[PATCH] block: Use size_add() and array_size() for safe memory allocation

public inbox for linux-block@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH] block: Use size_add() and array_size() for safe memory allocation
@ 2025-11-25 13:07 Fushuai Wang
  2025-11-25 16:33 ` Caleb Sander Mateos
  0 siblings, 1 reply; 2+ messages in thread
From: Fushuai Wang @ 2025-11-25 13:07 UTC (permalink / raw)
  To: axboe; +Cc: linux-block, linux-kernel, wangfushuai, Fushuai Wang

Dynamic size calculations should not be performed in memory
allocator due to the risk of overflowing. So use size_add()
and array_size(), which have overflow checks, in bio_kmalloc()
for safe size calculation.

Signed-off-by: Fushuai Wang <wangfushuai@baidu.com>
---
 block/bio.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/block/bio.c b/block/bio.c
index b3a79285c278..c7789469c892 100644
--- a/block/bio.c
+++ b/block/bio.c
@@ -617,8 +617,9 @@ struct bio *bio_kmalloc(unsigned short nr_vecs, gfp_t gfp_mask)
 
 	if (nr_vecs > BIO_MAX_INLINE_VECS)
 		return NULL;
-	return kmalloc(sizeof(*bio) + nr_vecs * sizeof(struct bio_vec),
-			gfp_mask);
+	return kmalloc(size_add(sizeof(*bio),
+				array_size(nr_vecs, sizeof(struct bio_vec))),
+		       gfp_mask);
 }
 EXPORT_SYMBOL(bio_kmalloc);
 
-- 
2.36.1


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH] block: Use size_add() and array_size() for safe memory allocation
  2025-11-25 13:07 [PATCH] block: Use size_add() and array_size() for safe memory allocation Fushuai Wang
@ 2025-11-25 16:33 ` Caleb Sander Mateos
  0 siblings, 0 replies; 2+ messages in thread
From: Caleb Sander Mateos @ 2025-11-25 16:33 UTC (permalink / raw)
  To: Fushuai Wang; +Cc: axboe, linux-block, linux-kernel, wangfushuai

On Tue, Nov 25, 2025 at 5:09 AM Fushuai Wang <fushuai.wang@linux.dev> wrote:
>
> Dynamic size calculations should not be performed in memory
> allocator due to the risk of overflowing. So use size_add()

nr_vecs is an unsigned short and sizeof(struct bio_vec) is 16. I don't
see how the multiplication could possibly overflow a size_t.

> and array_size(), which have overflow checks, in bio_kmalloc()
> for safe size calculation.
>
> Signed-off-by: Fushuai Wang <wangfushuai@baidu.com>
> ---
>  block/bio.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/block/bio.c b/block/bio.c
> index b3a79285c278..c7789469c892 100644
> --- a/block/bio.c
> +++ b/block/bio.c
> @@ -617,8 +617,9 @@ struct bio *bio_kmalloc(unsigned short nr_vecs, gfp_t gfp_mask)
>
>         if (nr_vecs > BIO_MAX_INLINE_VECS)
>                 return NULL;
> -       return kmalloc(sizeof(*bio) + nr_vecs * sizeof(struct bio_vec),
> -                       gfp_mask);
> +       return kmalloc(size_add(sizeof(*bio),
> +                               array_size(nr_vecs, sizeof(struct bio_vec))),
> +                      gfp_mask);
>  }
>  EXPORT_SYMBOL(bio_kmalloc);
>
> --
> 2.36.1
>
>

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2025-11-25 16:33 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-11-25 13:07 [PATCH] block: Use size_add() and array_size() for safe memory allocation Fushuai Wang
2025-11-25 16:33 ` Caleb Sander Mateos

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox