treewide: kmalloc() -> kmalloc_array()
The kmalloc() function has a 2-factor argument form, kmalloc_array(). This
patch replaces cases of:
kmalloc(a * b, gfp)
with:
kmalloc_array(a * b, gfp)
as well as handling cases of:
kmalloc(a * b * c, gfp)
with:
kmalloc(array3_size(a, b, c), gfp)
as it's slightly less ugly than:
kmalloc_array(array_size(a, b), c, gfp)
This does, however, attempt to ignore constant size factors like:
kmalloc(4 * 1024, gfp)
though any constants defined via macros get caught up in the conversion.
Any factors with a sizeof() of "unsigned char", "char", and "u8" were
dropped, since they're redundant.
The tools/ directory was manually excluded, since it has its own
implementation of kmalloc().
The Coccinelle script used for this was:
// Fix redundant parens around sizeof().
@@
type TYPE;
expression THING, E;
@@
(
kmalloc(
- (sizeof(TYPE)) * E
+ sizeof(TYPE) * E
, ...)
|
kmalloc(
- (sizeof(THING)) * E
+ sizeof(THING) * E
, ...)
)
// Drop single-byte sizes and redundant parens.
@@
expression COUNT;
typedef u8;
typedef __u8;
@@
(
kmalloc(
- sizeof(u8) * (COUNT)
+ COUNT
, ...)
|
kmalloc(
- sizeof(__u8) * (COUNT)
+ COUNT
, ...)
|
kmalloc(
- sizeof(char) * (COUNT)
+ COUNT
, ...)
|
kmalloc(
- sizeof(unsigned char) * (COUNT)
+ COUNT
, ...)
|
kmalloc(
- sizeof(u8) * COUNT
+ COUNT
, ...)
|
kmalloc(
- sizeof(__u8) * COUNT
+ COUNT
, ...)
|
kmalloc(
- sizeof(char) * COUNT
+ COUNT
, ...)
|
kmalloc(
- sizeof(unsigned char) * COUNT
+ COUNT
, ...)
)
// 2-factor product with sizeof(type/expression) and identifier or constant.
@@
type TYPE;
expression THING;
identifier COUNT_ID;
constant COUNT_CONST;
@@
(
- kmalloc
+ kmalloc_array
(
- sizeof(TYPE) * (COUNT_ID)
+ COUNT_ID, sizeof(TYPE)
, ...)
|
- kmalloc
+ kmalloc_array
(
- sizeof(TYPE) * COUNT_ID
+ COUNT_ID, sizeof(TYPE)
, ...)
|
- kmalloc
+ kmalloc_array
(
- sizeof(TYPE) * (COUNT_CONST)
+ COUNT_CONST, sizeof(TYPE)
, ...)
|
- kmalloc
+ kmalloc_array
(
- sizeof(TYPE) * COUNT_CONST
+ COUNT_CONST, sizeof(TYPE)
, ...)
|
- kmalloc
+ kmalloc_array
(
- sizeof(THING) * (COUNT_ID)
+ COUNT_ID, sizeof(THING)
, ...)
|
- kmalloc
+ kmalloc_array
(
- sizeof(THING) * COUNT_ID
+ COUNT_ID, sizeof(THING)
, ...)
|
- kmalloc
+ kmalloc_array
(
- sizeof(THING) * (COUNT_CONST)
+ COUNT_CONST, sizeof(THING)
, ...)
|
- kmalloc
+ kmalloc_array
(
- sizeof(THING) * COUNT_CONST
+ COUNT_CONST, sizeof(THING)
, ...)
)
// 2-factor product, only identifiers.
@@
identifier SIZE, COUNT;
@@
- kmalloc
+ kmalloc_array
(
- SIZE * COUNT
+ COUNT, SIZE
, ...)
// 3-factor product with 1 sizeof(type) or sizeof(expression), with
// redundant parens removed.
@@
expression THING;
identifier STRIDE, COUNT;
type TYPE;
@@
(
kmalloc(
- sizeof(TYPE) * (COUNT) * (STRIDE)
+ array3_size(COUNT, STRIDE, sizeof(TYPE))
, ...)
|
kmalloc(
- sizeof(TYPE) * (COUNT) * STRIDE
+ array3_size(COUNT, STRIDE, sizeof(TYPE))
, ...)
|
kmalloc(
- sizeof(TYPE) * COUNT * (STRIDE)
+ array3_size(COUNT, STRIDE, sizeof(TYPE))
, ...)
|
kmalloc(
- sizeof(TYPE) * COUNT * STRIDE
+ array3_size(COUNT, STRIDE, sizeof(TYPE))
, ...)
|
kmalloc(
- sizeof(THING) * (COUNT) * (STRIDE)
+ array3_size(COUNT, STRIDE, sizeof(THING))
, ...)
|
kmalloc(
- sizeof(THING) * (COUNT) * STRIDE
+ array3_size(COUNT, STRIDE, sizeof(THING))
, ...)
|
kmalloc(
- sizeof(THING) * COUNT * (STRIDE)
+ array3_size(COUNT, STRIDE, sizeof(THING))
, ...)
|
kmalloc(
- sizeof(THING) * COUNT * STRIDE
+ array3_size(COUNT, STRIDE, sizeof(THING))
, ...)
)
// 3-factor product with 2 sizeof(variable), with redundant parens removed.
@@
expression THING1, THING2;
identifier COUNT;
type TYPE1, TYPE2;
@@
(
kmalloc(
- sizeof(TYPE1) * sizeof(TYPE2) * COUNT
+ array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2))
, ...)
|
kmalloc(
- sizeof(TYPE1) * sizeof(THING2) * (COUNT)
+ array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2))
, ...)
|
kmalloc(
- sizeof(THING1) * sizeof(THING2) * COUNT
+ array3_size(COUNT, sizeof(THING1), sizeof(THING2))
, ...)
|
kmalloc(
- sizeof(THING1) * sizeof(THING2) * (COUNT)
+ array3_size(COUNT, sizeof(THING1), sizeof(THING2))
, ...)
|
kmalloc(
- sizeof(TYPE1) * sizeof(THING2) * COUNT
+ array3_size(COUNT, sizeof(TYPE1), sizeof(THING2))
, ...)
|
kmalloc(
- sizeof(TYPE1) * sizeof(THING2) * (COUNT)
+ array3_size(COUNT, sizeof(TYPE1), sizeof(THING2))
, ...)
)
// 3-factor product, only identifiers, with redundant parens removed.
@@
identifier STRIDE, SIZE, COUNT;
@@
(
kmalloc(
- (COUNT) * STRIDE * SIZE
+ array3_size(COUNT, STRIDE, SIZE)
, ...)
|
kmalloc(
- COUNT * (STRIDE) * SIZE
+ array3_size(COUNT, STRIDE, SIZE)
, ...)
|
kmalloc(
- COUNT * STRIDE * (SIZE)
+ array3_size(COUNT, STRIDE, SIZE)
, ...)
|
kmalloc(
- (COUNT) * (STRIDE) * SIZE
+ array3_size(COUNT, STRIDE, SIZE)
, ...)
|
kmalloc(
- COUNT * (STRIDE) * (SIZE)
+ array3_size(COUNT, STRIDE, SIZE)
, ...)
|
kmalloc(
- (COUNT) * STRIDE * (SIZE)
+ array3_size(COUNT, STRIDE, SIZE)
, ...)
|
kmalloc(
- (COUNT) * (STRIDE) * (SIZE)
+ array3_size(COUNT, STRIDE, SIZE)
, ...)
|
kmalloc(
- COUNT * STRIDE * SIZE
+ array3_size(COUNT, STRIDE, SIZE)
, ...)
)
// Any remaining multi-factor products, first at least 3-factor products,
// when they're not all constants...
@@
expression E1, E2, E3;
constant C1, C2, C3;
@@
(
kmalloc(C1 * C2 * C3, ...)
|
kmalloc(
- (E1) * E2 * E3
+ array3_size(E1, E2, E3)
, ...)
|
kmalloc(
- (E1) * (E2) * E3
+ array3_size(E1, E2, E3)
, ...)
|
kmalloc(
- (E1) * (E2) * (E3)
+ array3_size(E1, E2, E3)
, ...)
|
kmalloc(
- E1 * E2 * E3
+ array3_size(E1, E2, E3)
, ...)
)
// And then all remaining 2 factors products when they're not all constants,
// keeping sizeof() as the second factor argument.
@@
expression THING, E1, E2;
type TYPE;
constant C1, C2, C3;
@@
(
kmalloc(sizeof(THING) * C2, ...)
|
kmalloc(sizeof(TYPE) * C2, ...)
|
kmalloc(C1 * C2 * C3, ...)
|
kmalloc(C1 * C2, ...)
|
- kmalloc
+ kmalloc_array
(
- sizeof(TYPE) * (E2)
+ E2, sizeof(TYPE)
, ...)
|
- kmalloc
+ kmalloc_array
(
- sizeof(TYPE) * E2
+ E2, sizeof(TYPE)
, ...)
|
- kmalloc
+ kmalloc_array
(
- sizeof(THING) * (E2)
+ E2, sizeof(THING)
, ...)
|
- kmalloc
+ kmalloc_array
(
- sizeof(THING) * E2
+ E2, sizeof(THING)
, ...)
|
- kmalloc
+ kmalloc_array
(
- (E1) * E2
+ E1, E2
, ...)
|
- kmalloc
+ kmalloc_array
(
- (E1) * (E2)
+ E1, E2
, ...)
|
- kmalloc
+ kmalloc_array
(
- E1 * E2
+ E1, E2
, ...)
)
Signed-off-by: Kees Cook <keescook@chromium.org>
diff --git a/fs/9p/fid.c b/fs/9p/fid.c
index ed4f851..a9ef46f 100644
--- a/fs/9p/fid.c
+++ b/fs/9p/fid.c
@@ -100,7 +100,7 @@
for (ds = dentry; !IS_ROOT(ds); ds = ds->d_parent)
n++;
- wnames = kmalloc(sizeof(char *) * n, GFP_KERNEL);
+ wnames = kmalloc_array(n, sizeof(char *), GFP_KERNEL);
if (!wnames)
goto err_out;
diff --git a/fs/adfs/super.c b/fs/adfs/super.c
index cfda2c7..71fa525 100644
--- a/fs/adfs/super.c
+++ b/fs/adfs/super.c
@@ -313,7 +313,7 @@
asb->s_ids_per_zone = zone_size / (asb->s_idlen + 1);
- dm = kmalloc(nzones * sizeof(*dm), GFP_KERNEL);
+ dm = kmalloc_array(nzones, sizeof(*dm), GFP_KERNEL);
if (dm == NULL) {
adfs_error(sb, "not enough memory");
return ERR_PTR(-ENOMEM);
diff --git a/fs/afs/cmservice.c b/fs/afs/cmservice.c
index c332c95..238fd28 100644
--- a/fs/afs/cmservice.c
+++ b/fs/afs/cmservice.c
@@ -191,7 +191,8 @@
if (call->count > AFSCBMAX)
return afs_protocol_error(call, -EBADMSG);
- call->buffer = kmalloc(call->count * 3 * 4, GFP_KERNEL);
+ call->buffer = kmalloc(array3_size(call->count, 3, 4),
+ GFP_KERNEL);
if (!call->buffer)
return -ENOMEM;
call->offset = 0;
@@ -330,7 +331,7 @@
switch (call->unmarshall) {
case 0:
call->offset = 0;
- call->buffer = kmalloc(11 * sizeof(__be32), GFP_KERNEL);
+ call->buffer = kmalloc_array(11, sizeof(__be32), GFP_KERNEL);
if (!call->buffer)
return -ENOMEM;
call->unmarshall++;
@@ -453,7 +454,7 @@
switch (call->unmarshall) {
case 0:
call->offset = 0;
- call->buffer = kmalloc(11 * sizeof(__be32), GFP_KERNEL);
+ call->buffer = kmalloc_array(11, sizeof(__be32), GFP_KERNEL);
if (!call->buffer)
return -ENOMEM;
call->unmarshall++;
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index 4ad6f66..bf5ee6f 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -2010,7 +2010,7 @@
INIT_LIST_HEAD(&info->thread_list);
/* Allocate space for ELF notes */
- info->notes = kmalloc(8 * sizeof(struct memelfnote), GFP_KERNEL);
+ info->notes = kmalloc_array(8, sizeof(struct memelfnote), GFP_KERNEL);
if (!info->notes)
return 0;
info->psinfo = kmalloc(sizeof(*info->psinfo), GFP_KERNEL);
diff --git a/fs/binfmt_elf_fdpic.c b/fs/binfmt_elf_fdpic.c
index d90993a..b53bb37 100644
--- a/fs/binfmt_elf_fdpic.c
+++ b/fs/binfmt_elf_fdpic.c
@@ -1600,7 +1600,8 @@
psinfo = kmalloc(sizeof(*psinfo), GFP_KERNEL);
if (!psinfo)
goto cleanup;
- notes = kmalloc(NUM_NOTES * sizeof(struct memelfnote), GFP_KERNEL);
+ notes = kmalloc_array(NUM_NOTES, sizeof(struct memelfnote),
+ GFP_KERNEL);
if (!notes)
goto cleanup;
fpu = kmalloc(sizeof(*fpu), GFP_KERNEL);
diff --git a/fs/block_dev.c b/fs/block_dev.c
index 05e12ae..0dd87aa 100644
--- a/fs/block_dev.c
+++ b/fs/block_dev.c
@@ -205,7 +205,8 @@
if (nr_pages <= DIO_INLINE_BIO_VECS)
vecs = inline_vecs;
else {
- vecs = kmalloc(nr_pages * sizeof(struct bio_vec), GFP_KERNEL);
+ vecs = kmalloc_array(nr_pages, sizeof(struct bio_vec),
+ GFP_KERNEL);
if (!vecs)
return -ENOMEM;
}
diff --git a/fs/ceph/addr.c b/fs/ceph/addr.c
index 5f7ad3d..c9cb2f3 100644
--- a/fs/ceph/addr.c
+++ b/fs/ceph/addr.c
@@ -370,7 +370,7 @@
/* build page vector */
nr_pages = calc_pages_for(0, len);
- pages = kmalloc(sizeof(*pages) * nr_pages, GFP_KERNEL);
+ pages = kmalloc_array(nr_pages, sizeof(*pages), GFP_KERNEL);
if (!pages) {
ret = -ENOMEM;
goto out_put;
@@ -966,8 +966,9 @@
BUG_ON(pages);
max_pages = calc_pages_for(0, (u64)len);
- pages = kmalloc(max_pages * sizeof (*pages),
- GFP_NOFS);
+ pages = kmalloc_array(max_pages,
+ sizeof(*pages),
+ GFP_NOFS);
if (!pages) {
pool = fsc->wb_pagevec_pool;
pages = mempool_alloc(pool, GFP_NOFS);
@@ -1113,8 +1114,8 @@
/* allocate new pages array for next request */
data_pages = pages;
- pages = kmalloc(locked_pages * sizeof (*pages),
- GFP_NOFS);
+ pages = kmalloc_array(locked_pages, sizeof(*pages),
+ GFP_NOFS);
if (!pages) {
pool = fsc->wb_pagevec_pool;
pages = mempool_alloc(pool, GFP_NOFS);
diff --git a/fs/ceph/mds_client.c b/fs/ceph/mds_client.c
index 5ece2e6..cf8d248 100644
--- a/fs/ceph/mds_client.c
+++ b/fs/ceph/mds_client.c
@@ -2992,8 +2992,9 @@
num_flock_locks = 0;
}
if (num_fcntl_locks + num_flock_locks > 0) {
- flocks = kmalloc((num_fcntl_locks + num_flock_locks) *
- sizeof(struct ceph_filelock), GFP_NOFS);
+ flocks = kmalloc_array(num_fcntl_locks + num_flock_locks,
+ sizeof(struct ceph_filelock),
+ GFP_NOFS);
if (!flocks) {
err = -ENOMEM;
goto out_free;
diff --git a/fs/cifs/asn1.c b/fs/cifs/asn1.c
index a3b5654..3d19595 100644
--- a/fs/cifs/asn1.c
+++ b/fs/cifs/asn1.c
@@ -428,7 +428,7 @@
if (size < 2 || size > UINT_MAX/sizeof(unsigned long))
return 0;
- *oid = kmalloc(size * sizeof(unsigned long), GFP_ATOMIC);
+ *oid = kmalloc_array(size, sizeof(unsigned long), GFP_ATOMIC);
if (*oid == NULL)
return 0;
diff --git a/fs/cifs/cifsacl.c b/fs/cifs/cifsacl.c
index 13a8a77..1d377b7 100644
--- a/fs/cifs/cifsacl.c
+++ b/fs/cifs/cifsacl.c
@@ -747,8 +747,8 @@
if (num_aces > ULONG_MAX / sizeof(struct cifs_ace *))
return;
- ppace = kmalloc(num_aces * sizeof(struct cifs_ace *),
- GFP_KERNEL);
+ ppace = kmalloc_array(num_aces, sizeof(struct cifs_ace *),
+ GFP_KERNEL);
if (!ppace)
return;
diff --git a/fs/cifs/inode.c b/fs/cifs/inode.c
index 745fd7f..a94071c 100644
--- a/fs/cifs/inode.c
+++ b/fs/cifs/inode.c
@@ -1792,7 +1792,7 @@
* with unix extensions enabled.
*/
info_buf_source =
- kmalloc(2 * sizeof(FILE_UNIX_BASIC_INFO),
+ kmalloc_array(2, sizeof(FILE_UNIX_BASIC_INFO),
GFP_KERNEL);
if (info_buf_source == NULL) {
rc = -ENOMEM;
diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
index 48e2004..af032e1 100644
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -3471,7 +3471,7 @@
if (!num)
return -EINVAL;
- iov = kmalloc(sizeof(struct kvec) * num, GFP_KERNEL);
+ iov = kmalloc_array(num, sizeof(struct kvec), GFP_KERNEL);
if (!iov)
return -ENOMEM;
@@ -3535,7 +3535,7 @@
int rc;
int len = (2 * UniStrnlen((wchar_t *)target_file, PATH_MAX));
- data = kmalloc(sizeof(void *) * 2, GFP_KERNEL);
+ data = kmalloc_array(2, sizeof(void *), GFP_KERNEL);
if (!data)
return -ENOMEM;
@@ -3583,7 +3583,7 @@
int rc;
int len = (2 * UniStrnlen((wchar_t *)target_file, PATH_MAX));
- data = kmalloc(sizeof(void *) * 2, GFP_KERNEL);
+ data = kmalloc_array(2, sizeof(void *), GFP_KERNEL);
if (!data)
return -ENOMEM;
diff --git a/fs/cifs/transport.c b/fs/cifs/transport.c
index 24887a0..1f1a68f 100644
--- a/fs/cifs/transport.c
+++ b/fs/cifs/transport.c
@@ -844,8 +844,8 @@
int rc;
if (n_vec + 1 > CIFS_MAX_IOV_SIZE) {
- new_iov = kmalloc(sizeof(struct kvec) * (n_vec + 1),
- GFP_KERNEL);
+ new_iov = kmalloc_array(n_vec + 1, sizeof(struct kvec),
+ GFP_KERNEL);
if (!new_iov) {
/* otherwise cifs_send_recv below sets resp_buf_type */
*resp_buf_type = CIFS_NO_BUFFER;
@@ -886,8 +886,8 @@
__be32 rfc1002_marker;
if (n_vec + 1 > CIFS_MAX_IOV_SIZE) {
- new_iov = kmalloc(sizeof(struct kvec) * (n_vec + 1),
- GFP_KERNEL);
+ new_iov = kmalloc_array(n_vec + 1, sizeof(struct kvec),
+ GFP_KERNEL);
if (!new_iov)
return -ENOMEM;
} else
diff --git a/fs/exofs/inode.c b/fs/exofs/inode.c
index 0ac6281..5f81fcd 100644
--- a/fs/exofs/inode.c
+++ b/fs/exofs/inode.c
@@ -110,8 +110,8 @@
pages = exofs_max_io_pages(&pcol->sbi->layout, pcol->expected_pages);
for (; pages; pages >>= 1) {
- pcol->pages = kmalloc(pages * sizeof(struct page *),
- GFP_KERNEL);
+ pcol->pages = kmalloc_array(pages, sizeof(struct page *),
+ GFP_KERNEL);
if (likely(pcol->pages)) {
pcol->alloc_pages = pages;
return 0;
diff --git a/fs/ext2/super.c b/fs/ext2/super.c
index c09289a..25ab127 100644
--- a/fs/ext2/super.c
+++ b/fs/ext2/super.c
@@ -1082,7 +1082,9 @@
/ EXT2_BLOCKS_PER_GROUP(sb)) + 1;
db_count = (sbi->s_groups_count + EXT2_DESC_PER_BLOCK(sb) - 1) /
EXT2_DESC_PER_BLOCK(sb);
- sbi->s_group_desc = kmalloc (db_count * sizeof (struct buffer_head *), GFP_KERNEL);
+ sbi->s_group_desc = kmalloc_array (db_count,
+ sizeof(struct buffer_head *),
+ GFP_KERNEL);
if (sbi->s_group_desc == NULL) {
ext2_msg(sb, KERN_ERR, "error: not enough memory");
goto failed_mount;
diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c
index d792b76..e5fb384 100644
--- a/fs/ext4/resize.c
+++ b/fs/ext4/resize.c
@@ -204,12 +204,14 @@
goto out2;
flex_gd->count = flexbg_size;
- flex_gd->groups = kmalloc(sizeof(struct ext4_new_group_data) *
- flexbg_size, GFP_NOFS);
+ flex_gd->groups = kmalloc_array(flexbg_size,
+ sizeof(struct ext4_new_group_data),
+ GFP_NOFS);
if (flex_gd->groups == NULL)
goto out2;
- flex_gd->bg_flags = kmalloc(flexbg_size * sizeof(__u16), GFP_NOFS);
+ flex_gd->bg_flags = kmalloc_array(flexbg_size, sizeof(__u16),
+ GFP_NOFS);
if (flex_gd->bg_flags == NULL)
goto out1;
@@ -969,7 +971,7 @@
int res, i;
int err;
- primary = kmalloc(reserved_gdb * sizeof(*primary), GFP_NOFS);
+ primary = kmalloc_array(reserved_gdb, sizeof(*primary), GFP_NOFS);
if (!primary)
return -ENOMEM;
diff --git a/fs/fat/namei_vfat.c b/fs/fat/namei_vfat.c
index 4f4362d..d4e23f8 100644
--- a/fs/fat/namei_vfat.c
+++ b/fs/fat/namei_vfat.c
@@ -664,7 +664,7 @@
if (len == 0)
return -ENOENT;
- slots = kmalloc(sizeof(*slots) * MSDOS_SLOTS, GFP_NOFS);
+ slots = kmalloc_array(MSDOS_SLOTS, sizeof(*slots), GFP_NOFS);
if (slots == NULL)
return -ENOMEM;
diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c
index e03ca14..c6b88fa 100644
--- a/fs/fuse/dev.c
+++ b/fs/fuse/dev.c
@@ -64,9 +64,12 @@
pages = req->inline_pages;
page_descs = req->inline_page_descs;
} else {
- pages = kmalloc(sizeof(struct page *) * npages, flags);
- page_descs = kmalloc(sizeof(struct fuse_page_desc) *
- npages, flags);
+ pages = kmalloc_array(npages, sizeof(struct page *),
+ flags);
+ page_descs =
+ kmalloc_array(npages,
+ sizeof(struct fuse_page_desc),
+ flags);
}
if (!pages || !page_descs) {
@@ -1359,7 +1362,8 @@
if (!fud)
return -EPERM;
- bufs = kmalloc(pipe->buffers * sizeof(struct pipe_buffer), GFP_KERNEL);
+ bufs = kmalloc_array(pipe->buffers, sizeof(struct pipe_buffer),
+ GFP_KERNEL);
if (!bufs)
return -ENOMEM;
@@ -1940,7 +1944,8 @@
if (!fud)
return -EPERM;
- bufs = kmalloc(pipe->buffers * sizeof(struct pipe_buffer), GFP_KERNEL);
+ bufs = kmalloc_array(pipe->buffers, sizeof(struct pipe_buffer),
+ GFP_KERNEL);
if (!bufs)
return -ENOMEM;
diff --git a/fs/gfs2/dir.c b/fs/gfs2/dir.c
index d9fb0ad..3090c44 100644
--- a/fs/gfs2/dir.c
+++ b/fs/gfs2/dir.c
@@ -1055,7 +1055,7 @@
/* Change the pointers.
Don't bother distinguishing stuffed from non-stuffed.
This code is complicated enough already. */
- lp = kmalloc(half_len * sizeof(__be64), GFP_NOFS);
+ lp = kmalloc_array(half_len, sizeof(__be64), GFP_NOFS);
if (!lp) {
error = -ENOMEM;
goto fail_brelse;
@@ -1169,7 +1169,7 @@
if (IS_ERR(hc))
return PTR_ERR(hc);
- hc2 = kmalloc(hsize_bytes * 2, GFP_NOFS | __GFP_NOWARN);
+ hc2 = kmalloc_array(hsize_bytes, 2, GFP_NOFS | __GFP_NOWARN);
if (hc2 == NULL)
hc2 = __vmalloc(hsize_bytes * 2, GFP_NOFS, PAGE_KERNEL);
@@ -1596,7 +1596,7 @@
error = -ENOMEM;
/* 96 is max number of dirents which can be stuffed into an inode */
- darr = kmalloc(96 * sizeof(struct gfs2_dirent *), GFP_NOFS);
+ darr = kmalloc_array(96, sizeof(struct gfs2_dirent *), GFP_NOFS);
if (darr) {
g.pdent = (const struct gfs2_dirent **)darr;
g.offset = 0;
diff --git a/fs/gfs2/glock.c b/fs/gfs2/glock.c
index 097bd3c..4614ee2 100644
--- a/fs/gfs2/glock.c
+++ b/fs/gfs2/glock.c
@@ -1303,7 +1303,8 @@
default:
if (num_gh <= 4)
break;
- pph = kmalloc(num_gh * sizeof(struct gfs2_holder *), GFP_NOFS);
+ pph = kmalloc_array(num_gh, sizeof(struct gfs2_holder *),
+ GFP_NOFS);
if (!pph)
return -ENOMEM;
}
diff --git a/fs/gfs2/quota.c b/fs/gfs2/quota.c
index e8585df..0efae7a 100644
--- a/fs/gfs2/quota.c
+++ b/fs/gfs2/quota.c
@@ -886,7 +886,7 @@
gfs2_write_calc_reserv(ip, sizeof(struct gfs2_quota),
&data_blocks, &ind_blocks);
- ghs = kmalloc(num_qd * sizeof(struct gfs2_holder), GFP_NOFS);
+ ghs = kmalloc_array(num_qd, sizeof(struct gfs2_holder), GFP_NOFS);
if (!ghs)
return -ENOMEM;
diff --git a/fs/gfs2/rgrp.c b/fs/gfs2/rgrp.c
index 6bc5cfe..33abcf2 100644
--- a/fs/gfs2/rgrp.c
+++ b/fs/gfs2/rgrp.c
@@ -2605,8 +2605,9 @@
{
unsigned int x;
- rlist->rl_ghs = kmalloc(rlist->rl_rgrps * sizeof(struct gfs2_holder),
- GFP_NOFS | __GFP_NOFAIL);
+ rlist->rl_ghs = kmalloc_array(rlist->rl_rgrps,
+ sizeof(struct gfs2_holder),
+ GFP_NOFS | __GFP_NOFAIL);
for (x = 0; x < rlist->rl_rgrps; x++)
gfs2_holder_init(rlist->rl_rgd[x]->rd_gl,
state, 0,
diff --git a/fs/gfs2/super.c b/fs/gfs2/super.c
index cf5c7f3..af0d5b0 100644
--- a/fs/gfs2/super.c
+++ b/fs/gfs2/super.c
@@ -1097,7 +1097,7 @@
int error = 0, err;
memset(sc, 0, sizeof(struct gfs2_statfs_change_host));
- gha = kmalloc(slots * sizeof(struct gfs2_holder), GFP_KERNEL);
+ gha = kmalloc_array(slots, sizeof(struct gfs2_holder), GFP_KERNEL);
if (!gha)
return -ENOMEM;
for (x = 0; x < slots; x++)
diff --git a/fs/hpfs/dnode.c b/fs/hpfs/dnode.c
index a4ad18a..4ada525 100644
--- a/fs/hpfs/dnode.c
+++ b/fs/hpfs/dnode.c
@@ -33,7 +33,8 @@
if (hpfs_inode->i_rddir_off[i] == pos)
return 0;
if (!(i&0x0f)) {
- if (!(ppos = kmalloc((i+0x11) * sizeof(loff_t*), GFP_NOFS))) {
+ ppos = kmalloc_array(i + 0x11, sizeof(loff_t *), GFP_NOFS);
+ if (!ppos) {
pr_err("out of memory for position list\n");
return -ENOMEM;
}
diff --git a/fs/hpfs/map.c b/fs/hpfs/map.c
index 7c49f1e..ecd9fcc 100644
--- a/fs/hpfs/map.c
+++ b/fs/hpfs/map.c
@@ -115,7 +115,7 @@
int n = (hpfs_sb(s)->sb_fs_size + 0x200000 - 1) >> 21;
int i;
__le32 *b;
- if (!(b = kmalloc(n * 512, GFP_KERNEL))) {
+ if (!(b = kmalloc_array(n, 512, GFP_KERNEL))) {
pr_err("can't allocate memory for bitmap directory\n");
return NULL;
}
diff --git a/fs/jbd2/revoke.c b/fs/jbd2/revoke.c
index 240779e..a1143e5 100644
--- a/fs/jbd2/revoke.c
+++ b/fs/jbd2/revoke.c
@@ -223,7 +223,7 @@
table->hash_size = hash_size;
table->hash_shift = shift;
table->hash_table =
- kmalloc(hash_size * sizeof(struct list_head), GFP_KERNEL);
+ kmalloc_array(hash_size, sizeof(struct list_head), GFP_KERNEL);
if (!table->hash_table) {
kmem_cache_free(jbd2_revoke_table_cache, table);
table = NULL;
diff --git a/fs/jffs2/wbuf.c b/fs/jffs2/wbuf.c
index 2cfe487..c6821a50 100644
--- a/fs/jffs2/wbuf.c
+++ b/fs/jffs2/wbuf.c
@@ -1208,7 +1208,7 @@
if (!c->wbuf)
return -ENOMEM;
- c->oobbuf = kmalloc(NR_OOB_SCAN_PAGES * c->oobavail, GFP_KERNEL);
+ c->oobbuf = kmalloc_array(NR_OOB_SCAN_PAGES, c->oobavail, GFP_KERNEL);
if (!c->oobbuf) {
kfree(c->wbuf);
return -ENOMEM;
diff --git a/fs/jfs/jfs_dmap.c b/fs/jfs/jfs_dmap.c
index 2d514c7..49263e2 100644
--- a/fs/jfs/jfs_dmap.c
+++ b/fs/jfs/jfs_dmap.c
@@ -1641,7 +1641,7 @@
max_ranges = nblocks;
do_div(max_ranges, minlen);
range_cnt = min_t(u64, max_ranges + 1, 32 * 1024);
- totrim = kmalloc(sizeof(struct range2trim) * range_cnt, GFP_NOFS);
+ totrim = kmalloc_array(range_cnt, sizeof(struct range2trim), GFP_NOFS);
if (totrim == NULL) {
jfs_error(bmp->db_ipbmap->i_sb, "no memory for trim array\n");
IWRITE_UNLOCK(ipbmap);
diff --git a/fs/jfs/jfs_dtree.c b/fs/jfs/jfs_dtree.c
index de2bcb3..52bae3f 100644
--- a/fs/jfs/jfs_dtree.c
+++ b/fs/jfs/jfs_dtree.c
@@ -594,7 +594,8 @@
struct component_name ciKey;
struct super_block *sb = ip->i_sb;
- ciKey.name = kmalloc((JFS_NAME_MAX + 1) * sizeof(wchar_t), GFP_NOFS);
+ ciKey.name = kmalloc_array(JFS_NAME_MAX + 1, sizeof(wchar_t),
+ GFP_NOFS);
if (!ciKey.name) {
rc = -ENOMEM;
goto dtSearch_Exit2;
@@ -957,7 +958,7 @@
smp = split->mp;
sp = DT_PAGE(ip, smp);
- key.name = kmalloc((JFS_NAME_MAX + 2) * sizeof(wchar_t), GFP_NOFS);
+ key.name = kmalloc_array(JFS_NAME_MAX + 2, sizeof(wchar_t), GFP_NOFS);
if (!key.name) {
DT_PUTPAGE(smp);
rc = -ENOMEM;
@@ -3779,12 +3780,12 @@
struct component_name lkey;
struct component_name rkey;
- lkey.name = kmalloc((JFS_NAME_MAX + 1) * sizeof(wchar_t),
+ lkey.name = kmalloc_array(JFS_NAME_MAX + 1, sizeof(wchar_t),
GFP_KERNEL);
if (lkey.name == NULL)
return -ENOMEM;
- rkey.name = kmalloc((JFS_NAME_MAX + 1) * sizeof(wchar_t),
+ rkey.name = kmalloc_array(JFS_NAME_MAX + 1, sizeof(wchar_t),
GFP_KERNEL);
if (rkey.name == NULL) {
kfree(lkey.name);
diff --git a/fs/jfs/jfs_unicode.c b/fs/jfs/jfs_unicode.c
index c7de6f5..0148e2e 100644
--- a/fs/jfs/jfs_unicode.c
+++ b/fs/jfs/jfs_unicode.c
@@ -121,7 +121,7 @@
return -ENAMETOOLONG;
uniName->name =
- kmalloc((length + 1) * sizeof(wchar_t), GFP_NOFS);
+ kmalloc_array(length + 1, sizeof(wchar_t), GFP_NOFS);
if (uniName->name == NULL)
return -ENOMEM;
diff --git a/fs/mbcache.c b/fs/mbcache.c
index bf41e2e..081ccf0 100644
--- a/fs/mbcache.c
+++ b/fs/mbcache.c
@@ -353,8 +353,9 @@
cache->c_max_entries = bucket_count << 4;
INIT_LIST_HEAD(&cache->c_list);
spin_lock_init(&cache->c_list_lock);
- cache->c_hash = kmalloc(bucket_count * sizeof(struct hlist_bl_head),
- GFP_KERNEL);
+ cache->c_hash = kmalloc_array(bucket_count,
+ sizeof(struct hlist_bl_head),
+ GFP_KERNEL);
if (!cache->c_hash) {
kfree(cache);
goto err_out;
diff --git a/fs/namei.c b/fs/namei.c
index 6df1f61..2490ddb 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -537,12 +537,12 @@
struct saved *p;
if (nd->flags & LOOKUP_RCU) {
- p= kmalloc(MAXSYMLINKS * sizeof(struct saved),
+ p= kmalloc_array(MAXSYMLINKS, sizeof(struct saved),
GFP_ATOMIC);
if (unlikely(!p))
return -ECHILD;
} else {
- p= kmalloc(MAXSYMLINKS * sizeof(struct saved),
+ p= kmalloc_array(MAXSYMLINKS, sizeof(struct saved),
GFP_KERNEL);
if (unlikely(!p))
return -ENOMEM;
diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c
index 66eaeb1..9c247fa1 100644
--- a/fs/nfsd/nfs4recover.c
+++ b/fs/nfsd/nfs4recover.c
@@ -510,8 +510,9 @@
struct nfsd_net *nn = net_generic(net, nfsd_net_id);
int i;
- nn->reclaim_str_hashtbl = kmalloc(sizeof(struct list_head) *
- CLIENT_HASH_SIZE, GFP_KERNEL);
+ nn->reclaim_str_hashtbl = kmalloc_array(CLIENT_HASH_SIZE,
+ sizeof(struct list_head),
+ GFP_KERNEL);
if (!nn->reclaim_str_hashtbl)
return -ENOMEM;
diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
index fc74d6f..39370a5 100644
--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -1807,8 +1807,9 @@
clp->cl_name.data = kmemdup(name.data, name.len, GFP_KERNEL);
if (clp->cl_name.data == NULL)
goto err_no_name;
- clp->cl_ownerstr_hashtbl = kmalloc(sizeof(struct list_head) *
- OWNER_HASH_SIZE, GFP_KERNEL);
+ clp->cl_ownerstr_hashtbl = kmalloc_array(OWNER_HASH_SIZE,
+ sizeof(struct list_head),
+ GFP_KERNEL);
if (!clp->cl_ownerstr_hashtbl)
goto err_no_hashtbl;
for (i = 0; i < OWNER_HASH_SIZE; i++)
@@ -7093,16 +7094,19 @@
struct nfsd_net *nn = net_generic(net, nfsd_net_id);
int i;
- nn->conf_id_hashtbl = kmalloc(sizeof(struct list_head) *
- CLIENT_HASH_SIZE, GFP_KERNEL);
+ nn->conf_id_hashtbl = kmalloc_array(CLIENT_HASH_SIZE,
+ sizeof(struct list_head),
+ GFP_KERNEL);
if (!nn->conf_id_hashtbl)
goto err;
- nn->unconf_id_hashtbl = kmalloc(sizeof(struct list_head) *
- CLIENT_HASH_SIZE, GFP_KERNEL);
+ nn->unconf_id_hashtbl = kmalloc_array(CLIENT_HASH_SIZE,
+ sizeof(struct list_head),
+ GFP_KERNEL);
if (!nn->unconf_id_hashtbl)
goto err_unconf_id;
- nn->sessionid_hashtbl = kmalloc(sizeof(struct list_head) *
- SESSION_HASH_SIZE, GFP_KERNEL);
+ nn->sessionid_hashtbl = kmalloc_array(SESSION_HASH_SIZE,
+ sizeof(struct list_head),
+ GFP_KERNEL);
if (!nn->sessionid_hashtbl)
goto err_sessionid;
diff --git a/fs/ntfs/compress.c b/fs/ntfs/compress.c
index f8eb043..fbd0090 100644
--- a/fs/ntfs/compress.c
+++ b/fs/ntfs/compress.c
@@ -527,7 +527,7 @@
BUG_ON(ni->type != AT_DATA);
BUG_ON(ni->name_len);
- pages = kmalloc(nr_pages * sizeof(struct page *), GFP_NOFS);
+ pages = kmalloc_array(nr_pages, sizeof(struct page *), GFP_NOFS);
/* Allocate memory to store the buffer heads we need. */
bhs_size = cb_size / block_size * sizeof(struct buffer_head *);
diff --git a/fs/ocfs2/cluster/tcp.c b/fs/ocfs2/cluster/tcp.c
index e507618..1296f78 100644
--- a/fs/ocfs2/cluster/tcp.c
+++ b/fs/ocfs2/cluster/tcp.c
@@ -1078,7 +1078,7 @@
o2net_set_nst_sock_container(&nst, sc);
veclen = caller_veclen + 1;
- vec = kmalloc(sizeof(struct kvec) * veclen, GFP_ATOMIC);
+ vec = kmalloc_array(veclen, sizeof(struct kvec), GFP_ATOMIC);
if (vec == NULL) {
mlog(0, "failed to %zu element kvec!\n", veclen);
ret = -ENOMEM;
diff --git a/fs/ocfs2/dlm/dlmdomain.c b/fs/ocfs2/dlm/dlmdomain.c
index 425081b..2acd58b 100644
--- a/fs/ocfs2/dlm/dlmdomain.c
+++ b/fs/ocfs2/dlm/dlmdomain.c
@@ -86,7 +86,7 @@
static void **dlm_alloc_pagevec(int pages)
{
- void **vec = kmalloc(pages * sizeof(void *), GFP_KERNEL);
+ void **vec = kmalloc_array(pages, sizeof(void *), GFP_KERNEL);
int i;
if (!vec)
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 4aa9ce5..80aa425 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -389,7 +389,8 @@
unsigned long *entries;
int err;
- entries = kmalloc(MAX_STACK_TRACE_DEPTH * sizeof(*entries), GFP_KERNEL);
+ entries = kmalloc_array(MAX_STACK_TRACE_DEPTH, sizeof(*entries),
+ GFP_KERNEL);
if (!entries)
return -ENOMEM;
diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
index 597969d..e967901 100644
--- a/fs/proc/task_mmu.c
+++ b/fs/proc/task_mmu.c
@@ -1473,7 +1473,7 @@
pm.show_pfn = file_ns_capable(file, &init_user_ns, CAP_SYS_ADMIN);
pm.len = (PAGEMAP_WALK_SIZE >> PAGE_SHIFT);
- pm.buffer = kmalloc(pm.len * PM_ENTRY_BYTES, GFP_KERNEL);
+ pm.buffer = kmalloc_array(pm.len, PM_ENTRY_BYTES, GFP_KERNEL);
ret = -ENOMEM;
if (!pm.buffer)
goto out_mm;
diff --git a/fs/read_write.c b/fs/read_write.c
index e83bd97..153f8f6 100644
--- a/fs/read_write.c
+++ b/fs/read_write.c
@@ -778,7 +778,7 @@
goto out;
}
if (nr_segs > fast_segs) {
- iov = kmalloc(nr_segs*sizeof(struct iovec), GFP_KERNEL);
+ iov = kmalloc_array(nr_segs, sizeof(struct iovec), GFP_KERNEL);
if (iov == NULL) {
ret = -ENOMEM;
goto out;
@@ -849,7 +849,7 @@
goto out;
if (nr_segs > fast_segs) {
ret = -ENOMEM;
- iov = kmalloc(nr_segs*sizeof(struct iovec), GFP_KERNEL);
+ iov = kmalloc_array(nr_segs, sizeof(struct iovec), GFP_KERNEL);
if (iov == NULL)
goto out;
}
diff --git a/fs/reiserfs/journal.c b/fs/reiserfs/journal.c
index 23148c3..358ee2a 100644
--- a/fs/reiserfs/journal.c
+++ b/fs/reiserfs/journal.c
@@ -2192,10 +2192,12 @@
* now we know we've got a good transaction, and it was
* inside the valid time ranges
*/
- log_blocks = kmalloc(get_desc_trans_len(desc) *
- sizeof(struct buffer_head *), GFP_NOFS);
- real_blocks = kmalloc(get_desc_trans_len(desc) *
- sizeof(struct buffer_head *), GFP_NOFS);
+ log_blocks = kmalloc_array(get_desc_trans_len(desc),
+ sizeof(struct buffer_head *),
+ GFP_NOFS);
+ real_blocks = kmalloc_array(get_desc_trans_len(desc),
+ sizeof(struct buffer_head *),
+ GFP_NOFS);
if (!log_blocks || !real_blocks) {
brelse(c_bh);
brelse(d_bh);
diff --git a/fs/select.c b/fs/select.c
index bc3cc0f..317891f 100644
--- a/fs/select.c
+++ b/fs/select.c
@@ -1236,7 +1236,7 @@
size = FDS_BYTES(n);
bits = stack_fds;
if (size > sizeof(stack_fds) / 6) {
- bits = kmalloc(6 * size, GFP_KERNEL);
+ bits = kmalloc_array(6, size, GFP_KERNEL);
ret = -ENOMEM;
if (!bits)
goto out_nofds;
diff --git a/fs/splice.c b/fs/splice.c
index 005d09c..2365ab0 100644
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -259,8 +259,9 @@
if (buffers <= PIPE_DEF_BUFFERS)
return 0;
- spd->pages = kmalloc(buffers * sizeof(struct page *), GFP_KERNEL);
- spd->partial = kmalloc(buffers * sizeof(struct partial_page), GFP_KERNEL);
+ spd->pages = kmalloc_array(buffers, sizeof(struct page *), GFP_KERNEL);
+ spd->partial = kmalloc_array(buffers, sizeof(struct partial_page),
+ GFP_KERNEL);
if (spd->pages && spd->partial)
return 0;
@@ -395,7 +396,7 @@
vec = __vec;
if (nr_pages > PIPE_DEF_BUFFERS) {
- vec = kmalloc(nr_pages * sizeof(struct kvec), GFP_KERNEL);
+ vec = kmalloc_array(nr_pages, sizeof(struct kvec), GFP_KERNEL);
if (unlikely(!vec)) {
res = -ENOMEM;
goto out;
diff --git a/fs/ubifs/lpt.c b/fs/ubifs/lpt.c
index 9a51710..d4e45ad 100644
--- a/fs/ubifs/lpt.c
+++ b/fs/ubifs/lpt.c
@@ -628,7 +628,7 @@
/* Needed by 'ubifs_pack_lsave()' */
c->main_first = c->leb_cnt - *main_lebs;
- lsave = kmalloc(sizeof(int) * c->lsave_cnt, GFP_KERNEL);
+ lsave = kmalloc_array(c->lsave_cnt, sizeof(int), GFP_KERNEL);
pnode = kzalloc(sizeof(struct ubifs_pnode), GFP_KERNEL);
nnode = kzalloc(sizeof(struct ubifs_nnode), GFP_KERNEL);
buf = vmalloc(c->leb_size);
@@ -1636,15 +1636,17 @@
return -ENOMEM;
for (i = 0; i < LPROPS_HEAP_CNT; i++) {
- c->lpt_heap[i].arr = kmalloc(sizeof(void *) * LPT_HEAP_SZ,
- GFP_KERNEL);
+ c->lpt_heap[i].arr = kmalloc_array(LPT_HEAP_SZ,
+ sizeof(void *),
+ GFP_KERNEL);
if (!c->lpt_heap[i].arr)
return -ENOMEM;
c->lpt_heap[i].cnt = 0;
c->lpt_heap[i].max_cnt = LPT_HEAP_SZ;
}
- c->dirty_idx.arr = kmalloc(sizeof(void *) * LPT_HEAP_SZ, GFP_KERNEL);
+ c->dirty_idx.arr = kmalloc_array(LPT_HEAP_SZ, sizeof(void *),
+ GFP_KERNEL);
if (!c->dirty_idx.arr)
return -ENOMEM;
c->dirty_idx.cnt = 0;
@@ -1697,7 +1699,7 @@
return -ENOMEM;
if (c->big_lpt) {
- c->lsave = kmalloc(sizeof(int) * c->lsave_cnt, GFP_NOFS);
+ c->lsave = kmalloc_array(c->lsave_cnt, sizeof(int), GFP_NOFS);
if (!c->lsave)
return -ENOMEM;
err = read_lsave(c);
@@ -1939,8 +1941,8 @@
return err;
}
- path = kmalloc(sizeof(struct lpt_scan_node) * (c->lpt_hght + 1),
- GFP_NOFS);
+ path = kmalloc_array(c->lpt_hght + 1, sizeof(struct lpt_scan_node),
+ GFP_NOFS);
if (!path)
return -ENOMEM;
diff --git a/fs/ubifs/super.c b/fs/ubifs/super.c
index 6c397a3..c5466c7 100644
--- a/fs/ubifs/super.c
+++ b/fs/ubifs/super.c
@@ -1196,7 +1196,8 @@
* never exceed 64.
*/
err = -ENOMEM;
- c->bottom_up_buf = kmalloc(BOTTOM_UP_HEIGHT * sizeof(int), GFP_KERNEL);
+ c->bottom_up_buf = kmalloc_array(BOTTOM_UP_HEIGHT, sizeof(int),
+ GFP_KERNEL);
if (!c->bottom_up_buf)
goto out_free;
diff --git a/fs/ubifs/tnc.c b/fs/ubifs/tnc.c
index ba3d0e0..4a21e7f 100644
--- a/fs/ubifs/tnc.c
+++ b/fs/ubifs/tnc.c
@@ -1104,8 +1104,9 @@
ubifs_assert(znode);
if (c->zroot.znode->level > BOTTOM_UP_HEIGHT) {
kfree(c->bottom_up_buf);
- c->bottom_up_buf = kmalloc(c->zroot.znode->level * sizeof(int),
- GFP_NOFS);
+ c->bottom_up_buf = kmalloc_array(c->zroot.znode->level,
+ sizeof(int),
+ GFP_NOFS);
if (!c->bottom_up_buf)
return ERR_PTR(-ENOMEM);
path = c->bottom_up_buf;
diff --git a/fs/ubifs/tnc_commit.c b/fs/ubifs/tnc_commit.c
index aa31f60..a9df94a 100644
--- a/fs/ubifs/tnc_commit.c
+++ b/fs/ubifs/tnc_commit.c
@@ -366,7 +366,8 @@
dbg_gc("%d znodes to write", cnt);
- c->gap_lebs = kmalloc(sizeof(int) * (c->lst.idx_lebs + 1), GFP_NOFS);
+ c->gap_lebs = kmalloc_array(c->lst.idx_lebs + 1, sizeof(int),
+ GFP_NOFS);
if (!c->gap_lebs)
return -ENOMEM;
@@ -674,7 +675,7 @@
dbg_cmt("need about %d empty LEBS for TNC commit", leb_cnt);
if (!leb_cnt)
return 0;
- c->ilebs = kmalloc(leb_cnt * sizeof(int), GFP_NOFS);
+ c->ilebs = kmalloc_array(leb_cnt, sizeof(int), GFP_NOFS);
if (!c->ilebs)
return -ENOMEM;
for (i = 0; i < leb_cnt; i++) {
diff --git a/fs/ufs/super.c b/fs/ufs/super.c
index 8254b8b..4880881 100644
--- a/fs/ufs/super.c
+++ b/fs/ufs/super.c
@@ -541,7 +541,9 @@
* Read cylinder group (we read only first fragment from block
* at this time) and prepare internal data structures for cg caching.
*/
- if (!(sbi->s_ucg = kmalloc (sizeof(struct buffer_head *) * uspi->s_ncg, GFP_NOFS)))
+ sbi->s_ucg = kmalloc_array(uspi->s_ncg, sizeof(struct buffer_head *),
+ GFP_NOFS);
+ if (!sbi->s_ucg)
goto failed;
for (i = 0; i < uspi->s_ncg; i++)
sbi->s_ucg[i] = NULL;