Lines Matching +full:non +full:- +full:linear
1 .. SPDX-License-Identifier: GPL-2.0
21 ------------
33 ------------------
35 error condition as gracefully as possible. While the BUG()-family
42 <https://lore.kernel.org/lkml/CA+55aFy6jNLsywVYdGp83AMrXBo_P-pkjkphPGrO=82SPKCpLQ@mail.gmail.com/>`_
44 <https://lore.kernel.org/lkml/CAHk-=whDHsbK3HTOpTF=ue_o04onRwTEaK_ZoJp_fjbqq4+=Jw@mail.gmail.com/>`…
46 Note that the WARN()-family should only be used for "expected to
48 but undesirable" situations, please use the pr_warn()-family of
54 open-coded arithmetic in allocator arguments
55 --------------------------------------------
60 allocations could lead to linear overflows of heap memory and other
63 cases is to refactor the code as suggested below to avoid the open-coded
70 Instead, the 2-factor form of the allocator should be used::
77 If no 2-factor form is available, the saturate-on-overflow helpers should
85 header = kzalloc(sizeof(*header) + count * sizeof(*header->item),
92 .. note:: If you are using struct_size() on a structure containing a zero-length
93 or a one-element array as a trailing array member, please refactor such
95 <#zero-length-and-one-element-arrays>`_ instead.
100 foo = krealloc(current_size + chunk_size * (count - 3), GFP_KERNEL);
113 ----------------------------------------------------------------------
123 --------
125 could result in linear overflows beyond the end of the buffer, leading to
131 the destination, but rather a count of non-NUL bytes copied (or negative
134 strncpy() on NUL-terminated strings
135 -----------------------------------
137 be NUL terminated. This can lead to various linear read overflows and
138 other misbehavior due to the missing termination. It also NUL-pads
141 for callers using only NUL-terminated strings.
143 When the destination is required to be NUL-terminated, the replacement is
146 destination, but rather a count of non-NUL bytes copied (or negative
147 errno when it truncates). Any cases still needing NUL-padding should
150 If a caller is using non-NUL-terminated strings, strtomem() should be
152 <https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html>`_
154 NUL-padding, strtomem_pad() can be used.
157 ---------
160 size limit. This is both inefficient and can lead to linear read overflows
161 if a source string is not NUL-terminated. The safe replacement is strscpy(),
166 -------------------
177 - If the hashed "%p" value is pointless, ask yourself whether the pointer
179 - If you really think the true pointer value is important, why is some
190 -----------------------------
192 sized stack arrays. While these non-trivial `performance issues
200 Implicit switch case fall-through
201 ---------------------------------
221 implicit fall-through. In order to identify intentional fall-through
222 cases, we have adopted a pseudo-keyword macro "fallthrough" which
224 <https://gcc.gnu.org/onlinedocs/gcc/Statement-Attributes.html>`_.
227 for the macro pseudo-keyword.)
237 Zero-length and one-element arrays
238 ----------------------------------
242 for these cases. The older style of one-element or zero-length arrays should
246 a one-element array at the end of a structure::
255 the "header"). A `GNU C extension <https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html>`_
256 was introduced to allow for zero-length arrays, to avoid these kinds of
286 sizeof() operator to a zero-length array always results in zero::
296 instance->count = count;
298 size = sizeof(instance->items) * instance->count;
299 memcpy(instance->items, source, size);
309 operator may not be applied <https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html>`_,
312 With respect to one-element arrays, one has to be acutely aware that `such arrays
314 <https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html>`_,
326 instance = kmalloc(struct_size(instance, items, count - 1), GFP_KERNEL);
327 instance->count = count;
329 size = sizeof(instance->items) * instance->count;
330 memcpy(instance->items, source, size);
332 In the example above, we had to remember to calculate ``count - 1`` when using
333 the struct_size() helper, otherwise we would have --unintentionally-- allocated
334 memory for one too many ``items`` objects. The cleanest and least error-prone way
346 instance->count = count;
348 memcpy(instance->items, source, flex_array_size(instance, items, instance->count));