Re: [PATCH v6 4/5] slab: Introduce kmalloc_flex() and family
From: Kees Cook
Date: Thu Jan 08 2026 - 12:12:17 EST
On Thu, Jan 08, 2026 at 03:06:31PM +0100, Vlastimil Babka wrote:
> On 12/4/25 00:30, Kees Cook wrote:
> > As done for kmalloc_obj*(), introduce a type-aware allocator for flexible
> > arrays, which may also have "counted_by" annotations:
> >
> > ptr = kmalloc(struct_size(ptr, flex_member, count), gfp);
> >
> > becomes:
> >
> > ptr = kmalloc_flex(*ptr, flex_member, count, gfp);
> >
> > The internal use of __flex_counter() allows for automatically setting
> > the counter member of a struct's flexible array member when it has
> > been annotated with __counted_by(), avoiding any missed early size
> > initializations while __counted_by() annotations are added to the
> > kernel. Additionally, this also checks for "too large" allocations based
> > on the type size of the counter variable. For example:
> >
> > if (count > type_max(ptr->flex_counter))
> > fail...;
> > size = struct_size(ptr, flex_member, count);
> > ptr = kmalloc(size, gfp);
> > ptr->flex_counter = count;
> >
> > becomes (n.b. unchanged from earlier example):
> >
> > ptr = kmalloc_flex(*ptr, flex_member, count, gfp);
> > ptr->flex_count = count;
>
> ^ flex_counter ?
>
> But if it was "too large", ptr is NULL so this will oops?
Oops, yes, typo in the example. I will fix that. As for NULL, I dropped
the NULL checking on both sides of the example just to focus on the
differences.
--
Kees Cook