From 189f164e573e18d9f8876dbd3ad8fcbe11f93037 Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Sat, 21 Feb 2026 23:46:04 -0800 Subject: Convert remaining multi-line kmalloc_obj/flex GFP_KERNEL uses Conversion performed via this Coccinelle script: // SPDX-License-Identifier: GPL-2.0-only // Options: --include-headers-for-types --all-includes --include-headers --keep-comments virtual patch @gfp depends on patch && !(file in "tools") && !(file in "samples")@ identifier ALLOC = {kmalloc_obj,kmalloc_objs,kmalloc_flex, kzalloc_obj,kzalloc_objs,kzalloc_flex, kvmalloc_obj,kvmalloc_objs,kvmalloc_flex, kvzalloc_obj,kvzalloc_objs,kvzalloc_flex}; @@ ALLOC(... - , GFP_KERNEL ) $ make coccicheck MODE=patch COCCI=gfp.cocci Build and boot tested x86_64 with Fedora 42's GCC and Clang: Linux version 6.19.0+ (user@host) (gcc (GCC) 15.2.1 20260123 (Red Hat 15.2.1-7), GNU ld version 2.44-12.fc42) #1 SMP PREEMPT_DYNAMIC 1970-01-01 Linux version 6.19.0+ (user@host) (clang version 20.1.8 (Fedora 20.1.8-4.fc42), LLD 20.1.8) #1 SMP PREEMPT_DYNAMIC 1970-01-01 Signed-off-by: Kees Cook Signed-off-by: Linus Torvalds --- security/integrity/ima/ima_crypto.c | 3 +-- security/selinux/ss/conditional.c | 4 ++-- security/selinux/ss/policydb.c | 10 +++++----- 3 files changed, 8 insertions(+), 9 deletions(-) (limited to 'security') diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c index d4af5f0e7d6c..aff61643415d 100644 --- a/security/integrity/ima/ima_crypto.c +++ b/security/integrity/ima/ima_crypto.c @@ -139,8 +139,7 @@ int __init ima_init_crypto(void) ima_hash_algo_idx = NR_BANKS(ima_tpm_chip) + ima_extra_slots++; ima_algo_array = kzalloc_objs(*ima_algo_array, - NR_BANKS(ima_tpm_chip) + ima_extra_slots, - GFP_KERNEL); + NR_BANKS(ima_tpm_chip) + ima_extra_slots); if (!ima_algo_array) { rc = -ENOMEM; goto out; diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c index 67a903081699..824c3f896151 100644 --- a/security/selinux/ss/conditional.c +++ b/security/selinux/ss/conditional.c @@ -166,7 +166,7 @@ int cond_init_bool_indexes(struct policydb *p) { kfree(p->bool_val_to_struct); p->bool_val_to_struct = kmalloc_objs(*p->bool_val_to_struct, - p->p_bools.nprim, GFP_KERNEL); + p->p_bools.nprim); if (!p->bool_val_to_struct) return -ENOMEM; @@ -710,7 +710,7 @@ static int duplicate_policydb_bools(struct policydb *newdb, int rc; cond_bool_array = kmalloc_objs(*orig->bool_val_to_struct, - orig->p_bools.nprim, GFP_KERNEL); + orig->p_bools.nprim); if (!cond_bool_array) return -ENOMEM; diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index d3b410d04c25..738fd47f33e6 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c @@ -739,22 +739,22 @@ static int policydb_index(struct policydb *p) symtab_hash_eval(p->symtab); p->class_val_to_struct = kzalloc_objs(*p->class_val_to_struct, - p->p_classes.nprim, GFP_KERNEL); + p->p_classes.nprim); if (!p->class_val_to_struct) return -ENOMEM; p->role_val_to_struct = kzalloc_objs(*p->role_val_to_struct, - p->p_roles.nprim, GFP_KERNEL); + p->p_roles.nprim); if (!p->role_val_to_struct) return -ENOMEM; p->user_val_to_struct = kzalloc_objs(*p->user_val_to_struct, - p->p_users.nprim, GFP_KERNEL); + p->p_users.nprim); if (!p->user_val_to_struct) return -ENOMEM; p->type_val_to_struct = kvzalloc_objs(*p->type_val_to_struct, - p->p_types.nprim, GFP_KERNEL); + p->p_types.nprim); if (!p->type_val_to_struct) return -ENOMEM; @@ -2724,7 +2724,7 @@ int policydb_read(struct policydb *p, struct policy_file *fp) rc = -ENOMEM; p->type_attr_map_array = kvzalloc_objs(*p->type_attr_map_array, - p->p_types.nprim, GFP_KERNEL); + p->p_types.nprim); if (!p->type_attr_map_array) goto bad; -- cgit v1.2.3