gpiod_get_array() does a new allocation in some cases, followed by copying previously allocated placeholder for the descriptors. Replace that with krealloc(__GFP_ZERO), since it was kzalloc() originally. Signed-off-by: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx> --- drivers/gpio/gpiolib.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c index 112d99a5eec4..3e94990f1f90 100644 --- a/drivers/gpio/gpiolib.c +++ b/drivers/gpio/gpiolib.c @@ -4283,12 +4283,14 @@ struct gpio_descs *__must_check gpiod_get_array(struct device *dev, struct gpio_array *array_info = NULL; struct gpio_chip *gc; int count, bitmap_size; + size_t descs_size; count = gpiod_count(dev, con_id); if (count < 0) return ERR_PTR(count); - descs = kzalloc(struct_size(descs, desc, count), GFP_KERNEL); + descs_size = struct_size(descs, desc, count); + descs = kzalloc(descs_size, GFP_KERNEL); if (!descs) return ERR_PTR(-ENOMEM); @@ -4312,20 +4314,17 @@ struct gpio_descs *__must_check gpiod_get_array(struct device *dev, bitmap_size = BITS_TO_LONGS(gc->ngpio > count ? gc->ngpio : count); - array = kzalloc(struct_size(descs, desc, count) + - struct_size(array_info, invert_mask, - 3 * bitmap_size), GFP_KERNEL); + array = krealloc(descs, descs_size + + struct_size(array_info, invert_mask, 3 * bitmap_size), + GFP_KERNEL | __GFP_ZERO); if (!array) { gpiod_put_array(descs); return ERR_PTR(-ENOMEM); } - memcpy(array, descs, - struct_size(descs, desc, descs->ndescs + 1)); - kfree(descs); - descs = array; - array_info = (void *)(descs->desc + count); + + array_info = (void *)descs + descs_size; array_info->get_mask = array_info->invert_mask + bitmap_size; array_info->set_mask = array_info->get_mask + -- 2.40.0.1.gaa8946217a0b