git.samba.org / sfrench / cifs-2.6.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost
[sfrench/cifs-2.6.git] / drivers / vhost / vhost.c
diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
index 895eaa25807c84e854a19b78a9fbcfafb06dbac7..a502f1af4a213607adec4aa28fa6ae8eb9ce0389 100644 (file)
--- a/drivers/vhost/vhost.c
+++ b/drivers/vhost/vhost.c
@@ -385,10 +385,13 @@ static long vhost_dev_alloc_iovecs(struct vhost_dev *dev)
 
        for (i = 0; i < dev->nvqs; ++i) {
                vq = dev->vqs[i];
-               vq->indirect = kmalloc(sizeof *vq->indirect * UIO_MAXIOV,
-                                      GFP_KERNEL);
-               vq->log = kmalloc(sizeof *vq->log * UIO_MAXIOV, GFP_KERNEL);
-               vq->heads = kmalloc(sizeof *vq->heads * UIO_MAXIOV, GFP_KERNEL);
+               vq->indirect = kmalloc_array(UIO_MAXIOV,
+                                            sizeof(*vq->indirect),
+                                            GFP_KERNEL);
+               vq->log = kmalloc_array(UIO_MAXIOV, sizeof(*vq->log),
+                                       GFP_KERNEL);
+               vq->heads = kmalloc_array(UIO_MAXIOV, sizeof(*vq->heads),
+                                         GFP_KERNEL);
                if (!vq->indirect || !vq->log || !vq->heads)
                        goto err_nomem;
        }
@@ -1286,7 +1289,8 @@ static long vhost_set_memory(struct vhost_dev *d, struct vhost_memory __user *m)
                return -EOPNOTSUPP;
        if (mem.nregions > max_mem_regions)
                return -E2BIG;
-       newmem = kvzalloc(size + mem.nregions * sizeof(*m->regions), GFP_KERNEL);
+       newmem = kvzalloc(struct_size(newmem, regions, mem.nregions),
+                       GFP_KERNEL);
        if (!newmem)
                return -ENOMEM;
 
@@ -2345,6 +2349,9 @@ struct vhost_msg_node *vhost_new_msg(struct vhost_virtqueue *vq, int type)
        struct vhost_msg_node *node = kmalloc(sizeof *node, GFP_KERNEL);
        if (!node)
                return NULL;
+
+       /* Make sure all padding within the structure is initialized. */
+       memset(&node->msg, 0, sizeof node->msg);
        node->vq = vq;
        node->msg.type = type;
        return node;
Unnamed repository; edit this file 'description' to name the repository.