On Thu, May 02, 2024 at 11:18:37AM +0200, Peter Zijlstra wrote: > On Wed, May 01, 2024 at 01:21:42PM -0700, Kees Cook wrote: > > On Tue, Apr 30, 2024 at 11:15:04AM +0200, Peter Zijlstra wrote: > > > On Mon, Apr 29, 2024 at 07:40:58PM +0200, Erick Archer wrote: > > > > This is an effort to get rid of all multiplications from allocation > > > > functions in order to prevent integer overflows [1][2]. > > > > > > So personally I detest struct_size() because I can never remember wtf it > > > does, whereas the code it replaces is simple and straight forward :/ > > > > Sure, new APIs can involved a learning curve. If we can all handle > > container_of(), we can deal with struct_size(). :) > > containre_of() is actually *much* shorter than typing it all out. Which > is a benefit. > > struct_size() not so much. That's just obfuscation for obfuscation's > sake.
It's really not -- it's making sure that the calculation is semantically sane: all the right things are being used for the struct size calculation and things can't "drift", if types change, flex array changes, etc. It's both a code robustness improvement and a wrap-around stopping improvement. -- Kees Cook
