> I think it makes more sense to sanitize size in size_index_elem(), > don't you?
> - return (bytes - 1) / 8; > + return array_index_nospec((bytes - 1) / 8, ARRAY_SIZE(size_index)); I think it should be fixed in poll. Literally every small variable kmalloc call is going through this function.
