| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 22 May 2017 15:22:27 -0700 From: Andrew Morton <akpm@...ux-foundation.org> To: Joe Perches <joe@...ches.com> Cc: Alexey Dobriyan <adobriyan@...il.com>, linux-kernel@...r.kernel.org Subject: Re: [PATCH] CodingStyle: delete "kmalloc(sizeof(*var))" as preferred allocation form On Mon, 22 May 2017 14:43:18 -0700 Joe Perches <joe@...ches.com> wrote: > On Tue, 2017-05-23 at 00:38 +0300, Alexey Dobriyan wrote: > > There are valid reasons for > > > > malloc(sizeof(struct S)) > > > > form: > > > > * struct S acts as an anchor for ctags quickly reminding which type is > > in focus > > > > * argument re changing name prevents bugs is semi bogus: > > such changes are rare, > > "void *" cast gives both forms equal opportunity to be screwed up > > > > * proper way to fix those rare misallocation bugs (which indeed happened) > > is type safe allocation macros (see tmalloc from Samba). > > > > However amount of disruption will be so high so it may never be done. > > > > * ratio of allocation styles is ~6400:12000 which is about 1:2 > > so the amount of churn to maintain this rule is pretty high in theory. > > > > The winning move is to not play and not encourage people send trivial stuff. > > > > Signed-off-by: Alexey Dobriyan <adobriyan@...il.com> > > --- > > > > Documentation/process/coding-style.rst | 10 ---------- > > 1 file changed, 10 deletions(-) > > > > --- a/Documentation/process/coding-style.rst > > +++ b/Documentation/process/coding-style.rst > > @@ -808,16 +808,6 @@ kmalloc(), kzalloc(), kmalloc_array(), kcalloc(), vmalloc(), and > > vzalloc(). Please refer to the API documentation for further information > > about them. > > > > -The preferred form for passing a size of a struct is the following: > > - > > -.. code-block:: c > > - > > - p = kmalloc(sizeof(*p), ...); > > - > > -The alternative form where struct name is spelled out hurts readability and > > -introduces an opportunity for a bug when the pointer variable type is changed > > -but the corresponding sizeof that is passed to a memory allocator is not. > > - > > Casting the return value which is a void pointer is redundant. The conversion > > from void pointer to any other pointer type is guaranteed by the C programming > > language. > > Thanks. I agree with this deletion. I don't. Every damn time I see a p = kmalloc(sizeof struct foo) I have to hunt around to check the type of p. And I review a lot of code!
Powered by blists - more mailing lists