Re: [patch 3/4 -mm] flex_array: poison free elements

On Mon, 24 Aug 2009, Dave Hansen wrote:

diff --git a/include/linux/poison.h b/include/linux/poison.h
--- a/include/linux/poison.h
+++ b/include/linux/poison.h
@@ -65,6 +65,9 @@
#define MUTEX_DEBUG_INIT 0x11
#define MUTEX_DEBUG_FREE 0x22

+/********** lib/flex_array.c **********/
+#define FLEX_ARRAY_FREE 0x6c /* for use-after-free poisoning */

This seems like a good idea, but perhaps we should pick a non-ASCII
character as the poison value. If someone ever tried to store strings
as one-byte elements, they'd be in for a rude awakening the first time
they store an 'l'.


I wasn't aware that storing an array of ASCII characters was a use case
for flex array, I'm having a hard type imagining such a user. We're
always going to have the possibility of conflict with the poison value
just from allowing eight byte element sizes, yet that possibility is still
going to exist if we disabled it on smaller elements and re-defined
FLEX_ARRAY_FREE as 0x6c6c, for example; the only thing that we've done is
eliminated the possibility of flex_array_shrink() for arrays consisting of
smaller elements. FLEX_ARRAY_FREE (or an additional poison value to
distinguish between use-uninitialized vs. use-after-free) must be used in
flex_array_clear() otherwise the cgroup patchset, the only proposed user
of this library code, could never shrink this array when pid's are free
like the kmalloc vs. vmalloc patchset could do.

On the other hand, I'd have no problem trying to eliminate
fa->total_nr_elements (since we already have fa->element_size) since we
can calculate it in real-time; the only problem is being able to
distinguish when the elements are being stored in struct flex_array vs.
being stored in struct flex_array_part. We could then use that
unsigned int in struct flex_array to store the number of inuse elements
which is an alternative implementation to flex_array_shrink(), yet I'd
still propose to keep the poisoning to reveal use-uninitialized.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Relevant Pages

  • Re: Converting Bitmap into 2D-Array
    ... and convert it to a 2D array where each element represents one of the ... struct bitmap { ... Thank you for the advices.For my purposes i have to store grayscale ...
    (microsoft.public.vc.language)
  • Re: Help needed on Arrays
    ... The function I need to write, will i suppose depend on how i store the data, ... The function will need to read through the array ... The language is vb.net 2005. ... a struct may well be a good choice for your three fields. ...
    (microsoft.public.vsnet.general)
  • Re: void* passed as funtion parameters?
    ... You could use a union type to store the array and store the array ... You could also attach the type to the struct itself, ... having members with the same name, you could use a macro in place of a ...
    (microsoft.public.vc.language)
  • Re: session help
    ... some sort to store these values in Session. ... unidimensional array that would store structures? ... IMO a struct would give a better lisibility and type safety. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Passing an array of structuresfrom a pointer?
    ... to only declare structs in headers and then define the ... the struct should be declared ... what if you have a simple array like this: ... In the header we would declare? ...
    (microsoft.public.vc.language)