Skip to content

Commit f08d714

Browse files
mssolakdave
mssola
authored and
kdave
committed
btrfs: use kmalloc_array() for open-coded arithmetic in kmalloc()
As pointed out in the documentation, calling 'kmalloc' with open-coded arithmetic can lead to unfortunate overflows and this particular way of using it has been deprecated. Instead, it's preferred to use 'kmalloc_array' in cases where it might apply so an overflow check is performed. Note this is an API cleanup and is not fixing any overflows because in all cases the multipliers are bounded small numbers derived from number of items in leaves/nodes. Signed-off-by: Miquel Sabaté Solà <mssola@mssola.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com>
1 parent 98077f7 commit f08d714

File tree

2 files changed

+5
-8
lines changed

2 files changed

+5
-8
lines changed

fs/btrfs/delayed-inode.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -738,8 +738,8 @@ static int btrfs_insert_delayed_item(struct btrfs_trans_handle *trans,
738738
u32 *ins_sizes;
739739
int i = 0;
740740

741-
ins_data = kmalloc(batch.nr * sizeof(u32) +
742-
batch.nr * sizeof(struct btrfs_key), GFP_NOFS);
741+
ins_data = kmalloc_array(batch.nr,
742+
sizeof(u32) + sizeof(struct btrfs_key), GFP_NOFS);
743743
if (!ins_data) {
744744
ret = -ENOMEM;
745745
goto out;

fs/btrfs/tree-log.c

Lines changed: 3 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -4054,8 +4054,7 @@ static int flush_dir_items_batch(struct btrfs_trans_handle *trans,
40544054
struct btrfs_key *ins_keys;
40554055
u32 *ins_sizes;
40564056

4057-
ins_data = kmalloc(count * sizeof(u32) +
4058-
count * sizeof(struct btrfs_key), GFP_NOFS);
4057+
ins_data = kmalloc_array(count, sizeof(u32) + sizeof(struct btrfs_key), GFP_NOFS);
40594058
if (!ins_data)
40604059
return -ENOMEM;
40614060

@@ -4818,8 +4817,7 @@ static noinline int copy_items(struct btrfs_trans_handle *trans,
48184817

48194818
src = src_path->nodes[0];
48204819

4821-
ins_data = kmalloc(nr * sizeof(struct btrfs_key) +
4822-
nr * sizeof(u32), GFP_NOFS);
4820+
ins_data = kmalloc_array(nr, sizeof(struct btrfs_key) + sizeof(u32), GFP_NOFS);
48234821
if (!ins_data)
48244822
return -ENOMEM;
48254823

@@ -6524,8 +6522,7 @@ static int log_delayed_insertion_items(struct btrfs_trans_handle *trans,
65246522
if (!first)
65256523
return 0;
65266524

6527-
ins_data = kmalloc(max_batch_size * sizeof(u32) +
6528-
max_batch_size * sizeof(struct btrfs_key), GFP_NOFS);
6525+
ins_data = kmalloc_array(max_batch_size, sizeof(u32) + sizeof(struct btrfs_key), GFP_NOFS);
65296526
if (!ins_data)
65306527
return -ENOMEM;
65316528
ins_sizes = (u32 *)ins_data;

0 commit comments

Comments
 (0)