lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Fri, 1 Jun 2007 16:00:30 -0700 (PDT)
From:	Linus Torvalds <torvalds@...ux-foundation.org>
To:	Christoph Lameter <clameter@....com>
cc:	Andrew Morton <akpm@...ux-foundation.org>,
	Jeremy Fitzhardinge <jeremy@...p.org>,
	Srinivasa Ds <srinivasa@...ibm.com>,
	linux-kernel@...r.kernel.org,
	Srivatsa Vaddagiri <vatsa@...ibm.com>,
	Dinakar Guniguntala <dino@...ibm.com>, pj@....com,
	simon.derr@...l.net, clameter@...ulhu.engr.sgi.com,
	rientjes@...gle.com
Subject: Re: [RFC] [PATCH] cpuset operations causes Badness at mm/slab.c:777
 warning



On Fri, 1 Jun 2007, Christoph Lameter wrote:
> 
> Right it could catch a lot of other bugs as well.

I'd actually prefer "malloc(0)" to _not_ return NULL, but some known 
(non-NULL) bogus pointer.

Why?

Because it's quite sane to have simple logic like

	ptr = malloc(size);
	if (!ptr)
		return -ENOMEM;

and writing it as

	if (size && !ptr)
		return -ENOMEM;

is just annoying.

Also, NULL is _special_. There are absolutely tons of code in the kernel 
(and elsewhere) that just does something *different* from NULL pointers, 
and that totally breaks the whole notion of "you can allocate a zero-sized 
allocation, you just must not dereference it". If people special-case 
NULL as something else, they won't even go through the normal code-path.

So for *both* of the above reasons, it's actually stupid to return NULL 
for a zero-sized allocation. It would be much better to return another 
pointer that will trap on access. A good candidate might be to return

	#define BADPTR ((void *)16)

which is a portable-enough (where "portable-enough" is "against strict 
ANSI C rules, but works in practice on all architectures") way to return 
something that will cause the same page fault behaviour as NULL, but will 
_not_ trigger the "NULL is special" code.

(Of course, you then need to teach "kfree()" to accept it as another 
pointer to be ignored, that's fine).

I bet you'd find *more* problems that way than by returning NULL, and 
you'd also avoid the whole problem with "if (!ptr) return -ENOMEM".

		Linus
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists