GFP_KERNEL); if (!rt) goto out; @@ -1889,7 +1887,7 @@ static int range_read(struct policydb *p, struct policy_file *fp) goto out; rc = -ENOMEM; - r = kzalloc(sizeof(*r), GFP_KERNEL); + r = kzalloc_obj(*r, GFP_KERNEL); if (!r) goto out; @@ -1965,7 +1963,7 @@ static int filename_trans_read_helper_compat(struct policydb *p, struct policy_f } if (!datum) { rc = -ENOMEM; - datum = kmalloc(sizeof(*datum), GFP_KERNEL); + datum = kmalloc_obj(*datum, GFP_KERNEL); if (!datum) goto out; @@ -2040,7 +2038,7 @@ static int filename_trans_read_helper(struct policydb *p, struct policy_file *fp dst = &first; for (i = 0; i < ndatum; i++) { rc = -ENOMEM; - datum = kmalloc(sizeof(*datum), GFP_KERNEL); + datum = kmalloc_obj(*datum, GFP_KERNEL); if (!datum) goto out; @@ -2062,7 +2060,7 @@ static int filename_trans_read_helper(struct policydb *p, struct policy_file *fp } rc = -ENOMEM; - ft = kmalloc(sizeof(*ft), GFP_KERNEL); + ft = kmalloc_obj(*ft, GFP_KERNEL); if (!ft) goto out; @@ -2155,7 +2153,7 @@ static int genfs_read(struct policydb *p, struct policy_file *fp) len = le32_to_cpu(buf[0]); rc = -ENOMEM; - newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL); + newgenfs = kzalloc_obj(*newgenfs, GFP_KERNEL); if (!newgenfs) goto out; @@ -2194,7 +2192,7 @@ static int genfs_read(struct policydb *p, struct policy_file *fp) len = le32_to_cpu(buf[0]); rc = -ENOMEM; - newc = kzalloc(sizeof(*newc), GFP_KERNEL); + newc = kzalloc_obj(*newc, GFP_KERNEL); if (!newc) goto out; @@ -2266,7 +2264,7 @@ static int ocontext_read(struct policydb *p, l = NULL; for (j = 0; j < nel; j++) { rc = -ENOMEM; - c = kzalloc(sizeof(*c), GFP_KERNEL); + c = kzalloc_obj(*c, GFP_KERNEL); if (!c) goto out; if (l) @@ -2623,12 +2621,12 @@ int policydb_read(struct policydb *p, struct policy_file *fp) goto bad; for (i = 0; i < nel; i++) { rc = -ENOMEM; - rtk = kmalloc(sizeof(*rtk), GFP_KERNEL); + rtk = kmalloc_obj(*rtk, GFP_KERNEL); if (!rtk) goto bad; rc = -ENOMEM; - rtd = kmalloc(sizeof(*rtd), GFP_KERNEL); + rtd = kmalloc_obj(*rtd, GFP_KERNEL); if (!rtd) goto bad; @@ -2671,7 +2669,7 @@ int policydb_read(struct policydb *p, struct policy_file *fp) lra = NULL; for (i = 0; i < nel; i++) { rc = -ENOMEM; - ra = kzalloc(sizeof(*ra), GFP_KERNEL); + ra = kzalloc_obj(*ra, GFP_KERNEL); if (!ra) goto bad; if (lra) @@ -2726,8 +2724,8 @@ int policydb_read(struct policydb *p, struct policy_file *fp) goto bad; rc = -ENOMEM; - p->type_attr_map_array = kvcalloc( - p->p_types.nprim, sizeof(*p->type_attr_map_array), GFP_KERNEL); + p->type_attr_map_array = kvzalloc_objs(*p->type_attr_map_array, + p->p_types.nprim, GFP_KERNEL); if (!p->type_attr_map_array) goto bad; diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 13fc712d5923..6f20e941c059 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -108,7 +108,7 @@ static int selinux_set_mapping(struct policydb *pol, i++; /* Allocate space for the class records, plus one for class zero */ - out_map->mapping = kcalloc(++i, sizeof(*out_map->mapping), GFP_ATOMIC); + out_map->mapping = kzalloc_objs(*out_map->mapping, ++i, GFP_ATOMIC); if (!out_map->mapping) return -ENOMEM; @@ -2312,11 +2312,11 @@ int security_load_policy(void *data, size_t len, int rc = 0; struct policy_file file = { data, len }, *fp = &file; - newpolicy = kzalloc(sizeof(*newpolicy), GFP_KERNEL); + newpolicy = kzalloc_obj(*newpolicy, GFP_KERNEL); if (!newpolicy) return -ENOMEM; - newpolicy->sidtab = kzalloc(sizeof(*newpolicy->sidtab), GFP_KERNEL); + newpolicy->sidtab = kzalloc_obj(*newpolicy->sidtab, GFP_KERNEL); if (!newpolicy->sidtab) { rc = -ENOMEM; goto err_policy; @@ -2360,7 +2360,7 @@ int security_load_policy(void *data, size_t len, * in the new SID table. */ - convert_data = kmalloc(sizeof(*convert_data), GFP_KERNEL); + convert_data = kmalloc_obj(*convert_data, GFP_KERNEL); if (!convert_data) { rc = -ENOMEM; goto err_free_isids; @@ -3065,7 +3065,7 @@ int security_get_bools(struct selinux_policy *policy, goto err; rc = -ENOMEM; - *values = kcalloc(*len, sizeof(int), GFP_ATOMIC); + *values = kzalloc_objs(int, *len, GFP_ATOMIC); if (!*values) goto err; @@ -3629,7 +3629,7 @@ int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule, return -EINVAL; } - tmprule = kzalloc(sizeof(struct selinux_audit_rule), gfp); + tmprule = kzalloc_obj(struct selinux_audit_rule, gfp); if (!tmprule) return -ENOMEM; context_init(&tmprule->au_ctxt); @@ -3844,7 +3844,7 @@ static void security_netlbl_cache_add(struct netlbl_lsm_secattr *secattr, { u32 *sid_cache; - sid_cache = kmalloc(sizeof(*sid_cache), GFP_ATOMIC); + sid_cache = kmalloc_obj(*sid_cache, GFP_ATOMIC); if (sid_cache == NULL) return; secattr->cache = netlbl_secattr_cache_alloc(GFP_ATOMIC); diff --git a/security/selinux/ss/sidtab.c b/security/selinux/ss/sidtab.c index 59f8c09158ef..118af0aa2767 100644 --- a/security/selinux/ss/sidtab.c +++ b/security/selinux/ss/sidtab.c @@ -580,7 +580,7 @@ void sidtab_sid2str_put(struct sidtab *s, struct sidtab_entry *entry, goto out_unlock; } - cache = kmalloc(struct_size(cache, str, str_len), GFP_ATOMIC); + cache = kmalloc_flex(*cache, str, str_len, GFP_ATOMIC); if (!cache) goto out_unlock; diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c index 61d56b0c2be1..8e00b3306574 100644 --- a/security/selinux/xfrm.c +++ b/security/selinux/xfrm.c @@ -88,7 +88,7 @@ static int selinux_xfrm_alloc_user(struct xfrm_sec_ctx **ctxp, if (str_len >= PAGE_SIZE) return -ENOMEM; - ctx = kmalloc(struct_size(ctx, ctx_str, str_len + 1), gfp); + ctx = kmalloc_flex(*ctx, ctx_str, str_len + 1, gfp); if (!ctx) return -ENOMEM; @@ -354,7 +354,7 @@ int selinux_xfrm_state_alloc_acquire(struct xfrm_state *x, if (rc) return rc; - ctx = kmalloc(struct_size(ctx, ctx_str, str_len), GFP_ATOMIC); + ctx = kmalloc_flex(*ctx, ctx_str, str_len, GFP_ATOMIC); if (!ctx) { rc = -ENOMEM; goto out; diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index 86ad910d5631..350b88d582b3 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c @@ -592,7 +592,7 @@ smk_import_allocated_label(char *smack, gfp_t gfp) if (skp != NULL) goto freeout; - skp = kzalloc(sizeof(*skp), gfp); + skp = kzalloc_obj(*skp, gfp); if (skp == NULL) { skp = ERR_PTR(-ENOMEM); goto freeout; diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index a0bd4919a9d9..e2add0c8c739 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -372,7 +372,7 @@ static int smk_copy_relabel(struct list_head *nhead, struct list_head *ohead, struct smack_known_list_elem *oklep; list_for_each_entry(oklep, ohead, list) { - nklep = kzalloc(sizeof(struct smack_known_list_elem), gfp); + nklep = kzalloc_obj(struct smack_known_list_elem, gfp); if (nklep == NULL) { smk_destroy_label_list(nhead); return -ENOMEM; @@ -562,7 +562,7 @@ static int smack_add_opt(int token, const char *s, void **mnt_opts) struct smack_known *skp; if (!opts) { - opts = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL); + opts = kzalloc_obj(struct smack_mnt_opts, GFP_KERNEL); if (!opts) return -ENOMEM; *mnt_opts = opts; @@ -622,7 +622,7 @@ static int smack_fs_context_submount(struct fs_context *fc, struct smack_mnt_opts *ctx; struct inode_smack *isp; - ctx = kzalloc(sizeof(*ctx), GFP_KERNEL); + ctx = kzalloc_obj(*ctx, GFP_KERNEL); if (!ctx) return -ENOMEM; fc->security = ctx; @@ -673,7 +673,7 @@ static int smack_fs_context_dup(struct fs_context *fc, if (!src) return 0; - fc->security = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL); + fc->security = kzalloc_obj(struct smack_mnt_opts, GFP_KERNEL); if (!fc->security) return -ENOMEM; @@ -2817,7 +2817,7 @@ static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address) /* * A new port entry is required. */ - spp = kzalloc(sizeof(*spp), GFP_KERNEL); + spp = kzalloc_obj(*spp, GFP_KERNEL); if (spp == NULL) return; diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index 8919e330d2f6..35b98f11e32d 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c @@ -682,7 +682,7 @@ smk_cipso_doi(u32 ndoi, gfp_t gfp_flags) smk_netlabel_audit_set(&nai); - doip = kmalloc(sizeof(struct cipso_v4_doi), gfp_flags); + doip = kmalloc_obj(struct cipso_v4_doi, gfp_flags); if (!doip) { rc = -ENOMEM; goto clr_doi_lock; @@ -1249,7 +1249,7 @@ static ssize_t smk_write_net4addr(struct file *file, const char __user *buf, smk_netlabel_audit_set(&audit_info); if (found == 0) { - snp = kzalloc(sizeof(*snp), GFP_KERNEL); + snp = kzalloc_obj(*snp, GFP_KERNEL); if (snp == NULL) rc = -ENOMEM; else { @@ -1526,7 +1526,7 @@ static ssize_t smk_write_net6addr(struct file *file, const char __user *buf, break; } if (found == 0) { - snp = kzalloc(sizeof(*snp), GFP_KERNEL); + snp = kzalloc_obj(*snp, GFP_KERNEL); if (snp == NULL) rc = -ENOMEM; else { @@ -1970,7 +1970,7 @@ static int smk_parse_label_list(char *data, struct list_head *list) if (IS_ERR(skp)) return PTR_ERR(skp); - sklep = kzalloc(sizeof(*sklep), GFP_KERNEL); + sklep = kzalloc_obj(*sklep, GFP_KERNEL); if (sklep == NULL) return -ENOMEM; diff --git a/security/tomoyo/audit.c b/security/tomoyo/audit.c index 610c1536cf70..bfacb3f2e2ed 100644 --- a/security/tomoyo/audit.c +++ b/security/tomoyo/audit.c @@ -376,7 +376,7 @@ void tomoyo_write_log2(struct tomoyo_request_info *r, int len, const char *fmt, buf = tomoyo_init_log(r, len, fmt, args); if (!buf) goto out; - entry = kzalloc(sizeof(*entry), GFP_NOFS); + entry = kzalloc_obj(*entry, GFP_NOFS); if (!entry) { kfree(buf); goto out; diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index 7e1f825d903b..fdaeaff01fc1 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c @@ -493,7 +493,7 @@ static struct tomoyo_profile *tomoyo_assign_profile ptr = ns->profile_ptr[profile]; if (ptr) return ptr; - entry = kzalloc(sizeof(*entry), GFP_NOFS | __GFP_NOWARN); + entry = kzalloc_obj(*entry, GFP_NOFS | __GFP_NOWARN); if (mutex_lock_interruptible(&tomoyo_policy_lock)) goto out; ptr = ns->profile_ptr[profile]; @@ -2553,7 +2553,7 @@ static int tomoyo_write_stat(struct tomoyo_io_buffer *head) */ int tomoyo_open_control(const u8 type, struct file *file) { - struct tomoyo_io_buffer *head = kzalloc(sizeof(*head), GFP_NOFS); + struct tomoyo_io_buffer *head = kzalloc_obj(*head, GFP_NOFS); if (!head) return -ENOMEM; diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c index 0612eac7f2f2..eeaad421f15b 100644 --- a/security/tomoyo/domain.c +++ b/security/tomoyo/domain.c @@ -708,7 +708,7 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm) bool reject_on_transition_failure = false; const struct tomoyo_path_info *candidate; struct tomoyo_path_info exename; - struct tomoyo_execve *ee = kzalloc(sizeof(*ee), GFP_NOFS); + struct tomoyo_execve *ee = kzalloc_obj(*ee, GFP_NOFS); if (!ee) return -ENOMEM; diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c index 38b21ee0c560..57fd421f8c31 100644 --- a/security/yama/yama_lsm.c +++ b/security/yama/yama_lsm.c @@ -89,7 +89,7 @@ static void report_access(const char *access, struct task_struct *target, return; } - info = kmalloc(sizeof(*info), GFP_ATOMIC); + info = kmalloc_obj(*info, GFP_ATOMIC); if (!info) return; init_task_work(&info->work, __report_access); @@ -143,7 +143,7 @@ static int yama_ptracer_add(struct task_struct *tracer, { struct ptrace_relation *relation, *added; - added = kmalloc(sizeof(*added), GFP_KERNEL); + added = kmalloc_obj(*added, GFP_KERNEL); if (!added) return -ENOMEM; |