On Wed, 13 Jul 2022, Marco Elver wrote: > We shouldn't crash, so it should be WARN(), but also returning > PAGE_SIZE is bad. The intuition behind returning 0 is to try and make > the buggy code cause less harm to the rest of the kernel. > > >From [1]: > > > Similarly, if you are able to tell if the passed pointer is not a > > valid object some other way, you can do something better - namely, > > return 0. The intuition here is that the caller has a pointer to an > > invalid object, and wants to use ksize() to determine its size, and > > most likely access all those bytes. Arguably, at that point the kernel > > is already in a degrading state. But we can try to not let things get > > worse by having ksize() return 0, in the hopes that it will stop > > corrupting more memory. It won't work in all cases, but should avoid > > things like "s = ksize(obj); touch_all_bytes(obj, s)" where the size > > bounds the memory accessed corrupting random memory. "in the hopes that it will stop corrupting memory"!!!??? Do a BUG() then and definitely stop all chances of memory corruption.
