On Wed, 31 Aug 2022 23:27:08 -0700 Kees Cook wrote: > This would catch corrupted values... > > Is the concern the growth in image size? The check_sub_overflow() isn't > large at all -- it's just adding a single overflow bit test. The WARNs > are heavier, but they're all out-of-line. It turns the most obvious function into a noodle bar :( Looking at this function in particular is quite useful, because it clearly indicates that the nlmsg_len includes the header. How about we throw in a WARN_ON_ONCE(nlh->nlmsg_len < NLMSG_HDRLEN || nlh->nlmsg_len > INT_MAX); but leave the actual calculation human readable C?
