On Mon, Jul 24, 2023 at 02:11:24PM +0300, Andy Shevchenko wrote: > On Mon, Jul 24, 2023 at 02:02:02PM +0300, Andy Shevchenko wrote: > > Introduce opaque_struct_size() helper, which may be moved > > to overflow.h in the future, and use it in the IIO core. > > > > Potential users could be (among possible others): > > > > __spi_alloc_controller() in drivers/spi/spi.c > > alloc_netdev_mqs in net/core/dev.c Can you include the specific replacement you're thinking for these? It's almost clear to me, but I'm trying to understand the benefit over what's already there. > > ... > > > +#define opaque_struct_size(p, a, s) size_add(ALIGN(sizeof(*(p)), (a)), (s)) > > This actually might need something like __safe_aling() which takes care about > possible overflow. > > Whatever, I want to hear Kees on this. i.e. if "a" were huge? What would sanity-checking of "a" look like in this case? I'm not really sure how to handle a pathological alignment request, but I'd agree it'd be nice to handle it. :) -Kees -- Kees Cook
