Date: Mon, 1 Feb 2016 14:12:20 -0700 From: Warner Losh <imp@bsdimp.com> To: Mike Belopuhov <mike@belopuhov.com> Cc: Ryan Stone <rysto32@gmail.com>, "freebsd-arch@freebsd.org" <arch@freebsd.org> Subject: Re: OpenBSD mallocarray Message-ID: <1EA0ECF5-D7AC-430E-957D-C4D49F9A872B@bsdimp.com> In-Reply-To: <20160201210256.GA29188@yamori.belopuhov.com> References: <CAB815ZafpqJoqr1oH8mDJM=0RxLptQJpoJLexw6P6zOi7oSXTQ@mail.gmail.com> <CAG6CVpWbaFOQ1GzE1qmZFodXg_xZafmCc0b1kUh=0%2BFAjLPRvA@mail.gmail.com> <CAFMmRNyNKOgDEY89dVB=dqYDq6XyQo=MQR%2BHPJ2=_0VdDKRvAw@mail.gmail.com> <20160201210256.GA29188@yamori.belopuhov.com>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] > On Feb 1, 2016, at 2:02 PM, Mike Belopuhov <mike@belopuhov.com> wrote: > > On Mon, Feb 01, 2016 at 15:56 -0500, Ryan Stone wrote: >> On Mon, Feb 1, 2016 at 3:16 PM, Conrad Meyer <cem@freebsd.org> wrote: >> >>> >>> Sure. +1 from me. I don't think we want the M_CANFAIL hack, though. >>> >>> Best, >>> Conrad >>> >>> >> That may be the OpenBSD equivalent of M_NOWAIT. > > Not quite. From the man page: > > M_CANFAIL > > In the M_WAITOK case, if not enough memory is available, > return NULL instead of calling panic(9). If mallocarray() > detects an overflow or malloc() detects an excessive > allocation, return NULL instead of calling panic(9). Yea, we don’t want it calling panic. Ever. That turns an overflow into a DoS. Arguments should be properly checked so we can properly return EINVAL for bat-**** crazy ones. FreeBSD’s malloc doesn’t cave an excessive detector in it. My concern with this is that we have a number of different allocation routines in FreeBSD. This only goes after the malloc() vector, and even then it requires code changes. At best, CANFAIL is a kludge to fail with a panic instead of an overflow. That’s got to be at most a transient thing until all the code that it is kludged into with out proper thought is fixed. I’m not sure that’s something that we want to encourage. I’m all for safety, but this flag seems both unsafe and unwise. Warner [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJWr8o1AAoJEGwc0Sh9sBEA0I4QAK8rwoVmnywbLqxT5DZBarWY FE5UYxFB0DBd39wqGLFcoQ/zISL9rzXeAR2lKVOCS+FZE2lLxgYMACXaqIQrPaE2 KU4qFUNbcI1W9MOtf4oVOvLxAcGZNeAWl1/DJVILsh1YuBG8bKddTejIZSzuyQbE JxqCqpm47Tu+HF7og24IOUIN4SD9ko241NPS9tL0W0GU7ka4YodufK1khGFs303l SrkvXtTmkgxsAgR5jXOwyUThEuhnky1GQg++kOT2WjFJQ3fnpgdziDRrzMe0m2Dj x4YusPQkwpf8ydSO7MuIIFjiTw12eGg4AqQXWVit7bZ0I2+tSl9QZKt9e6tlgskU hcsGVR2395NU0zS1CZJGzqb5aNXJIozYOES8ZcDX272DLhack1IX0whH/hHb+RC7 z8AY0QYn28QrcUf40XI8QN25Y1V5Optn5QJCCIzylbt9Rat8orNvsH0tfLIA7uj/ M1Ak7IcLOkbJ8ioKSON26yd4tE1NzuzB6YeuD4NHVGWX47WvjzTnJlgK8pr1ZYUJ qvh3mqf/K7o+XlAUBzb8bNPN0VYH0LFUHWLYWHYJbvbaB+Ud7zu+yZbLdil9g7rC awXMK2GQ4D0DiK7UZSnMzR0Vjh0V0SYMdTvUfGhaZGIrAvlFARL9rADyav7D/mBB ozWxYbeOH8l3/XmWlJt9 =NecL -----END PGP SIGNATURE-----help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1EA0ECF5-D7AC-430E-957D-C4D49F9A872B>