From: ecolbus@voila.fr
To: linux-kernel@vger.kernel.org
Subject: Re: Why is the kfree() argument const?
Date: Fri, 18 Jan 2008 13:45:21 +0100 (CET) [thread overview]
Message-ID: <303169.30591200660321083.JavaMail.www@wwinf4620> (raw)
Giacomo Catenazzi wrote:
> const No writes through this lvalue. In the absence of this qualifier, writes may occur
> through this lvalue.
>
> volatile No cacheing through this lvalue: each operation in the abstract semantics must
> be performed (that is, no cacheing assumptions may be made, since the location
> is not guaranteed to contain any previous value). In the absence of this qualifier,
> the contents of the designated location may be assumed to be unchanged except
> for possible aliasing.
Well, I'm still wondering if there is not something dangerous or weird about
declaring the argument of kfree() to be const...
Since the content of the referenced object is unlikely to be declared volatile, the
compiler should be allowed to assume that its content was not changed, except
for possible aliasing. But what happens if the compiler can also prove there is
no aliasing? In that case, he should be allowed to assume that the content
pointed to was not modified at all, right?
Consider the following code :
struct something {
int i;
};
...
struct something *s1, *s2;
extern int val;
s1 = kmalloc(sizeof(*s1), SOME_FLAGS);
if (s1 == NULL)
return -ENOMEM;
s1->i = do_something();
do_some_other_thing();
s2 = kmalloc(sizeof(*s2), SOME_FLAGS);
if (s2 == NULL){
val = s1->i; /* XXX */
kfree(s1);
return -ENOMEM;
}
Fortunately, kmalloc is not declared with attribute malloc in the kernel,
so there should be no problem, but if it were (and, actually, I've not found
why it wasn't), the compiler would be able to tell that *s1 *cannot*
be aliased, and therefore decide to move val = s1->i *after* having
called kfree(). In that case, we would clearly have a bug...
So, although this should currently work, code which breaks if you do
a legitimate modification somewere else looks quite dangerous to me.
Or maybe there is a rationale for never declaring kmalloc to have the
attribute malloc in the first place...
Or is there simply something that I still don't understand, Giacomo?
Cheers,
Emmanuel Colbus
next reply other threads:[~2008-01-18 13:30 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-01-18 12:45 ecolbus [this message]
2008-01-18 15:20 ` Why is the kfree() argument const? Giacomo A. Catenazzi
[not found] <fa.cHMztHfqJXv7vw5O0nQ8SdTrma0@ifi.uio.no>
[not found] ` <fa.V9M+5l8C/um5KEiBtZOjbJDQmu4@ifi.uio.no>
2013-01-12 19:18 ` antoine.trux
2013-01-13 8:10 ` Chen Gang F T
2013-01-13 17:41 ` Guenter Roeck
2013-01-14 1:45 ` Chen Gang F T
2013-01-13 20:54 ` Cong Ding
2013-01-14 1:18 ` Chen Gang F T
-- strict thread matches above, loose matches on Subject: below --
2008-01-18 19:10 ecolbus
2008-01-18 16:45 ecolbus
2008-01-18 18:20 ` Olivier Galibert
[not found] <MDEHLPKNGKAHNMBLJOLKIEGIJJAC.davids@webmaster.com>
2008-01-17 21:25 ` Linus Torvalds
2008-01-17 22:28 ` David Schwartz
2008-01-17 23:10 ` Linus Torvalds
2008-01-18 0:56 ` David Schwartz
2008-01-18 1:15 ` Linus Torvalds
2008-01-18 5:02 ` David Schwartz
2008-01-18 15:38 ` Chris Friesen
2008-01-18 16:10 ` Linus Torvalds
2008-01-18 20:55 ` David Schwartz
2008-01-18 17:37 ` Olivier Galibert
2008-01-18 18:06 ` DM
2008-01-18 7:51 ` Giacomo Catenazzi
2008-01-18 8:20 ` Giacomo Catenazzi
2008-01-18 13:53 ` Andy Lutomirski
2008-01-18 17:24 ` Olivier Galibert
2008-01-18 22:29 ` J.A. Magallón
2008-01-18 23:44 ` Krzysztof Halasa
2008-01-18 13:54 ` Andy Lutomirski
2008-01-18 19:14 ` Vadim Lobanov
2008-01-18 19:31 ` Zan Lynx
2008-01-18 19:55 ` Vadim Lobanov
2008-01-18 8:30 ` Vadim Lobanov
2008-01-18 9:48 ` Jakob Oestergaard
2008-01-18 11:47 ` Giacomo A. Catenazzi
2008-01-18 14:39 ` Jakob Oestergaard
2008-01-18 19:06 ` Vadim Lobanov
2008-01-18 13:31 ` Björn Steinbrink
2008-01-18 14:53 ` Jakob Oestergaard
2008-01-16 16:32 Johannes Weiner
2008-01-16 16:48 ` Christoph Lameter
2008-01-16 17:34 ` Bernd Petrovitsch
2008-01-16 17:45 ` Pekka J Enberg
2008-01-16 18:39 ` Linus Torvalds
2008-01-16 22:19 ` Johannes Weiner
2008-01-16 22:20 ` Christoph Lameter
2008-01-16 22:37 ` Johannes Weiner
2008-01-16 23:13 ` Johannes Weiner
2008-01-16 23:18 ` Linus Torvalds
2008-01-16 23:16 ` Linus Torvalds
2008-01-16 22:33 ` Steven Rostedt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=303169.30591200660321083.JavaMail.www@wwinf4620 \
--to=ecolbus@voila.fr \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.