diff options
| author | Kees Cook <kees@kernel.org> | 2026-02-20 23:49:23 -0800 |
|---|---|---|
| committer | Kees Cook <kees@kernel.org> | 2026-02-21 01:02:28 -0800 |
| commit | 69050f8d6d075dc01af7a5f2f550a8067510366f (patch) | |
| tree | bb265f94d9dfa7876c06a5d9f88673d496a15341 /security/selinux | |
| parent | d39a1d7486d98668dd34aaa6732aad7977c45f5a (diff) | |
treewide: Replace kmalloc with kmalloc_obj for non-scalar types
This is the result of running the Coccinelle script from
scripts/coccinelle/api/kmalloc_objs.cocci. The script is designed to
avoid scalar types (which need careful case-by-case checking), and
instead replace kmalloc-family calls that allocate struct or union
object instances:
Single allocations: kmalloc(sizeof(TYPE), ...)
are replaced with: kmalloc_obj(TYPE, ...)
Array allocations: kmalloc_array(COUNT, sizeof(TYPE), ...)
are replaced with: kmalloc_objs(TYPE, COUNT, ...)
Flex array allocations: kmalloc(struct_size(PTR, FAM, COUNT), ...)
are replaced with: kmalloc_flex(*PTR, FAM, COUNT, ...)
(where TYPE may also be *VAR)
The resulting allocations no longer return "void *", instead returning
"TYPE *".
Signed-off-by: Kees Cook <kees@kernel.org>
Diffstat (limited to 'security/selinux')
| -rw-r--r-- | security/selinux/avc.c | 2 | ||||
| -rw-r--r-- | security/selinux/hooks.c | 4 | ||||
| -rw-r--r-- | security/selinux/ibpkey.c | 2 | ||||
| -rw-r--r-- | security/selinux/netif.c | 2 | ||||
| -rw-r--r-- | security/selinux/netnode.c | 2 | ||||
| -rw-r--r-- | security/selinux/netport.c | 2 | ||||
| -rw-r--r-- | security/selinux/selinuxfs.c | 4 | ||||
| -rw-r--r-- | security/selinux/ss/conditional.c | 23 | ||||
| -rw-r--r-- | security/selinux/ss/hashtab.c | 6 | ||||
| -rw-r--r-- | security/selinux/ss/policydb.c | 70 | ||||
| -rw-r--r-- | security/selinux/ss/services.c | 14 | ||||
| -rw-r--r-- | security/selinux/ss/sidtab.c | 2 | ||||
| -rw-r--r-- | security/selinux/xfrm.c | 4 |
13 files changed, 67 insertions, 70 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c index 8f77b9a732e1..584b1d6bdff1 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c @@ -794,7 +794,7 @@ int __init avc_add_callback(int (*callback)(u32 event), u32 events) struct avc_callback_node *c; int rc = 0; - c = kmalloc(sizeof(*c), GFP_KERNEL); + c = kmalloc_obj(*c, GFP_KERNEL); if (!c) { rc = -ENOMEM; goto out; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index feda34b18d83..58ce110272ef 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -1030,7 +1030,7 @@ static int selinux_add_opt(int token, const char *s, void **mnt_opts) } if (!opts) { - opts = kzalloc(sizeof(*opts), GFP_KERNEL); + opts = kzalloc_obj(*opts, GFP_KERNEL); if (!opts) return -ENOMEM; *mnt_opts = opts; @@ -2822,7 +2822,7 @@ static int selinux_fs_context_submount(struct fs_context *fc, if (!(sbsec->flags & (FSCONTEXT_MNT|CONTEXT_MNT|DEFCONTEXT_MNT))) return 0; - opts = kzalloc(sizeof(*opts), GFP_KERNEL); + opts = kzalloc_obj(*opts, GFP_KERNEL); if (!opts) return -ENOMEM; diff --git a/security/selinux/ibpkey.c b/security/selinux/ibpkey.c index ea1d9b2c7d2b..93a5637fbcd8 100644 --- a/security/selinux/ibpkey.c +++ b/security/selinux/ibpkey.c @@ -147,7 +147,7 @@ static int sel_ib_pkey_sid_slow(u64 subnet_prefix, u16 pkey_num, u32 *sid) if (ret) goto out; - new = kmalloc(sizeof(*new), GFP_ATOMIC); + new = kmalloc_obj(*new, GFP_ATOMIC); if (!new) { /* If this memory allocation fails still return 0. The SID * is valid, it just won't be added to the cache. diff --git a/security/selinux/netif.c b/security/selinux/netif.c index e24b2cba28ea..fa6d24a37c39 100644 --- a/security/selinux/netif.c +++ b/security/selinux/netif.c @@ -161,7 +161,7 @@ static int sel_netif_sid_slow(struct net *ns, int ifindex, u32 *sid) /* If this memory allocation fails still return 0. The SID * is valid, it just won't be added to the cache. */ - new = kmalloc(sizeof(*new), GFP_ATOMIC); + new = kmalloc_obj(*new, GFP_ATOMIC); if (new) { new->nsec.ns = ns; new->nsec.ifindex = ifindex; diff --git a/security/selinux/netnode.c b/security/selinux/netnode.c index 9b3da5ce8d39..adb93003b8c4 100644 --- a/security/selinux/netnode.c +++ b/security/selinux/netnode.c @@ -205,7 +205,7 @@ static int sel_netnode_sid_slow(const void *addr, u16 family, u32 *sid) /* If this memory allocation fails still return 0. The SID * is valid, it just won't be added to the cache. */ - new = kmalloc(sizeof(*new), GFP_ATOMIC); + new = kmalloc_obj(*new, GFP_ATOMIC); switch (family) { case PF_INET: ret = security_node_sid(PF_INET, diff --git a/security/selinux/netport.c b/security/selinux/netport.c index 9e62f7285e81..006a6ec71319 100644 --- a/security/selinux/netport.c +++ b/security/selinux/netport.c @@ -150,7 +150,7 @@ static int sel_netport_sid_slow(u8 protocol, u16 pnum, u32 *sid) /* If this memory allocation fails still return 0. The SID * is valid, it just won't be added to the cache. */ - new = kmalloc(sizeof(*new), GFP_ATOMIC); + new = kmalloc_obj(*new, GFP_ATOMIC); if (new) { new->psec.port = pnum; new->psec.protocol = protocol; diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 4d58c7ad1a23..010499520d38 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -85,7 +85,7 @@ static int selinux_fs_info_create(struct super_block *sb) { struct selinux_fs_info *fsi; - fsi = kzalloc(sizeof(*fsi), GFP_KERNEL); + fsi = kzalloc_obj(*fsi, GFP_KERNEL); if (!fsi) return -ENOMEM; @@ -380,7 +380,7 @@ static int sel_open_policy(struct inode *inode, struct file *filp) goto err; rc = -ENOMEM; - plm = kzalloc(sizeof(*plm), GFP_KERNEL); + plm = kzalloc_obj(*plm, GFP_KERNEL); if (!plm) goto err; diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c index 1bebfcb9c6a1..b238fa9756cf 100644 --- a/security/selinux/ss/conditional.c +++ b/security/selinux/ss/conditional.c @@ -165,8 +165,8 @@ void cond_policydb_destroy(struct policydb *p) int cond_init_bool_indexes(struct policydb *p) { kfree(p->bool_val_to_struct); - p->bool_val_to_struct = kmalloc_array( - p->p_bools.nprim, sizeof(*p->bool_val_to_struct), GFP_KERNEL); + p->bool_val_to_struct = kmalloc_objs(*p->bool_val_to_struct, + p->p_bools.nprim, GFP_KERNEL); if (!p->bool_val_to_struct) return -ENOMEM; @@ -214,7 +214,7 @@ int cond_read_bool(struct policydb *p, struct symtab *s, struct policy_file *fp) u32 len; int rc; - booldatum = kzalloc(sizeof(*booldatum), GFP_KERNEL); + booldatum = kzalloc_obj(*booldatum, GFP_KERNEL); if (!booldatum) return -ENOMEM; @@ -334,7 +334,7 @@ static int cond_read_av_list(struct policydb *p, struct policy_file *fp, if (len == 0) return 0; - list->nodes = kcalloc(len, sizeof(*list->nodes), GFP_KERNEL); + list->nodes = kzalloc_objs(*list->nodes, len, GFP_KERNEL); if (!list->nodes) return -ENOMEM; @@ -383,7 +383,7 @@ static int cond_read_node(struct policydb *p, struct cond_node *node, struct pol /* expr */ len = le32_to_cpu(buf[1]); - node->expr.nodes = kcalloc(len, sizeof(*node->expr.nodes), GFP_KERNEL); + node->expr.nodes = kzalloc_objs(*node->expr.nodes, len, GFP_KERNEL); if (!node->expr.nodes) return -ENOMEM; @@ -421,7 +421,7 @@ int cond_read_list(struct policydb *p, struct policy_file *fp) len = le32_to_cpu(buf[0]); - p->cond_list = kcalloc(len, sizeof(*p->cond_list), GFP_KERNEL); + p->cond_list = kzalloc_objs(*p->cond_list, len, GFP_KERNEL); if (!p->cond_list) return -ENOMEM; @@ -605,7 +605,7 @@ static int cond_dup_av_list(struct cond_av_list *new, memset(new, 0, sizeof(*new)); - new->nodes = kcalloc(orig->len, sizeof(*new->nodes), GFP_KERNEL); + new->nodes = kzalloc_objs(*new->nodes, orig->len, GFP_KERNEL); if (!new->nodes) return -ENOMEM; @@ -631,8 +631,8 @@ static int duplicate_policydb_cond_list(struct policydb *newp, return rc; newp->cond_list_len = 0; - newp->cond_list = kcalloc(origp->cond_list_len, - sizeof(*newp->cond_list), GFP_KERNEL); + newp->cond_list = kzalloc_objs(*newp->cond_list, origp->cond_list_len, + GFP_KERNEL); if (!newp->cond_list) goto error; @@ -710,9 +710,8 @@ static int duplicate_policydb_bools(struct policydb *newdb, struct cond_bool_datum **cond_bool_array; int rc; - cond_bool_array = kmalloc_array(orig->p_bools.nprim, - sizeof(*orig->bool_val_to_struct), - GFP_KERNEL); + cond_bool_array = kmalloc_objs(*orig->bool_val_to_struct, + orig->p_bools.nprim, GFP_KERNEL); if (!cond_bool_array) return -ENOMEM; diff --git a/security/selinux/ss/hashtab.c b/security/selinux/ss/hashtab.c index 1382eb3bfde1..1eb542725c94 100644 --- a/security/selinux/ss/hashtab.c +++ b/security/selinux/ss/hashtab.c @@ -40,8 +40,8 @@ int hashtab_init(struct hashtab *h, u32 nel_hint) h->htable = NULL; if (size) { - h->htable = kcalloc(size, sizeof(*h->htable), - GFP_KERNEL | __GFP_NOWARN); + h->htable = kzalloc_objs(*h->htable, size, + GFP_KERNEL | __GFP_NOWARN); if (!h->htable) return -ENOMEM; h->size = size; @@ -149,7 +149,7 @@ int hashtab_duplicate(struct hashtab *new, const struct hashtab *orig, memset(new, 0, sizeof(*new)); - new->htable = kcalloc(orig->size, sizeof(*new->htable), GFP_KERNEL); + new->htable = kzalloc_objs(*new->htable, orig->size, GFP_KERNEL); if (!new->htable) return -ENOMEM; diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index 91df3db6a88c..a96c671d0d51 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c @@ -390,7 +390,7 @@ static int roles_init(struct policydb *p) int rc; struct role_datum *role; - role = kzalloc(sizeof(*role), GFP_KERNEL); + role = kzalloc_obj(*role, GFP_KERNEL); if (!role) return -ENOMEM; @@ -738,24 +738,23 @@ static int policydb_index(struct policydb *p) avtab_hash_eval(&p->te_avtab, "rules"); symtab_hash_eval(p->symtab); - p->class_val_to_struct = kcalloc(p->p_classes.nprim, - sizeof(*p->class_val_to_struct), - GFP_KERNEL); + p->class_val_to_struct = kzalloc_objs(*p->class_val_to_struct, + p->p_classes.nprim, GFP_KERNEL); if (!p->class_val_to_struct) return -ENOMEM; - p->role_val_to_struct = kcalloc( - p->p_roles.nprim, sizeof(*p->role_val_to_struct), GFP_KERNEL); + p->role_val_to_struct = kzalloc_objs(*p->role_val_to_struct, + p->p_roles.nprim, GFP_KERNEL); if (!p->role_val_to_struct) return -ENOMEM; - p->user_val_to_struct = kcalloc( - p->p_users.nprim, sizeof(*p->user_val_to_struct), GFP_KERNEL); + p->user_val_to_struct = kzalloc_objs(*p->user_val_to_struct, + p->p_users.nprim, GFP_KERNEL); if (!p->user_val_to_struct) return -ENOMEM; - p->type_val_to_struct = kvcalloc( - p->p_types.nprim, sizeof(*p->type_val_to_struct), GFP_KERNEL); + p->type_val_to_struct = kvzalloc_objs(*p->type_val_to_struct, + p->p_types.nprim, GFP_KERNEL); if (!p->type_val_to_struct) return -ENOMEM; @@ -1131,7 +1130,7 @@ static int perm_read(struct policydb *p, struct symtab *s, struct policy_file *f __le32 buf[2]; u32 len; - perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL); + perdatum = kzalloc_obj(*perdatum, GFP_KERNEL); if (!perdatum) return -ENOMEM; @@ -1164,7 +1163,7 @@ static int common_read(struct policydb *p, struct symtab *s, struct policy_file u32 i, len, nel; int rc; - comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL); + comdatum = kzalloc_obj(*comdatum, GFP_KERNEL); if (!comdatum) return -ENOMEM; @@ -1237,7 +1236,7 @@ static int read_cons_helper(struct policydb *p, struct constraint_node **nodep, lc = NULL; for (i = 0; i < ncons; i++) { - c = kzalloc(sizeof(*c), GFP_KERNEL); + c = kzalloc_obj(*c, GFP_KERNEL); if (!c) return -ENOMEM; @@ -1254,7 +1253,7 @@ static int read_cons_helper(struct policydb *p, struct constraint_node **nodep, le = NULL; depth = -1; for (j = 0; j < nexpr; j++) { - e = kzalloc(sizeof(*e), GFP_KERNEL); + e = kzalloc_obj(*e, GFP_KERNEL); if (!e) return -ENOMEM; @@ -1297,9 +1296,8 @@ static int read_cons_helper(struct policydb *p, struct constraint_node **nodep, return rc; if (p->policyvers >= POLICYDB_VERSION_CONSTRAINT_NAMES) { - e->type_names = - kzalloc(sizeof(*e->type_names), - GFP_KERNEL); + e->type_names = kzalloc_obj(*e->type_names, + GFP_KERNEL); if (!e->type_names) return -ENOMEM; type_set_init(e->type_names); @@ -1329,7 +1327,7 @@ static int class_read(struct policydb *p, struct symtab *s, struct policy_file * u32 i, len, len2, ncons, nel; int rc; - cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL); + cladatum = kzalloc_obj(*cladatum, GFP_KERNEL); if (!cladatum) return -ENOMEM; @@ -1427,7 +1425,7 @@ static int role_read(struct policydb *p, struct symtab *s, struct policy_file *f __le32 buf[3]; u32 len; - role = kzalloc(sizeof(*role), GFP_KERNEL); + role = kzalloc_obj(*role, GFP_KERNEL); if (!role) return -ENOMEM; @@ -1484,7 +1482,7 @@ static int type_read(struct policydb *p, struct symtab *s, struct policy_file *f __le32 buf[4]; u32 len; - typdatum = kzalloc(sizeof(*typdatum), GFP_KERNEL); + typdatum = kzalloc_obj(*typdatum, GFP_KERNEL); if (!typdatum) return -ENOMEM; @@ -1558,7 +1556,7 @@ static int user_read(struct policydb *p, struct symtab *s, struct policy_file *f __le32 buf[3]; u32 len; - usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL); + usrdatum = kzalloc_obj(*usrdatum, GFP_KERNEL); if (!usrdatum) return -ENOMEM; @@ -1608,7 +1606,7 @@ static int sens_read(struct policydb *p, struct symtab *s, struct policy_file *f __le32 buf[2]; u32 len; - levdatum = kzalloc(sizeof(*levdatum), GFP_KERNEL); + levdatum = kzalloc_obj(*levdatum, GFP_KERNEL); if (!levdatum) return -ENOMEM; @@ -1644,7 +1642,7 @@ static int cat_read(struct policydb *p, struct symtab *s, struct policy_file *fp __le32 buf[3]; u32 len; - catdatum = kzalloc(sizeof(*catdatum), GFP_KERNEL); + catdatum = kzalloc_obj(*catdatum, GFP_KERNEL); if (!catdatum) return -ENOMEM; @@ -1864,7 +1862,7 @@ static int range_read(struct policydb *p, struct policy_file *fp) for (i = 0; i < nel; i++) { rc = -ENOMEM; - rt = kzalloc(sizeof(*rt), GFP_KERNEL); + rt = kzalloc_obj(*rt, GFP_KERNEL); if (!rt) goto out; @@ -1889,7 +1887,7 @@ static int range_read(struct policydb *p, struct policy_file *fp) goto out; rc = -ENOMEM; - r = kzalloc(sizeof(*r), GFP_KERNEL); + r = kzalloc_obj(*r, GFP_KERNEL); if (!r) goto out; @@ -1965,7 +1963,7 @@ static int filename_trans_read_helper_compat(struct policydb *p, struct policy_f } if (!datum) { rc = -ENOMEM; - datum = kmalloc(sizeof(*datum), GFP_KERNEL); + datum = kmalloc_obj(*datum, GFP_KERNEL); if (!datum) goto out; @@ -2040,7 +2038,7 @@ static int filename_trans_read_helper(struct policydb *p, struct policy_file *fp dst = &first; for (i = 0; i < ndatum; i++) { rc = -ENOMEM; - datum = kmalloc(sizeof(*datum), GFP_KERNEL); + datum = kmalloc_obj(*datum, GFP_KERNEL); if (!datum) goto out; @@ -2062,7 +2060,7 @@ static int filename_trans_read_helper(struct policydb *p, struct policy_file *fp } rc = -ENOMEM; - ft = kmalloc(sizeof(*ft), GFP_KERNEL); + ft = kmalloc_obj(*ft, GFP_KERNEL); if (!ft) goto out; @@ -2155,7 +2153,7 @@ static int genfs_read(struct policydb *p, struct policy_file *fp) len = le32_to_cpu(buf[0]); rc = -ENOMEM; - newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL); + newgenfs = kzalloc_obj(*newgenfs, GFP_KERNEL); if (!newgenfs) goto out; @@ -2194,7 +2192,7 @@ static int genfs_read(struct policydb *p, struct policy_file *fp) len = le32_to_cpu(buf[0]); rc = -ENOMEM; - newc = kzalloc(sizeof(*newc), GFP_KERNEL); + newc = kzalloc_obj(*newc, GFP_KERNEL); if (!newc) goto out; @@ -2266,7 +2264,7 @@ static int ocontext_read(struct policydb *p, l = NULL; for (j = 0; j < nel; j++) { rc = -ENOMEM; - c = kzalloc(sizeof(*c), GFP_KERNEL); + c = kzalloc_obj(*c, GFP_KERNEL); if (!c) goto out; if (l) @@ -2623,12 +2621,12 @@ int policydb_read(struct policydb *p, struct policy_file *fp) goto bad; for (i = 0; i < nel; i++) { rc = -ENOMEM; - rtk = kmalloc(sizeof(*rtk), GFP_KERNEL); + rtk = kmalloc_obj(*rtk, GFP_KERNEL); if (!rtk) goto bad; rc = -ENOMEM; - rtd = kmalloc(sizeof(*rtd), GFP_KERNEL); + rtd = kmalloc_obj(*rtd, GFP_KERNEL); if (!rtd) goto bad; @@ -2671,7 +2669,7 @@ int policydb_read(struct policydb *p, struct policy_file *fp) lra = NULL; for (i = 0; i < nel; i++) { rc = -ENOMEM; - ra = kzalloc(sizeof(*ra), GFP_KERNEL); + ra = kzalloc_obj(*ra, GFP_KERNEL); if (!ra) goto bad; if (lra) @@ -2726,8 +2724,8 @@ int policydb_read(struct policydb *p, struct policy_file *fp) goto bad; rc = -ENOMEM; - p->type_attr_map_array = kvcalloc( - p->p_types.nprim, sizeof(*p->type_attr_map_array), GFP_KERNEL); + p->type_attr_map_array = kvzalloc_objs(*p->type_attr_map_array, + p->p_types.nprim, GFP_KERNEL); if (!p->type_attr_map_array) goto bad; diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 13fc712d5923..6f20e941c059 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -108,7 +108,7 @@ static int selinux_set_mapping(struct policydb *pol, i++; /* Allocate space for the class records, plus one for class zero */ - out_map->mapping = kcalloc(++i, sizeof(*out_map->mapping), GFP_ATOMIC); + out_map->mapping = kzalloc_objs(*out_map->mapping, ++i, GFP_ATOMIC); if (!out_map->mapping) return -ENOMEM; @@ -2312,11 +2312,11 @@ int security_load_policy(void *data, size_t len, int rc = 0; struct policy_file file = { data, len }, *fp = &file; - newpolicy = kzalloc(sizeof(*newpolicy), GFP_KERNEL); + newpolicy = kzalloc_obj(*newpolicy, GFP_KERNEL); if (!newpolicy) return -ENOMEM; - newpolicy->sidtab = kzalloc(sizeof(*newpolicy->sidtab), GFP_KERNEL); + newpolicy->sidtab = kzalloc_obj(*newpolicy->sidtab, GFP_KERNEL); if (!newpolicy->sidtab) { rc = -ENOMEM; goto err_policy; @@ -2360,7 +2360,7 @@ int security_load_policy(void *data, size_t len, * in the new SID table. */ - convert_data = kmalloc(sizeof(*convert_data), GFP_KERNEL); + convert_data = kmalloc_obj(*convert_data, GFP_KERNEL); if (!convert_data) { rc = -ENOMEM; goto err_free_isids; @@ -3065,7 +3065,7 @@ int security_get_bools(struct selinux_policy *policy, goto err; rc = -ENOMEM; - *values = kcalloc(*len, sizeof(int), GFP_ATOMIC); + *values = kzalloc_objs(int, *len, GFP_ATOMIC); if (!*values) goto err; @@ -3629,7 +3629,7 @@ int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule, return -EINVAL; } - tmprule = kzalloc(sizeof(struct selinux_audit_rule), gfp); + tmprule = kzalloc_obj(struct selinux_audit_rule, gfp); if (!tmprule) return -ENOMEM; context_init(&tmprule->au_ctxt); @@ -3844,7 +3844,7 @@ static void security_netlbl_cache_add(struct netlbl_lsm_secattr *secattr, { u32 *sid_cache; - sid_cache = kmalloc(sizeof(*sid_cache), GFP_ATOMIC); + sid_cache = kmalloc_obj(*sid_cache, GFP_ATOMIC); if (sid_cache == NULL) return; secattr->cache = netlbl_secattr_cache_alloc(GFP_ATOMIC); diff --git a/security/selinux/ss/sidtab.c b/security/selinux/ss/sidtab.c index 59f8c09158ef..118af0aa2767 100644 --- a/security/selinux/ss/sidtab.c +++ b/security/selinux/ss/sidtab.c @@ -580,7 +580,7 @@ void sidtab_sid2str_put(struct sidtab *s, struct sidtab_entry *entry, goto out_unlock; } - cache = kmalloc(struct_size(cache, str, str_len), GFP_ATOMIC); + cache = kmalloc_flex(*cache, str, str_len, GFP_ATOMIC); if (!cache) goto out_unlock; diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c index 61d56b0c2be1..8e00b3306574 100644 --- a/security/selinux/xfrm.c +++ b/security/selinux/xfrm.c @@ -88,7 +88,7 @@ static int selinux_xfrm_alloc_user(struct xfrm_sec_ctx **ctxp, if (str_len >= PAGE_SIZE) return -ENOMEM; - ctx = kmalloc(struct_size(ctx, ctx_str, str_len + 1), gfp); + ctx = kmalloc_flex(*ctx, ctx_str, str_len + 1, gfp); if (!ctx) return -ENOMEM; @@ -354,7 +354,7 @@ int selinux_xfrm_state_alloc_acquire(struct xfrm_state *x, if (rc) return rc; - ctx = kmalloc(struct_size(ctx, ctx_str, str_len), GFP_ATOMIC); + ctx = kmalloc_flex(*ctx, ctx_str, str_len, GFP_ATOMIC); if (!ctx) { rc = -ENOMEM; goto out; |