Just re-quoting my suggestion here and adding Andy and Dmitry, who did the original bitmap_alloc() helper interfaces a few years ago. Also adding Kees in case he has any hardening suggestions, since this is about (incorrect) overflow handling. Kees: see my rant about mindlessly doing overflow handling in the wrong place in https://lore.kernel.org/all/CAHk-=wgTUz1bdY6zvsN4ED0arCLE8Sb==1GH8d0sjm5bu7zesQ@xxxxxxxxxxxxxx/ in case you or somebody has a better idea for BITS_TO_LONG handling than just "you need to check for zero before and after". Linus On Sat, 21 Oct 2023 at 10:56, Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote: > > If you *do* want to add proper overflow handling, you'd need to either > fix BITS_TO_LONGS() some way (which is actually non-trivial since it > needs to be able to stay a constant and only use the argument once), > or you do something like > > if (!bits) > return ZERO_SIZE_PTR; > longs = BITS_TO_LONG(bits); > if (!longs) > return NULL; > return vzalloc(longs * sizeof(long)); > > and I'd suggest maybe we should > > (a) do the above checking in our bitmap_alloc() routines > > (b) also change our bitmap_alloc() routines to take 'size_t' instead > of 'unsigned int' bit counts > > (c) and finally, add that vzalloc() case, but simply using > > kvmalloc_array(n, size, flags | __GFP_ZERO); > > instead.
