On Thu, Jan 08, 2026 at 03:06:31PM +0100, Vlastimil Babka wrote: > On 12/4/25 00:30, Kees Cook wrote: > > As done for kmalloc_obj*(), introduce a type-aware allocator for flexible > > arrays, which may also have "counted_by" annotations: > > > > ptr = kmalloc(struct_size(ptr, flex_member, count), gfp); > > > > becomes: > > > > ptr = kmalloc_flex(*ptr, flex_member, count, gfp); > > > > The internal use of __flex_counter() allows for automatically setting > > the counter member of a struct's flexible array member when it has > > been annotated with __counted_by(), avoiding any missed early size > > initializations while __counted_by() annotations are added to the > > kernel. Additionally, this also checks for "too large" allocations based > > on the type size of the counter variable. For example: > > > > if (count > type_max(ptr->flex_counter)) > > fail...; > > size = struct_size(ptr, flex_member, count); > > ptr = kmalloc(size, gfp); > > ptr->flex_counter = count; > > > > becomes (n.b. unchanged from earlier example): > > > > ptr = kmalloc_flex(*ptr, flex_member, count, gfp); > > ptr->flex_count = count; > > ^ flex_counter ? > > But if it was "too large", ptr is NULL so this will oops?
Oops, yes, typo in the example. I will fix that. As for NULL, I dropped the NULL checking on both sides of the example just to focus on the differences. -- Kees Cook
