Index Home About Blog
From: Linus Torvalds <torvalds@linux-foundation.org>
Newsgroups: fa.linux.kernel
Subject: Re: SLUB: Return ZERO_SIZE_PTR for kmalloc(0)
Date: Sat, 02 Jun 2007 02:55:35 UTC
Message-ID: <fa.4raBhe9yHKT4xs1KcJHoMgyWdI8@ifi.uio.no>

On Fri, 1 Jun 2007, Christoph Lameter wrote:
>
> -	if (!x)
> +	if (x <= ZERO_SIZE_PTR)
>  		return;

Btw, this is _not_ safe.

A number of gcc versions have done signed arithmetic on pointers. It's
insane and stupid, but it happens, and it so happens to work on
architectures where the point where the sign changes over is not a valid
pointer area.

On x86, doing signed arithmetic on pointers is a clear and unambiguous
_bug_ (because a C object really _can_ start in "positive" space and end
in "negative" pointer space), but I think some gcc versions did it there
too.

On some other architectures, like x86-64, the virtual memory around the
magic switch-over point is not mappable, so a C object cannot validly
straddle the area where positive overflows into negative, and as such a
compiler _could_ consider pointers to be signed (although I really don't
see the point).

So when I suggested the uglier

	if ((unsigned long)x <= 16)
		return;

I really did mean to use that ugly cast.. Yours is prettier, but sadly,
yours is simply not safe: a signed comparison might end up making _all_
kernel pointers trigger that test.

			Linus

Index Home About Blog