[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.LFD.0.98.0706011947030.3957@woody.linux-foundation.org>
Date: Fri, 1 Jun 2007 19:54:57 -0700 (PDT)
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Christoph Lameter <clameter@....com>
cc: akpm@...ux-foundation.org, linux-kernel@...r.kernel.org,
Jeremy Fitzhardinge <jeremy@...p.org>
Subject: Re: SLUB: Return ZERO_SIZE_PTR for kmalloc(0)
On Fri, 1 Jun 2007, Christoph Lameter wrote:
>
> - if (!x)
> + if (x <= ZERO_SIZE_PTR)
> return;
Btw, this is _not_ safe.
A number of gcc versions have done signed arithmetic on pointers. It's
insane and stupid, but it happens, and it so happens to work on
architectures where the point where the sign changes over is not a valid
pointer area.
On x86, doing signed arithmetic on pointers is a clear and unambiguous
_bug_ (because a C object really _can_ start in "positive" space and end
in "negative" pointer space), but I think some gcc versions did it there
too.
On some other architectures, like x86-64, the virtual memory around the
magic switch-over point is not mappable, so a C object cannot validly
straddle the area where positive overflows into negative, and as such a
compiler _could_ consider pointers to be signed (although I really don't
see the point).
So when I suggested the uglier
if ((unsigned long)x <= 16)
return;
I really did mean to use that ugly cast.. Yours is prettier, but sadly,
yours is simply not safe: a signed comparison might end up making _all_
kernel pointers trigger that test.
Linus
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists