[PATCH] block: Use size_add() and array_size() for safe memory allocation
From: Fushuai Wang
Date: Tue Nov 25 2025 - 08:10:34 EST
Dynamic size calculations should not be performed in memory
allocator due to the risk of overflowing. So use size_add()
and array_size(), which have overflow checks, in bio_kmalloc()
for safe size calculation.
Signed-off-by: Fushuai Wang <wangfushuai@xxxxxxxxx>
---
block/bio.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/block/bio.c b/block/bio.c
index b3a79285c278..c7789469c892 100644
--- a/block/bio.c
+++ b/block/bio.c
@@ -617,8 +617,9 @@ struct bio *bio_kmalloc(unsigned short nr_vecs, gfp_t gfp_mask)
if (nr_vecs > BIO_MAX_INLINE_VECS)
return NULL;
- return kmalloc(sizeof(*bio) + nr_vecs * sizeof(struct bio_vec),
- gfp_mask);
+ return kmalloc(size_add(sizeof(*bio),
+ array_size(nr_vecs, sizeof(struct bio_vec))),
+ gfp_mask);
}
EXPORT_SYMBOL(bio_kmalloc);
--
2.36.1