On Thu, Apr 03, 2025 at 06:35:39PM +0100, Matthew Wilcox wrote:
> On Thu, Apr 03, 2025 at 09:59:41AM -0700, Kees Cook wrote:
> > On Wed, Apr 02, 2025 at 12:44:50PM +0200, Vlastimil Babka wrote:
> > > Cc Kees and others from his related efforts:
> > >
> > > https://lore.kernel.org/all/[email protected]/
> >
> > I think, unfortunately, the consensus is that "invisible side-effects"
> > are not going to be tolerated. After I finish with kmalloc_obj(), I'd
> > like to take another run at this for basically providing something like:
> >
> > static inline __must_check
> > void *kfree(void *p) { __kfree(p); return NULL; }
> >
> > And then switch all:
> >
> > kfree(s->ptr);
> >
> > to
> >
> > s->ptr = kfree(s->ptr);
> >
> > Where s->ptr isn't used again.
>
> Umm ... kfree is now going to be __must_check? That's a lot of churn.
>
> I'd just go with making kfree() return NULL and leave off the
> __must_check. It doesn't need the __kfree() indirection either.
> That lets individual functions opt into the new safety.
Maybe something like
void kfree_and_null(void **ptr)
{
__kfree(*ptr);
*ptr = NULL;
}
?
--
With Best Regards,
Andy Shevchenko
