Date: Mon, 1 Feb 2016 14:12:20 -0700 From: Warner Losh <imp@bsdimp.com> To: Mike Belopuhov <mike@belopuhov.com> Cc: Ryan Stone <rysto32@gmail.com>, "freebsd-arch@freebsd.org" <arch@freebsd.org> Subject: Re: OpenBSD mallocarray Message-ID: <1EA0ECF5-D7AC-430E-957D-C4D49F9A872B@bsdimp.com> In-Reply-To: <20160201210256.GA29188@yamori.belopuhov.com> References: <CAB815ZafpqJoqr1oH8mDJM=0RxLptQJpoJLexw6P6zOi7oSXTQ@mail.gmail.com> <CAG6CVpWbaFOQ1GzE1qmZFodXg_xZafmCc0b1kUh=0%2BFAjLPRvA@mail.gmail.com> <CAFMmRNyNKOgDEY89dVB=dqYDq6XyQo=MQR%2BHPJ2=_0VdDKRvAw@mail.gmail.com> <20160201210256.GA29188@yamori.belopuhov.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_06A5EA6B-7610-4B5E-89C1-F2DF5947F9BF Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 > On Feb 1, 2016, at 2:02 PM, Mike Belopuhov <mike@belopuhov.com> wrote: >=20 > On Mon, Feb 01, 2016 at 15:56 -0500, Ryan Stone wrote: >> On Mon, Feb 1, 2016 at 3:16 PM, Conrad Meyer <cem@freebsd.org> wrote: >>=20 >>>=20 >>> Sure. +1 from me. I don't think we want the M_CANFAIL hack, = though. >>>=20 >>> Best, >>> Conrad >>>=20 >>>=20 >> That may be the OpenBSD equivalent of M_NOWAIT. >=20 > Not quite. =46rom the man page: >=20 > M_CANFAIL >=20 > In the M_WAITOK case, if not enough memory is available, > return NULL instead of calling panic(9). If mallocarray() > detects an overflow or malloc() detects an excessive > allocation, return NULL instead of calling panic(9). Yea, we don=E2=80=99t want it calling panic. Ever. That turns an = overflow into a DoS. Arguments should be properly checked so we can properly return EINVAL for bat-**** crazy ones. FreeBSD=E2=80=99s malloc doesn=E2=80=99t cave an excessive detector in it. My concern with this is that we have a number of different allocation routines in FreeBSD. This only goes after the malloc() vector, and even then it requires code changes. At best, CANFAIL is a kludge to fail with a panic instead of an overflow. That=E2=80=99s got to be at most a transient thing until all = the code that it is kludged into with out proper thought is fixed. I=E2=80=99m= not sure that=E2=80=99s something that we want to encourage. I=E2=80=99m all = for safety, but this flag seems both unsafe and unwise. Warner --Apple-Mail=_06A5EA6B-7610-4B5E-89C1-F2DF5947F9BF Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJWr8o1AAoJEGwc0Sh9sBEA0I4QAK8rwoVmnywbLqxT5DZBarWY FE5UYxFB0DBd39wqGLFcoQ/zISL9rzXeAR2lKVOCS+FZE2lLxgYMACXaqIQrPaE2 KU4qFUNbcI1W9MOtf4oVOvLxAcGZNeAWl1/DJVILsh1YuBG8bKddTejIZSzuyQbE JxqCqpm47Tu+HF7og24IOUIN4SD9ko241NPS9tL0W0GU7ka4YodufK1khGFs303l SrkvXtTmkgxsAgR5jXOwyUThEuhnky1GQg++kOT2WjFJQ3fnpgdziDRrzMe0m2Dj x4YusPQkwpf8ydSO7MuIIFjiTw12eGg4AqQXWVit7bZ0I2+tSl9QZKt9e6tlgskU hcsGVR2395NU0zS1CZJGzqb5aNXJIozYOES8ZcDX272DLhack1IX0whH/hHb+RC7 z8AY0QYn28QrcUf40XI8QN25Y1V5Optn5QJCCIzylbt9Rat8orNvsH0tfLIA7uj/ M1Ak7IcLOkbJ8ioKSON26yd4tE1NzuzB6YeuD4NHVGWX47WvjzTnJlgK8pr1ZYUJ qvh3mqf/K7o+XlAUBzb8bNPN0VYH0LFUHWLYWHYJbvbaB+Ud7zu+yZbLdil9g7rC awXMK2GQ4D0DiK7UZSnMzR0Vjh0V0SYMdTvUfGhaZGIrAvlFARL9rADyav7D/mBB ozWxYbeOH8l3/XmWlJt9 =NecL -----END PGP SIGNATURE----- --Apple-Mail=_06A5EA6B-7610-4B5E-89C1-F2DF5947F9BF--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1EA0ECF5-D7AC-430E-957D-C4D49F9A872B>