Am Montag, dem 14.07.2025 um 22:19 -0700 schrieb Kees Cook: > On Fri, Jul 11, 2025 at 10:58:56AM -0700, Linus Torvalds wrote: > > struct seq_buf s; > > seq_buf_init(&s, buf, szie); > > And because some folks didn't like this "declaration that requires a > function call", we even added: > > DECLARE_SEQ_BUF(s, 32); > > to do it in 1 line. :P > > I would love to see more string handling replaced with seq_buf.
Why not have? struct seq_buf s = SEQ_BUF(32); So the kernel has safe abstractions, there are just not used enough. Do you also have a string view abstraction? I found this really useful as basic building block for safe string handling, and equally important to a string builder type such as seq_buf. The string builder is for safely construcing new strings, the string view is for safely accessing parts of existing strings. Also what I found really convenient and useful in this context was to have an accessor macro that expose the buffer as a regular array cast to the correct size: *( (char(*)[(x)->N]) (x)->data ) (put into statement expressions to avoid double evaluation) instead of simply returning a char* You can then access the array directly with [] which then can be bounds checked with UBsan, one can measure its length with sizeof, and one can also let it decay and get a char* to pass it to legacy code (and to some degree this can be protected by BDOS). Martin
