tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: kmem_calloc and overflow checks [was Re: [PATCH] netbsd32 swapctl, round 4]

Le 02/02/2014 16:56, Taylor R Campbell a écrit :
    Date: Sun, 02 Feb 2014 16:43:49 +0100
    From: Jean-Yves Migeon <>

    Even functions like calloc(3) are not required to check for the overflow
    themselves when you pass them (number of elements, sizeof elements).

    Overflow checks are rather cumbersome in C...

Calloc(3) may not check, but we could define the semantics of
kmem_calloc to guarantee an overflow check in order to make it less
cumbersome for callers.

Yep, right.

We are a bit sliding away from the original swap32 compat code from Emmanuel though :)

In this case I would leave the overflow checks, as this is not a real performance critical path. It is more a matter of avoiding errors by cargo cult programming if the code gets copy/pasted elsewhere but not adapted correctly.

I think that implementing "integer overflow" checks in kernel (and also userland) functions requires to be thought about more thoroughly. It is inconvenient to have APIs with some that do's and some that don'ts.


Jean-Yves Migeon

Home | Main Index | Thread Index | Old Index