From owner-freebsd-arch@freebsd.org  Mon Feb  1 21:12:21 2016
Return-Path: <owner-freebsd-arch@freebsd.org>
Delivered-To: freebsd-arch@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id E970EA9788C
 for <freebsd-arch@mailman.ysv.freebsd.org>;
 Mon,  1 Feb 2016 21:12:21 +0000 (UTC) (envelope-from imp@bsdimp.com)
Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::50:5])
 by mx1.freebsd.org (Postfix) with ESMTP id C4DC913D7
 for <freebsd-arch@freebsd.org>; Mon,  1 Feb 2016 21:12:21 +0000 (UTC)
 (envelope-from imp@bsdimp.com)
Received: by mailman.ysv.freebsd.org (Postfix)
 id C43F2A9788B; Mon,  1 Feb 2016 21:12:21 +0000 (UTC)
Delivered-To: arch@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id C2DD8A9788A
 for <arch@mailman.ysv.freebsd.org>; Mon,  1 Feb 2016 21:12:21 +0000 (UTC)
 (envelope-from imp@bsdimp.com)
Received: from mail-oi0-x235.google.com (mail-oi0-x235.google.com
 [IPv6:2607:f8b0:4003:c06::235])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 8476F13D5
 for <arch@freebsd.org>; Mon,  1 Feb 2016 21:12:21 +0000 (UTC)
 (envelope-from imp@bsdimp.com)
Received: by mail-oi0-x235.google.com with SMTP id p187so98594213oia.2
 for <arch@freebsd.org>; Mon, 01 Feb 2016 13:12:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=bsdimp-com.20150623.gappssmtp.com; s=20150623;
 h=sender:subject:mime-version:content-type:from:in-reply-to:date:cc
 :message-id:references:to;
 bh=hjZQ4PIu/SklDUtTtt2FT+xKrQdSHco5e3W2W/dzfG8=;
 b=t4+++yk6QzGEZD22GbrqzZvK890V3nijm3uAGGqBxc5X4XVKTbM86Iwdge2qnJRmVw
 Sosj/DZ9Ksu2piAEMJjUtF0wGDi07CeyJG4fHRPq5Dd+J+KoGfFgOibL1fJzZeCG0OP/
 jdFN49UJAzyWK1b1FHiC/1qSSPNCywrTS4FWHIgq3uNhRfaz8Y7PZoSkB5S6LP1oWURb
 EnQKb2QUAeBFRJtRlHQy5/0xwLyO2ejG60Z8z+MeWzvmPO2BJ+pROI4urbhqwGcRJ+Qu
 7pjmu2/wyoEE8EwYK4ROfNa+05tCiuLUoJStB7H3eYufB73fs8kmJAI0hhylcSAvNE8B
 ySVQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:sender:subject:mime-version:content-type:from
 :in-reply-to:date:cc:message-id:references:to;
 bh=hjZQ4PIu/SklDUtTtt2FT+xKrQdSHco5e3W2W/dzfG8=;
 b=MbHufMRQKCVEptMz0kOhSQy/bYSJ6ZfH+28blCUPckTcYDYZXnD+T/0BpO+eZs+hbh
 MUw2G2RkeCUqbJ00+PHJcUoIFrcsL3lAlPjieooY0QAQb9VMxiZt1jCLOQtoFWwnpTFF
 oEqh4SngC20BzcavIoYC3uNxZLwe3JU261rAS4CWhyefIl062uyjP5H8s8ZDnPRtKOSc
 0E4siBdbk5uSNS0YAIqbQpCtWxWlvVUNhFiPFyZPv1yUsy2YZgMyX0Tte5q3EF2FEdC3
 Jq1+XhdeJaGPDZ0xiBR9vdOSz+z4QHwfcOykLdSRMUPBZV5n2xju7zsPtAJjSdRL77Ww
 PEQQ==
X-Gm-Message-State: AG10YOSF6gXDFvFGqpCgGLCXeifko2fuQVuMnUSYeXuNYnuDIYyT9ilzCfhwpeySFNWCWg==
X-Received: by 10.202.222.7 with SMTP id v7mr18627740oig.79.1454361140606;
 Mon, 01 Feb 2016 13:12:20 -0800 (PST)
Received: from netflix-mac-wired.bsdimp.com ([50.253.99.174])
 by smtp.gmail.com with ESMTPSA id u142sm1664489oia.19.2016.02.01.13.12.19
 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
 Mon, 01 Feb 2016 13:12:20 -0800 (PST)
Sender: Warner Losh <wlosh@bsdimp.com>
Subject: Re: OpenBSD mallocarray
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
Content-Type: multipart/signed;
 boundary="Apple-Mail=_06A5EA6B-7610-4B5E-89C1-F2DF5947F9BF";
 protocol="application/pgp-signature"; micalg=pgp-sha512
X-Pgp-Agent: GPGMail 2.5.2
From: Warner Losh <imp@bsdimp.com>
In-Reply-To: <20160201210256.GA29188@yamori.belopuhov.com>
Date: Mon, 1 Feb 2016 14:12:20 -0700
Cc: Ryan Stone <rysto32@gmail.com>,
 "freebsd-arch@freebsd.org" <arch@freebsd.org>
Message-Id: <1EA0ECF5-D7AC-430E-957D-C4D49F9A872B@bsdimp.com>
References: <CAB815ZafpqJoqr1oH8mDJM=0RxLptQJpoJLexw6P6zOi7oSXTQ@mail.gmail.com>
 <CAG6CVpWbaFOQ1GzE1qmZFodXg_xZafmCc0b1kUh=0+FAjLPRvA@mail.gmail.com>
 <CAFMmRNyNKOgDEY89dVB=dqYDq6XyQo=MQR+HPJ2=_0VdDKRvAw@mail.gmail.com>
 <20160201210256.GA29188@yamori.belopuhov.com>
To: Mike Belopuhov <mike@belopuhov.com>
X-Mailer: Apple Mail (2.2104)
X-BeenThere: freebsd-arch@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Discussion related to FreeBSD architecture <freebsd-arch.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-arch>,
 <mailto:freebsd-arch-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-arch/>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Help: <mailto:freebsd-arch-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
 <mailto:freebsd-arch-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Feb 2016 21:12:22 -0000


--Apple-Mail=_06A5EA6B-7610-4B5E-89C1-F2DF5947F9BF
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=utf-8


> On Feb 1, 2016, at 2:02 PM, Mike Belopuhov <mike@belopuhov.com> wrote:
>=20
> On Mon, Feb 01, 2016 at 15:56 -0500, Ryan Stone wrote:
>> On Mon, Feb 1, 2016 at 3:16 PM, Conrad Meyer <cem@freebsd.org> wrote:
>>=20
>>>=20
>>> Sure.  +1 from me.  I don't think we want the M_CANFAIL hack, =
though.
>>>=20
>>> Best,
>>> Conrad
>>>=20
>>>=20
>> That may be the OpenBSD equivalent of M_NOWAIT.
>=20
> Not quite.  =46rom the man page:
>=20
>   M_CANFAIL
>=20
>   In the M_WAITOK case, if not enough memory is available,
>   return NULL instead of calling panic(9).  If mallocarray()
>   detects an overflow or malloc() detects an excessive
>   allocation, return NULL instead of calling panic(9).

Yea, we don=E2=80=99t want it calling panic. Ever. That turns an =
overflow
into a DoS. Arguments should be properly checked so we can
properly return EINVAL for bat-**** crazy ones. FreeBSD=E2=80=99s malloc
doesn=E2=80=99t cave an excessive detector in it.

My concern with this is that we have a number of different allocation
routines in FreeBSD. This only goes after the malloc() vector, and
even then it requires code changes.

At best, CANFAIL is a kludge to fail with a panic instead of an
overflow. That=E2=80=99s got to be at most a transient thing until all =
the
code that it is kludged into with out proper thought is fixed. I=E2=80=99m=
 not
sure that=E2=80=99s something that we want to encourage. I=E2=80=99m all =
for
safety, but this flag seems both unsafe and unwise.

Warner


--Apple-Mail=_06A5EA6B-7610-4B5E-89C1-F2DF5947F9BF
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJWr8o1AAoJEGwc0Sh9sBEA0I4QAK8rwoVmnywbLqxT5DZBarWY
FE5UYxFB0DBd39wqGLFcoQ/zISL9rzXeAR2lKVOCS+FZE2lLxgYMACXaqIQrPaE2
KU4qFUNbcI1W9MOtf4oVOvLxAcGZNeAWl1/DJVILsh1YuBG8bKddTejIZSzuyQbE
JxqCqpm47Tu+HF7og24IOUIN4SD9ko241NPS9tL0W0GU7ka4YodufK1khGFs303l
SrkvXtTmkgxsAgR5jXOwyUThEuhnky1GQg++kOT2WjFJQ3fnpgdziDRrzMe0m2Dj
x4YusPQkwpf8ydSO7MuIIFjiTw12eGg4AqQXWVit7bZ0I2+tSl9QZKt9e6tlgskU
hcsGVR2395NU0zS1CZJGzqb5aNXJIozYOES8ZcDX272DLhack1IX0whH/hHb+RC7
z8AY0QYn28QrcUf40XI8QN25Y1V5Optn5QJCCIzylbt9Rat8orNvsH0tfLIA7uj/
M1Ak7IcLOkbJ8ioKSON26yd4tE1NzuzB6YeuD4NHVGWX47WvjzTnJlgK8pr1ZYUJ
qvh3mqf/K7o+XlAUBzb8bNPN0VYH0LFUHWLYWHYJbvbaB+Ud7zu+yZbLdil9g7rC
awXMK2GQ4D0DiK7UZSnMzR0Vjh0V0SYMdTvUfGhaZGIrAvlFARL9rADyav7D/mBB
ozWxYbeOH8l3/XmWlJt9
=NecL
-----END PGP SIGNATURE-----

--Apple-Mail=_06A5EA6B-7610-4B5E-89C1-F2DF5947F9BF--