From: malc <av1474@comtv.ru>
To: Markus Armbruster <armbru@redhat.com>
Cc: qemu-devel@nongnu.org, Paul Brook <paul@codesourcery.com>
Subject: Re: [Qemu-devel] [PATCH] Permit zero-sized qemu_malloc() & friends
Date: Sun, 6 Dec 2009 15:00:51 +0300 (MSK) [thread overview]
Message-ID: <Pine.LNX.4.64.0912061454420.9249@linmac.oyster.ru> (raw)
In-Reply-To: <m3bpictl2j.fsf@crossbow.pond.sub.org>
On Sun, 6 Dec 2009, Markus Armbruster wrote:
> malc <av1474@comtv.ru> writes:
>
> > On Sun, 6 Dec 2009, Markus Armbruster wrote:
> >
> >> malc <av1474@comtv.ru> writes:
> >>
> >
> > [..snip..]
> >
> >>
> >> read(fd, malloc(0), 0) is just fine, because read() doesn't touch the
> >> buffer when the size is zero.
> >>
> >
> > [..snip..]
> >
> > Yet under linux the address is checked even for zero case.
>
> Any value you can obtain from malloc() passes that check.
>
> Why does the fact that you can construct pointers that don't pass this
> check matter for our discussion of malloc()?
>
> >> > I don't know what a "valid pointer" in this context represents.
> >>
> >> I can talk standardese, if you prefer :)
> >>
> >> malloc() either returns either a null pointer or a pointer to the
> >> allocated space. In either case, you must not dereference the pointer.
> >>
> >> OpenBSD chooses to return a pointer to the allocated space. It chooses
> >> to catch common ways to dereference the pointer.
> >>
> >> Your "p = (void *)-1" is neither a null pointer nor can it point to
> >> allocated space on your particular system. Hence, it cannot be a value
> >> of malloc() for any argument, and therefore what read() does with it on
> >> that particular system doesn't matter.
> >>
> >
> > Here, i believe, you are inventing artificial restrictions on how
> > malloc behaves, i don't see anything that prevents the implementor
> > from setting aside a range of addresses with 31st bit set as an
> > indicator of "zero" allocations, and then happily giving it to the
> > user of malloc and consumming it in free.
>
> Misunderstanding? Such behavior is indeed permissible, and I can't see
> where I restricted it away. An implementation that behaves as you
> describe returns "pointer to allocated space". That the pointer has
> some funny bit set doesn't matter. That it can't be dereferenced is
> just fine.
>
> I'm not sure what your point is. If it is that malloc(0) can return a
> value that cannot be passed to a zero-sized read(), then I fear you have
> not made your point.
One more attempt to make it clearer. If you agree that this behaviour
is permissible then the game is lost as things stand now under Linux,
since replacing [1]:
void *p = (void *) -1
with:
void *p = (void *) 0x80000000
or anything else with said bit set will yield EFAULT. Consequently the
code you cited as a well behaving malloc(0) call site will bomb.
[1] Under 32bit Linux that is, with the usual split.
--
mailto:av1474@comtv.ru
next prev parent reply other threads:[~2009-12-06 12:01 UTC|newest]
Thread overview: 119+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-11-30 13:55 [Qemu-devel] [PATCH] Permit zero-sized qemu_malloc() & friends Markus Armbruster
2009-11-30 14:01 ` Avi Kivity
2009-11-30 14:23 ` Kevin Wolf
2009-12-01 12:40 ` Gerd Hoffmann
2009-12-01 12:57 ` Paul Brook
2009-12-01 13:47 ` Glauber Costa
2009-12-01 14:08 ` Markus Armbruster
2009-12-01 14:47 ` Gerd Hoffmann
2009-12-01 14:21 ` Paul Brook
2009-12-01 12:57 ` Gerd Hoffmann
2009-12-01 13:11 ` Markus Armbruster
2009-12-01 14:34 ` Avi Kivity
2009-12-01 14:53 ` Gerd Hoffmann
2009-12-01 15:32 ` Eduardo Habkost
2009-12-04 16:49 ` Anthony Liguori
2009-12-05 13:55 ` Markus Armbruster
2009-12-05 14:14 ` Laurent Desnogues
2009-12-05 17:08 ` malc
2009-12-05 17:23 ` Avi Kivity
2009-12-05 18:30 ` Reimar Döffinger
2009-12-06 7:57 ` Markus Armbruster
2009-12-06 8:39 ` malc
2009-12-06 8:59 ` Markus Armbruster
2009-12-06 10:22 ` malc
2009-12-06 10:40 ` Avi Kivity
2009-12-06 11:53 ` malc
2009-12-06 12:07 ` Avi Kivity
2009-12-06 12:11 ` malc
2009-12-06 12:23 ` Avi Kivity
2009-12-06 11:10 ` Markus Armbruster
2009-12-06 12:00 ` malc [this message]
2009-12-06 16:23 ` [Qemu-devel] " Paolo Bonzini
2009-12-07 8:35 ` [Qemu-devel] " Kevin Wolf
2009-12-07 9:42 ` Markus Armbruster
2009-12-07 10:00 ` malc
2009-12-07 10:17 ` Kevin Wolf
2009-12-07 10:35 ` Markus Armbruster
2009-12-06 11:35 ` [Qemu-devel] " Paolo Bonzini
2009-12-06 12:02 ` malc
2009-12-06 16:23 ` Paolo Bonzini
2009-12-06 9:02 ` [Qemu-devel] " Blue Swirl
2009-12-06 10:02 ` malc
2009-12-05 17:07 ` Avi Kivity
2009-12-05 17:27 ` Anthony Liguori
2009-12-05 17:40 ` Avi Kivity
2009-12-05 17:54 ` Anthony Liguori
2009-12-05 18:06 ` Avi Kivity
2009-12-05 20:58 ` Anthony Liguori
2009-12-05 22:26 ` Avi Kivity
2009-12-06 8:24 ` Markus Armbruster
2009-12-06 18:36 ` Jamie Lokier
2009-12-06 8:12 ` Markus Armbruster
2009-12-06 16:52 ` Ian Molton
2009-12-06 17:14 ` Avi Kivity
2009-12-06 17:45 ` malc
2009-12-06 18:02 ` Avi Kivity
2009-12-06 18:12 ` malc
2009-12-06 18:19 ` Avi Kivity
2009-12-06 18:41 ` malc
2009-12-07 9:47 ` Avi Kivity
2009-12-07 10:20 ` Kevin Wolf
2009-12-06 22:38 ` Ian Molton
2009-12-07 2:51 ` Jamie Lokier
2009-12-07 9:39 ` Ian Molton
2009-12-07 9:55 ` [Qemu-devel] " Paolo Bonzini
2009-12-07 13:28 ` Avi Kivity
2009-12-07 9:45 ` [Qemu-devel] " Markus Armbruster
2009-12-07 8:48 ` Kevin Wolf
2009-12-07 17:32 ` Glauber Costa
2009-12-05 17:28 ` Blue Swirl
2009-12-05 17:44 ` Avi Kivity
2009-12-05 18:16 ` Laurent Desnogues
2009-12-05 23:08 ` Ian Molton
2009-12-05 23:11 ` Avi Kivity
2009-12-05 23:25 ` Ian Molton
2009-12-06 13:07 ` Avi Kivity
2009-12-06 16:58 ` Ian Molton
2009-12-06 17:07 ` Avi Kivity
2009-12-06 17:47 ` malc
2009-12-06 17:59 ` Avi Kivity
2009-12-06 18:09 ` malc
2009-12-06 18:16 ` Avi Kivity
2009-12-06 18:21 ` malc
2009-12-06 22:40 ` Ian Molton
2009-12-06 18:31 ` Jamie Lokier
2009-12-07 9:56 ` Markus Armbruster
2009-12-07 11:30 ` malc
2009-12-07 14:45 ` Markus Armbruster
2009-12-07 16:55 ` malc
2009-12-08 8:21 ` Markus Armbruster
2009-12-08 10:22 ` malc
2009-12-07 15:50 ` Anthony Liguori
2009-12-07 16:00 ` Avi Kivity
2009-12-07 16:06 ` Anthony Liguori
2009-12-07 16:11 ` Avi Kivity
2009-12-07 16:20 ` Anthony Liguori
2009-12-07 16:26 ` Avi Kivity
2009-12-07 16:32 ` Anthony Liguori
2009-12-07 16:37 ` Avi Kivity
2009-12-07 16:59 ` Anthony Liguori
2009-12-07 17:07 ` Avi Kivity
2009-12-07 17:09 ` Anthony Liguori
2009-12-07 17:13 ` Avi Kivity
2009-12-07 17:17 ` Anthony Liguori
2009-12-07 17:19 ` Avi Kivity
2009-12-07 17:40 ` Anthony Liguori
2009-12-07 18:25 ` Avi Kivity
2009-12-07 18:59 ` Anthony Liguori
2009-12-07 19:01 ` Avi Kivity
2009-12-07 19:07 ` Anthony Liguori
2009-12-07 16:24 ` Paul Brook
2009-12-07 16:27 ` Anthony Liguori
2009-12-07 16:28 ` Avi Kivity
2009-12-07 16:57 ` malc
2009-12-07 17:01 ` Anthony Liguori
2009-12-07 17:09 ` malc
2009-12-08 9:02 ` Kevin Wolf
2009-12-07 18:12 ` Blue Swirl
2009-12-08 8:30 ` Markus Armbruster
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Pine.LNX.4.64.0912061454420.9249@linmac.oyster.ru \
--to=av1474@comtv.ru \
--cc=armbru@redhat.com \
--cc=paul@codesourcery.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).