Le 08/11/2014 07:28, Maxime Villard a écrit : >[snip]
That's mostly what kern_malloc() does, but it is consistent and sometimes consumes less memory - kern_malloc may allocate one more page (PAGE_SIZE). As some of you may have noticed, some recent Security Advisories were related to kmem. And now there's this issue in ffs_unmount(); and more bugs will come. Here is a patch which implements kmem_valloc. Comments?
I agree that the size not being tracked by the allocator (well, it is, but the API is ill-designed in this regard) leads to great bugs.
Two things come to mind:- I think that KMEM_SIZE should become enabled by default instead (and not reserved to DIAGNOSTIC kernels). It feels weird to have the size field added twice when the option is enabled;
- I still believe that allocating 0 byte of memory should end in panic(). While standards make the result implementation-defined, to me it indicates that something went wrong. Having an empty memory region serves no purpose in kernel and will put pressure on the "kmem-8" cache for no benefit. Returning NULL would be even worse from a security standpoint and poses problems for documentation. What does it mean to kmem_valloc(0, KM_SLEEP)? A successful allocation but with an invalid pointer? Huh.
Cheers, -- Jean-Yves Migeon