Re: reallocarr(3)

To: christos%zoulas.com@localhost (Christos Zoulas)
Subject: Re: reallocarr(3)
From: Mindaugas Rasiukevicius <rmind%netbsd.org@localhost>
Date: Sat, 7 Feb 2015 18:19:46 +0000

christos%zoulas.com@localhost (Christos Zoulas) wrote:
> On Feb 7,  5:54pm, jym%NetBSD.org@localhost (Jean-Yves Migeon) wrote:
> -- Subject: Re: reallocarr(3)
> 
> | Le 06/02/2015 01:50, Kamil Rytarowski a écrit :
> | > Is it fine to have this function for the kernel too?
> | 
> | TBH I think that the kernel should rather rely on generic integer 
> | overflow/underflow checks for its allocation APIs, a bit like the size 
> | overflow plugin you can find in grsec.
> | 
> | pool_cache(9) are generally sufficient enough to handle arrays of
> | object with a fixed size (behind the curtain), adding yet-another
> | allocator would not address the various kmem_alloc/malloc() call sites
> | that already exist in kernel.
> | 
> | Of course this opinion is just mine :)
> 
> The idiom number-of-elements * size is too common, and instead of
> protecting it by opencoding overflow everywhere, it is simpler to provide
> an allocator that does this internally...

We really do not need another interface in the kernel.  If you allocate
kernel memory given the user input, it should be sanity-checked anyway,
i.e. not only for the overflow, unless you think that letting the user
to arbitrarily allocate tons of KVA is a good idea.

Nevermind that this reallocarr{ay,} is a pretty poor interface anyway..

-- 
Mindaugas

References:
- Re: reallocarr(3)
  - From: Jean-Yves Migeon
- Re: reallocarr(3)
  - From: Christos Zoulas

Prev by Date: Re: reallocarr(3)
Next by Date: Disable texinfo by default?
Previous by Thread: Re: reallocarr(3)
Next by Thread: Re: reallocarr(3)
Indexes:

Home | Main Index | Thread Index | Old Index