On Thu, Apr 03, 2025 at 09:59:41AM -0700, Kees Cook wrote: > On Wed, Apr 02, 2025 at 12:44:50PM +0200, Vlastimil Babka wrote: > > Cc Kees and others from his related efforts: > > > > https://lore.kernel.org/all/[email protected]/ > > I think, unfortunately, the consensus is that "invisible side-effects" > are not going to be tolerated. After I finish with kmalloc_obj(), I'd > like to take another run at this for basically providing something like: > > static inline __must_check > void *kfree(void *p) { __kfree(p); return NULL; } > > And then switch all: > > kfree(s->ptr); > > to > > s->ptr = kfree(s->ptr); > > Where s->ptr isn't used again.
Umm ... kfree is now going to be __must_check? That's a lot of churn. I'd just go with making kfree() return NULL and leave off the __must_check. It doesn't need the __kfree() indirection either. That lets individual functions opt into the new safety.
