On Wed, Feb 14, 2018 at 11:22:38AM -0800, Kees Cook wrote:
> > +/**
> > + * kvmalloc_ab_c() - Allocate memory.
> Longer description, maybe? "Allocate a *b + c bytes of memory"?
> > + * @n: Number of elements.
> > + * @size: Size of each element (should be constant).
> > + * @c: Size of header (should be constant).
> If these should be constant, should we mark them as "const"? Or WARN
> if __builtin_constant_p() isn't true?
It's only less efficient if they're not const. Theoretically they could be
variable ... and I've been bitten by __builtin_constant_p() recently
(gcc bug 83653 which I still don't really understand).
> > + * @gfp: Memory allocation flags.
> > + *
> > + * Use this function to allocate @n * @size + @c bytes of memory. This
> > + * function is safe to use when @n is controlled from userspace; it will
> > + * return %NULL if the required amount of memory cannot be allocated.
> > + * Use kvfree() to free the allocated memory.
> > + *
> > + * The kvzalloc_hdr_arr() function is easier to use as it has typechecking
> renaming typo? Should this be "kvzalloc_struct()"?
Urgh, yes. I swear I searched for it ... must've typoed my search string.
Anyway, fixed, because kvzalloc_hdr_arr() wasn't a good name.
> > +#define kvzalloc_ab_c(a, b, c, gfp) kvmalloc_ab_c(a, b, c, gfp |
> > __GFP_ZERO)
> Nit: "(gfp) | __GFP_ZERO" just in case of insane usage.
> It might be nice to include another patch that replaces some of the
> existing/common uses of a*b+c with the new function...
Sure! I have a few examples in my tree, I just didn't want to complicate
things by sending a patch that crossed dozens of maintainer trees.