Subject: Re: CMSG_* problems
To: der Mouse <mouse@Rodents.Montreal.QC.CA>
From: Robert Elz <kre@munnari.OZ.AU>
List: tech-kern
Date: 02/13/2007 16:35:01
I've been skimming the recent list (all NetBSD lists) messages
recently as I've been seding a few messages, and don't want toq
miss out on noticing any replies or discussion (I'm still really
60K messages back in my normal reading), if I can - and I noticed
this little "discussion" going on.

On one hand I agree with der Mouse - code really ought be written
ultra-robustly, but on the other hand, I know that it simply
won't be, and attempting to tell your average application programmer
(who isn't really likely to be looking at ancillary data anyway,
really) that it is necessary to bcopy (or memcpy these days)
structs around before accessing them, when it clearly works
to simply de-reference a pointer is just not going to succeed.

The crux of this argument seems to be that we (it is said)
cannot know what is the right alignment to use for the buffer
because we don't know in advance what kinds of data might
happened to be returned to us.

Thus, the discussion has meandered off into a discussion of
how to make something suitably aligned for absolutely anything
(other than via malloc, which guarantees this) so whatever
data comes back, the alignment will be OK.

The alternative being der Mouse's complications, the
existance of which seem as if they would do no harm, but
nor would they really be very frequently used, IMO.

But that's all nonsense - it's true that we don't know the
alignment of everything that might be returned, but we
certainly do know the alignment costraints of everything
that's returned that we are actually going to reference.
And that's all that matters.   It is irrelevant if a
returned struct contains some bizarre data type with
some weird alignment constraint, that we haven't provided
a buffer suitable to meet, if we're not going to actually
access that data item - it can sit there, improperly aligned,
as long as it likes, harming no-one.

On the other hand, if I'm going to reference ptr->long_var
where ptr came from CMSG_DATA() then the buffer into which
I read the cmsg data needs to be aligned suitably for a long.
Add the alignment constraints of any other data I access
that way, and I have the alignment constraint for the buffer.
In any case it needs to be aligned suitably for pointers,
(for the CMSG macros themselves).

It doesn't sound nearly so impossible if you think of it
this way.

kre