From: Michal Hocko <mhocko@kernel.org>
To: Vlastimil Babka <vbabka@suse.cz>
Cc: Kees Cook <keescook@chromium.org>,
Andrew Morton <akpm@linux-foundation.org>,
David Rientjes <rientjes@google.com>,
Mel Gorman <mgorman@suse.de>,
Johannes Weiner <hannes@cmpxchg.org>,
Al Viro <viro@zeniv.linux.org.uk>, Linux-MM <linux-mm@kvack.org>,
LKML <linux-kernel@vger.kernel.org>,
Martin Schwidefsky <schwidefsky@de.ibm.com>,
Heiko Carstens <heiko.carstens@de.ibm.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
Anton Vorontsov <anton@enomsg.org>,
Colin Cross <ccross@android.com>, Tony Luck <tony.luck@intel.com>,
"Rafael J. Wysocki" <rjw@rjwysocki.net>,
Ben Skeggs <bskeggs@redhat.com>,
Kent Overstreet <kent.overstreet@gmail.com>,
Santosh Raspatur <santosh@chelsio.com>,
Hariprasad S <hariprasad@chelsio.com>,
Tariq Toukan <tariqt@mellanox.com>,
Yishai Hadas <yishaih@mellanox.com>,
Dan Williams <dan.j.williams@intel.com>,
Oleg Drokin <oleg.drokin@intel.com>,
Andreas Dilger <andreas.dilger@intel.com>,
Boris Ostrovsky <boris.ostrovsky@oracle.com>,
David Sterba <dsterba@suse.com>, "Yan, Zheng" <zyan@redhat.com>,
Ilya Dryomov <idryomov@gmail.com>,
Alexei Starovoitov <ast@kernel.org>,
Eric Dumazet <eric.dumazet@gmail.com>,
Network Development <netdev@vger.kernel.org>
Subject: Re: [PATCH 5/6] treewide: use kv[mz]alloc* rather than opencoded variants
Date: Tue, 24 Jan 2017 16:00:05 +0100 [thread overview]
Message-ID: <20170124150004.GM6867@dhcp22.suse.cz> (raw)
In-Reply-To: <7c109e9e-e28b-3ddb-42b6-902f46bf0572@suse.cz>
On Fri 20-01-17 14:41:37, Vlastimil Babka wrote:
> On 01/12/2017 06:37 PM, Michal Hocko wrote:
> > On Thu 12-01-17 09:26:09, Kees Cook wrote:
> >> On Thu, Jan 12, 2017 at 7:37 AM, Michal Hocko <mhocko@kernel.org> wrote:
> > [...]
> >>> diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
> >>> index 4f74511015b8..e6bbb33d2956 100644
> >>> --- a/arch/s390/kvm/kvm-s390.c
> >>> +++ b/arch/s390/kvm/kvm-s390.c
> >>> @@ -1126,10 +1126,7 @@ static long kvm_s390_get_skeys(struct kvm *kvm, struct kvm_s390_skeys *args)
> >>> if (args->count < 1 || args->count > KVM_S390_SKEYS_MAX)
> >>> return -EINVAL;
> >>>
> >>> - keys = kmalloc_array(args->count, sizeof(uint8_t),
> >>> - GFP_KERNEL | __GFP_NOWARN);
> >>> - if (!keys)
> >>> - keys = vmalloc(sizeof(uint8_t) * args->count);
> >>> + keys = kvmalloc(args->count * sizeof(uint8_t), GFP_KERNEL);
> >>
> >> Before doing this conversion, can we add a kvmalloc_array() API? This
> >> conversion could allow for the reintroduction of integer overflow
> >> flaws. (This particular situation isn't at risk since ->count is
> >> checked, but I'd prefer we not create a risky set of examples for
> >> using kvmalloc.)
> >
> > Well, I am not opposed to kvmalloc_array but I would argue that this
> > conversion cannot introduce new overflow issues. The code would have
> > to be broken already because even though kmalloc_array checks for the
> > overflow but vmalloc fallback doesn't...
>
> Yeah I agree, but if some of the places were really wrong, after the
> conversion we won't see them anymore.
>
> > If there is a general interest for this API I can add it.
>
> I think it would be better, yes.
OK, fair enough. I will fold the following into the original patch. I
was little bit reluctant to create kvcalloc so I've made the original
callers more talkative and added | __GFP_ZERO. To be honest I do not
really like how kcalloc...
---
diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
index e6bbb33d2956..aa558dce6bb4 100644
--- a/arch/s390/kvm/kvm-s390.c
+++ b/arch/s390/kvm/kvm-s390.c
@@ -1126,7 +1126,7 @@ static long kvm_s390_get_skeys(struct kvm *kvm, struct kvm_s390_skeys *args)
if (args->count < 1 || args->count > KVM_S390_SKEYS_MAX)
return -EINVAL;
- keys = kvmalloc(args->count * sizeof(uint8_t), GFP_KERNEL);
+ keys = kvmalloc_array(args->count, sizeof(uint8_t), GFP_KERNEL);
if (!keys)
return -ENOMEM;
@@ -1168,7 +1168,7 @@ static long kvm_s390_set_skeys(struct kvm *kvm, struct kvm_s390_skeys *args)
if (args->count < 1 || args->count > KVM_S390_SKEYS_MAX)
return -EINVAL;
- keys = kvmalloc(sizeof(uint8_t) * args->count, GFP_KERNEL);
+ keys = kvmalloc_array(args->count, sizeof(uint8_t), GFP_KERNEL);
if (!keys)
return -ENOMEM;
diff --git a/drivers/net/ethernet/mellanox/mlx4/mr.c b/drivers/net/ethernet/mellanox/mlx4/mr.c
index 82354fd0a87e..6583d4601480 100644
--- a/drivers/net/ethernet/mellanox/mlx4/mr.c
+++ b/drivers/net/ethernet/mellanox/mlx4/mr.c
@@ -115,7 +115,7 @@ static int mlx4_buddy_init(struct mlx4_buddy *buddy, int max_order)
for (i = 0; i <= buddy->max_order; ++i) {
s = BITS_TO_LONGS(1 << (buddy->max_order - i));
- buddy->bits[i] = kvzalloc(s * sizeof(long), GFP_KERNEL);
+ buddy->bits[i] = kvmalloc_array(s, sizeof(long), GFP_KERNEL | __GFP_ZERO);
if (!buddy->bits[i])
goto err_out_free;
}
diff --git a/include/linux/mm.h b/include/linux/mm.h
index 55fd570c3e1e..22c6e81d0c16 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -498,6 +498,14 @@ static inline void *kvzalloc(size_t size, gfp_t flags)
return kvmalloc(size, flags | __GFP_ZERO);
}
+static inline void *kvmalloc_array(size_t n, size_t size, gfp_t flags)
+{
+ if (size != 0 && n > SIZE_MAX / size)
+ return NULL;
+
+ return kvmalloc(n * size, flags);
+}
+
extern void kvfree(const void *addr);
static inline atomic_t *compound_mapcount_ptr(struct page *page)
diff --git a/kernel/bpf/hashtab.c b/kernel/bpf/hashtab.c
index 4ca30a951bbc..58ec07946fe6 100644
--- a/kernel/bpf/hashtab.c
+++ b/kernel/bpf/hashtab.c
@@ -320,7 +320,7 @@ static struct bpf_map *htab_map_alloc(union bpf_attr *attr)
goto free_htab;
err = -ENOMEM;
- htab->buckets = kvmalloc(htab->n_buckets * sizeof(struct bucket), GFP_USER);
+ htab->buckets = kvmalloc_array(htab->n_buckets, sizeof(struct bucket), GFP_USER);
if (!htab->buckets)
goto free_htab;
diff --git a/lib/iov_iter.c b/lib/iov_iter.c
index 45c17b5562b5..8f9caf095172 100644
--- a/lib/iov_iter.c
+++ b/lib/iov_iter.c
@@ -957,7 +957,7 @@ EXPORT_SYMBOL(iov_iter_get_pages);
static struct page **get_pages_array(size_t n)
{
- return kvmalloc(n * sizeof(struct page *), GFP_KERNEL);
+ return kvmalloc_array(n, sizeof(struct page *), GFP_KERNEL);
}
static ssize_t pipe_get_pages_alloc(struct iov_iter *i,
diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c
index a46a9fd8b540..0c4848bd86c4 100644
--- a/net/ipv4/inet_hashtables.c
+++ b/net/ipv4/inet_hashtables.c
@@ -687,7 +687,7 @@ int inet_ehash_locks_alloc(struct inet_hashinfo *hashinfo)
/* no more locks than number of hash buckets */
nblocks = min(nblocks, hashinfo->ehash_mask + 1);
- hashinfo->ehash_locks = kvmalloc(nblocks * locksz, GFP_KERNEL);
+ hashinfo->ehash_locks = kvmalloc_array(nblocks, locksz, GFP_KERNEL);
if (!hashinfo->ehash_locks)
return -ENOMEM;
diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
index cdc55d5ee4ad..eca16612b1ae 100644
--- a/net/netfilter/x_tables.c
+++ b/net/netfilter/x_tables.c
@@ -712,10 +712,7 @@ EXPORT_SYMBOL(xt_check_entry_offsets);
*/
unsigned int *xt_alloc_entry_offsets(unsigned int size)
{
- if (size < (SIZE_MAX / sizeof(unsigned int)))
- return kvzalloc(size * sizeof(unsigned int), GFP_KERNEL);
-
- return NULL;
+ return kvmalloc_array(size * sizeof(unsigned int), GFP_KERNEL | __GFP_ZERO);
}
EXPORT_SYMBOL(xt_alloc_entry_offsets);
diff --git a/net/sched/sch_choke.c b/net/sched/sch_choke.c
index 30d6a39fd2c8..47cbfae44898 100644
--- a/net/sched/sch_choke.c
+++ b/net/sched/sch_choke.c
@@ -431,7 +431,7 @@ static int choke_change(struct Qdisc *sch, struct nlattr *opt)
if (mask != q->tab_mask) {
struct sk_buff **ntab;
- ntab = kvzalloc((mask + 1) * sizeof(struct sk_buff *), GFP_KERNEL);
+ ntab = kvmalloc_array((mask + 1), sizeof(struct sk_buff *), GFP_KERNEL | __GFP_ZERO);
if (!ntab)
return -ENOMEM;
--
Michal Hocko
SUSE Labs
WARNING: multiple messages have this Message-ID (diff)
From: Michal Hocko <mhocko@kernel.org>
To: Vlastimil Babka <vbabka@suse.cz>
Cc: Kees Cook <keescook@chromium.org>,
Andrew Morton <akpm@linux-foundation.org>,
David Rientjes <rientjes@google.com>,
Mel Gorman <mgorman@suse.de>,
Johannes Weiner <hannes@cmpxchg.org>,
Al Viro <viro@zeniv.linux.org.uk>, Linux-MM <linux-mm@kvack.org>,
LKML <linux-kernel@vger.kernel.org>,
Martin Schwidefsky <schwidefsky@de.ibm.com>,
Heiko Carstens <heiko.carstens@de.ibm.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
Anton Vorontsov <anton@enomsg.org>,
Colin Cross <ccross@android.com>, Tony Luck <tony.luck@intel.com>,
"Rafael J. Wysocki" <rjw@rjwysocki.net>,
Ben Skeggs <bskeggs@redhat.com>,
Kent Overstreet <kent.overstreet@gmail.com>,
Santosh Raspatur <santosh@chelsio.com>,
Hariprasad S <hariprasad@chelsio.com>,
Tariq Toukan <tariqt@mell
Subject: Re: [PATCH 5/6] treewide: use kv[mz]alloc* rather than opencoded variants
Date: Tue, 24 Jan 2017 16:00:05 +0100 [thread overview]
Message-ID: <20170124150004.GM6867@dhcp22.suse.cz> (raw)
In-Reply-To: <7c109e9e-e28b-3ddb-42b6-902f46bf0572@suse.cz>
On Fri 20-01-17 14:41:37, Vlastimil Babka wrote:
> On 01/12/2017 06:37 PM, Michal Hocko wrote:
> > On Thu 12-01-17 09:26:09, Kees Cook wrote:
> >> On Thu, Jan 12, 2017 at 7:37 AM, Michal Hocko <mhocko@kernel.org> wrote:
> > [...]
> >>> diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
> >>> index 4f74511015b8..e6bbb33d2956 100644
> >>> --- a/arch/s390/kvm/kvm-s390.c
> >>> +++ b/arch/s390/kvm/kvm-s390.c
> >>> @@ -1126,10 +1126,7 @@ static long kvm_s390_get_skeys(struct kvm *kvm, struct kvm_s390_skeys *args)
> >>> if (args->count < 1 || args->count > KVM_S390_SKEYS_MAX)
> >>> return -EINVAL;
> >>>
> >>> - keys = kmalloc_array(args->count, sizeof(uint8_t),
> >>> - GFP_KERNEL | __GFP_NOWARN);
> >>> - if (!keys)
> >>> - keys = vmalloc(sizeof(uint8_t) * args->count);
> >>> + keys = kvmalloc(args->count * sizeof(uint8_t), GFP_KERNEL);
> >>
> >> Before doing this conversion, can we add a kvmalloc_array() API? This
> >> conversion could allow for the reintroduction of integer overflow
> >> flaws. (This particular situation isn't at risk since ->count is
> >> checked, but I'd prefer we not create a risky set of examples for
> >> using kvmalloc.)
> >
> > Well, I am not opposed to kvmalloc_array but I would argue that this
> > conversion cannot introduce new overflow issues. The code would have
> > to be broken already because even though kmalloc_array checks for the
> > overflow but vmalloc fallback doesn't...
>
> Yeah I agree, but if some of the places were really wrong, after the
> conversion we won't see them anymore.
>
> > If there is a general interest for this API I can add it.
>
> I think it would be better, yes.
OK, fair enough. I will fold the following into the original patch. I
was little bit reluctant to create kvcalloc so I've made the original
callers more talkative and added | __GFP_ZERO. To be honest I do not
really like how kcalloc...
---
diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
index e6bbb33d2956..aa558dce6bb4 100644
--- a/arch/s390/kvm/kvm-s390.c
+++ b/arch/s390/kvm/kvm-s390.c
@@ -1126,7 +1126,7 @@ static long kvm_s390_get_skeys(struct kvm *kvm, struct kvm_s390_skeys *args)
if (args->count < 1 || args->count > KVM_S390_SKEYS_MAX)
return -EINVAL;
- keys = kvmalloc(args->count * sizeof(uint8_t), GFP_KERNEL);
+ keys = kvmalloc_array(args->count, sizeof(uint8_t), GFP_KERNEL);
if (!keys)
return -ENOMEM;
@@ -1168,7 +1168,7 @@ static long kvm_s390_set_skeys(struct kvm *kvm, struct kvm_s390_skeys *args)
if (args->count < 1 || args->count > KVM_S390_SKEYS_MAX)
return -EINVAL;
- keys = kvmalloc(sizeof(uint8_t) * args->count, GFP_KERNEL);
+ keys = kvmalloc_array(args->count, sizeof(uint8_t), GFP_KERNEL);
if (!keys)
return -ENOMEM;
diff --git a/drivers/net/ethernet/mellanox/mlx4/mr.c b/drivers/net/ethernet/mellanox/mlx4/mr.c
index 82354fd0a87e..6583d4601480 100644
--- a/drivers/net/ethernet/mellanox/mlx4/mr.c
+++ b/drivers/net/ethernet/mellanox/mlx4/mr.c
@@ -115,7 +115,7 @@ static int mlx4_buddy_init(struct mlx4_buddy *buddy, int max_order)
for (i = 0; i <= buddy->max_order; ++i) {
s = BITS_TO_LONGS(1 << (buddy->max_order - i));
- buddy->bits[i] = kvzalloc(s * sizeof(long), GFP_KERNEL);
+ buddy->bits[i] = kvmalloc_array(s, sizeof(long), GFP_KERNEL | __GFP_ZERO);
if (!buddy->bits[i])
goto err_out_free;
}
diff --git a/include/linux/mm.h b/include/linux/mm.h
index 55fd570c3e1e..22c6e81d0c16 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -498,6 +498,14 @@ static inline void *kvzalloc(size_t size, gfp_t flags)
return kvmalloc(size, flags | __GFP_ZERO);
}
+static inline void *kvmalloc_array(size_t n, size_t size, gfp_t flags)
+{
+ if (size != 0 && n > SIZE_MAX / size)
+ return NULL;
+
+ return kvmalloc(n * size, flags);
+}
+
extern void kvfree(const void *addr);
static inline atomic_t *compound_mapcount_ptr(struct page *page)
diff --git a/kernel/bpf/hashtab.c b/kernel/bpf/hashtab.c
index 4ca30a951bbc..58ec07946fe6 100644
--- a/kernel/bpf/hashtab.c
+++ b/kernel/bpf/hashtab.c
@@ -320,7 +320,7 @@ static struct bpf_map *htab_map_alloc(union bpf_attr *attr)
goto free_htab;
err = -ENOMEM;
- htab->buckets = kvmalloc(htab->n_buckets * sizeof(struct bucket), GFP_USER);
+ htab->buckets = kvmalloc_array(htab->n_buckets, sizeof(struct bucket), GFP_USER);
if (!htab->buckets)
goto free_htab;
diff --git a/lib/iov_iter.c b/lib/iov_iter.c
index 45c17b5562b5..8f9caf095172 100644
--- a/lib/iov_iter.c
+++ b/lib/iov_iter.c
@@ -957,7 +957,7 @@ EXPORT_SYMBOL(iov_iter_get_pages);
static struct page **get_pages_array(size_t n)
{
- return kvmalloc(n * sizeof(struct page *), GFP_KERNEL);
+ return kvmalloc_array(n, sizeof(struct page *), GFP_KERNEL);
}
static ssize_t pipe_get_pages_alloc(struct iov_iter *i,
diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c
index a46a9fd8b540..0c4848bd86c4 100644
--- a/net/ipv4/inet_hashtables.c
+++ b/net/ipv4/inet_hashtables.c
@@ -687,7 +687,7 @@ int inet_ehash_locks_alloc(struct inet_hashinfo *hashinfo)
/* no more locks than number of hash buckets */
nblocks = min(nblocks, hashinfo->ehash_mask + 1);
- hashinfo->ehash_locks = kvmalloc(nblocks * locksz, GFP_KERNEL);
+ hashinfo->ehash_locks = kvmalloc_array(nblocks, locksz, GFP_KERNEL);
if (!hashinfo->ehash_locks)
return -ENOMEM;
diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
index cdc55d5ee4ad..eca16612b1ae 100644
--- a/net/netfilter/x_tables.c
+++ b/net/netfilter/x_tables.c
@@ -712,10 +712,7 @@ EXPORT_SYMBOL(xt_check_entry_offsets);
*/
unsigned int *xt_alloc_entry_offsets(unsigned int size)
{
- if (size < (SIZE_MAX / sizeof(unsigned int)))
- return kvzalloc(size * sizeof(unsigned int), GFP_KERNEL);
-
- return NULL;
+ return kvmalloc_array(size * sizeof(unsigned int), GFP_KERNEL | __GFP_ZERO);
}
EXPORT_SYMBOL(xt_alloc_entry_offsets);
diff --git a/net/sched/sch_choke.c b/net/sched/sch_choke.c
index 30d6a39fd2c8..47cbfae44898 100644
--- a/net/sched/sch_choke.c
+++ b/net/sched/sch_choke.c
@@ -431,7 +431,7 @@ static int choke_change(struct Qdisc *sch, struct nlattr *opt)
if (mask != q->tab_mask) {
struct sk_buff **ntab;
- ntab = kvzalloc((mask + 1) * sizeof(struct sk_buff *), GFP_KERNEL);
+ ntab = kvmalloc_array((mask + 1), sizeof(struct sk_buff *), GFP_KERNEL | __GFP_ZERO);
if (!ntab)
return -ENOMEM;
--
Michal Hocko
SUSE Labs
WARNING: multiple messages have this Message-ID (diff)
From: Michal Hocko <mhocko@kernel.org>
To: Vlastimil Babka <vbabka@suse.cz>
Cc: Kees Cook <keescook@chromium.org>,
Andrew Morton <akpm@linux-foundation.org>,
David Rientjes <rientjes@google.com>,
Mel Gorman <mgorman@suse.de>,
Johannes Weiner <hannes@cmpxchg.org>,
Al Viro <viro@zeniv.linux.org.uk>, Linux-MM <linux-mm@kvack.org>,
LKML <linux-kernel@vger.kernel.org>,
Martin Schwidefsky <schwidefsky@de.ibm.com>,
Heiko Carstens <heiko.carstens@de.ibm.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
Anton Vorontsov <anton@enomsg.org>,
Colin Cross <ccross@android.com>, Tony Luck <tony.luck@intel.com>,
"Rafael J. Wysocki" <rjw@rjwysocki.net>,
Ben Skeggs <bskeggs@redhat.com>,
Kent Overstreet <kent.overstreet@gmail.com>,
Santosh Raspatur <santosh@chelsio.com>,
Hariprasad S <hariprasad@chelsio.com>,
Tariq Toukan <tariqt@mellanox.com>,
Yishai Hadas <yishaih@mellanox.com>,
Dan Williams <dan.j.williams@intel.com>,
Oleg Drokin <oleg.drokin@intel.com>,
Andreas Dilger <andreas.dilger@intel.com>,
Boris Ostrovsky <boris.ostrovsky@oracle.com>,
David Sterba <dsterba@suse.com>, "Yan, Zheng" <zyan@redhat.com>,
Ilya Dryomov <idryomov@gmail.com>,
Alexei Starovoitov <ast@kernel.org>,
Eric Dumazet <eric.dumazet@gmail.com>,
Network Development <netdev@vger.kernel.org>
Subject: Re: [PATCH 5/6] treewide: use kv[mz]alloc* rather than opencoded variants
Date: Tue, 24 Jan 2017 16:00:05 +0100 [thread overview]
Message-ID: <20170124150004.GM6867@dhcp22.suse.cz> (raw)
In-Reply-To: <7c109e9e-e28b-3ddb-42b6-902f46bf0572@suse.cz>
On Fri 20-01-17 14:41:37, Vlastimil Babka wrote:
> On 01/12/2017 06:37 PM, Michal Hocko wrote:
> > On Thu 12-01-17 09:26:09, Kees Cook wrote:
> >> On Thu, Jan 12, 2017 at 7:37 AM, Michal Hocko <mhocko@kernel.org> wrote:
> > [...]
> >>> diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
> >>> index 4f74511015b8..e6bbb33d2956 100644
> >>> --- a/arch/s390/kvm/kvm-s390.c
> >>> +++ b/arch/s390/kvm/kvm-s390.c
> >>> @@ -1126,10 +1126,7 @@ static long kvm_s390_get_skeys(struct kvm *kvm, struct kvm_s390_skeys *args)
> >>> if (args->count < 1 || args->count > KVM_S390_SKEYS_MAX)
> >>> return -EINVAL;
> >>>
> >>> - keys = kmalloc_array(args->count, sizeof(uint8_t),
> >>> - GFP_KERNEL | __GFP_NOWARN);
> >>> - if (!keys)
> >>> - keys = vmalloc(sizeof(uint8_t) * args->count);
> >>> + keys = kvmalloc(args->count * sizeof(uint8_t), GFP_KERNEL);
> >>
> >> Before doing this conversion, can we add a kvmalloc_array() API? This
> >> conversion could allow for the reintroduction of integer overflow
> >> flaws. (This particular situation isn't at risk since ->count is
> >> checked, but I'd prefer we not create a risky set of examples for
> >> using kvmalloc.)
> >
> > Well, I am not opposed to kvmalloc_array but I would argue that this
> > conversion cannot introduce new overflow issues. The code would have
> > to be broken already because even though kmalloc_array checks for the
> > overflow but vmalloc fallback doesn't...
>
> Yeah I agree, but if some of the places were really wrong, after the
> conversion we won't see them anymore.
>
> > If there is a general interest for this API I can add it.
>
> I think it would be better, yes.
OK, fair enough. I will fold the following into the original patch. I
was little bit reluctant to create kvcalloc so I've made the original
callers more talkative and added | __GFP_ZERO. To be honest I do not
really like how kcalloc...
---
diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
index e6bbb33d2956..aa558dce6bb4 100644
--- a/arch/s390/kvm/kvm-s390.c
+++ b/arch/s390/kvm/kvm-s390.c
@@ -1126,7 +1126,7 @@ static long kvm_s390_get_skeys(struct kvm *kvm, struct kvm_s390_skeys *args)
if (args->count < 1 || args->count > KVM_S390_SKEYS_MAX)
return -EINVAL;
- keys = kvmalloc(args->count * sizeof(uint8_t), GFP_KERNEL);
+ keys = kvmalloc_array(args->count, sizeof(uint8_t), GFP_KERNEL);
if (!keys)
return -ENOMEM;
@@ -1168,7 +1168,7 @@ static long kvm_s390_set_skeys(struct kvm *kvm, struct kvm_s390_skeys *args)
if (args->count < 1 || args->count > KVM_S390_SKEYS_MAX)
return -EINVAL;
- keys = kvmalloc(sizeof(uint8_t) * args->count, GFP_KERNEL);
+ keys = kvmalloc_array(args->count, sizeof(uint8_t), GFP_KERNEL);
if (!keys)
return -ENOMEM;
diff --git a/drivers/net/ethernet/mellanox/mlx4/mr.c b/drivers/net/ethernet/mellanox/mlx4/mr.c
index 82354fd0a87e..6583d4601480 100644
--- a/drivers/net/ethernet/mellanox/mlx4/mr.c
+++ b/drivers/net/ethernet/mellanox/mlx4/mr.c
@@ -115,7 +115,7 @@ static int mlx4_buddy_init(struct mlx4_buddy *buddy, int max_order)
for (i = 0; i <= buddy->max_order; ++i) {
s = BITS_TO_LONGS(1 << (buddy->max_order - i));
- buddy->bits[i] = kvzalloc(s * sizeof(long), GFP_KERNEL);
+ buddy->bits[i] = kvmalloc_array(s, sizeof(long), GFP_KERNEL | __GFP_ZERO);
if (!buddy->bits[i])
goto err_out_free;
}
diff --git a/include/linux/mm.h b/include/linux/mm.h
index 55fd570c3e1e..22c6e81d0c16 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -498,6 +498,14 @@ static inline void *kvzalloc(size_t size, gfp_t flags)
return kvmalloc(size, flags | __GFP_ZERO);
}
+static inline void *kvmalloc_array(size_t n, size_t size, gfp_t flags)
+{
+ if (size != 0 && n > SIZE_MAX / size)
+ return NULL;
+
+ return kvmalloc(n * size, flags);
+}
+
extern void kvfree(const void *addr);
static inline atomic_t *compound_mapcount_ptr(struct page *page)
diff --git a/kernel/bpf/hashtab.c b/kernel/bpf/hashtab.c
index 4ca30a951bbc..58ec07946fe6 100644
--- a/kernel/bpf/hashtab.c
+++ b/kernel/bpf/hashtab.c
@@ -320,7 +320,7 @@ static struct bpf_map *htab_map_alloc(union bpf_attr *attr)
goto free_htab;
err = -ENOMEM;
- htab->buckets = kvmalloc(htab->n_buckets * sizeof(struct bucket), GFP_USER);
+ htab->buckets = kvmalloc_array(htab->n_buckets, sizeof(struct bucket), GFP_USER);
if (!htab->buckets)
goto free_htab;
diff --git a/lib/iov_iter.c b/lib/iov_iter.c
index 45c17b5562b5..8f9caf095172 100644
--- a/lib/iov_iter.c
+++ b/lib/iov_iter.c
@@ -957,7 +957,7 @@ EXPORT_SYMBOL(iov_iter_get_pages);
static struct page **get_pages_array(size_t n)
{
- return kvmalloc(n * sizeof(struct page *), GFP_KERNEL);
+ return kvmalloc_array(n, sizeof(struct page *), GFP_KERNEL);
}
static ssize_t pipe_get_pages_alloc(struct iov_iter *i,
diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c
index a46a9fd8b540..0c4848bd86c4 100644
--- a/net/ipv4/inet_hashtables.c
+++ b/net/ipv4/inet_hashtables.c
@@ -687,7 +687,7 @@ int inet_ehash_locks_alloc(struct inet_hashinfo *hashinfo)
/* no more locks than number of hash buckets */
nblocks = min(nblocks, hashinfo->ehash_mask + 1);
- hashinfo->ehash_locks = kvmalloc(nblocks * locksz, GFP_KERNEL);
+ hashinfo->ehash_locks = kvmalloc_array(nblocks, locksz, GFP_KERNEL);
if (!hashinfo->ehash_locks)
return -ENOMEM;
diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
index cdc55d5ee4ad..eca16612b1ae 100644
--- a/net/netfilter/x_tables.c
+++ b/net/netfilter/x_tables.c
@@ -712,10 +712,7 @@ EXPORT_SYMBOL(xt_check_entry_offsets);
*/
unsigned int *xt_alloc_entry_offsets(unsigned int size)
{
- if (size < (SIZE_MAX / sizeof(unsigned int)))
- return kvzalloc(size * sizeof(unsigned int), GFP_KERNEL);
-
- return NULL;
+ return kvmalloc_array(size * sizeof(unsigned int), GFP_KERNEL | __GFP_ZERO);
}
EXPORT_SYMBOL(xt_alloc_entry_offsets);
diff --git a/net/sched/sch_choke.c b/net/sched/sch_choke.c
index 30d6a39fd2c8..47cbfae44898 100644
--- a/net/sched/sch_choke.c
+++ b/net/sched/sch_choke.c
@@ -431,7 +431,7 @@ static int choke_change(struct Qdisc *sch, struct nlattr *opt)
if (mask != q->tab_mask) {
struct sk_buff **ntab;
- ntab = kvzalloc((mask + 1) * sizeof(struct sk_buff *), GFP_KERNEL);
+ ntab = kvmalloc_array((mask + 1), sizeof(struct sk_buff *), GFP_KERNEL | __GFP_ZERO);
if (!ntab)
return -ENOMEM;
--
Michal Hocko
SUSE Labs
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2017-01-24 15:00 UTC|newest]
Thread overview: 129+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-12 15:37 [PATCH 0/6 v3] kvmalloc Michal Hocko
2017-01-12 15:37 ` Michal Hocko
2017-01-12 15:37 ` [PATCH 1/6] mm: introduce kv[mz]alloc helpers Michal Hocko
2017-01-12 15:37 ` Michal Hocko
2017-01-16 4:34 ` John Hubbard
2017-01-16 4:34 ` John Hubbard
2017-01-16 8:47 ` Michal Hocko
2017-01-16 8:47 ` Michal Hocko
2017-01-16 19:09 ` John Hubbard
2017-01-16 19:09 ` John Hubbard
2017-01-16 19:40 ` Michal Hocko
2017-01-16 19:40 ` Michal Hocko
2017-01-16 21:15 ` John Hubbard
2017-01-16 21:15 ` John Hubbard
2017-01-16 21:48 ` Michal Hocko
2017-01-16 21:48 ` Michal Hocko
2017-01-16 21:57 ` John Hubbard
2017-01-16 21:57 ` John Hubbard
2017-01-17 7:51 ` Michal Hocko
2017-01-17 7:51 ` Michal Hocko
2017-01-18 5:59 ` John Hubbard
2017-01-18 5:59 ` John Hubbard
2017-01-18 8:21 ` Michal Hocko
2017-01-18 8:21 ` Michal Hocko
2017-01-19 8:37 ` John Hubbard
2017-01-19 8:37 ` John Hubbard
2017-01-19 8:45 ` Michal Hocko
2017-01-19 8:45 ` Michal Hocko
2017-01-19 9:09 ` John Hubbard
2017-01-19 9:09 ` John Hubbard
2017-01-19 9:56 ` Michal Hocko
2017-01-19 9:56 ` Michal Hocko
2017-01-19 21:28 ` John Hubbard
2017-01-19 21:28 ` John Hubbard
2017-01-26 12:09 ` Michal Hocko
2017-01-26 12:09 ` Michal Hocko
2017-01-30 8:42 ` Vlastimil Babka
2017-01-30 8:42 ` Vlastimil Babka
2017-01-12 15:37 ` [PATCH 2/6] mm: support __GFP_REPEAT in kvmalloc_node for >=64kB Michal Hocko
2017-01-12 15:37 ` Michal Hocko
2017-01-12 16:12 ` Michael S. Tsirkin
2017-01-12 16:12 ` Michael S. Tsirkin
2017-01-14 2:42 ` Tetsuo Handa
2017-01-14 2:42 ` Tetsuo Handa
2017-01-14 8:45 ` Michal Hocko
2017-01-14 8:45 ` Michal Hocko
2017-01-24 15:40 ` Michael S. Tsirkin
2017-01-24 15:40 ` Michael S. Tsirkin
2017-01-12 15:37 ` [PATCH 3/6] rhashtable: simplify a strange allocation pattern Michal Hocko
2017-01-12 15:37 ` Michal Hocko
2017-01-12 15:37 ` [PATCH 4/6] ila: " Michal Hocko
2017-01-12 15:37 ` Michal Hocko
2017-01-12 15:37 ` [PATCH 5/6] treewide: use kv[mz]alloc* rather than opencoded variants Michal Hocko
2017-01-12 15:37 ` Michal Hocko
2017-01-12 15:37 ` Michal Hocko
2017-01-12 15:57 ` David Sterba
2017-01-12 15:57 ` David Sterba
2017-01-12 15:57 ` David Sterba
2017-01-12 16:05 ` Christian Borntraeger
2017-01-12 16:05 ` Christian Borntraeger
2017-01-12 16:05 ` Christian Borntraeger
2017-01-12 16:54 ` Ilya Dryomov
2017-01-12 16:54 ` Ilya Dryomov
2017-01-12 16:54 ` Ilya Dryomov
2017-01-12 17:18 ` Michal Hocko
2017-01-12 17:18 ` Michal Hocko
2017-01-12 17:18 ` Michal Hocko
2017-01-12 17:00 ` Dan Williams
2017-01-12 17:00 ` Dan Williams
2017-01-12 17:00 ` Dan Williams
2017-01-12 17:26 ` Kees Cook
2017-01-12 17:26 ` Kees Cook
2017-01-12 17:26 ` Kees Cook
2017-01-12 17:37 ` Michal Hocko
2017-01-12 17:37 ` Michal Hocko
2017-01-12 17:37 ` Michal Hocko
2017-01-20 13:41 ` Vlastimil Babka
2017-01-20 13:41 ` Vlastimil Babka
2017-01-20 13:41 ` Vlastimil Babka
2017-01-24 15:00 ` Michal Hocko [this message]
2017-01-24 15:00 ` Michal Hocko
2017-01-24 15:00 ` Michal Hocko
2017-01-25 11:15 ` Vlastimil Babka
2017-01-25 11:15 ` Vlastimil Babka
2017-01-25 11:15 ` Vlastimil Babka
2017-01-25 13:09 ` Michal Hocko
2017-01-25 13:09 ` Michal Hocko
2017-01-25 13:09 ` Michal Hocko
2017-01-25 13:40 ` Ilya Dryomov
2017-01-25 13:40 ` Ilya Dryomov
2017-01-25 13:40 ` Ilya Dryomov
2017-01-12 17:29 ` Michal Hocko
2017-01-12 17:29 ` Michal Hocko
2017-01-12 17:29 ` Michal Hocko
2017-01-14 3:01 ` Tetsuo Handa
2017-01-14 3:01 ` Tetsuo Handa
2017-01-14 8:49 ` Michal Hocko
2017-01-14 8:49 ` Michal Hocko
2017-01-12 20:14 ` Boris Ostrovsky
2017-01-12 20:14 ` Boris Ostrovsky
2017-01-12 20:14 ` Boris Ostrovsky
2017-01-13 1:11 ` Dilger, Andreas
2017-01-13 1:11 ` Dilger, Andreas
2017-01-13 1:11 ` Dilger, Andreas
2017-01-14 10:56 ` Leon Romanovsky
2017-01-14 10:56 ` Leon Romanovsky
2017-01-16 7:33 ` Michal Hocko
2017-01-16 7:33 ` Michal Hocko
2017-01-16 7:33 ` Michal Hocko
2017-01-16 8:28 ` Leon Romanovsky
2017-01-16 8:28 ` Leon Romanovsky
2017-01-16 8:18 ` Tariq Toukan
2017-01-16 8:18 ` Tariq Toukan
2017-01-16 8:18 ` Tariq Toukan
2017-01-12 15:37 ` [RFC PATCH 6/6] net: use kvmalloc with __GFP_REPEAT rather than open coded variant Michal Hocko
2017-01-12 15:37 ` Michal Hocko
2017-01-12 15:37 ` Michal Hocko
2017-01-24 15:17 ` [PATCH 0/6 v3] kvmalloc Michal Hocko
2017-01-24 15:17 ` Michal Hocko
2017-01-24 16:00 ` Eric Dumazet
2017-01-24 16:00 ` Eric Dumazet
2017-01-25 13:10 ` Michal Hocko
2017-01-25 13:10 ` Michal Hocko
2017-01-24 19:17 ` Alexei Starovoitov
2017-01-24 19:17 ` Alexei Starovoitov
2017-01-25 13:10 ` Michal Hocko
2017-01-25 13:10 ` Michal Hocko
2017-01-25 13:21 ` Michal Hocko
2017-01-25 13:21 ` Michal Hocko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170124150004.GM6867@dhcp22.suse.cz \
--to=mhocko@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=andreas.dilger@intel.com \
--cc=anton@enomsg.org \
--cc=ast@kernel.org \
--cc=boris.ostrovsky@oracle.com \
--cc=bskeggs@redhat.com \
--cc=ccross@android.com \
--cc=dan.j.williams@intel.com \
--cc=dsterba@suse.com \
--cc=eric.dumazet@gmail.com \
--cc=hannes@cmpxchg.org \
--cc=hariprasad@chelsio.com \
--cc=heiko.carstens@de.ibm.com \
--cc=herbert@gondor.apana.org.au \
--cc=idryomov@gmail.com \
--cc=keescook@chromium.org \
--cc=kent.overstreet@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mgorman@suse.de \
--cc=netdev@vger.kernel.org \
--cc=oleg.drokin@intel.com \
--cc=rientjes@google.com \
--cc=rjw@rjwysocki.net \
--cc=santosh@chelsio.com \
--cc=schwidefsky@de.ibm.com \
--cc=tariqt@mellanox.com \
--cc=tony.luck@intel.com \
--cc=vbabka@suse.cz \
--cc=viro@zeniv.linux.org.uk \
--cc=yishaih@mellanox.com \
--cc=zyan@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.