lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250228133440.GB15240@mit.edu>
Date: Fri, 28 Feb 2025 08:34:40 -0500
From: "Theodore Ts'o" <tytso@....edu>
To: Julian Sun <sunjunchao2870@...il.com>
Cc: Baokun Li <libaokun1@...wei.com>, linux-ext4@...r.kernel.org,
        adilger.kernel@...ger.ca, jack@...e.cz,
        Yang Erkun <yangerkun@...wei.com>
Subject: Re: [PATCH] ext4: remove unnecessary checks for __GFP_NOFAIL
 allocation.

On Fri, Feb 28, 2025 at 05:30:06PM +0800, Julian Sun wrote:
> > Actually, even with __GFP_NOFAIL set, kcalloc() can still return NULL,
> > such as when the input parameters overflow.
> >
> Yeah, agreed. But IMO an overflow shouldn’t happen in this situation.
> 
> If there's something I'm missing, please let me know.

It's not a matter of missing something; or even Right vs Wrong.
Different maintainers have different tastes about this sort of thing.

The mm folks have changed the meaning of __GFP_NOFAIL in the past
(TL;DR: they *hate* that concept, and I wouldn't be surprised if they
try to change its behavior in the future) and especially in large code
bases such as the Linux Kernel, I'm a big believer in defensive
programming.

As Linus has said in a different thread, when a compiler adds warnings
because of what it thinks are "unnecessary" range checks, that's a bad
warning.  Adding extra range checks is never a bad thing, and compiler
behaviour that whine about that sort of thing are.... unfortunate.
Similarly, I'd much rather keep the extra check.

(Also, there exist static program checkers, such as Coverity, that
don't know about the semantics of the GFP_* flags, and so removing the
check would actually cause those tools to complain.)

Cheers,

					- Ted

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ