Re: [PATCH v2][next] sysctl: Avoid open coded arithmetic in memory allocator functions

From: Matthew Wilcox
Date: Sun Oct 24 2021 - 13:57:25 EST


On Sun, Oct 24, 2021 at 11:13:28AM +0200, Len Baker wrote:
> I think it is better to be defensive. IMHO I believe that if the
> struct_size() helper could be used in this patch, it would be more
> easy to ACK. But it is not possible due to the complex memory
> layouts.

I think it's better for code to be understandable. Your patch makes
the code less readable in the name of "security", which is a poor
justification.

> However, there are a lot of code in the kernel that uses the
> struct_size() helper for memory allocator arguments where we know
> that it don't overflow. For example:

Well, yes. That's because struct_size() actually makes code more
readable as well as more secure.

> As a last point I would like to know the opinion of Kees and
> Gustavo since they are also working on this task.
>
> Kees and Gustavo, what do you think?

You might want to check who was co-author on 610b15c50e86 before
discarding my opinion.